The Docker Management Container (or DMC for short) contains a number of plugins and services that are designed to make it easy to create, test, deploy and manage infrastructures. For more information also take a look at our Blog.
The DMC provides a Dockerfile template (from modular setup) that creates the Dockerfile with the desired tools and versions through a file and script. This Dockerfile is then used for the actual build of the container. The Dockerfile itself does not need to be kept, but is created and discarded after the build of the Dockerfile.
The DMC uses the wakemeops as base setup, for more information about wakemeops look at the docs.
For a quick overview and test of the DMC, we have created images based on the minimal and full examples that can be used directly.
# minimal
docker run ghcr.io/telekom-mms/dmc:min
# full
docker run ghcr.io/telekom-mms/dmc:full
Setup plugins, services, tools, versions and configuration over file with yaml syntax.
touch build.yaml
The DMC uses the wakemeops image as base image.
distribution
ubuntuExamples:
distribution: debian
version
latestExamples:
version: buster
Basic Setup of the DMC.
Tools to be installed within the DMC.
packages
Examples:
repositories
Examples:
repositories:
docker: {}
microsoft: {}
hashicorp: {}
repositories:
mongodb:
gpg: https://www.mongodb.org/static/pgp/server-6.0.asc
entry: https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/6.0 multiverse
binaries
Examples:
repositories_hashicorp_gpg
https://apt.releases.hashicorp.com/gpgrepositories_hashicorp_entry
'https://apt.releases.hashicorp.com $(lsb_release -cs) main'repositories_docker_gpg
https://download.docker.com/linux/ubuntu/gpgrepositories_docker_entry
'https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable'repositories_microsoft_gpg
https://packages.microsoft.com/keys/microsoft.ascrepositories_microsoft_entry
'https://packages.microsoft.com/repos/azure-cli/ $(lsb_release -cs) main'binaries_github_uri
https://api.github.com/reposbinaries_google_uri
https://packages.cloud.google.com/apt/dists/cloud-sdk/main/binary-arm64/PackagesExtension of installed tools.
requirements
Examples:
requirements:
pip:
packages:
- awsume
requirements:
- https://raw.githubusercontent.com/ansible-collections/azure/v1.15.0/requirements-azure.txt
ansible:
roles:
- telekom_mms.grafana
collections:
- telekom_mms.acme=2.3.1
- telekom_mms.icinga_director=1.28.0
requirements:
- https://raw.githubusercontent.com/T-Systems-MMS/ansible-role-maxscale/master/requirements.yml
extensions
Examples:
extensions:
az:
- front-door=1.0.15
google:
- gsutil
- gke-gcloud-auth-plugin
- kubectl
helm:
- https://github.com/databus23/helm-diff=3.5.0
- https://github.com/jkroepke/helm-secrets
System configuration and further setups to finish the DMC build.
profiles
Examples:
profiles:
.vimrc:
- filetype on
.bash_aliases:
- alias ll='ls -la'
post_build_commands
Examples:
To create the Dockerfile from Template you have simply to run the following steps.
render.shrender.sh
The build script will create the Dockerfile from template.d with your settings from build.yaml.
sh render.sh .
docker image build -t dmc:latest .
Examples for build within CI Pipelines can be found under examples/pipeline.
To run the Docker Management Container your system must have Docker or Podman installed.
docker run -ti dmc:latest
You can mount your code or git repository into the container. This way you can work with your favorite editor and test the changes directly in the DMC.
Example:
docker run -ti --env-file .docker_env -v${HOME}/git/service:/service -w /service dmc:latest
If you mount your repositories to the DMC you might want to run it with your local user and environment
This should give you a few benefits:
Example:
docker run --rm -ti --hostname dmc \
`# you can include your services environment variables if you like` \
--env-file ~/service/.docker_env \
\
`# run as local user and make the container aware of users + groups` \
-v /etc/passwd:/etc/passwd:ro \
-v /etc/group:/etc/group:ro \
--user "$(id -u):$(id -g)" \
\
`# provide ssh socket to the container for ansible to use` \
-e 'SSH_AUTH_SOCK=/.ssh_auth' \
-v ${SSH_AUTH_SOCK}:/.ssh_auth \
\
`# mount home and use the service subdirectory as workdir` \
-v ${HOME}:${HOME} \
-w ${HOME}/service \
\
dmc:latest
With the Docker volume plugin for bindfs, you’re able to mount a given path and remap its owner and group.
This way you can be root inside the container while still mapping your home-directory inside the container (to /root) and using it without permission problems.
# create the docker volume
docker volume create -d lebokus/bindfs -o sourcePath=$PWD -o map=$(id -u)/0:@$(id -g)/@0 dmcvolume
# run your dmc with the volume
docker run -it --user root -v dmcvolume:/root/ dmc:latest
We provide a renovate-preset to include in your configuration.
If you use it renovate can update the versions in your build.yaml
Include it like this:
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base",
"github>T-Systems-MMS/docker-management-container"
],
}
Change your build.yaml like this to use it:
packages:
# renovate: datasource=repology depName=ubuntu_22_04/ansible versioning=loose
- ansible=2.10.7+merged+base+2.10.8+dfsg-1
ansible:
collections:
# renovate: datasource=galaxy-collection depName=telekom_mms.acme
- telekom_mms.acme=2.3.1
With Version 2.0.0 there’s a breaking change in the configuration and usage of the DMC. To support the migration we provide a script to migrate from the old .docker_build to the new build.yaml.
migrate.sh
sh migrate.sh .
Examples for the build.yaml could be found under examples:
Feedback, suggestions for improvement and expansion, and of course collaboration are expressly desired.