docker image, docker_tar and restart containers only on update?

[kr428]

Folks;

unsure whether this is the right place to ask: I want to deploy docker images (living locally in tar files on a file share) using this approach. puppet should ensure that (a) the latest docker image always is present and (b) all relevant containers run using the latest image.

Right now, for this purpose I use a declaration like this:

docker::image { 'p20': ensure => present, require => File['/tmp/app-latest.tgz'], docker_tar => "/tmp/app-latest.tgz", notify => Exec['/opt/relaunch-app.sh'] }

However, this seems to make puppet "docker load" the image (and subsequently restart the containers) in each puppet run rather than just after the app-latest.tgz has somehow changed. Is there any way to achieve what I want here? Can puppet handle this, at all? TIA and all the best, Kristian

[Justin-DynamicD]

So, I've not tried doing what you're doing per-say, but My guess is going to be that the "p20" image may not name match exactly with what you're importing? if you "break open" the module, image import and maintenance is a bunch of exec calls which is much trickier to keep declarative, and so you need need to do your part and make sure all names line up exactly. Also, make sure that Exec['/opt/relaunch-app.sh'] is set to refreshonly => true, otherwise it will run every pass no matter how perfect everything else is.

As an aside, you really should setup a docker registry, as what you're effectively doing here is copying an image then running a custom bash to redeploy the containers, which could be made much more reliable (not to mention closer to as intended) by simply running a docker registry and pushing your images there. Then this whole process could be a single docker::run instead of a file copy, docker image, then script to kick things off.

docker::run { 'p20':
      image   => "myregistry.company.com/p20:latest",
    }

This will basically always pull the latest image from the registry whenever it changes and restart the container on it's own.

[kr428]

@Justin-DynamicD Thanks a bunch for your feedback. So I'll have a look into setting up a docker registry. So far I wanted to avoid that in order not to introduce yet one more required runtime dependency but maybe it indeed will ease things. What I actually want to achieve is having sort of an automated procedure that picks up new images as soon as they are available and restarts containers then in a meaningful way without too much manual automation...

[Justin-DynamicD]

I can understand keeping the unnecessary stuff out, but in this case it makes things sooo much easier.

Any rate, if you want to move images around via tmp copy, I'd just take a close look at how your images and zips are named, as it looks like the module uses all of it interchangeably. Hope that gets you out of the jam you're in.

[kr428]

Ok you got me. I spent most of yesterdays time setting up a local docker registry, and though this is not completely perfect it seems worth the effort. Still missing, though: By now puppet will pull new images off the registry if there are any (good), but it will apparently not restart any running containers.

Maybe this isn't even completely dumb as there are several instances of the same service running on that particular host (frontend by haproxy), and they shouldn't all go down and come back up at the same random time. Do you have any good recommendations to share on how to do something like this, like: "There are four containers running on top of this image, and if the image is updated, they should be restarted one by one"? Is this even possible with puppet, or will I need more sophisticated means of orchestration here?