'(Docker as a Full CentOS)
Docker has arrived. It’s a "container" system for isolating services. It’s simpler and lighter than a VM, yet easier to use than a jail. But it’s not quite a full OS: it usually lacks things like systemd, cron, sshd, syslog, etc. Some folks are trying to address this for Ubuntu. It turns out that this can also be done with CentOS 7! This all-in-one docker instance becomes a great vehicle for testing deploys (and probably much more).
Ubuntu wasn’t going to work for my needs, but I found a minimal CentOS 7 version of the Ubuntu approach. So now Docker can actually be used for testing deployments with almost real full OSs.
Docker With CentOS 7
On your local host, stop docker if running (to reset IPs) and start up the docker service:
systemctl stop docker.service systemctl start docker.service
Maci has provided an article and repo to get centos7 working with docker, which this article extends.
Get it (one time ever):
git clone https://github.com/maci0/docker-systemd-unpriv cd docker-systemd-unpriv
Build (one time ever):
alias dk=docker # put in ~/.zshrc dk build --rm -t maci/systemd .
Fire up an instance any time, setting hostname etc:
dk run -h dk1 --rm -t -i -p 2221:22 -v /sys/fs/cgroup:/sys/fs/cgroup:ro maci/systemd /usr/lib/systemd/systemd
Switch to other term.
See the IP:
dk ps dk inspect 097241cd8024 |grep IPAddress
Test login:
sshpass -p root ssh dk1 # Oops. Wipe existing/offending key. sed -i '47d' ~/.ssh/known_hosts sshpass -p root ssh dk1
Manually update the system:
yum update
Optionally save as latest/greatest (see also):
dk commit c0d3c28f5a86 mde/centos71
Manually install the very basics, and set up a deploy user, say “dummy”:
# yum -y install openssh-clients sudo; useradd -m -G wheel dummy; passwd dummy
Get dummy into a good state:
# su - dummy % ssh somewhere-valid > yes # then ^c, just wanted proper .ssh/ dir created
Set up to watch progress in a logged in shell:
% sudo journalctl -xaf
Copy your ssh key onto it:
scp ~/.ssh/id_rsa.pub dk1:~/.ssh/authorized_keys
Run ansible toward it:
time ansible-playbook --skip=skip,security,nondocker -u dummy -b --ask-become-pass -l offsvrs:172.17.0.1 site.yml -v ; beep
When you’re done testing, shut down instance:
dk ps ... dk stop ea970de7e735
Save the image:
dk save -o centos7-systemd-maci.img.tar maci/systemd:latest gzip centos7-systemd-maci.img.tar
Archive it to S3:
s3.sh put centos7-systemd-maci.img.tar.gz s3://dockers.example.com
Helpers
Generate hashed password:
python2 -c "from passlib.hash import sha512_crypt; import getpass; print sha512_crypt.encrypt(getpass.getpass())"
Script to quickly remove a key, ~/bin/sshrmkey
:
#! /usr/bin/env zsh # sshrmkey — delete a line containing stale/offending key line=${1?Must provide offending line} sed -i "${line}d" ~/.ssh/known_hosts
% sshrmkey 42
Vagrant/Virtualbox
If you really want to avoid Docker but still test your deploy on CentOS 7, you can accomplish much of the same setup with Vagrant.
Install:
y -S vagrant
Set up kernel: http://unix.stackexchange.com/questions/131792/
sudo depmod [3.19.2-1-ARCH] sudo modprobe vboxdrv
Choose work area:
md ~/exp/vagrant/t1
Find a box: http://www.vagrantbox.es/
vagrant init hashicorp/precise32 # OR vagrant init https://f0fff3908f081cb6461b407be80daf97f07ac418.googledrive.com/host/0BwtuV7VyVTSkUG1PM3pCeDJ4dVE/centos7.box [vagrant up]??
Log in:
vagrant ssh
Better:
sshpass -p vagrant ssh -p 2200 [email protected]
Add to generated Vagrantfile
:
config.vm.provision "ansible" do |ans| ans.playbook = "playbook.yaml" end
Start it:
vagrant up
Create hosts file:
>hosts [foos] 127.0.0.1:2200
Create a playbook.yaml:
Run ansible:
ansible-playbook -i ./hosts -u vagrant playbook.yml -ksK