New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mimiced Vagrant Setup #12

Closed
schrapel opened this Issue Jul 14, 2015 · 31 comments

Comments

Projects
None yet
4 participants
@schrapel
Copy link
Contributor

schrapel commented Jul 14, 2015

Is there an easy way to mimic this setup with Vagrant when developing locally? And how do you currently deploy the db/files from local to staging/production?

@drybjed

This comment has been minimized.

Copy link

drybjed commented Jul 14, 2015

Some tips about using DebOps with Vagrant can be found in https://github.com/debops/examples repository.

@carlalexander

This comment has been minimized.

Copy link
Owner

carlalexander commented Jul 14, 2015

As @drybjed mentioned, there's the examples repository with some Vagrant examples. I've thinking a bit about it (was on vacation last week). I'm leaning towards is skipping Vagrant and just doing a Docker container.

At WordCamp Montréal, I talked to a few people/speakers that were following the development of VVV and other Vagrant tools. A lot of the mind space is moving away from Vagrant to Docker (and just lxc containers). They're faster and work as both a development and production tool. It might also end up being easier than using Vagrant with the vai plugin.

As for db/file deployment, what do you mean? Like automated tools? I have a cookbook I want to do (in #5) that deals with migrating a site. It'll show what to do using FTP for files and just simple SQL export/import. There's other database migration tools/plugins if you need something a bit more complex.

For something more complex (using Capistrano), I'll need to finish the bedrock support to do it. I'd try to create a stand alone role for Capistrano so that you could use it without Bedrock.

I'm trying to not force anyone to change their workflow to use the server. That's why things a pretty open ended at the moment.

@schrapel

This comment has been minimized.

Copy link
Contributor

schrapel commented Jul 14, 2015

Docker makes more sense actually. Didn't think of that.

Yeah, I was asking about automated tools. I agree about not forcing anyone to change their workflow and I was just curious to what you use at the moment. Bedrock replaced Capistrano with CLI tools and there are many other solutions out there but I've not found one that I thought worked really well with WordPress yet.

@carlalexander

This comment has been minimized.

Copy link
Owner

carlalexander commented Jul 14, 2015

So I don't have much recent experience with automated tooling with WordPress, I've spent the last few years in the Symfony world. There I used a combination of Capistrano and Doctrine fixtures to automate all the code and database deployment. It was pretty magical in the Symfony world.

My blog is migrated to bedrock on my local machine. The plan was to add support for it and Capistrano here. I see they broke that into its own bedrock-capistrano repo. That's not a bad idea since I've started looking at Rocketeer as an alternative to it. I might still add Capistrano support first since I'm more familiar with it.

As for fixtures in WordPress, I haven't seen anything like that ever. It'd be something cool to build out, but I don't think it's in the near future. Otherwise, most people use database migration tools, plugins or wpcli command.

@schrapel

This comment has been minimized.

Copy link
Contributor

schrapel commented Sep 27, 2015

I just found a couple of capistrano tasks that may help out when you plan to integrate capistrano. One for syncing uploads folder and one for syncing the database. It'll need a few changes but should be good

https://gist.github.com/schrapel/206ff78bd7f10a898989
https://gist.github.com/schrapel/fb6103dd2e6f2be6da9b

@schrapel

This comment has been minimized.

Copy link
Contributor

schrapel commented Sep 27, 2015

@carlalexander Just been playing around with Rocketeer and really liking it. I'm going to get it working for this, the only change I guess would be updating the virtualhost document root to the current folder in releases.

@carlalexander

This comment has been minimized.

Copy link
Owner

carlalexander commented Sep 27, 2015

Awesome! Thanks @schrapel.

Bedrock and automated deployments is next on the features I wan't to work on. I still haven't had time to do a documentation pass for the last few features I added so I need to finish that first. Hoping to tackle this in the next few weeks.

@schrapel

This comment has been minimized.

Copy link
Contributor

schrapel commented Dec 2, 2015

@carlalexander do you have any idea when we would be able to use this locally with Docker or similar? It's the only thing that holds it back for me, using different dev and production environments.

@carlalexander

This comment has been minimized.

Copy link
Owner

carlalexander commented Dec 3, 2015

Yep! I'm at WordCamp US this week so won't have time. It's near the top. I just got distracted by all the sweet PRs @ypid sent. 😉

I also have to look at how I can lock down the DebOps versions. I know @drybjed told me we could do it. I think it's important for something like this. That way we can be sure the container stays consistent.

@carlalexander

This comment has been minimized.

Copy link
Owner

carlalexander commented Dec 11, 2015

I started doing this with Docker this week. I was exploring the idea that we could run debops inside the container and configure it that way. We'd mount the relevant shares like /secret and /var/www so that you could gain access to the passwords and such.

This seemed to be better than a standard docker-compose setup with container linking. DebOps doesn't seem to mesh very well with that concept. We're running a single server setup. There's no need for it. We'll still use docker-compose for drive mounting.

Below is the current Dockerfile. The idea is that the directory structure will somewhat mirror the one from the debops-wordpress project. You have the /inventory folder that'll get copied over. We'll mount the /secret and /var/www.

FROM ubuntu:trusty

MAINTAINER Carl Alexander

RUN apt-get update \
 && apt-get install -y \
      python python-dev \
      python-pip \
      git \
 && apt-get clean \
 && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

RUN pip install ansible debops passlib pycrypto

RUN debops-update

RUN git clone https://github.com/carlalexander/debops-wordpress.git /srv/ansible/

WORKDIR /srv/ansible

COPY ./inventory/hosts inventory/hosts

RUN debops

The hosts file looks like this at the moment:

[debops_all_hosts]
localhost ansible_connection=local

[wordpress]
localhost ansible_connection=local

That said, I haven't managed to get that far. Running the debops command stalls at the same place everytime. I've tried using -vvvv, but the output just stops. Running debops > nul returns:

Service 'debops' failed to build: The command '/bin/sh -c debops > nul' returned a non-zero code: 2

It seems to stall everytime in debops.dhparam doing Generate Diffie-Hellman params on Ansible Controller. I'm wondering if it's because we're using ansible_connection=local. Has DebOps been tested using that @drybjed?

Anyhow, I couldn't sleep because of a cold. I figured I'd try to get a prototype up and running.

EDIT: On further thought, I kinda remember that this task took a long time. I'm wondering if it's a timeout or something. Not too sure how to test that. Do we need it on a development environment?

@drybjed

This comment has been minimized.

Copy link

drybjed commented Dec 11, 2015

One thing that comes to mind is that I try to not use localhost in the playbooks as a host that can be managed. The localhost host is expected to be similar to a "self" concept in programming - I use it to refer to Ansible Controller that way, so tasks can be delegated to it safely. Since that debops.dhparam task you mentioned somehow fails, I think this might be related.

I would try to change the default inventory to have some other name than localhost, any way to do that in Docker? You could also try and set smaller DHparam sizes in the role configuration to test if it passes because the default 3072 will take a long time to generate on a virtual host/container.

@carlalexander

This comment has been minimized.

Copy link
Owner

carlalexander commented Dec 11, 2015

Yeah, I haven't tried tweaking the parameters. As for not using localhost, I'll be honnest and I didn't try to use 127.0.0.1. 😛

I'll give that a try on the next round of testing. I'll also add some default variables to reduce dhparam.

@carlalexander

This comment has been minimized.

Copy link
Owner

carlalexander commented Dec 11, 2015

127.0.0.1 still gave me issues. Does openssh-server let you connect to yourself? Not too sure, it's meant to work. That said, dhparam_bits: [ '512' ] worked fine! I got to the end, but still got:

Service 'debops' failed to build: The command '/bin/sh -c debops' returned a non-zero code: 2

I think something failed. Not sure what. Too tired/sick lol

@drybjed

This comment has been minimized.

Copy link

drybjed commented Dec 11, 2015

Remember that the debops script just sets up the environment and starts ansible-playbook with a set of options. You could replace the debops command by, say:

ansible-playbook -i /srv/ansible/inventory/hosts ~/.local/share/debops/debops-playbooks/playbooks/site.yml

When you specify a host in inventory with ansible_connection=local, Ansible does not use ssh at all.

@carlalexander

This comment has been minimized.

Copy link
Owner

carlalexander commented Dec 11, 2015

I know that. I didn't use local with 127.0.0.1. It's a bit hard to debug right now, but I think the new issue is because of the local connection. I need to check what the default options are for sshd. root might be blocked.

@carlalexander

This comment has been minimized.

Copy link
Owner

carlalexander commented Dec 12, 2015

I found the new issue. It seems to be related to this issue with locale_gen on Ubuntu. I'm not too sure why the whole thing works on Digital Ocean, but they must do something to their stock image.

@carlalexander

This comment has been minimized.

Copy link
Owner

carlalexander commented Dec 13, 2015

Resolved the issue by adding RUN echo "en_US.UTF-8 UTF-8" > /var/lib/locales/supported.d/local to the Dockerfile. The newest issue is with Postfix. I think it might be similar to #26. The service just fails to restart and just throws a "fail!".

I figure it might be hostname related. During docker-compose build, the hostname is just uses a random string. It's not a good FQDN. Unfortuntely, running -vvvv doesn't give any useful output either.

@schrapel

This comment has been minimized.

Copy link
Contributor

schrapel commented Dec 13, 2015

Appreciate your effort on this.

@carlalexander

This comment has been minimized.

Copy link
Owner

carlalexander commented Dec 14, 2015

No worries @schrapel! I'm not sure I'm going at it the right way either, but there isn't that much information to go on.

@carlalexander

This comment has been minimized.

Copy link
Owner

carlalexander commented Dec 21, 2015

Been playing around and testing things. The postfix issue seems to be related to the Reload postfix handler. I tried to find out why, but I can't get any logs to show anywhere (mail, syslog, daemon, etc). Ansible tries to restart postfix and it just fails without an error message logged anywhere.

The weird thing I noticed is that Reload postfix doesn't do a reload. It does a restart. It must do it differently because it runs right after Restart postfix which works fine. I replaced the Reload postfix notification with Restart postfix and it worked fine. Is this something we can change in debops.postfix @drybjed?

Now, I'm having issues further down the script. I'll start looking at that next.

@drybjed

This comment has been minimized.

Copy link

drybjed commented Dec 21, 2015

It might be because handlers in debops.postfix are all over the place... I guess I'll just do "Check and restart postfix" everywhere, that should clear things up a bit.

@carlalexander

This comment has been minimized.

Copy link
Owner

carlalexander commented Dec 21, 2015

There's only one Reload postfix. Submitted a PR! 😉

@carlalexander

This comment has been minimized.

Copy link
Owner

carlalexander commented Jan 11, 2016

Was able to get back to this today. Ran into a few issues that I worked around as I went. Here's the major summary.

The first issue was around debops.sshd. I got the following error when it runs:

Missing privilege separation directory: /var/run/sshd

I figured that, since we're working with ansible_connection=local, we could skip it! So I changed the command to RUN debops --skip-tags role::sshd and that worked!

I moved on to the next step which is RUN debops wordpress. I thought we might be in the clear, but that wasn't to be. I'm getting an error when debops.mariadb tries to create the databases. It tries to connect with ssh, but, since we skipped debops.sshd, it didn't work. I'm also not sure if it's related to this issue.

TASK: [debops.mariadb | Create databases] *************************************
fatal: [localhost -> b4a0b458150e] => SSH Error: ssh: connect to host b4a0b458150e port 22: Connection refused
    while connecting to 172.17.0.2:22

I fixed it by putting in mariadb_delegate_to: 127.0.0.1 . This fixed the issue, but might not be the cleanest workaround. That said, I had a note to try to tie wordpress_database_server to the delegate_to value since they should be the same. This would probably fix it in a better way.

So I got to a point where the container builds, but I haven't configured it to run yet. I'll do that next time I sit down to work on it.

@carlalexander

This comment has been minimized.

Copy link
Owner

carlalexander commented Jan 17, 2016

I'm wondering if there's a way to fix the mariadb_delegate_to issue. I tried updating the project to pass mariadb_delegate_to:

  - role: debops.mariadb
    tags: [ 'depend::mariadb', 'depend::mariadb:wordpress', 'depend-of::wordpress', 'type::dependency' ]
    mariadb_databases:
      - name: '{{ wordpress_database_name }}'
    mariadb_users:
      - name: '{{ wordpress_database_user }}'
        password: '{{ wordpress_database_password }}'
        host: '{{ wordpress_database_server }}'
        priv: '{{ wordpress_database_name }}.*:ALL'
        state: 'present'
    mariadb_delegate_to: '{{ wordpress_database_server }}'

This didn't work. I replaced mariadb_delegate_to: '{{ wordpress_database_server }}' to mariadb_server: '{{ wordpress_database_server }}'. That worked, but looking at the debops.mariadb code. I'm not sure it'll have the desired effect. I think I'll still need to force mariadb_delegate_to.

@carlalexander

This comment has been minimized.

Copy link
Owner

carlalexander commented Jan 19, 2016

So I managed to get a working container going, but there was a few snags. None of the services were started. I had to connect to the container and start them by hand. This can be fixed with an entrypoint script, but still weird. I thought all the services would start automatically.

I also didn't get the VOLUME directive stuff to work. I was hoping to mount the secret, /var/www and mysql folders. I'll need to investigate further on that stuff.

I was having container building issues with debops.pki, but those were fixed by using Ansible 1.9.4.

@carlalexander

This comment has been minimized.

Copy link
Owner

carlalexander commented Jan 19, 2016

Ok, I did more research. Services aren't supposed to start by default. Because we have so many services to start, the recommended solution is to use supervisor.

@carlalexander

This comment has been minimized.

Copy link
Owner

carlalexander commented Jan 24, 2016

So I got the supervisor setup working and the whole container builds and runs great! With that out of the way, I moved on to mounting data volumes. I thought this would be easy, but it's causing me a lot of headaches.

The culprit is this longstanding issue with boot2docker on OSX. It's a long read. That said, there was a good solution in it that works.

But now I'm running into issue with the file upload. nginx doesn't like file uploads over 4kb if I implement the boot2docker solution. There's an issue about it in the official nginx Docker image repo. That said, the fix doesn't seem to work.

I'm going to keep trying to fix it, but I might try to just see if the setup works with dinghy which is an alternative to boot2docker on OSX. It's a bit annoying, but, until they fix it, that might be the way to go.

@caramiame

This comment has been minimized.

Copy link

caramiame commented Jan 24, 2016

I'm not sure if this is helpful to you but I ran across this the other day and in some way it seems like it might apply to this issue, maybe?
https://github.com/gansbrest/dockerfiles/tree/master/php/nginx-fpm-5.3
http://distinctplace.com/infrastructure/2014/09/24/docker-vm-shortcomings-and-how-hodor-can-help/

Docker + Hodor for simple and reliable dev setup

|   |
|   | |   |   |   |   |   |
| Docker + Hodor for s...Prerequisites Here is real world scenario: You have this project you are working on, it requires php 5.3 (... |
| |
| View on distinctplace.com | Preview by Yahoo |
| |
|   |

On Sunday, January 24, 2016 12:27 PM, Carl Alexander <notifications@github.com> wrote:

So I got the supervisor setup working and the whole container builds and runs great! With that out of the way, I moved on to mounting data volumes. I thought this would be easy, but it's causing me a lot of headaches.The culprit is this longstanding issue with boot2docker on OSX. It's a long read, there was a good solution in it that works.But now I'm running into issue with the file upload. nginx doesn't like file uploads over 4kb if I implement the boot2docker solution. There's an issue about it in the official nginx Docker image repo. That said, the fix doesn't seem to work. I'm going to keep trying to fix it, but I might try to just see if the setup works with dinghy which is an alternative to boot2docker on OSX. It's a bit annoying, but, until they fix it, that might be the way to go.—
Reply to this email directly or view it on GitHub.

@carlalexander

This comment has been minimized.

Copy link
Owner

carlalexander commented Jan 24, 2016

Thanks @caramiame! I'll take a look at that!

@carlalexander

This comment has been minimized.

Copy link
Owner

carlalexander commented Jan 29, 2016

Alright, we're pretty much there! Fixed most of the kinks. The container is pretty barebone compared to VVV. That said, it's almost identical to a production server which was what @schrapel wanted.

This is going to go into its own repo as soon as I have a bit of time to write a bit of documentation.

@carlalexander

This comment has been minimized.

Copy link
Owner

carlalexander commented Feb 2, 2016

To follow up on the Twitter conversation @drybjed, I mentioned the problem with debops.sshd earlier. It's still:

NOTIFIED: [debops.sshd | Test sshd configuration and restart] *****************
failed: [localhost] => {"changed": true, "cmd": ["sshd", "-t"], "delta": "0:00:00.113643", "end": "2016-02-02 12:32:44.710560", "rc": 255, "start": "2016-02-02 12:32:44.596917", "warnings": []}
stderr: Missing privilege separation directory: /var/run/sshd

So it's not so much that it doesn't install, but it doesn't install in a way that we can restart the service. This isn't too surprising. I've had to fix a few things in /run to work with Docker when the container starts. The difference here is that it happens while Ansible runs which blocks the rest of the playbook.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment