docker

I’ve been moving more and more of my infrastructure to be self-hosted recently. Part of that involves setting up CI jobs for testing and publishing artifacts, mostly rust crates but also this very blog. I really wanted to re-use my existing Nix flakes for those projects, this way I know my local dev env would be the same env then used on CI. I am self-hosting a Gitea instance (will probably be migrating to Forgejo) and it uses a CI system built to resemble Github actions - basically you run your jobs as containers and within those you can run arbitrary commands. [Read More]

AWS Beanstalk is a good ‘intermediate’ level hosting for Docker containers. It gives you load balancing and scalability pretty much out of the box in exchange for being a bit more opaque to configure. The Docker bits are a bit more hidden away there. In a typical production setup you would want to have Docker images not containing anything environment related, e.g. to be able to run them both in production and locally. [Read More]

I am quite bad at remembering how to launch docker to have everything set up correctly. Hence the following - a script that launches any commandline specified in its arguments inside a new docker container. Current directory is mounted inside the container automatically, so the thing you are executing can have its local dependencies satisfied. #!/bin/bash USERNAME=`whoami` MOUNT_PATH="/mnt" CURRENT_DIRECTORY=`pwd -P` # untangle symbolic links if needed - SELinux needs the real path IMAGE="debian:jessie" if [[ -z $1 ]]; then echo "usage: `basename $0` command_to_run_inside_a_container" exit 1 fi RESOLVED_ARGUMENTS="$@" docker run -i -t -v "$CURRENT_DIRECTORY":"$MOUNT_PATH":Z $IMAGE bash -c "useradd -M -d '$MOUNT_PATH' $USERNAME && cd '$MOUNT_PATH' && bash -c '$RESOLVED_ARGUMENTS'" # restore SELinux context for the current directory restorecon_path=`which restorecon` if [[ -x "$restorecon_path" ]]; then restorecon -R "$CURRENT_DIRECTORY" fi I use vanilla Debian Jessie as a run platform there, mostly because this is what most of my servers run. [Read More]

I’ve recently tried running some quick Docker commands using host’s directory as a volume: docker run -i -t -v `pwd`:/mnt debian:jessie bash -c "ls -hal /mnt" ls: cannot open directory /mnt: Permission denied I use Fedora as my main OS, which, it turns out, has some pretty nice SELinux settings. These deny access from inside the container to the outside. Said Fedora consists mostly of almost-newest-but-stable everything though, which makes Docker to be in a fairly recent version. [Read More]

Recently I was playing with a fully Dockerized setup of Jenkins at work and found a curious issue there. Whenever Jenkins was polling the git server the side effect was that it created a zombie ssh process. The issue is actually remediated by the Jenkins team now by explicitly using a tiny init system called … tini started as the main container’s process instead of just starting Jenkins there. This tiny tini thing can properly adopt and reap the children. [Read More]