tvb's questions

I have a PHP project on GitHub for which I would like to build versioned Docker images. Kinda like CoreOS Container Linux does with their alpha, beta and stable release channels.

For development I follow the Git Flow principle and use the feature -> develop -> master branching.

I have hooked up Travis for automated PHPUnit testing and added CircleCI today as I found a Rakefile which could automatically generate a version. Which is used as a tag.

My current .travis.yml:

---
services:
  - docker
sudo: required
env:
  global:
    - ...

addons:
  jwt:
    secure: ...
cache:
  directories:
    - /home/travis/docker/
before_install:
  - "docker --version"
  - 'if [[ ${TRAVIS_BRANCH} == "master" ]] && [[ ${TRAVIS_PULL_REQUEST} == "false" ]]; then echo "ENV GIT_SHA ${TRAVIS_COMMIT::8}" >> Dockerfile; fi'
  - 'if [[ ${TRAVIS_BRANCH} == "master" ]] && [[ ${TRAVIS_PULL_REQUEST} == "false" ]] && [[ -f ${DOCKER_CACHE_FILE} ]]; then gunzip -c ${DOCKER_CACHE_FILE} | docker load; fi'
before_script:
  - "env > .env"
install:
  - 'if [[ ${TRAVIS_BRANCH} == "master" ]] && [[ ${TRAVIS_PULL_REQUEST} == "false" ]]; then docker build -t ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT::8} --pull=true .; fi'
language: php
notifications:
  slack:
    secure: ...
php:
  - "5.6"
script:
  - "phpunit --bootstrap tests/bootstrap.php --testdox tests --coverage-text"
  - 'if [[ ${TRAVIS_BRANCH} == "master" ]] && [[ ${TRAVIS_PULL_REQUEST} == "false" ]]; then mkdir -p $(dirname ${DOCKER_CACHE_FILE}) ; docker save $(docker history -q ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT::8} | grep -v "<missing>") | gzip > ${DOCKER_CACHE_FILE}; fi'
after_success:
  - 'if [[ $TRAVIS_PHP_VERSION == "5.6" ]] && [[ $TRAVIS_BRANCH == "develop" ]] && [[ $TRAVIS_PULL_REQUEST == "false" ]]; then sh generate-api.sh; fi'
  - 'if [[ ${TRAVIS_BRANCH} == "master" ]] && [[ ${TRAVIS_PULL_REQUEST} == "false" ]]; then docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}; fi'
  - 'if [[ ${TRAVIS_BRANCH} == "master" ]] && [[ ${TRAVIS_PULL_REQUEST} == "false" ]]; then docker tag ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT::8} ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT::8}; fi'
  - 'if [[ ${TRAVIS_BRANCH} == "master" ]] && [[ ${TRAVIS_PULL_REQUEST} == "false" ]]; then docker tag ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT::8} ${DOCKER_REPOSITORY}:travis-${TRAVIS_BUILD_NUMBER}; fi'
  - 'if [[ ${TRAVIS_BRANCH} == "master" ]] && [[ ${TRAVIS_PULL_REQUEST} == "false" ]]; then docker tag ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT::8} ${AWS_ACCOUNT_NUMBER}.dkr.ecr.eu-west-1.amazonaws.com/${ECR_REPOSITORY}:${TRAVIS_COMMIT::8}; fi'
  - 'if [[ ${TRAVIS_BRANCH} == "master" ]] && [[ ${TRAVIS_PULL_REQUEST} == "false" ]]; then docker push ${DOCKER_REPOSITORY}; fi'
  - 'if [[ ${TRAVIS_BRANCH} == "master" ]] && [[ ${TRAVIS_PULL_REQUEST} == "false" ]]; then pip install --user awscli; fi'
  - 'if [[ ${TRAVIS_BRANCH} == "master" ]] && [[ ${TRAVIS_PULL_REQUEST} == "false" ]]; then export PATH=$PATH:$HOME/.local/bin; fi'
  - 'if [[ ${TRAVIS_BRANCH} == "master" ]] && [[ ${TRAVIS_PULL_REQUEST} == "false" ]]; then eval $(aws ecr get-login --region eu-west-1); fi'
  - 'if [[ ${TRAVIS_BRANCH} == "master" ]] && [[ ${TRAVIS_PULL_REQUEST} == "false" ]]; then docker push ${AWS_ACCOUNT_NUMBER}.dkr.ecr.eu-west-1.amazonaws.com/${ECR_REPOSITORY}:${TRAVIS_COMMIT::8}; fi'

And my current circle.yml:

---
machine:
  services:
    - docker
  php:
    version: 5.6.22

dependencies:
  override:
    - docker info
    - gem install httparty
    - rake build

test:
  override:
    - mkdir -p $CIRCLE_TEST_REPORTS/phpunit
    - phpunit --bootstrap tests/bootstrap.php --log-junit $CIRCLE_TEST_REPORTS/phpunit/junit.xml tests
    - docker run -d -p 9000:9000 storecore/php:latest; sleep 10
    - nc -z -w5 localhost 9000

And the used Rakefile:

require 'rake'
require 'httparty'
require 'json'

# Read the base version from VERSION file.
def version
  file = File.readlines('./version.php')
  v = file[1].scan(/'([^']*)'/)
  v[1].join(",")
end

# The name of the container
def container_name
  'php'
end

# The username the container is pushed to on DockerHub
def username
  'storecore'
end

# Get the latest version for the given base version provided by #version
def hub_version
  base = version
  taginfo = JSON.parse(HTTParty.get("https://hub.docker.com/v2/repositories/#{username}/#{container_name}/tags/").body)['results']

  return { base: base, build: nil } if taginfo.nil?
  tags = []
  taginfo.each do |tag|
    tags << tag['name']
  end
  current_base = tags.grep(/#{base}/)
  return { base: base, build: nil } if current_base.empty?
  build = current_base.sort { |x, y|
    a = x.split('.')[base.split('.').count].to_i
    b = y.split('.')[base.split('.').count].to_i
    a <=> b
  }.last.split('.').last.to_i
  { base: base, build: build }
end

# return current hub version for the current base
def latest_hub_version
  latest = hub_version
  "#{latest[:base]}.#{latest[:build]}"
end

# return the next version for the current base
def next_version
  latest = hub_version
  base = version
  build = latest[:build] || -1
  build += 1
  "#{base}.#{build}"
end

task :install_deps do
  sh 'gem install bundler'
  sh 'bundle install'
end

desc 'login into Docker Hub'
task :login do
  sh "docker login -u #{ENV['DOCKER_USER']} -p #{ENV['DOCKER_PASS']}"
end

desc 'tags latest as next_version'
task :tag => :login do
  sh "docker tag #{username}/#{container_name}:latest #{username}/#{container_name}:#{next_version}"
end

desc 'pushes the next_version and latest to docker hub'
task :push => :tag do
  sh "docker push #{username}/#{container_name}:#{next_version}"
  sh "docker push #{username}/#{container_name}:latest"
end

desc 'builds as latest'
task :build => :install_deps do
  sh "docker build --rm=false -t #{username}/#{container_name}:latest ."
end

task default: [:build, :push]

But in the end both solutions does not provide me a Docker image per release channel and are limited in their own way. It looks hacky to me. I bet there are better approaches or tools I could use. I don't mind switching to something else completely.

What would be the best approach to accomplish something like what CoreOS does?

I am having this strange issue where my vip is being removed from my interface when I receive a new DHCP renewal request. The logs shows the following:

Jun  1 17:00:06 lb1 dhclient: DHCPREQUEST of 10.0.0.2 on eth0 to 10.0.0.3 port 67 (xid=0x6deab016)
Jun  1 17:00:06 lb1 dhclient: DHCPNAK from 10.0.0.3 (xid=0x6deab016)
Jun  1 17:00:06 lb1 dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3 (xid=0x37e1db6a)
Jun  1 17:00:06 lb1 dhclient: DHCPREQUEST of 10.0.0.2 on eth0 to 255.255.255.255 port 67 (xid=0x37e1db6a)
Jun  1 17:00:06 lb1 dhclient: DHCPOFFER of 10.0.0.2 from 10.0.0.3
Jun  1 17:00:06 lb1 dhclient: DHCPACK of 10.0.0.2 from 10.0.0.3
Jun  1 17:00:06 lb1 dhclient: bound to 10.0.0.2 -- renewal in 38223 seconds.
Jun  1 17:00:07 lb1 ntpd[1321]: Deleting interface #8 eth0, 10.0.255.254#123, interface stats: received=7, sent=0, dropped=0, active_time=145198 secs
Jun  1 17:00:07 lb1 ntpd[1321]: peers refreshed

At this point the vip ip (10.0.255.254) is removed from the interface and is not being failed over to the other keepalived instance.

The working ip a command output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
   inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:cf:35:ac brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.2/16 brd 10.0.255.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet 10.0.255.254/32 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fecf:35ac/64 scope link
       valid_lft forever preferred_lft forever

and when the dhcp renewal has ran:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
   inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:cf:35:ac brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.2/16 brd 10.0.255.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fecf:35ac/64 scope link
       valid_lft forever preferred_lft forever

the interfaces file:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet dhcp

When I restart keepalived on the instance the vip is added back to the interface again. So the question is why is dhcp removing the vip?

I am using Gitlab on one server and would like to push my git repository on commit of the master branch to another webserver. So when I push a new version of the website the production server gets updated. I know this should be possible with hooks inside gitlab but I am unable to find how exactly. Tried the following guide http://danielmiessler.com/study/git/#website but it is not written for use with gitlab so Im missing parts.

What do I need to do on the production webserver and what do I set the hook URL to then?