Docker lifecycle automation and testing with Ruby in AWS
My friend and colleague, Stephen Goncher and I got to spend some real time recently implementing a continuous integration and continuous delivery pipeline using only Ruby. We were successful in developing a new module in our pipeline gem that handles many of the docker engine needs without having to skimp out on testing and code quality. By using the swipely/docker-api gem we were able to write well-tested, DRY pipeline code that can be leveraged by future users of our environment with confidence.
Our environment included the use of Amazon Web Service’s Elastic Container Registry (ECR) which proved to be more challenging to implement than we originally considered. The purpose of this post is to help others implement some basic docker functionality in their pipelines more quickly than we did. In addition, we will showcase some of the techniques we used to test our docker images.
Quick look at the SDK
It’s important that you make the connection in your mind now that each interface in the docker gem has a corresponding API call in the Docker Engine. With that said, it would be wise to take a quick stroll through the documentation and API reference before writing any code. There’s a few methods, such as Docker.authenticate! that will require some advanced configuration that is vaguely documented and you’ll need to combine all the sources to piece them together.
For those of you who are example driven learners, be sure to check out an example project on github that we put together to demonstrate these concepts.
Authenticating with ECR
We’re going to save you the trouble of fumbling through the various documentation by providing an example to authenticate with an Amazon ECR repository. The below example assumes you have already created a repository in AWS. You’ll also need to have an instance role attached to the machine you’re executing this snippet from or have your API key and secret configured.
Snippet 1. Using ruby to authenticate with Amazon ECR
require 'aws-sdk-core' require 'base64' require 'docker' # AWS SDK ECR Client ecr_client = Aws::ECR::Client.new # Your AWS Account ID aws_account_id = '1234567890' # Grab your authentication token from AWS ECR token = ecr_client.get_authorization_token( registry_ids: [aws_account_id] ).authorization_data.first # Remove the https:// to authenticate ecr_repo_url = token.proxy_endpoint.gsub('https://', '') # Authorization token is given as username:password, split it out user_pass_token = Base64.decode64(token.authorization_token).split(':') # Call the authenticate method with the options Docker.authenticate!('username' => user_pass_token.first, 'password' => user_pass_token.last, 'email' => 'none', 'serveraddress' => ecr_repo_url)
Pro Tip #1: The docker-api gem stores the authentication credentials in memory at runtime (see: Docker.creds.) If you’re using something like a Jenkins CI server to execute your pipeline in separate stages, you’ll need to re-authenticate at each step. Here’s an example of how the sample project accomplishes this.
Snippet 2. Using ruby to logout
Docker.creds = nil
Pro Tip #2: You’ll need to logout or deauthenticate from ECR in order to pull images from the public/default docker.io repository.
Build, tag and push
The basic functions of the docker-api gem are pretty straightforward to use with a vanilla configuration. When you tie in a remote repository such as Amazon ECR there can be some gotcha’s. Here are some more examples of the various stages of a docker image you’ll encounter with your pipeline. Now that you’re authenticated, let’s get to doing some real work!
The following snippets assume you’re authenticated already.
Snippet 3. The complete lifecycle of a basic Docker image
# Build our Docker image with a custom context image = Docker::Image.build_from_dir( '/path/to/project', { 'dockerfile' => 'ubuntu/Dockerfile' } ) # Tag our image with the complete endpoint and repo name image.tag(repo: 'example.ecr.amazonaws.com/stelligent-example', tag: 'latest') # Push only our tag to ECR image.push(nil, tag: 'latest')
Integration Tests for your Docker Images
Here at Stelligent, we know that the key to software quality is writing tests. It’s part of our core DNA. So it’s no surprise we have some method to writing integration tests for our docker images. The solution will use Serverspec to launch the intermediate container, execute the tests and compile the results while we use the docker-api gem we’ve been learning to build the image and provide the image id into the context.
Snippet 5. Writing a serverspec test for a Docker Image
require 'serverspec'
describe 'Dockerfile' do
before(:all) do
set :os, family: :debian
set :backend, :docker
set :docker_image, '123456789' # image id
end
describe file('/usr/local/apache2/htdocs/index.html') do
it { should exist }
it { should be_file }
it { should be_mode 644 }
it { should contain('Automation for the People') }
end
describe port(80) do
it { should be_listening }
end
end
Snippet 6. Executing your test
$ rspec spec/integration/docker/stelligent-example_spec.rb
You’re Done!
Using a tool like the swipely/docker-api to drive your automation scripts is a huge step forward in providing fast, reliable feedback in your Docker pipelines compared to writing bash. By doing so, you’re able to write unit and integration tests for your pipeline code to ensure both your infrastructure and your application is well-tested. Not only can you unit test your docker-api implementation, but you can also leverage the AWS SDK’s ability to stub responses and take your testing a step further when implementing with Amazon Elastic Container Repository.
See it in Action
We’ve put together a short (approx. 5 minute) demo of using these tools. Check it out from github and take a test drive through the life cycle of Docker within AWS.
Working with cool tools like Docker and its open source SDKs is only part of the exciting work we do here at Stelligent. To take your pipeline a step further from here, you should check out mu — a microservices platform that will deploy your newly tested docker containers. You can take that epic experience a step further and become a Stelligentsia because we are hiring innovative and passionate engineers like you!
Stelligent Amazon Pollycast
|