Yak Coiffure: Towards a better CentOS 7 Docker RPM

And oh yeah, I started a Yum repo for CentOS 7 packages


Edit (2015/05/15): This article is now historical and should be considered out of date.

CentOS Extras has updated right past my repo, and now tracks Docker releases very closely. The details of this are available on the CentOS Wiki. As such, development of the Orange Fort Docker package is suspended as it is no longer relevant. This is a good thing! The package provided by Extras should simply upgrade an existing Orange Fort package with no conflicts or weirdness — if it doesn’t, that’s a bug and you should tell me!

Original post

Let me cut right to the point: The Docker RPM provided by CentOS ‘Extras‘ repository is old. How old? Version 0.11.1 old. While the code was only tagged 0.11.1 on May 7 2014, there have been 8 releases since then.

After seeing that a friend of mine had worked up a rough go at a FPM recipe for a current version of Docker, I said “we can do this better.”

Sidebar: I love FPM but…

I do. I really do. It’s a super handy way to take something, anything, and shove it into a distributable native package. But I’m captain of the local Pedant Squad and FPM is as easy to abuse as it is to use. So… one thing led to another, Bob’s your uncle, and oh hey, I packaged up Docker 1.2.0 as a nice, tidy RPM with a nice, tidy SRPM, and a corresponding nice, tidy Spec file.

Wait… what’s wrong with the Docker RPM in EPEL?

Simply put, it’s old. Docker 0.11.1 is lacking a lot of features that you’d expect Docker to have — like DockerHub. And the spec file builds Docker from source, which is exactly what every upstream or EPEL RPM does (and that’s generally OK).

But Docker is a little bit different because it’s written in Go, and typically distributed as a single static monolithic executable (one of the real strengths of Go binaries, I think). And because Go has all sorts of weird and wild dependency resolution quirks, there’s a real chance that the resultant binary you’re getting can be markedly different than the binary that the upstream authors intended. Also, ‘latest’ is probably the version of Docker that you’re going to want to use because if you’re using Docker then you probably like to live a little dangerously.

Putin is an animal lover

One More Thing

But! We don’t just shit unsigned packages into the void like wild animals. No! We create repositories! We make Yum repo configurations! We create new GPG keys!

So, I give you Orange Fort Packages for EL7. Installing the release package gets you the repo and the GPG key, but you can just import the key into rpm‘s GPG keyring if you’re so inclined:

<code>rpm --import https://secure.orangefort.com/packages/RPM-GPG-KEY-orangefort

Are you tracking this work anywhere?

Sure am! Here’s a GitHub repo for the Docker RPM work (note that it does not include the docker binary itself). All of my work is under the Apache License, version 2.0 and I encourage you to review & reuse it any way you see fit.


Finally, Resque & Supervisor have learned to get along!

Truly, they have so much to teach us all

holy confetti!

Like I said in my short “Daemon-ize your processes on the cheap” series, Resque was the tool that had given me the most grief when using Supervisor. No more!

How did I work such sorcery, you ask? Follow my 3-step formula for guaranteed success:

  1. Use the Resque 2.0.0 prerelease or newer.
  2. Use Supervisor 3.0.0 or newer.
  3. In the Supervisor config for your Resque workers, make sure you set:
    • an environment variable for HOME
    • an environment variable for PATH
    • a directory for Supervisor to cd to and run your worker from

To illustrate my point, here’s a cut-down example of my WORKING RESQUE CONFIG FOR SUPERVISOR! YAY! HOORAY! HUZZAH!

; Save this into your /etc/supervisor.d directory, build an awesome-app
; and wire this up to your totally_awesome worker. Watch MAGIC happen.
command=/usr/bin/bundle exec resque work -q default -r ./app/workers/totally_awesome.rb
view raw

But seriously, all confetti aside, so, so many thanks to the Resque team. Their work picking up the code base and running with it has really, really paid off. A big round of applause to everyone who contributed to improving Resque.

Arkham Party!