Docker Scripts - Leightweight Image and Container Management

A git subproject for docker projects. Provides scripts for docker build, exec and run commands that are becoming unwiedly when one needs many arguments. Tries to be a thin wrapper around the docker CLI similar to docker-compose.

Features:

• Consistently tag image, container, user and network IP-addresses with a 2-digit number (on a single host)

• Tag image with build number (generate build number from docker environment and build dependencies)

• Signed and verify images using SHIVA (Simple Hack for Image Verification and Admission)

• Configuration from a config file, building and running containers with the same script in different projects

• Containers have by default a fixed IP-address based on the container number. This allows load balancer config without dependency on the container to have a dockerd-DNS entry (when not running).

• http(s)_proxy environemnt variables are passed to docker build

• Create a stand-alone bash script for a target system without dscripts (run.sh -w option)

• Kernel capability defaults configured in Dockerfile

• Consistent docker interface for both CI and dev environments with single set of commands

• Pre-build hook: Allow script to modify the build env or Dockerfile before build. This can be used fir tasks like:

  • Download archives or clone github repos before docker build to have better control on updates, or

  • download archives that require manual license confirmation, like Oracle Java

Requirements: - SELinux must be enabled (permissive or enforcing)

Configuration

1. Add this project to your docker project as a subdirectory or git submodule, e.g.

   git submodule add https://github.com/identinetics/dscripts.git
   git add dscripts
   git commit -m 'add submodule dscripts'
   # later, when you clone your project, you need to execute:
   git submodule update --init --checkout

2. From the dscript project copy template files into your project root:

   cp dscript/templates/Dockerfile-centos7.default Dockerfile
   cp dscript/templates/conf.sh.example conf.sh  # if using more than 1 image instance name it confXX.sh and set XX to a unique 2-digit number on your host
   # optional
   cp dscript/templates/build_prepare.sh.default build_prepare.sh
   cp dscript/templates/.gitignore .
   cp -r dscript/templates/install .

   # to update your submodules you may excute:
   git submodule update --remote # git 1.8.2 or above
   cd dscripts && git chekcout master && git pull && cd -  # old version

3. adapt Dockerfile, conf.sh and build_prepare.sh

Usage (local build + run)

dscript/build.sh [-h] [-n container-nr] [-p] [-r]
dscript/run.sh [-h] [-i] [-n container-nr] [-p] [-r] -[R] [cmd]
dscript/exec.sh [-h] [-i] [-n container-nr] [-p] [-r] [cmd]

# auxiliary functions:
dscript/manage.sh [-h] [-n container-nr] cmd

To run multiple XYZ containers on the same system you need to create separate
conf.sh files and build separate images:
E.g. to create XYZ container instance 3:
a) create a file conf3.sh, and set the IMGID=3; and
b) build the container with the -n option, e.g. `build.sh -n 3`
c) run the container with the -n option, e.g. `run.sh -n 3`

Usage (local build + remote run)

# build system
dscript/build.sh [-n container-nr]
dscript/manage.sh [-n container-nr] push
# optional image signature - see SHIVA.adoc
dscript/sign.sh [-h] [-n container-nr]

# run system
# enable "do_not_build" in conf.sh/main()
dscript/run.sh

Usage (run image from public repo )

# enable "do_not_build" in conf.sh/main()
dscript/run.sh

Building images behind a proxy

dscripts support docker build behind an optional proxy. This reuqires:

• http_proxy, https_proxy ftp_proxy and no_proxy set on the docker host

• these 4 env variables will be imported by docker without additional ARG statement in Dockerfile

Generating image build numbers

Dscripts includes the plumbing to increment the build number whenever source or dependencies change. See docs/Buildnumbers.adoc