Pivotal Cloud Foundry and Docker - Part 3

This is the third part of a multi-part post for Pivotal Cloud Foundry (PCF) and Docker integration.  In Part 2 of the post, I went over PCF Docker caveats and integration with using the Artifactory PCF tile.  This post will be focused on using the Cloudbees Jenkins PCF tile to publish your built Docker image to a private Docker registry.  In this example, I will still be using the JFrog Artifactory tile supported by PCF that was referenced in the previous posts.

Jenkins Environment Setup - Plugins

There are some Jenkins plugins that you want to make sure are installed inside of your Jenkins environment.  A list of these plugins are below:

• Artifactory Plugin
• CloudBees Docker Build and Publish Plugin
• CloudBees Docker Pipeline
• Docker Commons Plugin

The two CloudBees plugins come with the tile, but make sure you are at the latest versions of them.

Jenkins Environment Setup - Docker Client

Each Jenkins Slave that was created by the tile has a Docker client installed on them.  There is a file called job_properties.sh file located in the folder /var/vcap/jobs/docker/bin.  This file contains all of the settings for the Docker Client.  It is loaded every time the service is started.  You will need to make changes in this file to add your private registry in the options called DOCKER_REGISTRY_MIRRORS and DOCKER_INSECURE_REGISTRIES.  Once these entries are updated, the Jenkins Slave Docker client will go to your private registry instead of the public site of DockerHub. Below I will show you what you want to add to the job_properties.sh file so you can add both Artifactory URLs to the configuration.

1:  # Artifactory Registry Mirror  
2:  export DOCKER_REGISTRY_MIRRORS="--registry-mirror http://artifactory-docker-dev.system.domain.com --registry-mirror http://artifactory-docker-prod.system.domain.com"  
3:  # Artifactory Insecure Registry  
4:  export DOCKER_INSECURE_REGISTRIES="--insecure-registry artifactory-docker-dev.system.domain.com --insecure-registry artifactory-docker-prod.system.domain.com"  

A couple of call-outs for this example, for the registry-mirror flag you will always want to add either http:// or https:// to the URL.  You cannot added http:// or https:// to the insecure-registry flag.  Also, if you have multiple URLs per option flag, make sure to use the flag again in front of each URL.

Once you have added these entries into the job.properties.sh file, you can restart the docker client service on the Jenkins slave by typing: monit restart docker

CONFIG WARNING:
Once you make this customization (edit the job_properties.sh file) on the Jenkins Slave created by the tile, you will lose this customization after any Cloudbees Jenkins tile upgrade or any new PCF stemcell deployment.  The best way to keep these settings is to find some automated way to redeploy this configuration.  You can reference my post on "Using Ansible For Cloudbees Jenkins Tile Configuration" as one solution for this issue.

Jenkins Job Setup - Build And Publish Docker Image

Now that you have the Jenkins environment setup for Docker integration, let's setup a sample job to build and publish your Docker image to your private registry in this case Artifactory PCF tile.

Inside of your Jenkins job configuration, you will want to add a build step called "Docker Build and Publish".  I have provided a sample below so we can review it.

The three fields you need to be concerned about are the following:

• Repository Name: I have put the name called folder_name/application_name.  You can setup a folder hierarchy inside of Artifactory.  You will just need to remember this hierarchy when you go to deploy your image inside of PCF or stand-alone Docker client.
• Tag: I have put in the variable called ${BUILD_NUMBER}.  This is a built-in variable inside of Jenkins.  It will take the current Jenkins build number and add that as the version tag to your Docker image inside of Artifactory.
• Docker registry URL: I have put in the development URL called http://artifactory-docker-dev.system.domain.com.  Remember this URL points to the docker-dev virtual repository inside of Artifactory.  The default deployment repository inside of that virtual repository is called docker-dev-local2.  If you use this URL, you can view all of your images in the docker-dev-local2 repository in Artifactory.

You can leave the rest of the entries in this build step as the defaults.  You should not need to change the registry credentials unless you are using a different user in Artifactory to publish your Docker images.  In this example, I have set a user inside of the Artifactory plugin to be used for all of the publishes to Artifactory.  

Now, you should be able to run this job to publish the image to Artifactory.  If you run into any errors, make sure that the Docker client settings we went through earlier in this post are configured on the Jenkins slave running the job.

As a reminder, you should now be able to push your Docker image to PCF using the following command:

cf push t-app -o artifactory-docker-dev.system.domain.com:443/folder_name/application_name

This cf command will pull the image from Artifactory located at folder_name/application_name that has been tagged as latest.  The name of the PCF app will be called t-app.

Summary

You should now be able to use the CloudBees Jenkins tile to build your Docker image and host them inside of the Artifactory tile.  This post is the last one for PCF and Docker integration.  Hopefully, these three posts will get you started with integrating these PCF tiles so you can deploy your Docker images.    

~RRRII