setup for HOL-4957 – Automating Your CI/CD Stack with Java and Groovy

Scott and I’ll be leading a hands on lab “Automating your Ci/CD Stack with Java and Groovy” at Oracle Code One. This is a BYOL (bring your own laptop) lab.

If you run into any trouble setting up for the lab, you can post a comment on this blog post or start a thread in the Cloud/Virtualization forum at CodeRanch.

This lab requires the following:

  1. Docker
  2. Docker images
  3. Enough disk space
  4. The ability to run curl
  5. Optional: JDK 8
  6. Optional: Groovy

1 – Docker

To install Docker, follow the instructions at: https://docs.docker.com/install/

Validation:

At the command line, run docker –version. (Small version differences are ok in the output)

$ docker --version

Docker version 18.06.0-ce, build 0ffa825

2 – Docker images

These images a little under 2GB combined. So as not to tax the conference network, please pull them in advance. This will also let you deal with any corporate internet proxies while you are still at work and can ask for help.

At the command line run:

docker pull sonatype/nexus3:3.13.0

docker pull jenkins/jenkins:2.146

docker pull sonarqube:7.1

 Note: “latest” will probably work. These version numbers are the ones we tested with.

$ docker pull sonatype/nexus3:3.13.0
3.13.0: Pulling from sonatype/nexus3
256b176beaff: Pull complete
18d124afa1e9: Pull complete
9bb412307f82: Pull complete
Digest: sha256:19d186d5bc8be1ea4f7bae72756baa830e79bf20aae0e9e7b1a0c7d3ce7ac136
Status: Downloaded newer image for sonatype/nexus3:3.13.0

$ docker pull jenkins/jenkins:2.146
2.146: Pulling from jenkins/jenkins
55cbf04beb70: Pull complete
1607093a898c: Pull complete
9a8ea045c926: Pull complete
d4eee24d4dac: Pull complete
c58988e753d7: Pull complete
794a04897db9: Pull complete
70fcfa476f73: Pull complete
806029475e0c: Pull complete
67959b355155: Pull complete
4d217ccd3d4c: Pull complete
0261bb88a4a5: Pull complete
96f2a3ae5539: Pull complete
f6bf99db32d5: Pull complete
bb47d4bbb0e1: Pull complete
4b48ec5d60cf: Pull complete
7280a8dfb767: Pull complete
91091f8d44ca: Pull complete
8ca02cad320f: Pull complete
46009bfec329: Pull complete
f9860b79812e: Pull complete
89ac8103ea67: Pull complete
Digest: sha256:161cb25fbb23a1c5ac5fdd0feebd713edd62c235e199e68b34d1a78205a42da7
Status: Downloaded newer image for jenkins/jenkins:2.146
JeanneBrskysMBP:OracleCodeOne2018-HOL-Automating-Stack-Groovy nyjeanne$ docker pull sonarqube:7.1
7.1: Pulling from library/sonarqube
55cbf04beb70: Already exists 
1607093a898c: Already exists 
9a8ea045c926: Already exists 
d4eee24d4dac: Already exists 
c58988e753d7: Already exists 
794a04897db9: Already exists 
70fcfa476f73: Already exists 
806029475e0c: Already exists 
67959b355155: Already exists 
1e6b3af7f55a: Pull complete 
e0b67c57c8e1: Pull complete 
ce12e009fbe7: Pull complete 
3edf8e47f9c4: Pull complete 
Digest: sha256:4438a37735caa24d80da31ee29e72d686abdaa8f5009746ec60e0d43519e1a57
Status: Downloaded newer image for sonarqube:7.1

4 – The ability to run curl

If you are running Mac, Linux or Windows 10, you don’t need to do anything. If you are running an older version of Windows, you can install Cygwin.

5 – Optional: JDK

If you want to run groovy locally, JDK 8 (not higher) needs to be in your path. It is possible to do the lab without having Groovy installed.

6 – Optional: Groovy

Follow the instructions at: http://groovy-lang.org/install.html

Note: Please download Groovy 2.X rather than 3.X. Version 3.X is in alpha at the time of writing this lab.

Validation:

At the command line, run groovy –version.(Small version differences are ok in the output)

$ groovy -version

Groovy Version: 2.5.2 JVM: 1.8.0_45 Vendor: Oracle Corporation OS: Mac OS X

4 – Disk space

This lab uses about 2 Gigabytes of disk space (not counting Docker itself.) The last step of the lab explains how to recover disk space.

Validation

At the command line, run curl https://www.oracle.com/code-one/index.html and ensure the output isn’t an error message.

 

cleaning up docker

It’s been a while since I used Docker on my machine so I decided to clean things up. When I launched Docker, it prompted me to upgrade. Half a gig but easy to get that out of the way at least.

Then I ran “docker images” and was reminded that I haven’t done a good job of keeping this clean. I had:

  • the original docker-whale play
  • a bunch of experiments from when I didn’t know what I was doing (some of which have unnamed layers so I don’t even know what they are)
  • some Java 9 early access edition stuff
  • following along with the “Kubernetes in Action” book when I was the Technical Development Editor
  • a lab I went to

Note: i’m not sure if any of this is a good way of doing things. But it worked for me.

Deleting the images the slow way

Yuck. I decided to delete all the images. For some, it was easy. Just run “docker rmi <imageHash>”.

For some, I got

Error response from daemon: conflict: unable to delete xxx (cannot be forced) - image has dependent child images

I also tried running “docker rmi $(docker images -a -q)” to delete all the images. This deleted some, but gave the same dependent child images error.

Great, I don’t know what they are.  Luckily, StackOverflow had a command to find the children.

for i in $(docker images -q)
do
    docker history $i | grep -q xxx && echo $i
done | sort -u

I also got:

Error response from daemon: conflict: unable to delete xxx (must be forced) - image is referenced in multiple repositories

For these, it was just a matter of running “docker -rmi –force xxx.”

Deleting the images the fast way

I deleted the rest of the images with:

“docker rmi –force $(docker images -a -q)”

Containers and volumes

I did a far better job of cleaning these up!

docker ps -a

docker volume ls

DevNexus 2018 – Deep Dive into Dockerfiles

Title: Deep Dive into Dockerfiles
Speakers: Raju Gandhi

For more blog posts, see the DevNexus 2018 live blogging table of contents


Benefits

  • read only/immutable
  • unique identifier

What docker files do under the covers

# Start interactive linux container
docker run -it ubuntu:17.10 bash

# create new image (read only file system)
docker commit containerName demo
# list images (local only)
docker images
docker run -it demo bash
# list running images
docker ps

Docker files – like a build file for docker
# base image
FROM ubuntu:17.19
# run command at command line
RUN touch java

Layers

  • each command creates an intermediate image with a new name
  • better to merge commands so less layers ex:
    RUN command a \
    command b
  • But need the code to be readable
  • same idea as git commits – a tree where points to parent and knows the diff
  • each OS has limit of number of layers. On Mac, this is 127
  • if run apt-get install and then apt-get clean-all, you’ve increased the image size. Two layers, one to add and one to delete. Want both in same step so doesn’t increase size by whole file size twice!.

Cache

  • every Docker pull leverages the cache
  • RUN touch java and RUN touch    java have different sha hashes and are considered different commands. So cache not used
  • Do not write RUN ls -l or other commands for debugging. You can just open an interactive bash into that layer to debug
  • Put commands that move files towards the bottom. This allows for more reuse of the common parts of the image.

General notes

Don’t install sshd. Can use docker commands for that.

Dockerfile

  • FROM
    • Implies “ancestry” – what is parent image and what will you be inheriting. Ex: running whoami when inheriting jenkins image, it prints “jenkins”. This means you have to look at lineage if having permission issues. May have to keep looking at parent and grandparent and …
    • Must be first line
    • Consider starting with Ubuntu and building yourself so know what is in there. Less security implications if do it yourself.
    • Rare, but can write “FROM scratch” to start over. Usually only used for go code.
    • While multiple FROMs are allowed, it is a terrible idea. Diamond problem; they can conflict on basic things like version of Ubuntu.
    • Do not use “latest” tag. Use an exact tag. “LATEST” is a lie. It is just a tag. You can tag versions after LATEST. If you don’t switch the tag, it is still the old one.
    • Inspect ancestors for USER, PORT, ENV, VOLUME, LABEL, etc
    • docker inspect – lets you see what is in there. Recommends tracing by hand to be more thorough.
  • RUN
    • Don’t run commands that upgrade the OS. Use a later base image instead.
    • Group commands with && so not adding more layers
    • Beware of cache. If write RUN apt-get update, it will cache the result and not run again. If use && for all related commands, they are unique.
    • Want each command on separate line starting with && and ending with \ (except first and last). This makes it easy to git diff to see what changed
  • ADD/COPY
    • Combine COPY and RUN
    • Much of RUN applies
  • LABELS
    • Use lots
    • Labels can read ENV variables
    • Can use image (compile) or container (run) scope
    • Ex: build number, scm location
    • Just like RUN, can merge all LABELS in one line. Just end line with \ to continue (no && like when running)
    • To read label, do docker inspect and “grep Labels”
  • ENTRYPOINT/CMD
    • Both can run commands
    • Both can take command raw (xxx abc) or as array of command/args ([“xxx”, “abc”]). Better to use array so bash doesn’t have to fork
    • Run [“/bin/bash” “-c” “xxx” “$arg”] if need variable expansion to get bash involved
    • Better to have a shell script and call it with ENTRYPOINT. That way gets treated as a shell script without having to call bash. It is also easier to read since you aren’t writing bash as strings. The cost is that you add a layer because you have to copy the script into the image.
    • docker stop id – takes 10 seconds because need to send a signal to PID 1 and have it stop

Other practices

  • Create you own ancestry/hierarchy.
  • Containers are changing how we ship software. Don’t put Oracle’s JDK in an image and then put on dockerhub. Legal issues.
  • Consider using multi-stage builds.
    • FROM x as y …. FROM z – different scopes – binary executable vs build tools.
    • “as y” is what makes it a multi-stage build. Everything until the next “FROM” is not part of the container. The “FROM” without an “as” creates what will go in the container.
    • Only contains what need. Not the build tools. Smaller image. Less “extra” stuff.

My take

This was really good. It was clear if you didn’t know much about Docker while still having good info for those somewhat familiar. For the best practices, some people were taking notes on what to fix! I actually realized that I applied one of his anti-patterns to a Java compare program I wrote. I need to go and add some new lines in my generator for ease of diff! More gray/black background for code though. Blue (comments) on a dark background is hard to read.

Also, it is great that DevNexus has tables in the first few rows. Reward for sitting up front! (I chose to blog on my Mac as I expected to type a lot of commands).