Slides de ma présentation au Devoxx France 2015

1. @smanciot#DockerAnsible
PACKAGING ET DÉPLOIEMENT D’UNE
APPLICATION JAVAEE AVEC DOCKER ET
ANSIBLE
@smanciot
https://www.linkedin.com/in/smanciot
Architecte

2. @smanciot#DockerAnsible
Plan
• Docker
• Packaging
• Ambassador pattern
• Service discovery
• Ansible
• DevOps

3. @smanciot#DockerAnsible
Architecture
Backend
Run / Payment
Catalog

4. @smanciot#DockerAnsible
Docker - Pourquoi ?
• Portabilité
• Construction rapide d'images pouvant être partagées
(Dockerfile, docker-registry …)
• Performance :
• les avantages d'uneVM (isolation des processus, interface
réseau, ...) …
• … sans les inconvénients (processus exécutés au sein de
l'hôte, pas d'émulation de périphérique)
• Séparation des rôles

5. @smanciot#DockerAnsible
# Pull base image.
FROM mogobiz/busybox-oracle-java{{java_version}}
ENV MOGOBIZ_HOME /mogobiz
ENV JVM_OPT -Xmx1024M -XX:MaxPermSize=1024m
# Install mogobiz-admin.
ADD mogobiz-admin.jar /mogobiz/lib/mogobiz-admin.jar
# COPY ADMIN SQL SCRIPTS
RUN mkdir -p /data/sql/lib
COPY sql/sqlInstall.jar /data/sql/
COPY sql/sqlinstall.properties /data/sql/
COPY sql/lib/* /data/sql/lib/
COPY sql/{{tag}}.sh /data/sql/
RUN chmod +x /data/sql/{{tag}}.sh
ADD run.sh /run.sh
RUN chmod +x /*.sh
# Define mountable directories.
VOLUME ["/mogobiz/impex", "/mogobiz/logs", "/mogobiz/data", "/mogobiz/config", "/mogobiz/import", "/mogobiz/sql"]
# Expose ports.
EXPOSE 18080
# Define default command.
CMD /data/sql/{{tag}}.sh && /run.sh
Packaging - Dockerfile
image de base
variables d’environnement
copie de fichiers
exécution de commandes
points de montage
exposition de port(s)
commande par défaut

6. @smanciot#DockerAnsible
Docker - Problématique 1
backendnode1
192.168….
port ?
0.0.0.0:49154

7. @smanciot#DockerAnsible
backendnode1
pg_ambasador
Docker - Ambassador pattern
pg_client
172.17.0.5:5432
192.168.…:5432

8. @smanciot#DockerAnsible
web node1
Problématique 2
Catalog
Run / Payment
ip ? port ?
node2
Run / Payment
Run / Payment

9. @smanciot#DockerAnsible
node2
docker-register
Dynamic Service discovery
node1
docker-register
service registry
etcd
discover
registerregister
proxy proxy
web
docker-discover

10. @smanciot#DockerAnsible
Ansible
• Orchestration et automatisation des tâches d'administration
système
• provisioning
• déploiement d'application

11. @smanciot#DockerAnsible
Ansible - Pourquoi?
• Simplicité d’exécution : pas besoin d’agent sur les systèmes à
administrer (ssh)
• Mode Push
• Simplicité d’apprentissage (YAML)
• Performant : exécution des scripts en parallèle sur les machines
cible
• Extensible : python
• DRY : rôles
• Idempotent
• Sécurisé : ansible-vault

12. @smanciot#DockerAnsible
[admin]
preprod.mogobiz-admin.com
[run]
preprod.mogobiz-run.com
[mogobiz:children]
admin
run
[mogopay]
preprod.mogopay.com
[jahia]
preprod.jahiacommerce.com
[app:children]
jahia
mogobiz
mogopay
Ansible - Inventory
[admin]
prod.mogobiz-admin.com
[run]
prod.mogobiz-run.com
[mogobiz:children]
admin
run
[mogopay]
prod.mogopay.com
[jahia]
prod.jahiacommerce.com
[app:children]
jahia
mogobiz
mogopay
Hosts / pré-production Hosts / production

13. @smanciot#DockerAnsible
- name: Install mogobiz
hosts: mogobiz
user: $user
roles:
- {role: mogobiz-launcher, when: "'dockers' in group_names", launcher: "mogobiz"}
- {role: mogobiz-admin, when: "'dockers' in group_names"}
- name: Install mogopay
hosts: mogopay
user: $user
roles:
- {role: mogobiz-launcher, when: "not launch_all and 'dockers' in group_names",
launcher: "mogopay"}
- name: Install jahiacommerce
hosts: jahia
user: $user
roles:
- {role: jahia, when: "'dockers' in group_names"}
Ansible - Playbook
groupe de machines
roles
condition d’exécution

14. @smanciot#DockerAnsible
Ansible - Playbook / Rôle
rôle
variables
tâches
templates
playbook

15. @smanciot#DockerAnsible
- file: path=/elasticsearch/docker state=directory
- name: copy elasticsearch binary files
copy: src={{item}} dest=/elasticsearch/docker/
with_items:
- run.sh
register: elasticsearch_run
- name: copy elasticsearch docker file
template: src=Dockerfile.j2 dest=/elasticsearch/docker/Dockerfile
register: elasticsearch_dockerfile
- name: copy elasticsearch configuration file
template: src=elasticsearch.yml.j2 dest=/elasticsearch/docker/elasticsearch.yml
register: elasticsearch_configuration
- name: build elasticsearch
docker_image: path="/elasticsearch/docker"
name="mogobiz/busybox-elasticsearch-{{es_version}}"
state=build
register: build_elasticsearch
when: elasticsearch_run|changed or elasticsearch_dockerfile|changed or
elasticsearch_configuration|changed
Ansible - build image
fichiers à intégrer à l’image
template
build image

16. @smanciot#DockerAnsible
- name: ensure elasticsearch container is running
docker:
image: mogobiz/busybox-elasticsearch-{{es_version}}:latest
memory_limit: 1024MB
name: elasticsearch
ports: 9200,9300
state: reloaded
restart_policy: always
volumes: /var/lib/elasticsearch:/var/lib/elasticsearch:rw,/var/log/elasticsearch:/var/log/elasticsearch:rw
register: start_elasticsearch
when: "elasticsearch_running is not defined or not elasticsearch_running or stop_elasticsearch_container|changed"
- name: ensure elasticsearch ambassador is running
docker:
image: cpuguy83/docker-grand-ambassador
name: elasticsearch_ambassador
command: "-name elasticsearch"
net: "bridge"
expose: "9200,9300"
ports: "{{ hostvars[inventory_hostname]['ansible_eth1']['ipv4']['address'] }}:9200:9200,
{{ hostvars[inventory_hostname]['ansible_eth1']['ipv4']['address'] }}:9300:9300"
volumes: /var/run/docker.sock:/var/run/docker.sock:ro
state: reloaded
restart_policy: always
register: start_elasticsearch_ambassador
Ansible - launch containers
image
nom du container
bindings de ports
bindings points de montage

17. @smanciot#DockerAnsible
Démarche DevOps
1
2
3
4
5
Dev
Ops
Continuous delivery
platform
VCS
dev uat
prod
docker registry
6

18. @YourTwitterHandle@YourTwitterHandle@smanciot#DockerAnsible
Q & A