Misc Tech Notes

lör 12 mars 2016

Cleaning Docker images and Docker automation

Posted by Peter Reuterås in Tips   

Image shrinking

After reading this article about shrinking Docker images I thought that I should try the concept on one of my own images. I decided to test on reuteras/docker-rt:v4.2.12 and the image size shrunk from 852.1 to 374.9 MB looking at virtual size as reported by docker images -a. One big reason was that I had a lot of RUN tags which is useful during testing but not suitable for production.

Automation

Since I went back and looked at Docker again I thought that I should finally automate more of the processes around my RT container. Installation of the host and configuration is already automated with Ansible. The image on Docker Hub is automatically rebuilt if there is an update to the Debian:jessie image.

Now I added a webhook on the Github repo that will notify Docker Hub of a change and that will trigger a new build of the container. This means that on Docker Hub there will automatically be a new build of the container after twenty minutes or so after a commit to Github.

Now the only place where the old image was still in use was my server running RT. To correct this I wrote a small shell script that queries the API at Docker hub for the current image version and compares that to the one running on the local server.If there is a difference the new version will be pulled down and the current server will be stopped and removed after which a new updated version is started.

To avoid having old images on the server I downloaded the docker-gc script made by Spotify. Both my script to check for updated versions of the image and docker-gc are installed with the help of Ansible. Automation for the win!

Conclusions and thoughts

You can (and I do) wonder why I run a ticket system at home but that is a long story. I used it at a previous job and when there was talk about a new one at my current employer I wanted to look at RT again and then RT was a good choice for testing Docker so it stuck.

Since I work with IT security I can see a lot of problems with this automated setup with new code being deployed automatically. But I have nothing sensitive in this system so for this installation easy of use and the possibility to stay current on modern techniques are more important.

If you ideas or comments let me know on Twitter @reuteras.