# Dockerising Protected Planet
## Andrew Potter
MIT licensed

Has anyone ever wasted hours getting an app working before?

On numerous occasions I have spent hours or days getting apps to work.

After many days trying to get it up and running I decided to Dockerise Protected Planet.

Docker works by defining a recipe for how to build an app.

This recipe is known as a Dockerfile.

# What is Docker?

Shipping containers for your apps.

Docker is the name of a few separate components which have been grouped into one container platform called Docker.

Some of these components are: containerd, runc, linuxkit.

I will now explain these components to you.

containerd is an open container runtime which aims to be reliable.

But what is a container?

A container packages up code and dependencies into one.

This can then run the same on different devices or platforms.

runc is for spawning and running containers according to the Open Containers Initiative
specification.

We can run a single container or many on a cluster.

linuxkit allows us to build immutable infrastructure applied to building Linux.

But what is immutable infrastructure?

Traditionally mutable server infrastructure means that servers are updated.

Mutable infrastructure has been irreplaceable and unique.

With immutable infrastructure servers are disposable.

When a server goes down it is simply replaced with a new one.

This solves many problems.

Immutable infrastructure is: consistent, reliable, reproduceable and simpler.

Docker is like a shipping container for your app because it can run anywhere on any device.

We will now define a recipe for how to build an app.

Our first Dockerfile.

Does anyone feel like they would like to save hours or even days of wasted time? Docker has a steep learning curve but I think it personally think it is worth it.

## Our first Dockerfile

When we do something like:

In [None]:
WORKDIR /ProtectedPlanet
ADD Gemfile /ProtectedPlanet/Gemfile
ADD Gemfile.lock /ProtectedPlanet/Gemfile.lock
ADD package.json yarn.lock /ProtectedPlanet/
ADD docker/scripts /ProtectedPlanet/docker/scripts

We actually create a folder inside the docker container called ProtectedPlanet and we add files into that from our local folder.

In [None]:
FROM gentoo/stage3-amd64
LABEL maintainer="andrew.potter@unep-wcmc.org"

RUN emerge --sync && emerge sudo
RUN emerge dev-vcs/git

WORKDIR /gdal
RUN wget http://download.osgeo.org/gdal/2.4.0/gdal-2.4.0.tar.gz
RUN tar -xvf gdal-2.4.0.tar.gz
RUN cd gdal-2.4.0 \
    && ./configure --prefix=/usr \
    && make \
    && make install

In [None]:
WORKDIR /postgres
RUN wget https://ftp.postgresql.org/pub/source/v11.1/postgresql-11.1.tar.gz
RUN tar -xvf postgresql-11.1.tar.gz
RUN cd postgresql-11.1 \
    && ./configure --prefix=/usr \
    && make \
    && make install

WORKDIR /node
RUN wget http://nodejs.org/dist/v10.8.0/node-v10.8.0.tar.gz
RUN tar -xvf node-v10.8.0.tar.gz
RUN cd node-v10.8.0 \
    && ./configure --prefix=/usr \
    && make install \
    && wget https://www.npmjs.org/install.sh | sh

In [None]:
RUN npm install yarn -g

WORKDIR /geos
RUN wget https://download.osgeo.org/geos/geos-3.7.0.tar.bz2
RUN tar -xvf geos-3.7.0.tar.bz2
RUN cd geos-3.7.0 \
    && ./configure --prefix=/usr \
    && make install

ARG USER=protectedplanet
ARG UID=1000
ARG HOME=/home/$USER
RUN useradd --uid $UID --shell /bin/bash --home $HOME $USER

In [None]:
WORKDIR /rvm
RUN curl -sSL https://github.com/rvm/rvm/tarball/stable -o rvm-stable.tar.gz
RUN mkdir rvm && cd rvm \
    && tar --strip-components=1 -xzf ../rvm-stable.tar.gz \
    && ./install --auto-dotfiles

RUN /bin/bash -l -c ". /home/$USER/.rvm/scripts/rvm"
RUN /bin/bash -l -c "rvm install 2.4.1"
RUN chown -R protectedplanet:protectedplanet /home/protectedplanet/.rvm
    
RUN /bin/bash -l -c "gem install bundler"
RUN /bin/bash -l -c "gem install rake"
RUN /bin/bash -l -c "gem install rgeo --version '=0.4.0'" -- --with-geos-dir=/usr/lib

In [None]:
WORKDIR /ProtectedPlanet
ADD Gemfile /ProtectedPlanet/Gemfile
ADD Gemfile.lock /ProtectedPlanet/Gemfile.lock

RUN /bin/bash -l -c "bundle install"

COPY . /ProtectedPlanet

EXPOSE 3000

CMD ["rails", "server", "-b", "0.0.0.0"]

## Are we missing something?

This is how we can build Protected Planet inside Docker.

What about Elasticsearch, Redis, Postgres/PostGIS?

# Docker Compose

A tool for multi-container Docker applications.

We define and run these applications using a docker-compose.yml file

Our first multi-container app

In [None]:
version: '3'
services:
  web:
    build: .
    command: /bin/bash -l -c "bundle exec rails s -p 3000 -b '0.0.0.0'"
    user: protectedplanet
    volumes:
      - .:/ProtectedPlanet
      - protectedplanet_import_data:/import_data
    ports:
      - "3000:3000"
    env_file:
      - '.env'
    depends_on:
      - db
      - redis
      - elasticsearch

In [None]:
  db:
    container_name: protectedplanet-db
    image: kartoza/postgis
    ports:
      - "5432:5432"
    env_file:
      - '.env'
    volumes:
      - protectedplanet_pg_data:/var/lib/postgresql
  redis:
    image: redis
    env_file:
      - '.env'
    volumes:
      - protectedplanet_redis_data:/data

In [None]:
  sidekiq:
     build: .
     volumes:
       - .:/ProtectedPlanet
       - protectedplanet_import_data:/import_data
     links:
       - db
       - redis
     command: /bin/bash -l -c "bundle exec sidekiq"
     user: protectedplanet
     env_file:
       - '.env'

In [None]:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.0
    environment:
      - cluster.name=docker-cluster
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    ports:
      - "9200:9200"
    env_file:
      - '.env'

In [None]:
  kibana:
    image: docker.elastic.co/kibana/kibana:7.0
    ports:
      - "5601:5601"
  webpacker: 
    build: .
    env_file: 
      - '.env'
    command: /bin/bash -l -c "./bin/webpack-dev-server"
    user: protectedplanet
    volumes: 
      - .:/ProtectedPlanet
    ports:
      - '3035:3035'

In [None]:
volumes:
  protectedplanet_pg_data:
    driver: local
  protectedplanet_redis_data:
    driver: local
  protectedplanet_import_data:
    driver: local

# Useful commands:

To bring up the project:

In [None]:
docker-compose up --build

To create the database:

In [None]:
docker-compose run web /bin/bash -l -c "rake db:create"

To import the database dump from production:

In [None]:
docker-compose run -v ~/path/to/sql/dump:/import_database web bash -c "psql protectedplanet-db < /import_database/pp_development.sql -U postgres -h protectedplanet-db"

To migrate to the latest database schema:

In [None]:
docker-compose run web /bin/bash -l -c "rake db:migrate"

To populate the database seeds:

In [None]:
docker-compose run web /bin/bash -l -c "rake db:seed"

To install front end dependencies:

In [None]:
docker-compose run web /bin/bash -l -c "yarn install"

To shutdown:

In [None]:
docker-compose down

An example .env file:

In [None]:
POSTGRES_USER=postgres
POSTGRES_PASSWORD=postgres
POSTGRES_HOST=protectedplanet-db
POSTGRES_MULTIPLE_EXTENSIONS=postgis,hstore,postgis_topology
REDIS_URL=redis://redis:6379/0
NODE_ENV=development
RAILS_ENV=development
WEBPACKER_DEV_SERVER_HOST=0.0.0.0
ELASTIC_SEARCH_URL=http://elastic:elastic@elasticsearch:9200
xpack.security.enabled=false
http.compression=true
transport.tcp.compress=true
transport.compress=true
discovery.type=single-node
COMFY_ADMIN_USERNAME=username
COMFY_ADMIN_PASSWORD=password
PP_HOST=localhost:3000

Missing out a few variables here: AWS, Mapbox, Slack, Code Climate.

# Reducing the build time

Now that we have almost finished the Dockerfile I want to share with you how we can reduce the initial build time to a few minutes.

We can create a Docker base image which has everything we need and upload this to Docker.

Simply by copying most of the existing Dockerfile.

We are then left with simply the following...

# New Dockerfile

In [None]:
FROM unepwcmc/geospatial-base-image

WORKDIR /ProtectedPlanet
ADD Gemfile /ProtectedPlanet/Gemfile
ADD Gemfile.lock /ProtectedPlanet/Gemfile.lock

RUN /bin/bash -l -c "bundle install"

COPY . /ProtectedPlanet

EXPOSE 3000

CMD ["rails", "server", "-b", "0.0.0.0"]

# Your views and opinions

Would you be happy for me to reduce the initial build time to a few minutes?

Do you fear or hate containers and Docker?

Are you concerned about using containers in production?

Let us now discuss your views and concerns.