'(Docker as a Full CentOS)

  1. Docker With CentOS 7
  2. Helpers
  3. Vagrant/Virtualbox

Docker has arrived. It’s a "container" system for isolating services. It’s simpler and lighter than a VM, yet easier to use than a jail. But it’s not quite a full OS: it usually lacks things like systemd, cron, sshd, syslog, etc. Some folks are trying to address this for Ubuntu. It turns out that this can also be done with CentOS 7! This all-in-one docker instance becomes a great vehicle for testing deploys (and probably much more).

Ubuntu wasn’t going to work for my needs, but I found a minimal CentOS 7 version of the Ubuntu approach. So now Docker can actually be used for testing deployments with almost real full OSs.

Docker With CentOS 7

On your local host, stop docker if running (to reset IPs) and start up the docker service:

systemctl stop docker.service
systemctl start docker.service

Maci has provided an article and repo to get centos7 working with docker, which this article extends.

Get it (one time ever):

git clone https://github.com/maci0/docker-systemd-unpriv
cd docker-systemd-unpriv

Build (one time ever):

alias dk=docker  # put in ~/.zshrc
dk build --rm -t maci/systemd .

Fire up an instance any time, setting hostname etc:

dk run -h dk1 --rm -t -i -p 2221:22 -v /sys/fs/cgroup:/sys/fs/cgroup:ro maci/systemd /usr/lib/systemd/systemd

Switch to other term.

See the IP:

dk ps
dk inspect 097241cd8024 |grep IPAddress

Test login:

sshpass -p root ssh dk1
# Oops. Wipe existing/offending key.
sed -i '47d' ~/.ssh/known_hosts
sshpass -p root ssh dk1

Manually update the system:

yum update

Optionally save as latest/greatest (see also):

dk commit c0d3c28f5a86 mde/centos71

Manually install the very basics, and set up a deploy user, say “dummy”:

# yum -y install openssh-clients sudo; useradd -m -G wheel dummy; passwd dummy

Get dummy into a good state:

# su - dummy
% ssh somewhere-valid
> yes  # then ^c, just wanted proper .ssh/ dir created

Set up to watch progress in a logged in shell:

% sudo journalctl -xaf

Copy your ssh key onto it:

scp ~/.ssh/id_rsa.pub dk1:~/.ssh/authorized_keys

Run ansible toward it:

time ansible-playbook --skip=skip,security,nondocker -u dummy -b --ask-become-pass -l offsvrs:172.17.0.1 site.yml -v ; beep

When you’re done testing, shut down instance:

dk ps
...
dk stop ea970de7e735

Save the image:

dk save -o centos7-systemd-maci.img.tar maci/systemd:latest
gzip centos7-systemd-maci.img.tar

Archive it to S3:

s3.sh put centos7-systemd-maci.img.tar.gz s3://dockers.example.com

Helpers

Generate hashed password:

python2 -c "from passlib.hash import sha512_crypt; import getpass; print sha512_crypt.encrypt(getpass.getpass())"

Script to quickly remove a key, ~/bin/sshrmkey:

#! /usr/bin/env zsh
# sshrmkey — delete a line containing stale/offending key
line=${1?Must provide offending line}
sed -i "${line}d" ~/.ssh/known_hosts
% sshrmkey 42

Vagrant/Virtualbox

If you really want to avoid Docker but still test your deploy on CentOS 7, you can accomplish much of the same setup with Vagrant.

Install:

y -S vagrant
sudo depmod [3.19.2-1-ARCH]
sudo modprobe vboxdrv

Choose work area:

md ~/exp/vagrant/t1
vagrant init hashicorp/precise32 # OR
vagrant init https://f0fff3908f081cb6461b407be80daf97f07ac418.googledrive.com/host/0BwtuV7VyVTSkUG1PM3pCeDJ4dVE/centos7.box
[vagrant up]??

Log in:

vagrant ssh

Better:

sshpass -p vagrant ssh -p 2200 [email protected]

Add to generated Vagrantfile:

config.vm.provision "ansible" do |ans|
  ans.playbook = "playbook.yaml"
end

Start it:

vagrant up

Create hosts file:

>hosts
[foos]
127.0.0.1:2200

Create a playbook.yaml:

- hosts: foos tasks: - name: install zsh yum: name=zsh state=present

Run ansible:

ansible-playbook -i ./hosts -u vagrant playbook.yml -ksK