File layout template for project with multiple docker containers in single repo

build

#!/bin/bash
set -e

# cd to where build script is located
# allows easy predictable paths everywhere in build chain
cd "$( dirname "${BASH_SOURCE[0]}" )"

docker build -t registry/balancer:latest .

deploy

#!/bin/bash
set -e

# configure
hosts=

echo "build"
./build

echo "push"
docker push registry/name

# remove passphare from HTTPS certificate for balancer
openssl rsa -in tls.encrypted.key -out tls.clear.key

for h in $hosts; do
  rsync -a ./*.service $host:
  rsync -a tls.crt $host:data/secret/
  rsync -a tls.clear.key $host:data/secret/

  echo "pull-restart on $host"
  ssh $host /usr/bin/bash -exc "'docker pull registry/name:latest ; sudo systemctl enable \$PWD/balancer.service ; sudo systemctl restart balancer.service'"
done

rm -f tls.clear.key

Dockerfile

# I will eat you family and your dog if you use FROM ubuntu for container that runs a service in production
# Reading: http://phusion.github.io/baseimage-docker/
FROM phusion/baseimage:0.9.15

# inspired by https://github.com/progrium/buildstep
RUN mkdir /build
ADD ./files-build/ /build/
RUN chmod --recursive go-rwx /build
RUN LC_ALL=C DEBIAN_FRONTEND=noninteractive /bin/bash /build/prepare
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

# Use baseimage-docker's init system.
CMD ["/sbin/my_init"]

EXPOSE 80 443
ADD ./files-run/ /

packages.txt

bind9-host
curl
daemontools
dnsmasq
dnsutils
ed
htop
iputils-tracepath
ltrace
mysql-client-5.6
mysql-server-5.6
mysqltuner
netcat-openbsd
nginx-extras
nodejs
php5-apcu
php5-fpm
php5-imagick
php5-mcrypt
php5-memcache
php5-memcached
php5-mysqlnd
php5-xdebug
phpmyadmin
postfix
rsync
socat
strace
telnet
zsh

prepare

#!/bin/bash
set -ex

# system packages
# FIXME: recently learned that update+install is better as separate one line in Dockerfile
# to properly utilize intermediate container cache
apt-get update
xargs apt-get install -y --force-yes < /build/packages.txt
apt-get clean

useradd --create-home --home-dir /home/app --user-group app
chown -R app:app /home/app

chpasswd <<< 'root:password'

structure.txt

backend/
- src/ and other application build/runtime related files
- deploy/  # containers related to backend
  - balancer/
    - files-build/
      - packages.txt
      - prepare
    - files-run/  # these files are just copied inside container
      - etc/
        - nginx/nginx.conf
        - service/  # runit services
        - dnsmasq.conf
    - Dockerfile
    - build  # shortcut for docker build with required options
    - deploy  # user interface to build/push/deploy container; you may replace it with Ansible/fabric/etc
    - balancer.service  # systemd service file to run container on CoreOS/Arch; if you use different docker host OS this file may differ
  - app/  # stateless request handlers (safe to run multiple of these, safe to force kill one)
    - files-build/prepare and packages.txt
    - files-run/
    - build
    - Dockerfile
  - state/  # separate container to run stateful services: database, Redis, Memcached, syslog, etc
    - files-build/prepare and packages.txt
    - files-run/
    - build
    - Dockerfile
frontend/
- src/
- deploy/  # usually one minimalistic container to serve static files, syslog to backend/state machine