I want to learn Docker. We also need to rebuild our VM appliances with Debian 8 (Jessie). Hmm... How about leveraging Docker in our new VM appliances? Maybe we can lower the risk of clobbering app's when applying security updates on the VM's and get some great deployment benefits.
Excellent! We'll get some work done and learn some new stuff too.
Some interesting notes about this experience:
- Docker has a friendly learning curve. I was delving into the advanced stuff almost right-away without getting lost.
- The hardest part for me was installing Docker. Doing so on Debian 8 isn't well documented. The only reliable method I found was using Docker's magic script (here).
- Resources I kept turning back to:
- Docker Help: `$ docker` and `$ docker COMMAND --help`
- Docker User Guide
- Dockerfile Reference
- Dockerfile Best Practices
- Official Repositories on Docker Hub
- A Docker image build is usually created from (2) simple files:
- `Dockerfile` - Describes how to build a new app container
- `entrypoint.sh` - Shell script to bootstrap your app container on first run
- You can use and share Docker images on Docker Hub.
- You can easily create automated builds of these images from your GitHub repositories.
- My images are based on some great examples on Docker Hub:
- My open source images:
- genebarker/frontaccounting - FrontAccounting on Debian 8 (Jessie) with support for strict HTTPS (HSTS)
- genebarker/gollum - Gollum on Debian 8 (Jessie) with support for strict HTTPS (HSTS)
- Current approach to keep my containers small, generic, and ephemeral:
- Use official Debian image as a base (debian)
- Use volumes on the host for persistent file storage
- Bootstrap the container settings via an `entrypoint.sh` script
- Creating great images for containers is harder than it looks. Getting the configuration 'just right' takes time, But at least you only have to do this work once!
- Once you have your images built, it's a breeze to spin-up containers and deploy your app's.
- Be very security conscious when using Docker. Make sure you understand each build's `Dockerfile` / `entrypoint.sh` combo line-by-line (it's only a page or two, you can do it).
- Given the youth of Docker, expect significant changes in the near term to address security.
Go ahead, dive in, the water's nice.