РИТ++ 2017, Root Conf
Зал Пекин + Шанхай, 6 июня, 17:00
Тезисы:
http://rootconf.ru/2017/abstracts/2504.html
В своём докладе я расскажу о том, почему мы решили использовать Docker в рамках Continuous Integration: ускорить тесты, повысить стабильность, улучшить контроль над окружением и используемыми библиотеками.
Доклад так же содержит подробности о многих сложностях, с которыми пришлось столкнуться в ходе миграции на Docker: борьба с растущим числом и размером образов, бесконтрольные обновления образов, нестабильное поведение, и другие.
В конце доклада я покажу, как именно мы следим за стабильностью Docker в нашей инфраструктуре. И насколько Docker стабилен на больших объемах (больше 100k билдов в сутки).
3. Agenda
• Context
• Very naive time
• Start Project Docker
• Something went wrong
• Chaos
• Still not perfect
• New day - new challenges
• Monitoring
• Morale
5. Context
• Self-hosted Jenkins
• Cloud based + target hardware in the labs
• Tons of configured project
• All changes are going through pre-commit
validation pipelines
• Different platform and different products
• Our users are our colleagues
7. Mutable host
- Yes, I really want to change /etc/
hosts for my integration test
- …
8. One agent - one package
You don’t want to mix some stuff
on one host
• one version of python
• one version of system library
• one version of everything
9. New package - new pain
- Oops, I didn’t know that
libXYZ-1.2 comes with new API
compare to libXYZ-1.1
10. Painful verification process
To test new package you need:
• new node
• new label
• cloned job (multiple jobs?)
• … but it’s used in 100+ projects…
11. Bad utilization
Some nodes are needed only in
rare cases
I want to test only on CentOS 5! It’s
my favourite production OS!
13. External dependency
It’s not safe to query Internet in
pre-commit
> Could not resolve commons-io:commons-io:2.4.
> Could not get resource https://jcenter.bintray.com/commons-
io/commons-io/2.4/commons-io-2.4.pom
> Received status code 500 from server: Internal Server Error
15. Docker is so awesome!
• We can control docker content
• CI builds are reproducible locally
• Tests do not affect each other
• We can cache stuff in docker
30. New image - new pain
docker pull my_product:latest
docker pull test:latest
sha256:12d30ce421ad530494d588f87b2328ddc3ca
Status: Downloaded newer image for test:latest
31. New image - new pain
docker pull my_product:latest
docker pull test:latest
sha256:12d30ce421ad530494d588f87b2328ddc3ca
Status: Downloaded newer image for test:latest
docker pull test:latest
sha256:01a21daf124543213d1a0514523612345198
Status: Downloaded newer image for test:latest
32. New image - new pain
docker pull my_product:latest
docker pull test:latest
sha256:12d30ce421ad530494d588f87b2328ddc3ca
Status: Downloaded newer image for test:latest
docker pull test:latest
sha256:01a21daf124543213d1a0514523612345198
Status: Downloaded newer image for test:latest
33. Testing new images in pre-commit
• tag as a version number
• versioning is mandatory (no
“latest” anymore!)
• overrides are not allowed
• actual version is defined in config
file (pre-submit testable now)
34. Timeouts
“docker pull” times out
docker pull my_image:1.0
b6f892: Downloading [===========> ] XX MB/YY MB
55010f: Downloading [============> ] XX MB/YY MB
2955fb: Downloading [=============> ] XX MB/YY MB
35. Timeouts
New feature in Timeout Plugin ->
Step with timeout
All images are backed in AMI itself
41. Let’s share common stuff
FROM base:1.0
RUN apt-get install
gcc-4.9 python
FROM base:1.0
RUN apt-get install
gcc-4.9 nodejs
Base images
42. Let’s share common stuff
Base images
FROM ubuntu:16.04
RUN apt-get install
gcc-4.9
FROM base:1.0
RUN apt-get install
python
FROM base:1.0
RUN apt-get install
nodejs
44. Docker image should do one thing only
Need something? Just put to the
basic image and enjoy!
45. Docker image should do one thing only
Split base image to build and test
images
- base image for building
- base image for testing (no -dev
packages)
- do not mix different tests
74. Morale
• There is no silver bullet
• Consider Dockerfile as a source code
• Build monitoring for your CI
• Docker is under development (still)
• Docker really helps to stabilize CI
pipelines