Long story short
Where should I commit the Dockerfile? In the project codebase or in the devops codebase?
Reasoning details:
Without docker and without CI
In the ancient times, when developing a complex application with multiple code-bases, one normally wanted to have one repo per project and have all the passwords, credentials and dev/test/pre/prod configurations separated from the code.
+-----------------------------------------------------------------------+
| |
| +---------+ +---------+ +---------+ +---------+ |
| | app-1 | | app-2 | | app-3 | | app-4 | |
| +---------+ +---------+ +---------+ +---------+ |
| |
| +----+ |
| | |\ |
| | +-+ |
| | conf | |
| | files| |
| +------+ |
| |
+-----------------------------------------------------------------------+
In the old-ancient times one sysadmin installed the software in the server and then later copied the config files. Back in the 90's usually the sysop had those files in a directory of his own, shared only with the boss.
With CI but still without docker
Later we improved the cycle: in Continuos development/integration environments, "the system" itself needs to be able to clone all those repos and be able to "build" the applications and configure them to be ready to be run. Then copy the build into the servers and configure them accordingly.
This enables all the developers to trigger deploys at production, still not compromising the secret keys.
Before containers, typically the companies had an extra "devops" (AKA CI repo) where we had all those config files organized and know by an script. The CI server (pre-docker) knows all the source-code repos, knows the destination-network-topology, has the passwords to the cloud, and copies/builds/deploys everything in its destination and also configures it, making unnecessary the human intervention provided the servers are up and running.
+-----------------------------------------------------------------------+
| |
| +---------+ +---------+ +---------+ +---------+ |
| | app-1 | | app-2 | | app-3 | | app-4 | |
| +---------+ +---------+ +---------+ +---------+ |
| |
| +----------------+ |
| | devops | |
| +----------------+ |
| | config-1-devel | |
| | config-1-pre | |
| | config-1-prod | |
| | config-2-devel | |
| | [...] | |
| | config-4-prod | |
| +----------------+ |
| |
+-----------------------------------------------------------------------+
CI with Docker
When it comes to make docker play a role in the equation, I wonder if the correct place to have the Dockerfile is inside the application CVS repository or in the devops repository.
Will the Dockerfile go into the app code-base?
Unless we do an open-source code that needs to run in many platforms, usually the companies establish a target platform and the coders "know" the target system will be an Ubuntu, or a CentOs or so beforehand.
On the other hand it is now that the coders themselves touch the Dockerfile as one moe source-code file. This pushes us to think that the Dockerfile fits in each code-base as the app and the system it runs in will be -probably- coupled by needing certain requirements.
+-----------------------------------------------------------------------+
| |
| +-------------+ +-------------+ +-------------+ +-------------+ |
| | app-1 | | app-2 | | app-3 | | app-4 | |
| +-------------+ +-------------+ +-------------+ +-------------+ |
| |Dockerfile-1 | |Dockerfile-2 | |Dockerfile-3 | |Dockerfile-4 | |
| +-------------+ +-------------+ +-------------+ +-------------+ |
| |
| +----------------+ |
| | devops | |
| +----------------+ |
| | config-1-devel | |
| | config-1-pre | |
| | config-1-prod | |
| | config-2-devel | |
| | [...] | |
| | config-4-prod | |
| +----------------+ |
| |
+-----------------------------------------------------------------------+
Or will the Dockerfile go into the devops code-base (AKA the CI server code-base)?
But also it seems the programmer should do the very same lines of code, for example if he is coding a web application, despite it is run under an apache, an nginx or a caddy server... so the "decission" of the runtime seems it should be coded into the devops code-base:
+-----------------------------------------------------------------------+
| |
| +-------------+ +-------------+ +-------------+ +-------------+ |
| | app-1 | | app-2 | | app-3 | | app-4 | |
| +-------------+ +-------------+ +-------------+ +-------------+ |
| |
| +----------------+ |
| | devops | |
| +----------------+ |
| | Dockerfile-1 | |
| | Dockerfile-2 | |
| | Dockerfile-3 | |
| | Dockerfile-4 | |
| +----------------+ |
| | config-1-devel | |
| | config-1-pre | |
| | config-1-prod | |
| | config-2-devel | |
| | [...] | |
| | config-4-prod | |
| +----------------+ |
| |
+-----------------------------------------------------------------------+
In the team we can't clarify the proper way and I've searched but I am unable to find documentation that demonstrates if the different Dockerfiles should be committed into the app repos or in the devops repo (AKA CI repo).
Where should I commit them?
I would suggest to keep it with your application as it should evolve whith the code base.
IMHO best practice is to keep CI code and config with your app, not in separate repo, so you don't have to manage dependencies between app code version and configurations.
Dockerfile into the app code-base
Maybe if the organization have a few and not standardized applications or there are multiple languages with different strategies in the same company, the Dockerfile should be at repository level to allow direct modifications
But what happen if we are talking about dozens/hundreds of microservices?
In that case, the developer should not modify the Dockerfile because it was developed previously by the architect, technical lead or senior developer
Let's imagine a Dockerfile, entrypoint.sh and other required files that are the base for dozens of applications with same nature like java microservices in the same organization. Here some issues to consider if the Dockerfile is into the code-base:
If you need to change something in this Dockerfile, you will have to change in every git repository.
You must put an extra effort to validate developers don't break this Dockerfile, because is the same for all the others microservices. Can we imagine dozens of microservices, with different Dockerfiles, I mean each of those with its own architecture?
If all microservices needs a common file for docker build, you must put this file in every git repository! Example : ssh-key, tokens, scripts, artifact download keys, etc
Dockerfile into the devops code-base
My advice, based on my dozens of applications, is just what you mentioned. Here some advantages:
Just one Dockerfile for all my microsevices (for example).
If I need to upgrade or fix something, just I need to change one Dockerfile and nothing else.
Developers could see and understand this Dockerfile, but never break it.
C.I Platform
If you choose to put Dockerfile into the devops code-base instead into every git repository in your organization, you must need to develop a flow something like this:
Developer pushes code to git repository
C.I Platform receive the notification
C.I Platform clones the app git repository
C.I Platform clones the devops code base, which contains all of Dockerfile of your organization
C.I Platform determine the nature of app, to select the correct Dockerfile and other files like entry-point.sh, etc
C.I Platform copy the Dockerfile into the app source code root folder.
C.I Platform performs a docker build ...
C.I Platform performs a docker push ... if you have a private docker registry (recommended)
Finally, C.I Platform performs an instantiation (docker run) of the docker image in any of remote server (with docker previously installed)
I could recommend you Jenkins, due to its ease of use
Config Files
I advice you, if possible, do not use complex files at build stage of your applications. Open source technologies are good to do that, but if you are using some proprietary language, you're toast :S
Anyway, if you need config files at build stage, you could use:
https://zookeeper.apache.org to store the plain files as node text for every application
https://github.com/jrichardsz-software-architect-tools/configurator if you just need to centralize configuration variables of your applications
Here some information related to externalization of applications configurations: https://stackoverflow.com/a/51268633/3957754
Related
Please note that I have a postgres database as : -
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+------------+----------+-------------+-------------+----------------------------
my_db | admin_user | UTF8 | de_DE.UTF-8 | C | =Tc/admin_user +
| | | | | admin_user=CTc/admin_user +
| | | | | my_readonly=c/admin_user
UPPER function is not working properly on O umlaut characters in this database.
Please advice if there is any settings that can be the issue.
What determines the rules about what is a number or a letter; or the correspondence of small to big letters is LC_CTYPE*. You need it to be something like de_DE.UTF-8 in order to do UPPER for such letters. You have C at the moment.
When creating a DB, Postgres takes these settings from the environment variables in operating system. But you can override them at that point.
*I read CTYPE as Character TYPE
I tried to use Colab Pro's GPU on my local vscode via colab-ssh by using ngrok.
But as you can see below, when I check nvidia-smi on my local vscode terminal, it didn't show Memory-Usage.
What should I do?
Sat Jul 16 04:08:30 2022
+-----------------------------------------------------------------------------+
| NVIDIA-SMI 515.48.07 Driver Version: 460.32.03 CUDA Version: 11.2 |
|-------------------------------+----------------------+----------------------+
| GPU Name Persistence-M| Bus-Id Disp.A | Volatile Uncorr. ECC |
| Fan Temp Perf Pwr:Usage/Cap| Memory-Usage | GPU-Util Compute M. |
| | | MIG M. |
|===============================+======================+======================|
| 0 Tesla P100-PCIE... Off | 00000000:00:04.0 Off | 0 |
| N/A 35C P0 29W / 250W | Function Not Found | 0% Default |
| | | N/A |
+-------------------------------+----------------------+----------------------+
I'm using Cloud Code (extension for Visual Studio Code) and during the deploy, via UI, I'm trying to set the Environment Variables field like this:
KEY1:value1
KEY2:value2,value3
But I'm having this error:
Failed to deploy the app. Error: ERROR: (gcloud.run.deploy) argument --set-env-vars: Bad syntax for dict arg: [value3]. Please see gcloud topic flags-file or gcloud topic escaping for information on providing list or dictionary flag values with special characters. ,Usage: gcloud run deploy [[SERVICE] --namespace=NAMESPACE] [optional flags] optional flags may be --add-cloudsql-instances | --allow-unauthenticated | --args | --async | --binary-authorization | --breakglass | --clear-binary-authorization | --clear-cloudsql-instances | --clear-config-maps | --clear-env-vars | --clear-key | --clear-labels | --clear-post-key-revocation-action-type | --clear-secrets | --clear-vpc-connector | --cluster | --cluster-location | --command | --concurrency | --connectivity | --context | --cpu | --cpu-throttling | --env-vars-file | --help | --image | --ingress | --key | --kubeconfig | --labels | --max-instances | --memory | --min-instances | --namespace | --platform | --port | --post-key-revocation-action-type | --region | --remove-cloudsql-instances | --remove-config-maps | --remove-env-vars | --remove-labels | --remove-secrets | --revision-suffix | --service-account | --set-cloudsql-instances | --set-config-maps | --set-env-vars | --set-secrets | --source | --tag | --timeout | --no-traffic | --update-config-maps | --update-env-vars | --update-labels | --update-secrets | --use-http2 | --vpc-connector | --vpc-egress For detailed information on this command and its flags, run: gcloud run deploy --help
So it seems the comma needs to be escaped. How to do that via Cloud Code UI, please?
If you set the env-var like this: --set-env-var "A=B,C,D" to gcloud, it will treat the comma (,) character as another environment variable declaration and will try to split the value into multiple environment variables. This is explained here in detail.
However, to prevent splitting with commas, you need to specify a different custom delimiter that you’re sure won’t occur in your value string, such as ##:
--set-env-vars "^##^A=B,C,D"
You may also use a format like this as mentioned in the official docs:
--set-env-vars "^#^KEY1=value1,value2,value3#KEY2=..."
I don't think there is a work around here.
We are working to fix this through https://github.com/GoogleCloudPlatform/cloud-code-vscode/issues/560.
For now I could solve that by making "Environment Variables" UI field empty and using a Dockerfile to set the variables, where this syntax works:
ENV KEY1='value1'
ENV KEY2='value2,value3'
Having an issue in production and would really appreciate some help.
We have a manual database vacuum job running starting on Saturday 23:00 (vacuum verbose analyze) in the database is the command used. This morning, checked and it appears the command is still running when looking at pg_stat_activity. The job usually takes 20 mins to complete against this database.
datid | datname | pid | usesysid | usename | application_name | client_addr | client_hostname | client_port | backend_start | xact_start | query_start | state_change | wait_event_type | wait_event | state | backend_xid | backend_xmin | query
-------+----------+-------+----------+------------+------------------+---------------+-----------------+-------------+-------------------------------+-------------------------------+-------------------------------+-------------------------------+-----------------+------------+--------+-------------+--------------+------------------------
16394 | crpsprd | 22525 | 16388 | crpsadmin1 | psql | 154.18.122.76 | | 40480 | 2020-07-18 23:58:02.532968-04 | 2020-07-18 23:58:02.707266-04 | 2020-07-18 23:58:02.707266-04 | 2020-07-18 23:58:02.707268-04 | BufferPin | BufferPin | active | | 146277960 | vacuum verbose analyze
(1 row)
I see below explanation for bufferpin. How can I find out what is blocking this vacuum from accessing the data buffer?
'BufferPin: The server process is waiting to access to a data buffer during a period when no other process can be examining that buffer. Buffer pin waits can be protracted if another process holds an open cursor which last read data from the buffer in question.'
Any advise on this bufferpin wait status. Can I kill this process or will there be any corruption or any other adverse impact?
I've been looking at some workflows for Mercurial recently, as we start using it for our web development. We need an automated way to propagate changes that are pushed to the testing and live instances to multiple endpoints. Here's a diagram of the idea:
+-------+
|Dev |
| |
+-------+
| Push
+--------+
|
V
+-------+ Push +-------+
|Live |<--------|Test |
|server | |server |
+-------+ +-------+
| +-------+ | +-------+
+--->|Live 1 | +--->|Test 1 |
| | | | | |
| +-------+ | +-------+
| |
| +-------+ | +-------+
+--->|Live 2 | +--->|Test 2 |
| | | | | |
| +-------+ | +-------+
| |
| +-------+ | +-------+
+--->|Live 3 | +--->|Test 3 |
| | | |
+-------+ +-------+
Basically, the idea is that all that we as the developers would have to do is, once the development has reached a stable level, to issue the push command (which doesn't necessarily have to just be a hg push) to the test server, and from there it would automatically propagate out. Then, once testing is done, we'd push it from test to live (or, if it would be easier, we could push from dev to live), and that would also propagate out to each of the different instances.
It would be nice if we could add new test and live instances fairly easily (e.g. maybe if the IPs were stored in a database that could be read by a script, etc...).
What would be the best way to accomplish this? I know about Mercurial hooks. Maybe an in-process script that the hook would run? I've also looked into Fabric, would that be a good option?
Also, what kind of support software would each of the endpoints need? Would it be easiest if a Mercurial repository existed on each server? Would SSH access be beneficial? Etc...
I've done something like this using Mercurial, Fabric, and Jenkins:
+-------+
| Devs |
+-------+
| hg push
V
+-------+
| hg | "central" (by convention) hg repo
+-------+\
| \
| +--------------+
| Jenkins job | Jenkins job
| pull stable | pulls test
| branch & compile | branch & compile
| +-------+ |
| +----|Jenkins|-----+ |
| | +-------+ | |
V | | V
+-------+ +-------+
| "live"| | "test"| shared workspaces ("live", "test")
+-------+ +-------+
| Jenkins job | Jenkins job <-- jobs triggered
| calls fabric | calls fabric manually in
| +-------+ | +-------+ Jenkins UI
|--> | live1 | |--> | test1 |
ssh | +-------+ ssh | +-------+
| +-------+ | +-------+
|--> | live2 | |--> | test2 |
| +-------+ | +-------+
| ... | ...
| +-------+ | +-------+
+--> | liveN | +--> | testN |
+-------+ +-------+
I don't have a repo on each web server; I use fabric to deploy only what is necessary.
I have a single fabfile.py (in the repo) that contains all the deploy logic
The set of servers (IPs) to deploy to is given as a command line arg to fabric (it's part of the Jenkins job config)
I use Jenkins shared workspaces so I can separate the tasks of pulling and compiling from actually deploying (so I can re-deploy the same code if necessary)
If you can get away with a single Jenkins job that pulls-compiles-deploys, you'll be happier. The shared workspaces thing is a hack I have to use for my setup, and has downsides.
To directly address some of your questions:
Devs working on the test branch can push at their leisure, and collectively decide when to run the Jenkins job to update the test environment
When test is happy, merge it to stable and run the Jenkins job to update the live environment
Adding a new web box is just a matter of adding another IP to the command line used to invoke fabric (i.e. in the config for the Jenkins job)
All servers will need ssh access from the Jenkins box