Ubuntu 14.04 Docker Shipyard MiniHowTo
Introduction
This is a new behavior to allow deployment script execution based on a web request ! Just keep in mind the right accesses available to the user that will run that script. Maybe a script inspection would be a great idea before an automatic execution. Cut & Paste.
Docker
wget -qO- https://get.docker.com/ | sh
Previous script will launch key repository import, will make architecture checks (docker is not supported on 32bits arch), and will deploy required packages in order the docker service to run. A docker group has been added on the system during installation. You may add to this group any user claiming to manipulate docker objects on this system. This group has root privileges through the docker framework, it implies you to be concerned about security threats against this system group and its members.
Shipyard
curl -sSL https://shipyard-project.com/deploy | bash -s
Last deployment script will deploy successfully the shipyard components. If your $HOSTNAME does not point to some loopback interface (ie. /etc/hosts) you may experience a successful access to the web UI on http://$HOSTNAME:8080. Yet there was nothing I found to manage the service deployed within docker. As an old adminsys, I like to be able to start/stop a service, I mean run/shutdown processes of an application, dockerized or not.
So I first kept a copy of the deploy script from shipyard website, after inspection I placed it in /opt/docker/shipyard and gave it execution rights (chmod +x). If you need Shipyard not to run on port 8080 change the following var in the script : SHIPYARD_PORT=${PORT:-8080} .
Then I wrote a script able to call the /opt/docker/shipyard in order to deploy or remove shipyard containers and to manage it as a service (stop/start/status). Finally, I enabled the option do deploy inline shipyard-controllers and shipyard-agents :
Usage: ./shipyard controller <deploy|status|stop|start>
./shipyard agent deploy <controller-ip>
./shipyard agent <status|start|stop>
./shipyard remove
The script bellow is linked to automatic installation process from the shipyard project website, you may download it and modify it. Or you may use it directly without any check ! Cut & Paste.
curl -sSL https://shipyard.linuxtribe.fr/deploy | bash -s
Shipyard & TLS
If you intend to deploy a full TLS Shipyard infrastructure, I would recommend you to try this tool I developed especially for this usage.
Reverse proxing + SSL
You probably like to enable access to shipyard through an SSL HTTP session. From my own testing, nginx made it fine, here is my reverse proxy setup :
location / {
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection ‘upgrade’;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_pass http://<shipyardip>:<shipyardport>/;
proxy_redirect default;
}
now where would you like to run this nginx instance ? in a container ?
Phusion - baseimage
If you intend to run VM like containers, I would advise you to take a look to the Phusion/baseimage which looks to be an excellent starting point to do this.