Docker - Dev, Debug, Deploy

Why

As a developer who works on couple of projects, I wanted to find a way that -

• My setup time will be as fast as possible
• It would be easy to share my code and project setup with team-mates
• I want my development environment to be as close to production as possible

So I started to look for a way to do that, first I thought about Git, but the problem with Git is that the setup time is not optimal -
How do I automatically configure Environment Variables? or syncing Git hooks for my project, what if my project is using new programming language or version? I don't want to start install and manage versions on my local PC..

And I don't want to pay for any solution.

Than I started to think about using Docker as my development environment, I can run Docker as a "Personal Development Server" and configure everything I need inside the Docker Image - Compiler / Interpreter, Environment Variables, Dependencies and more, and when I finish coding, I can use the same Docker image in my production environment

What Docker is

"Docker is an open platform for developing, shipping, and running applications. Docker enables you to separate your applications from your infrastructure so you can deliver software quickly. With Docker, you can manage your infrastructure in the same ways you manage your applications. By taking advantage of Docker’s methodologies for shipping, testing, and deploying code quickly, you can significantly reduce the delay between writing code and running it in production."
From Docker official documentation, you can read more here

How To

Build

I use this Dockerfile as a template from here in order to build my Docker Image, I install openssh-server so I can use it just like a development server and share it with my team-mates.

FROM python:3.6
ARG GIT

RUN apt-get update && apt-get install -y openssh-server
RUN mkdir /var/run/sshd
RUN echo 'root:MYSUPERSECRETROOTPASSWORD' | chpasswd

# According to your linux distribution this line my differ
RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config

ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
EXPOSE 22

RUN echo ' \n\
git clone $GIT ~/code \n\
cd ~/code \n\
git pull \n\
pip install -r requirements.txt' > ./run.sh

# Also configure hooks, environment variables and more

RUN sh ./run.sh

RUN echo '/usr/sbin/sshd -D' >> ./run.sh

CMD ["sh", "./run.sh"]

Run using:

> docker build --build-arg GIT=GITREPURL -t my_cool_docker .

When executing docker build it will git clone my project and install pip dependencies and whatever I need to do, also I define the same ./run.sh file to be execute each time I use docker run in order to keep my docker up-to-date with new commits and more

Run

I use this command in order to run my image

> docker run -dP my_cool_docker
37d6e53cb27396467a10c7361d319d28d0197a7b5dc7347bb39c251dff7403dc

> docker port 3
22/tcp -> 0.0.0.0:32768

> ssh root@localhost -p 3276
The authenticity of host '[localhost]:32768 ([::1]:32768)' can't be established.
ECDSA key fingerprint is SHA256:z4x3yWVSJZAoswgEa0utt5jSv0Mt0Ex6sMY8a4CFCnE.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:32768' (ECDSA) to the list of known hosts.
root@localhost's password:
Linux 37d6e53cb273 4.9.184-linuxkit #1 SMP Tue Jul 2 22:58:16 UTC 2019 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
root@37d6e53cb273:~# ls -l
total 4
drwxr-xr-x 1 root root 4096 Dec 14 09:45 code

So as you can see, I run the image using detach flag and expose all ports,
then I use ssh to localhost with the exposed port, enter your super secret root password and we have a personal development server which is actually a docker container running on your personal PC!

Summary

Advantages

• One time setup for everything I need
• Same environment for dev and production
• Easy to share with team-mates

Disadvantages

• You can loss data if your container crash
• Fit for those who use containers in production

Enjoy 😋

Like this post?
Support me via Patreon
Subscribe to my YouTube Channel

Comments

[Patryk]

Thanks for sharing. A few (opinionated) things come to mind.

• Always use git (or at least another CVS). Docker does not replace git.
• Save your Dockerfiles, and docker-compose*.ymls inside your git repo.
• Do use docker-compose. It makes everything easier. Seriously.
• Why give everyone access to a shared container? Then if they make changes and push, you have no idea who to blame. Just let your team clone the repo, run docker-compose -f docker-compose.dev.yml up (or similar), and let them work on their own machines. The whole point of using git is so multiple people can work on their own copies at the same time.
• Never run as root if not necessary, including inside containers. Docker has never cared much for security, and one of the things I do most often is override the USER inside my Dockerfiles.
• Use ssh keys rather than a shared password, if you're going to be sharing an account. You should always use keys even if you don't share it, IMAO.

[eranelbaz]

Hey!
I did not mean to replace git, as I said i'm using it to version control my code, not my environment

I know about docker-compose and ssh keys but I want to write this blog post for the average user, so I left it behind

And about using root I agree when it comes to "real" servers, when we talk about dockers you can in a single command restore it and so nothing bad can happen

[sg]

I agree you should never blog how to do something insecurely by default just because it's easier. That's why the state of security is the way it is, and why all PHP coders suck.

[Dor Shinar]

All PHP codes suck? That's quite harsh. Most of the internet is written in PHP (including most of what Facebook makes). I think that's an offensive generalization. As eranelbaz said, he only uses it for local development. I think that as long as your shared environments (staging, production etc.) Are properly secured, setting up local unsecured docker is pretty much like running a local instance of your application with root. No harm, as no one has access to it but you.

[iBNu Maksum]

Most of non PHP coders said PHP Coders are suck, because most of the job ask for PHP.

What's the most secure programming language?

It's all depend on Developer, not the programming language

[eliaweiss]

I was using vagrant for a few years, for local dev, then I move to docker a couple of years ago, now I prefer to develop on a remote vps with vs code remote dev plug in.
As long as I good internet (which is not always the case for a digital nomad like me) I found it to be my preferred method of dev

[Naresh Joshi]

Nice explanation

[Kobi]

If you use volumes, you don't care if the docker crashes and you don't lose any data.