Docker: bad advice

When I was learning to drive a car, at the first lesson the instructor drove into the intersection in reverse, and then said that it was impossible to do that - never did. I remember this rule immediately and for the rest of my life.

You read the “Bad Advice” of Gregory Oster for children, and you see how easy and natural it comes to them, that it is impossible to do so.

About how to write Dockerfile correctly, a lot of articles have been written. But I did not come across instructions on how to write the wrong Dockerfile. Fill this gap. And, maybe, in projects that I receive for support, there will be less such dockerfiles.

All characters, situations and Dockerfile are fictional. If you know yourself, sorry.

Create a Dockerfile, sinister and horrible

Peter (Senior java / ruby ​​/ php developer): Colleague Vasily, have you already uploaded a new module to Docker?

Vasily (junior): No, I didn't manage, I can't deal with this Docker. So many articles on it, eyes run up.

Peter: We have a deadline a year ago. Let's help, we'll figure it out in the process. Tell me what you can't do there.

Basil: I can not choose a basic image to the minimum, but it was all that is needed.

Peter: Take the image of ubuntu, it has everything you need. And what a lot of excess, then more useful. And do not forget to put the latest tag so that the version is always the latest.

And the first line appears in the Dockerfile:

FROM ubuntu:latest 

Peter: What's next, what did we write our module on?

Vasily: So ruby, there a web server and a pair of service daemons should be launched.

Peter: Yeah, what do we need: ruby, bundler, nodejs, imagemagick and so what else ... And at the same time, do an upgrade to get new packages for sure.

Vasily: And we will not create a user so that it is not from under root?

Peter: Oh his, then fool around with the rights.

Vasily: I need time, about 15 minutes, to make it all into one team blind, I read that ...

(Peter rudely interrupts the meticulous and very clever Joon.)

Peter: Write in separate commands, and it will be easier to read.

Dockerfile grows:

 FROM ubuntu:latest RUN apt-get update RUN apt-get upgrade RUN apt-get -y install libpq-dev imagemagick gsfonts ruby-full RUN gem install bundler RUN curl -sL https://deb.nodesource.com/setup_9.x | sudo bash - RUN apt-get install -y nodejs RUN bundle install --without development test --path vendor/bundle RUN rm -rf /usr/local/bundle/cache/*.gem RUN apt-get clean RUN rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* 

Here Igor Ivanovich, DevOps (but more Ops, than Dev) rushes into the office, with shouts:

II: Petya, your developers again broke the prod database, when will it end ...

After a small skirmish, Igor Ivanovich cools down and begins to find out what his colleagues are doing here.

II: What are you doing?

Vasily: Peter helps me compile a Dockerfile for a new module.

II: Let me see ... What did you write here, you clean the repository with a separate command, this is an additional layer ... But how do you add dependencies, if you have not copied the Gemfile! And generally, this is no good.

Peter: Please go about your business, we'll sort it out somehow.

Igor Ivanovich sadly sighs and leaves to figure out who did break the database.

Peter: Yes, but he correctly said about the code, you have to push it into the image. And let's immediately put ssh and supervisor, and how we will start the demons.

Vasily: I will first copy the Gemfile and Gemfile.lock, then put everything in, and then copy the entire project. If the gemfile does not change, the layer will be taken from the cache.

Peter: With all of you with these layers, copy everything at once. Immediately copy. The first line.

Dockerfile now looks like this:

 FROM ubuntu:latest COPY ./ /app WORKDIR /app RUN apt-get update RUN apt-get upgrade RUN apt-get -y install libpq-dev imagemagick gsfonts ruby-full ssh supervisor RUN gem install bundler RUN curl -sL https://deb.nodesource.com/setup_9.x | sudo bash - RUN apt-get install -y nodejs RUN bundle install --without development test --path vendor/bundle RUN rm -rf /usr/local/bundle/cache/*.gem RUN apt-get clean RUN rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* 

Peter: So what next. Do you have configs for supervisor?

Vasily: Nah, no. But I will do it quickly.

Peter: Then do it. Come on now, type the init script that will run everything. So, then, you run ssh, with nohup, so that we can connect to the container and see what went wrong. Then run the supervisor as well. Well, then just run the passenger.

Q: But I read that there must be one process, so Docker will know that something has gone wrong and will be able to restart the container.

P: Do not bother with this nonsense. And in general, how? How do you run all this in one process? Let Igor Ivanovich think about stability, no wonder he gets a salary. Our business is to write code. And in general, let him say thank you that we wrote Dockefile for him.

After 10 minutes and two videos about cats.

Q: I did everything. More comments added.

P: Show me!

Fresh version of Dockerfile:

 FROM ubuntu:latest #    COPY ./ /app WORKDIR /app #    RUN apt-get update #   RUN apt-get upgrade #    RUN apt-get -y install libpq-dev imagemagick gsfonts ruby-full ssh supervisor #  bundler RUN gem install bundler #  nodejs     RUN curl -sL https://deb.nodesource.com/setup_9.x | sudo bash - RUN apt-get install -y nodejs #   RUN bundle install --without development test --path vendor/bundle #     RUN rm -rf /usr/local/bundle/cache/*.gem RUN apt-get clean RUN rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* #  ,   ,    . CMD [“/app/init.sh”] 

P: Great, I like it. And comments in Russian, convenient and readable, everyone would have worked like that. I taught you everything, you can continue. Let's go drink coffee ...

Well, we got a perfectly awful Dockerfile, from the sight of which Igor Ivanovich wants to quit and his eyes will hurt for another week. Dockerfile, of course, could be even worse, there is no limit to perfection. But for a start, and so come down.

I would like to finish with a quote by Gregory Oster:

If you are not firmly

In life, chose the way

And do not know why

Work your way to start,

Beat the light bulbs at the entrances -

People will say thank you.

You will help the people

Take care of electricity.

UPD : The comments ask what is wrong in these Dockerfile. One of these days I will write a separate article with an analysis of errors.