Discover Centmin Mod today
Register Now

Docker Discuss CentminMod Docker Image

Discussion in 'Centmin Mod Docker Development' started by Guilherme Jaccoud, Dec 23, 2014.

Tags:
  1. Guilherme Jaccoud

    Guilherme Jaccoud Member

    63
    30
    18
    May 29, 2014
    Ratings:
    +30
    Local Time:
    12:24 PM
    I'm interest in build a WordPress Docker image based on the CentminMod stack. When I first started, my goal was to build a CentminMod image, but I realised we don't need most of the services to run inside the container. So this raises my question…

    In your experience, what are the CenminMod components you would include in a Docker container?

    I'm thinking about Nginx + PHP-FPM + WP-CLI. I'm running MariaDB as a dedicated container (tutum/mariadb) but I also want to build my own, since most of the images available today are based on the Ubuntu 14.04 image base.

    Well, that's it… just throwing some thoughts :)
     
  2. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,568
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,748
    Local Time:
    1:24 AM
    Nginx 1.13.x
    MariaDB 5.5
    Unfortunately not much experience with Docker myself.

    Memcached server would be one I can definitely think of
     
  3. Guilherme Jaccoud

    Guilherme Jaccoud Member

    63
    30
    18
    May 29, 2014
    Ratings:
    +30
    Local Time:
    12:24 PM
    I was thinking about Memcached as a dedicated container, just like MariaDB, in order for multiple apps (containers) to be able to use it, without having multiple instances of it running on the server.

    I still learning, will post the results when I have more experience. I have a small CoreOS cluster where I'm doing tests and learning about linux containers.

    Merry Christmas :)
     
  4. Guilherme Jaccoud

    Guilherme Jaccoud Member

    63
    30
    18
    May 29, 2014
    Ratings:
    +30
    Local Time:
    12:24 PM
    Eva, using centmin.sh script, is there a way to completely bypass the installation of everything except for the services I really need for the Docker image, for example NGINX + PHP-FPM?
     
  5. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,568
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,748
    Local Time:
    1:24 AM
    Nginx 1.13.x
    MariaDB 5.5
    Unfortunately, everything is tightly integrated and some are dependent on other software being installed, so not that easy to separate right now
     
  6. Guilherme Jaccoud

    Guilherme Jaccoud Member

    63
    30
    18
    May 29, 2014
    Ratings:
    +30
    Local Time:
    12:24 PM
    Hi guys, I took the first step into building a WordPress Docker image. It's named NP-STACK in tribute of the time-saving nprestart shortcut from CentminMod and is based on the CentOS 7 official build.

    The NGINX and PHP-FPM configuration are also based in CentminMod defaults :D
    It would be nice to get some feedback.

    tropicloud/np-stack · GitHub

    Cheers,
    Guigo
     
    Last edited: Jan 8, 2015
    • Like Like x 1
  7. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,568
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,748
    Local Time:
    1:24 AM
    Nginx 1.13.x
    MariaDB 5.5
  8. Guilherme Jaccoud

    Guilherme Jaccoud Member

    63
    30
    18
    May 29, 2014
    Ratings:
    +30
    Local Time:
    12:24 PM
    Finally it's here! WP-STACK is a minimal WordPress stack for Docker.
    It's in its infancy, as I myself still a Docker beginner.

    tropicloud/wp-stack · GitHub

    It would be great to get some feedback in order to improve it based on different points of view.

    Cheers,
    Guigo (gheego)
     
    • Like Like x 1
  9. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,568
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,748
    Local Time:
    1:24 AM
    Nginx 1.13.x
    MariaDB 5.5
    Nice, unfortunately no time to play with docker these days :(
     
    • Like Like x 1
  10. Guilherme Jaccoud

    Guilherme Jaccoud Member

    63
    30
    18
    May 29, 2014
    Ratings:
    +30
    Local Time:
    12:24 PM
    I'm also short of time, there's a bunch of features I want to include in both stacks mentioned earlier, but it will have to wait a little. Most significant ones should be...
    • Compile NGINX from source (to include NASXI, PageSped, etc..)
    • Auto-configure WP Super Cache + Autoptimize
    • Ability to specify a URL to import a WP from (zip, backwpup, etc...)
    • Command line tool to managed the container (import, export, add users, set roles, etc...)
    I'm still impressed by the performance, very impressed. Even without any kind of optimization the site was flying. It's faster than the fastest site I've ever setup on any server or VM. I believe it's because of very few processes running inside the container.

    Code:
    [root@62a9e3d3995b /]# ps aux
    USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
    root         1  0.0  0.1  11608  1568 ?        Ss   01:23   0:00 /bin/bash wps start
    root       233  0.2  1.2 113156 12424 ?        S    01:23   0:00 /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisord.conf
    root       236  0.0  0.6  50360  6232 ?        S    01:23   0:00 /usr/bin/python /usr/bin/supervisor_stdout
    root       237  0.0  0.0   4348   364 ?        S    01:23   0:00 tail -f /var/log/nginx.log
    root       238  0.0  0.4  99232  4072 ?        S    01:23   0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
    root       239  0.0  0.0   4348   360 ?        S    01:23   0:00 tail -f /var/log/php-fpm.log
    root       240  0.0  2.4 452952 25168 ?        S    01:23   0:00 php-fpm: master process (/etc/php-fpm.d/www.conf)
    nginx      241  0.0  0.2 100548  2832 ?        S    01:23   0:00 nginx: worker process
    root       253  0.1  0.1  11740  1752 ?        S    01:24   0:00 bash
    
    I will encourage you to test it, your opinion is very important to me. Beside this, using the DigitalOcean Docker image and the instructions on the GitHub, you will have a WP site online in less than 2 minutes!! (I just did it in order to get the ps aux info)

    Obs. When you find some minutes to try it, don't forget to include your email since I've been scratching my head to create a way to send fancy welcome emails :D

    I'm going to sleep. Thanks for everything today. I'm very happy to be back to the community!
     
    • Like Like x 1
  11. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,568
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,748
    Local Time:
    1:24 AM
    Nginx 1.13.x
    MariaDB 5.5
    @Guilherme Jaccoud your docker project has refreshed my interest in docker. I had played with docker over a year ago and forgot I tried my hand at building CentOS docker images for Centmin Mod at hub.docker.com/u/centminmod/

    Will have to refresh my docker knowledge first :D
     
  12. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,568
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,748
    Local Time:
    1:24 AM
    Nginx 1.13.x
    MariaDB 5.5
    okay refreshing my docker know-how I created CentOS 6.6/7 docker image bases for Centmin Mod and MariaDB 10 + CentOS 6.6 too :)

    I tried your np-stack but how do you access the container via bash ?

    I get an error when I try

    Code:
    docker run -t -i tropicloud/np-stack /bin/bash
    This works while running from a host which already has Centmin Mod install so can see host:81 nginx start page

    Code:
    docker run --name npstack1  -p 81:80 -p 444:443 -d tropicloud/np-stack
    however you seem to be passing spdy and HSTS header even for non-https requests

    Code:
    curl -I host:81
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Feb 2015 22:08:14 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 301516
    Last-Modified: Mon, 26 Jan 2015 03:25:51 GMT
    Connection: keep-alive
    Vary: Accept-Encoding
    ETag: "54c5b3bf-499cc"
    Strict-Transport-Security: max-age=31536000; includeSubdomains
    Alternate-Protocol: 443:npn-spdy/2
    Accept-Ranges: bytes
    Also for host:444 under https, your self signed SSL certicate you should create using sha256 and not sha1 just to keep up :)
     
  13. Guilherme Jaccoud

    Guilherme Jaccoud Member

    63
    30
    18
    May 29, 2014
    Ratings:
    +30
    Local Time:
    12:24 PM
    Hey @eva2000, I'm really glad you've took a look on that. The easiest way to get started with NP-Stack is running the following command on a Docker Host:
    Code:
    docker run -p 80:80 -p 443:443 -d tropicloud/np-stack
    
    That command will pull the image from the Docker Registry Hub and start a container based on that image. To access the container you'll need the container ID. You can get the ID running docker ps or docker ps -l, then simply run:
    Code:
    docker exec -it <container-id> /bin/bash
    Here's en example:
    Code:
    root@docker:~# docker run -p 80:80 -p 443:443 -d tropicloud/np-stack
    Unable to find image 'tropicloud/np-stack:latest' locally
    Pulling repository tropicloud/np-stack
    f3e466b02adf: Download complete
    511136ea3c5a: Download complete
    5b12ef8fd570: Download complete
    8efe422e6104: Download complete
    452909fdbac9: Download complete
    9201a7efa26e: Download complete
    fe426ea10af0: Download complete
    2e6981559124: Download complete
    42a433bdfafc: Download complete
    75c45fae2f01: Download complete
    Status: Downloaded newer image for tropicloud/np-stack:latest
    42437a36618cdbdb691f29870593a29bea6e337114c2658e8d793b9c99e30d60
    root@docker:~# docker ps
    CONTAINER ID        IMAGE                        COMMAND                CREATED             STATUS              PORTS                                      NAMES
    42437a36618c        tropicloud/np-stack:latest   "/bin/bash nps start   9 minutes ago       Up 9 minutes        0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   sleepy_hopper    
    root@docker:~# docker exec -it 42437a36618c bash
    [root@42437a36618c /]#
    
    I use a few shortcuts to access newly created containers:

    # login to last container
    docker exec -it $(docker ps -l | grep \" | awk '{print $1}') bash

    # last container logs
    docker logs $(docker ps -l | grep \" | awk '{print $1}')

    # remove all containers (be careful)
    docker ps -a | grep \" | awk '{print $1}' | xargs docker rm -f

    Here's another example:
    Code:
    root@docker:~# docker logs $(docker ps -l | grep \" | awk '{print $1}')
    2015-02-20 01:39:05,453 CRIT Supervisor running as root (no user in config file)
    2015-02-20 01:39:05,486 INFO RPC interface 'supervisor' initialized
    2015-02-20 01:39:05,486 CRIT Server 'unix_http_server' running without any HTTP authentication checking
    2015-02-20 01:39:05,487 INFO supervisord started with pid 11
    2015-02-20 01:39:06,491 INFO spawned: 'stdout' with pid 14
    2015-02-20 01:39:06,530 INFO spawned: 'nginx-log' with pid 15
    2015-02-20 01:39:06,546 INFO spawned: 'nginx' with pid 16
    2015-02-20 01:39:06,551 INFO spawned: 'php-fpm-log' with pid 17
    2015-02-20 01:39:06,566 INFO spawned: 'php-fpm' with pid 18
    2015-02-20 01:39:07,798 INFO success: stdout entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
    2015-02-20 01:39:07,798 INFO success: nginx-log entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
    2015-02-20 01:39:07,798 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
    2015-02-20 01:39:07,799 INFO success: php-fpm-log entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
    2015-02-20 01:39:07,799 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
    root@docker:~#
    
    NP-Stack is already in need of an update. While creating WP-Stack, I realised many things to improve on NP-Stack. For now, it's serving it's initial purpose of being a base image to WP-Stack. This second stack is more complex and has some nice features like environment variables dump and external database connection. If you can have a look int this one, you will get even more insight about the NP-Stack.

    Both stacks are just being born and I really count with help and support to improve it. One thing I can anticipate is the need to build NGINX from source in order to support PageSpeed and Naxsi. For me, CentminMod compatibility is a must and something I'll always strive to achieve. In fact, I was about to write you to ask if you can help with the script to build NGINX and PHP from source :D

    Again, thank you very much for taking the time, I really appreciate!

    Cheers,
    Gheego
     
    Last edited: Feb 20, 2015
  14. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,568
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,748
    Local Time:
    1:24 AM
    Nginx 1.13.x
    MariaDB 5.5
    thanks, was missing docker exec command !

    Code:
    docker run --name npstack1  -p 81:80 -p 444:443 -d tropicloud/np-stack
    docker exec -t -i npstack1 /bin/bash
    Code:
    ps aufx
    USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
    root        25  0.0  0.0  11688  1816 ?        S    02:49   0:00 /bin/bash
    root        42  0.0  0.0  19692  1180 ?        R+   02:50   0:00  \_ ps aufx
    root         1  0.0  0.0  11552  1480 ?        Ss   02:49   0:00 /bin/bash nps start
    root         9  0.0  0.0 113072 12408 ?        S    02:49   0:00 /usr/bin/python /usr/bin/supervisord -n -c /etc/supervisord.co
    root        12  0.0  0.0  50284  6244 ?        S    02:49   0:00  \_ /usr/bin/python /usr/bin/supervisor_stdout
    root        13  0.0  0.0   4296   576 ?        S    02:49   0:00  \_ tail -f /var/log/nginx.log
    root        14  0.0  0.0  99176  4224 ?        S    02:49   0:00  \_ nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.
    nginx       17  0.0  0.0 100040  2388 ?        S    02:49   0:00  |   \_ nginx: worker process
    nginx       18  0.0  0.0 100040  2388 ?        S    02:49   0:00  |   \_ nginx: worker process
    nginx       19  0.0  0.0 100040  2388 ?        S    02:49   0:00  |   \_ nginx: worker process
    nginx       20  0.0  0.0 100040  2388 ?        S    02:49   0:00  |   \_ nginx: worker process
    nginx       21  0.0  0.0 100040  2388 ?        S    02:49   0:00  |   \_ nginx: worker process
    nginx       22  0.0  0.0 100040  2388 ?        S    02:49   0:00  |   \_ nginx: worker process
    nginx       23  0.0  0.0 100040  2388 ?        S    02:49   0:00  |   \_ nginx: worker process
    nginx       24  0.0  0.0 100040  2368 ?        S    02:49   0:00  |   \_ nginx: worker process
    root        15  0.0  0.0   4296   572 ?        S    02:49   0:00  \_ tail -f /var/log/php-fpm.log
    root        16  0.0  0.0 452900 25224 ?        S    02:49   0:00  \_ php-fpm: master process (/etc/php-fpm.d/www.conf)
    had a play with it myself with centminmod/centos66epel and centminmod/centos66mariadb10 just not able to get the MariaDB 10 container to run CentOS 6.6 + MariaDB 10 host connection? - Docker Forums for some reason.
     
  15. Guilherme Jaccoud

    Guilherme Jaccoud Member

    63
    30
    18
    May 29, 2014
    Ratings:
    +30
    Local Time:
    12:24 PM
    ps aufx is fancy! :D

    I thought I was already creating the SSL certificate with sha256.
    Code:
    openssl req -nodes -sha256 -newkey rsa:2048 -keyout app.key -out app.csr -config openssl.conf -batch
    openssl rsa -in app.key -out app.key
    openssl x509 -req -days 365 -in app.csr -signkey app.key -out app.crt
    
    np-stack/nps-setup.sh at master · tropicloud/np-stack · GitHub

    For the HSTS and SPDY headers, I believe it's due the fact of a single server block for both 80/443 ports? To be honest, I don't know if this is a problem or how to fix it. Do you think it's better to use different servers blocks for each port?

    In most Docker scenarios, there will be a proxy or load balancer in front of the application, in this sense, I was trying to make the container's NGINX config more generic and minimalist. If you want to experiment with a proxy, try running the WP-Stack with Dokku-alt (Heroku style). Install Dokku-alt and follow the instructions on GitHub.

    tropicloud/wp-stack · GitHub
     
    Last edited: Feb 21, 2015
  16. Guilherme Jaccoud

    Guilherme Jaccoud Member

    63
    30
    18
    May 29, 2014
    Ratings:
    +30
    Local Time:
    12:24 PM
    As for the MariaDB issue, you need to link containers in order to access the specific ports, in this sense, the MariaDB container should be accessible by other containers and not the Docker Host. Also, why not use the official MariaDB build? When I first started with Docker, I decided to stick with the CentOS 7 official build and MaraiDB official build as the base images for my apps. In CentOS 7, MariaDB is default and I found very easy to integrate WP-Stack with it using it's default environment variables. I've also included support for Dokku-alt MariaDB plugin:

    Code:
    function wps_environment() {
    
    # ------------------------
    # DATABASE URL
    # ------------------------
    
    if [[ -z $DATABASE_URL ]]; then
    
    DB_HOST=$(env | grep 'MARIADB_PORT_3306_TCP_ADDR' | cut -d= -f2)
    DB_PORT=$(env | grep 'MARIADB_PORT_3306_TCP_PORT' | cut -d= -f2)
    DB_NAME=$(env | grep 'MARIADB_ENV_MYSQL_DATABASE' | cut -d= -f2)
    DB_USER=$(env | grep 'MARIADB_ENV_MYSQL_USER' | cut -d= -f2)
    DB_PASS=$(env | grep 'MARIADB_ENV_MYSQL_PASSWORD' | cut -d= -f2)
    DB_PROT=$(env | grep 'MARIADB_PORT_3306_TCP_PROTO' | cut -d= -f2)
    
    export DATABASE_URL=${DB_PROT}://${DB_USER}:${DB_PASS}@${DB_HOST}:${DB_PORT}/${DB_NAME}
    
    else
    
    DB_HOST=$(env | grep 'DATABASE_URL' | cut -d@ -f2 | cut -d: -f1)
    DB_PORT=$(env | grep 'DATABASE_URL' | cut -d@ -f2 | cut -d: -f2 | cut -d/ -f1)
    DB_NAME=$(env | grep 'DATABASE_URL' | cut -d@ -f2 | cut -d\/ -f2)
    DB_USER=$(env | grep 'DATABASE_URL' | cut -d: -f2 | sed 's|//||g')
    DB_PASS=$(env | grep 'DATABASE_URL' | cut -d: -f3 | cut -d@ -f1)
    
    fi
    
    # ------------------------
    # ENV. SETUP
    # ------------------------
    
    env | grep = >> /etc/environment
    
    mkdir -p /etc/env
    
    for var in $(cat /etc/environment); do
    key=$(echo $var | cut -d= -f1)
    val=$(echo $var | cut -d= -f2)
    echo -ne $val > /etc/env/${key}
    done
    
    }
    

    In my opinion, the Docker Host should have no software installed beside Docker (and some security), that's the beauty of Docker. CoreOS was a great starting point for me to better understand Docker and Linux containers.

    It matters little where your apps will run, they can run in ANY machine (CentOS/Ubuntu/OSX/etc...) where Docker can be installed. The principle of using containers (if my designer mind can grasp it) is to build platform agnostic apps that can run anywhere and scale very easily. Also, it kills the necessity of server maintenance, since the server itself is running nothing besides the OS and Docker/Rocket/LXC, etc... that's what they call microservices, right? When you need to update your app environment, you update the Docker file and deploy it again, quick and easy.

    I really recommend that you follow these DigitalOcean's CoreOS tutorials in order to gain understanding and experience with Docker. But be warned, it can heavily influence the future of CentminMod (for good) :D

    In my mind, I imagine future versions of CentminMod as a service orchestration for LEMP based apps. Have a look into Deis.io, Flynn.io, Panamax.io and Dokku-alt (now Deis little brother). Also check this curated list of Docker resources.

    Sorry for throwing many things at once!

    Cheers :)
     
    Last edited: Feb 21, 2015
  17. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,568
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,748
    Local Time:
    1:24 AM
    Nginx 1.13.x
    MariaDB 5.5
    thanks @Guilherme Jaccoud - still new to docker and find it easier to start off with for CentOS 6.6 and my own recipe for MariaDB 10 with my own custom defaults. But more I lay with docker, I understand the why it's easier to have one service per docker image.

    I am trying to get the docker host to talk with the CentOS 6.6 + MariaDB 10 docker container directly and thought that would be possible ? tried a supervisord version but that didn't work either. Docker top says the container ain't running when invoked in detached mode.

    I can see the value of Docker.. might start a dedicated Centmin Mod Docker forum category on the forums so can hopefully get more docker using Centmin Mod folks to contribute their knowledge and ideas :)
     
  18. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,568
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,748
    Local Time:
    1:24 AM
    Nginx 1.13.x
    MariaDB 5.5
    • Like Like x 1
  19. Guilherme Jaccoud

    Guilherme Jaccoud Member

    63
    30
    18
    May 29, 2014
    Ratings:
    +30
    Local Time:
    12:24 PM
    Yep, Docker really makes life easier. CoreOS has announced the creation of it's own container runtime called Rocket. Competition will certainly accelerate the technological growth of this field and so, we can expect good things to come in the near future.

    As for the Docker host to access services in containers, I believe you can achieve this through private networking.

    Advanced networking - Docker Documentation
    And if Docker says your container is not running, it might have exited prematurely. What's the result of docker ps -a and docker logs <ID> ?

    Docker - Linode Guides & Tutorials
    That's why the need for supervisord or something alike.
     
  20. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,568
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,748
    Local Time:
    1:24 AM
    Nginx 1.13.x
    MariaDB 5.5
    Yes interesting times ahead... been looking at other folks MySQL/MariaDB/Percona Dockerfiles to get ideas of what I am doing wrong etc. So going to have another stab at it :D
     
    • Like Like x 1