Shadow IT is back, with a vengeance

Since the rise of Docker, it’s not uncommon to hear the following story: our developers, instead of getting VMs from the IT department, get one giant big VM, install Docker on it, and now they don’t have to ask for VMs each time they need a new environment.

it’s good for developers, because they can finally work quickly; it’s bad for the IT department, because now they have lots of unknown resources lying around and it’s a nightmare to manage and/or clean up afterwards.

Opportunity ? threat ?

source from

mobydock father

More Posts - Website

Follow Me:

Rapsberry PI Docker Swarm and

Today we will try to monitorize dowker containers created with docker swarm on multi piZERO workers with a RPI3 leader

to install docker on rpi :
curl -sSL | sh
sudo usermod -aG docker pi

To init the leader
docker swarm init

This will give you the command for the workers
docker swarm join \
--token SWMTKN-1-5awy2ej1d55mvgpq1obunnh6u2r8b0jjujel619es-7caoz16dxre2bkplp3sh \

On the leader you can control your node :
docker node ls


To install to manage your swarm cluster you need to install it on the leader
docker service create \
> --name portainer \
> --publish 9000:9000 \
> --constraint 'node.role == manager' \
> --mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
> portainer/portainer \
> -H unix:///var/run/docker.sock

Then enjoy by connecting to :


mobydock father

More Posts - Website

Follow Me:

HowTo build an Docker infrastructure

What :

An infrastructure based on Varnish + Nginx + PHP-FPM + MariaDB

On Docker Containers

Why :

For a personnal blog or website


How : Build,Ship, Run

(Because the what is famous , we won’t do it from Dockerfiles . We will use Dockerhub images)

Step 1:

mkdir p $HOME/data/webstack/conf $HOME/data/webstack/www


Step 2: install NGinx

docker pull nginx

Controle your image with docker images

Launch your container

docker run name webstack_nginx_1 v $HOME/data/webstack/www:/usr/share/nginx/html:ro p 8080:80 d nginx
You can control by open your navigator and try
Our container name is  webstack_nginx_1, the port TCP/8080 of our host will be tranfer to the port TCP/80 of the container (default port for NGinx) and it assigne in readonly the directory volume : /usr/share/nginx/html to the host directory $HOME/data/www .
To test we create some static pages :
echo « My first page » > $HOME/data/webstack/www/index.html
echo « <?php phpinfo(); ?>«  > $HOME/data/webstack/www/phpinfo.php
You can also confirm tha everythnig work fine by using :
curl http://localhost:8080
it will say : « My first page »
Step 3 : PHP-FPM

docker pull jprjr/phpfpm

Let run the container :

docker run name webstack_php_01 p 9000:9000 d jprjr/phpfpm


Step 4 : Make them talk together

Docker option : –link

We will copy the nginx configfile to the host

docker cp webstack_nginx_1:/etc/nginx/nginx.conf $HOME/data/webstack/conf/nginx.conf



vi $HOME/data/webstack/conf/nginx.conf


Add the server part


daemon off;
user  nginx;
worker_processes  1;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/;
events {
    worker_connections  1024;
http {
    include       /etc/nginx/mime.types;
    default_type  application/octetstream;
    log_format  main  ‘$remote_addr – $remote_user [$time_local] « $request » ‘
                      ‘$status $body_bytes_sent « $http_referer » ‘
                      ‘ »$http_user_agent » « $http_x_forwarded_for »‘;
    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout  65;
    #gzip  on;
    server {
        listen       80;
        server_name  localhost;
        location / {
            root   /usr/share/nginx/html;
            index  index.html index.htm;
        #error_page  404              /404.html;
        # redirect server error pages to the static page /50x.html
        #error_page   500 502 503 504  /50x.html;
        #location = /50x.html {
        #    root   /usr/share/nginx/html;
        # Pass PHP scripts to PHP-FPM
        location ~* \.php$ {
            fastcgi_index   index.php;
            fastcgi_pass    webstack_php:9000;
            #fastcgi_pass   unix:/var/run/php-fpm/php-fpm.sock;
            include         fastcgi_params;
            fastcgi_param   SCRIPT_FILENAME    /srv/http$fastcgi_script_name;
            fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
        # deny access to .htaccess files, if Apache’s document root
        # concurs with nginx’s one
        location ~ /\.ht {
            deny  all;



In our usecase we need that the nginx container webstack_nginx_1 can communicate with the PHP container (webstack_php_01).

We delete the existing containers

docker stop webstack_php_01 && docker rm webstack_php_01

docker stop webstack_nginx_1 && docker rm webstack_nginx_1


And we recreate them by using a docker-compose command

Before create a docker-compose.yml file


image: jprjr/php-fpm
– « 9000:9000 »
– $HOME/data/webstack/www:/srv/http

image: nginx
– « 8080:80 »
– $HOME/data/webstack/www:/usr/share/nginx/html
– $HOME/data/webstack/conf/nginx.conf:/etc/nginx.conf
– php


Then run the command

docker-compose up


and try it :

curl http://localhost:8080






mobydock father

More Posts - Website

Follow Me:

cAdvisor container monitoring


cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers. It is a running daemon that collects, aggregates, processes, and exports information about running containers. Specifically, for each container it keeps resource isolation parameters, historical resource usage, histograms of complete historical resource usage and network statistics. This data is exported by container and machine-wide.

cAdvisor has native support for Docker containers and should support just about any other container type out of the box. We strive for support accross the board so feel free to open an issue if that is not the case. cAdvisor’s container abstraction is based on lmctfy’s so containers are inherently nested hierarchically.

To quickly tryout cAdvisor on your machine with Docker, we have a Docker image that includes everything you need to get started. You can run a single cAdvisor to monitor the whole machine. Simply run:

sudo docker run \
--volume=/:/rootfs:ro \
--volume=/var/run:/var/run:rw \
--volume=/sys:/sys:ro \
--volume=/var/lib/docker/:/var/lib/docker:ro \
--publish=8080:8080 \
--detach=true \
--name=cadvisor \

mobydock father

More Posts - Website

Follow Me:

Docker and Jenkins

The idea : Make all your Build with Jenkins on always the same environment : controlled, stable ..

What we will do :

  • Jenkins run a docker container
  • Jenkins run a temp slave in the container
  • The build is done on the slave container and jenkins take the result of the build (logs, metadata, artifacts)
  • Whent the build is done the container is killed

Install Docker

Install Jenkins

Pull a debian image

Prepare a dockerfile

FROM wheezy64:wheezy

RUN apt-get install -y openssh-server openjdk-7-jre-headless
RUN useradd -m -s /bin/bash jenkins
RUN echo jenkins:jenkins | chpasswd
RUN mkdir -p /var/run/sshd
CMD /usr/sbin/sshd -D

Build a jenkins image
docker build -t wheezy_jenkins:jenkins .

We can test by running the container and connect with ssh
$ jenkins=$(docker run -d -p -t -i wheezy_jenkins:jenkins)

$ ssh jenkins@localhost -p 2222

Whe exit from the ssh session

Then kill the container
docker kill $jenkins

Then delete the container
docker rm $jenkins

Now we will configure jenkins

install the docker plugin on jenkins (cf our post to know how to install plugin :jenkins_pluging )

configure jenkins : cloud and had your docker container

create an item

then compute

mobydock father

More Posts - Website

Follow Me:

Jhipster on docker



Pull the JHipster Docker image:

sudo docker pull jdubois/jhipster-docker

Create a « jhipster » folder in your home directory:

mkdir ~/jhipster

Run The docker image, with the following options:

  • The Docker « /jhipster » folder is shared to the local « ~/jhipster » folder
  • Forward all ports exposed by docker (8080 for Tomcat, 3000 for BrowserSync from the « grunt serve » task, 3001 for the BrowserSync UI, and 22 for SSHD). In the following example we forward the container 22 port to the host 4022 port, to prevent some port conflicts:

sudo docker run -v ~/jhipster:/jhipster -p 8080:8080 -p 3000:3000 -p 3001:3001 -p 4022:22 -t jdubois/jhipster-docker



SSH configuration

You can now connect to your docker container with SSH. You can connect as « root/jhipster » or as « jhipster/jhipster », and we recommand you use the « jhipster » user as some of the tool used are not meant to be run by the root user.

Start by adding your SSH public key to the Docker container:

cat ~/.ssh/ | ssh -p 4022 jhipster@localhost 'mkdir ~/.ssh && cat >> ~/.ssh/authorized_keys'

You can now connect to the Docker container:

ssh -p 4022 jhipster@localhost

Your first project

You can then go to the /jhipster directory in your container, and start building your app inside Docker:

cd /jhipster
yo jhipster

If the following exception occurs, you need to change the owner of the /jhipster directory. See next step.

? (13/13) Would you like to use the Compass CSS Authoring Framework?: No

throw err0;
Error: EACCES, permission denied '/jhipster/src'
at Object.fs.mkdirSync (fs.js:653:18)
at sync (/usr/lib/node_modules/generator-jhipster/node_modules/yeoman-generator/node_modules/mkdirp/index.js:70:13)
at sync (/usr/lib/node_modules/generator-jhipster/node_modules/yeoman-generator/node_modules/mkdirp/index.js:76:24)
at Function.sync (/usr/lib/node_modules/generator-jhipster/node_modules/yeoman-generator/node_modules/mkdirp/index.js:76:24)
at (/usr/lib/node_modules/generator-jhipster/app/index.js:419:10)
at /usr/lib/node_modules/generator-jhipster/node_modules/yeoman-generator/lib/base.js:387:14
at processImmediate [as _immediateCallback] (timers.js:345:15)

You need to fix the jhipster folder to give the « jhipster » user ownership of the directory:

ssh -p 4022 jhipster@localhost
sudo chown jhipster /jhipster

Once your application is created, you can run all the normal grunt/bower/maven commands, for example:

mvn spring-boot:run

Congratulations! You’ve launched your JHipster app inside Docker!

On your host machine, you should be able to :

  • Access the running application at http://localhost:8080
  • Get all the generated files inside your shared folder

As the generated files are in your shared folder, they will not be deleted if you stop your Docker container. However, if you don’t want Docker to keep downloading all the Maven and NPM dependencies every time you start the container, you should commit its state.

mobydock father

More Posts - Website

Follow Me: