Docker implementation for a small project in Production

This article is dedicated to everyone who still thinks, and should I bother with this technology having a small virtual machine on one of the well-known hosters and what will it give me in the end.
Those who are interested are welcome under cat.

I hasten to note that this article is not a complete guide to action, but merely describes one of the possible scenarios for deploying your own server.
')
I have extensive experience working with various hosting providers, I can choose a site for both large and small projects, I know the pros and cons of some sites and I have my own opinion. Since this is an informative article and not an advertising article, we will not operate with the final site names. And we will set only several conditions:

1. The latest development version of the OS, without any unnecessary components, the latest version of Docker, how to install it is described in detail in the documentation .
   
   
2. Another great way is to use an OS created specifically for containers, for example CoreOS

I will dwell in more detail on option number 2, since I chose it for myself. Initially, I chose between RancherOS and CoreOS, but during the first period of operation I found many flaws, problems and inconveniences, and then decided to abandon its use. For those who are interested in what kind of OS, he can easily cope with Google and look for information about it. In short, this is fork, but CoreOS but the only system services are Docker containers. In general, they are quite similar, each has its own features. But the lack of good documentation for me, the lack of good documentation, the ability to perform a number of settings via cloud-config and a couple more moments of utilization of memory and system resources became a disadvantage of the rancher. Not to mention the fact that the file system structure is cleared to its original state except for the / opt and / home folders. Also, one of the drawbacks of this distribution was that by default, like all Linux distributions, it is set to the UTC time zone, but there was no way to change this in the console after installation, and you had to completely change the console to any supported one, for example CentOS or Ubuntu, which is not very convenient, takes extra time and disk space. Also, the initialization commands from cliud-config and user-config are executed only in the context of our console. Therefore specific. Everything is fine with CoreOS, you can do this:

cp /usr/share/zoneinfo/Europe/Moscow /etc/localtime 

And after forwarding these settings in any of our containers. Another problem was the creation of a start-up script, which Rancher should execute after installation, the script was successfully created, but not executed. Although the rights were established correctly. As far as working with it, a lot of minor issues arose, in consequence of which it was decided to abandon its use. And choose CoreOS, which by the way out of the box supports clustering, which is not the case at all in RancherOS. In addition, CoreOS can work with Docker containers as well as with its own Rocket (rkt), which is of course a plus. Another feature of CoreOS is auto updates, which it requests very often, and if it is received, it will restart all of it completely, of course, it is fixable at the installation stage or in the user configuration file, but the developers themselves recommend not to change this value and allow the OS to reboot when you have a cluster, and services automatically migrate to the nodes it is not so critical, but if you have 1 server, then perhaps this feature will be critical to service downtime in a few minutes. Although to be honest, the download is very fast.

In general, both installation options have no differences, except that one OS is so minimalistic that it does not even have a package manager. But no one forbids deploying containers on the usual distribution. I did not want to have any extra software on the host machine, and I believe that I can install any utilities or programs in the container I need, which I can remove at any time without violating the integrity of the OS itself.

First, install CoreOS on our server, if your operator allows you to download this image. Initially, you need to create a cloud-config.yml configuration file in YAML format:

 #cloud-config hostname:    #        write_files: - path: /etc/systemd/timesyncd.conf content: | [Time] NTP=0.ru.pool.ntp.org 1.ru.pool.ntp.org #     sshd write_files: - path: /etc/ssh/sshd_config permissions: 0600 owner: root:root content: | #   . UsePrivilegeSeparation sandbox Subsystem sftp internal-sftp PermitRootLogin yes PasswordAuthentication no ChallengeResponseAuthentication no Port    PrintLastLog yes PrintMotd yes SyslogFacility AUTHPRIV RSAAuthentication yes PubkeyAuthentication yes PermitEmptyPasswords no UseDNS no UsePAM yes coreos: units: #     - name: 10-static.network runtime: true content: | [Match] Name=     [Network] DNS=8.8.8.8 DNS=8.8.4.4 Address=192.168.100.100/24 Gateway=192.168.100.1 DHCP=no #       Europe/Moscow - name: settimezone.service command: start content: | [Service] ExecStart=/usr/bin/timedatectl set-timezone Europe/Moscow RemainAfterExit=yes Type=oneshot #    sshd     - name: sshd.socket command: restart runtime: true content: | [Socket] ListenStream=    FreeBind=true Accept=yes #  ,         syslog   - name: journalctl-output.service command: start content: | [Service] Type=simple Restart=always TimeoutStartSec=60 RestartSec=60 ExecStart=/usr/bin/bash -c '/usr/bin/journalctl -o short -f | /usr/bin/ncat _ ' ExecStop= [Install] WantedBy=multi-user.target ssh_authorized_keys: -   ,           

I deliberately do not configure the user, and other parameters, since I have brought the minimum configuration so that your server can work to accept connections safely and be ready to launch the necessary containers.

For those who do not have a network, after booting from the CoreOS installation disk, you can configure the networks manually:

 sudo ifconfig _ add _ip sudo route add -net 0.0.0.0/0 _ sudo echo nameserver 8.8.8.8 > /etc/resolv.conf 

The first line will assign our address to our map, the second will prescribe the route to all networks through this map, and the third line will register the DNS server to us, unfortunately in the base image the resolv.conf file does not even have links to the Google server, and without this line at the installation stage we get an error.

In order to make it easier for us to upload an arbitrarily large config to our server, we can make a small adjustment.

1. Change password to user core with sudo passwd core ;
2. Connect to the server via ssh;
3. Make a copy-paste config after the vi cloud-config.yml .

Next, perform the installation command:

 sudo coreos-install -d /dev/sda -c cloud-config.yml 

Where we tell the system to install on the first disk, it will make the partitioning of volumes, and the configuration file to take this one. By the way, you can switch the installation branch, by default Stable goes but I did not do that.

After installation we reboot, and our system is ready for use of Docker containers, and I can describe what and how I use in the next part, if it is interesting.

Please do not kick much, this is my first article on Habre) Thank you all for your attention!