Docker machine helps you to spin up docker hosts locally as well as with various cloud providers. This tutorial will teach to how to provision docker hosts on azure using docker machine utility.
Prerequisites
1. The system should be configured with azure CLI tools and the publishsetting file. I f you do not have CLI setup, follow this tutorial . How to set up Azure cli
2. You should have latest docker-machine installed on your system.
Provision Docker Hosts on Azure
Provisioning docker hosts on azure is relatively easy. Docker machine will provision the VM and installs the latest docker engine on the VM based on its OS family. You can then deploy and manage containers from your laptop or host where docker machine is installed.
Creating a host using docker machine
Follow the instructions given below.
Execute the following command to create a docker host on azure using docker machine.
Note: Change id, YOUR-SUBSCRIPTION ID and USER-DEFINED-NAME accordingly. USER-DEFINED-NAME should be a unique name. If you try to use generic names, you will get an error saying that the name already exists.
Now, to run docker commands on your new machine, use the following command.
eval "$(docker-machine env zeus-docker)"
In your current terminal, you can run all docker commands against the azure docker host.
Moreover, you can create a swarm cluster on azure using docker machine. We will cover that in the next article. Let us know in the comments section if you face any errors.
When you write a puppet module, you might not want to put all the data in to the module because all the module developers might want access to that data. So, It is a good practice to separate the data from the code. This can be achieved using Hiera.
Note: This tutorial is based on puppet enterprise.
Puppet Hiera Tutorial
In this puppet hiera tutorial you will learn the basics of hiera and how to use it in puppet modules.
Hiera is a key value lookup tool which holds all the data that has to be dynamically placed in a module. You can store usernames, passwrod, DNS server details, ldap server details etc. Moreover, you can encrypt the data in hiera for security. Hiera resides in the puppet server for global access unless the client is operating in masterless setup. In that case, it resides in the client itself.
Hiera Configuration File
Hiera comes bundles with puppet enterprise, so you don’t have to install it separately but you might want to change its configuration to suit your needs.
The hiera configuration file resides in “/etc/puppetlabs/code” directory. It is yaml file named “hiera.yml”
A normal configuration file looks like the following.
:backends – Hiera supports yaml, json and puppet class backends.
:datadir – The location where you place your hieradata. In the above code snippet, you can see a interpolated string “%{::environment}”. This is to dynamically select an environment in case you have different environments specified in the puppet server. By doing do, you can access the environment specific hiera data.
If you use both yaml and json data directories, you need to specify both as shown in the above code snippet.
:hierarchy This represents the folder and file hirearchy inside the “:datadir” i.e, hieradata folder. You can use interpolation to dynamically pass the file name.
Creating Hiera Data files
Hiera data files could be yaml or json files as mentioned above. All the data files will reside inside the “hieradata” folder in respective environments.
You can keep all the deafult values under common.yaml file in hieradata fodler. For example,
Once you have the hiera data ready in the puppet server, you can check the values using hiera CLI.
To access the value , just use the hiera command with the key as shown below.
hiera ldaps_ervers
If you have used interpolation in the “:datadir” configuration, You should add the parameters as shown below.
hiera ldap_servers ::environment=production
If you want access the value for a key from a yaml file which is high hierarchy, you need to specify that in the lookup. Otherwise it will return the value from the common.yaml file.
A high hirearchy lookup, for example, a data source from hieradata/node/mynode.example.com.yaml will look like the following.
hiera ldap_server node=test
Accessing Hiera Data From Modules
Accessing data hiera data from module is relatively easy. Use the following syntax in your module to access the data directly.
$ldapservers = hiera("ldap_servers")
$ldapserver is just a puppet variable. You can substitute hiera without assigning it to a variable.
If you want to get all the ldap_servers value in the hierarchy in an array, you can use the following syntax.
$ldapservers = hiera_array("ldap_servers")
Hiera Arguments
While accessing hiera data through modules, you cat set a default value to use if hiera returns nil. It has the following syntax.
Azure has a great web interface called azure portal for performing all the functions. But if you prefer command line tools over graphical user interface, you can make use of azure command line interface to manage all azure resources.
Setting up Azure CLI on Ubuntu
This tutorial will guide you for setting up azure cli on Ubuntu Linux systems.
Azure cli need nodejs runtime for performing the cli operations. Execute th following commands for installing azure cli using npm.
If you would like to install it from source, you can use the following commands.
git clone https://github.com/Azure/azure-xplat-cli.git
cd ./azure-xplat-cli
npm install
bin/azure
Verify Installation:
Once installed, verify the installation using the following command.
azure help
Configuring CLI with Azure Subscription
To connect to your azure subscription, you should configure your cli for authentication. You can do this by executing the following command.
azure login
The above command will output an url and code to get authenticated via browser. Open the url in a browser, enter the code and login to your azure account. Once you are done with it, you will see the confirmation in your command line as shown below.
[email protected]:~# azure login
info: Executing command login
/info: To sign in, use a web browser to open the page https://aka.ms/devicelogin. Enter the code SDFHRGF to authenticate. If you're signing in as an Azure AD application, use the --username and --password parameters.
|info: Added subscription Free Trial
info: Setting subscription "Free Trial" as default
+
info: login command OK
[email protected]:~#
Adding Subscriptions
If you have different subscriptions with you azure account, you can add a specific subscription for cli. To do that, get the subscription name using the following command.
azure account list
Add then, you can set a specific subscription using the following command.
azure account set your-subscription
Authentication Using Publishsettings File
You can also use the publishsetting file to authenticate against azure. Execute the following command to download the publishsetting file.
In a normal private environment , if you want to host your code using solutions like gitlab, Atlassian stash etc, you will need manage high availability and scalability for your production systems. AWS codecommit is a private managed source control system which is secure, highly scalable and scalable. It is git based and it works the same way like all other git based source control systems like github, stash etc. This allows easy migration of your code repositories to codecomiit and have the same work-flow you used to have. Moreover, codecommit provides out of the box encryption for your source codes which is at rest and in transit. If your applications are hosted in AWS, codecommit would be a good fit for all your source codes.
AWS Codecommit Tutorial
This aws codecommmit tutorial will guide you to get started with AWS codecommit service. To follow this tutorial, you need to have the latest AWS CLI installed on your system. If you do not have the CLI setup follow this link for the setup. It is always advisable to create an IAM user and attach a policy with required access to codecommit.
Like you do in any source control system, the first step is to create a repository for your project. Use the following syntax for creating a repository in codecommit.
aws codecommit create-repository --repository-name MyProjecRepo --repository-description "Write a description about your project"
[email protected]:~$ aws codecommit create-repository --repository-name myapp --repository-description "This is the code repository for myapp"
{
"repositoryMetadata": {
"repositoryName": "myapp",
"cloneUrlSsh": "ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/myapp",
"lastModifiedDate": 1449065689.399,
"repositoryDescription": "This is the code repository for myapp",
"cloneUrlHttp": "https://git-codecommit.us-east-1.amazonaws.com/v1/repos/myapp",
"creationDate": 1449065689.399,
"repositoryId": "2e859c05-06f6-458e-899d-cbc9a589fd33",
"Arn": "arn:aws:codecommit:us-east-1:146317666315:myapp",
"accountId": "146317666315"
}
}
[email protected]:~$
Once the command execution is successfull, it returns the output with the codecommit repo url for both ssh and http.
Authentication local git to codecommit
Next step is to configure your local git for authenticating againist codecommmit. So that you will have persmissions to clone, push and do all the remote repository related tasks. You can do that using the credential helper as shown below.
You can clone the remote codecommit repository to your local workstation using the normal git clone command and the repository url you got in the output section when you created the repository.
[email protected]:~/projects$ git clone https://git-codecommit.us-east-1.amazonaws.com/v1/repos/myapp myrepo
Cloning into 'myrepo'...
warning: You appear to have cloned an empty repository.
Checking connectivity... done.
[email protected]:~/projects$
performing Common Git Funtions
Now you have an empty repository clonned from codecommit. You can perform all the normal git operations as you perform with any git based source control system as shown below.
Note: If you are using Ubuntu 14.04 as your workstation, you are likely to get a “gnutls_handshake() failed” error. You can rectify this error by following this solution. gnutls_handshake() failed solution
[email protected]:~/projects/myrepo$ touch test.txt
[email protected]:~/projects/myrepo$ git status
On branch master
Initial commit
Untracked files:
(use "git add ..." to include in what will be committed)
test.txt
nothing added to commit but untracked files present (use "git add" to track)
[email protected]:~/projects/myrepo$ git add test.txt
[email protected]:~/projects/myrepo$ git commit -m "first commit"
[master (root-commit) cd12dd2] first commit
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 test.txt
[email protected]:~/projects/myrepo$ git push -u origin master
Counting objects: 3, done.
Writing objects: 100% (3/3), 206 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
remote:
To https://git-codecommit.us-east-1.amazonaws.com/v1/repos/myapp
* [new branch] master -> master
Branch master set up to track remote branch master from origin.
[email protected]:~/projects/myrepo$
Creating a Branch
You can create a branch for your repository using “create-branch” attribute. For this you must pass the commit id to for the new branch to point to.You can get short hash of commit id’s using “git log” command. An example is shown below.
Note: This solution is not just limited to codecommit but also for other Ubuntu gnults_handshake related issues.
If you have AWS cli installed in ubuntu 14.04 and working with AWS codecommit, you are likely to get “gnutls_handshake() failed” error when you try to clone a repository created in codecommit. Do not worry about it, we have a solution for it.
[Solution] gnutls_handshake() failed
Follow the steps given below to rectify this issue.
1. Install build-essential, fakeroot and dpkg-dev using the following command.
2. Create a directory named git-rectify in the home folder using the following command.
mkdir ~/git-rectify
3. CD in to the get-rectify directory and get the git source files.
cd ~/git-rectify
apt-get source git
4. Install all the git dependencies.
sudo apt-get build-dep git
5. Install libcurl with all development files.
sudo apt-get install libcurl4-openssl-dev
6. Unpack all the source packages using the following command.
Note: The name “git_1.9.1-1ubuntu0.1” could vary based on the lastest version. So look in to the directory for the correct version name.
dpkg-source -x git_1.9.1-1ubuntu0.1
7. Cd in to “git_1.9.1” folder and open the control file located inside debian folder (git_1.9.1/debian/control) in a text editor. Replace all the occurences of “libcurl4-gnutls-dev” to “libcurl4-openssl-dev”. Also open “debian/rules” file and delete the line “TEST=test”
8. Build the package files using the following command.
sudo dpkg-buildpackage -rfakeroot -b
9. Install the new git package by executing the folling command.
Note: The package name is based on the system architecture. So have a look at the package name located in “git_1.9.1” (could be a different name for you) folder.
sudo dpkg -i git_1.7.9.5-1_amd64.deb
Thats it! Now you will be able to clone and do all the git related activities to your codecommit service. Lets us know if you are not able to rectify the issue after performing all the above mentioned steps.
It is important to get visibility in to status and health of docker environments as the deployments grow larger. In this tutorial, we will look into few options for monitoring Docker containers.
Monitoring container using cAdvisor
cAdvisor is a tool created by google for their own container tool and later they added support for Docker containers. cAdvisor stands for container advisor. It helps you to gain insights on how much resource is being used by Docker containers and also helps you understand the performance characteristics on the running containers. cAdvisor has a GUI and it also exposes api’s to get obtain the data programmatically.
cAdvisor is well suited for monitoring your running containers and its resource usage. There is an official cAdvisor image in docker hub which comes configured with cAdvisor. Using that image is the best way to get started with its functionalities.
In this section we will look in to how to deploy a cAdviosor container to monitor out Docker containers.
Launching a cAdvisor container:
You can launch a cAdvisor container using google’s official image “google/cadvisor”. Launch a cAdvisor container using the following command.
cAdvisor GUI can be accessed on the host port 8080. Point your browser to the IP of the host running cAdvisor followed by port 8080 http://<host IP>:8080.
Sensu is an open source monitoring framework for self-hosted and centralized metric service.
Setting up Sensu server:
In this section we will learn how to set up a Sensu server using a Docker container. To deploy a sensu server, you can make use of a prebuild sensu server Docker image hiroakis/docker-sensu-server. This container will deploy sensu server, uchiwa web interface, rabbit-mq server, redis and sensu api. There is no dedicated functionality to monitor Docker, however, using plugin system you can configure status checks and container metrics.
Before deploying sensu server, you must create a check that has to be loaded in to the server. Follow the instructions below to deploy the sensu server container.
Create a directory named sensu and cd in to it.
mkdir sensu && cd sensu
Create a file name check-docker.json and copy the following content to it.
Now, you will be able to launch the uchiwa dashboard at http://host-ip:3000.
Setting up Sensu client:
Now we have our sensu server up and running. Next step is to deploy sensu clients (agents) on hosts running Docker docker containers.
Follow the instructions below to configure sensu client on nodes running Docker containers.
Create a directory name sensu-client and cd in to the directory.
$ mkdir sensu-client && cd sensu-client
While deploying sensu server, we created a check saying that all sensu agents will be running a script named load-docker-metrics.sh. Create a file name load-docker-metrics.sh and copy the following script on to it. This script uses native Docker API to get the list of running containers, images etc.
Once the sensu client container is launched, the host will get registered to the sensu server in few seconds. Access the sensu uchiva dashboard and you can see the registered client with the checks configured.
If you click on the registered client and see the status of keepalive, all the values will be shown as 0. It means your Docker host is running without any critical issues. If it turns to any non-zero number, it means that the Docker daemon is not running as expected.
Docker client has a native functionality to inspect the resource consumption of Docker containers. You need to specifically mention the names of the containers with “docker stats” command to look in to its stats. If you haven’t specified the CPU usage for a container, the stats command will show the total memory available in the host machine. It doesn’t mean that a container has that much usable resources.
Execute the following command to see the stats of a container.
Syntax: docker stats <container name or id>
$ sudo docker stats tender_kowalevski
To get the more information about container statistics, you can use docker stats api as given below.
