Update swarm service in publish pipeline

aPoCoMiLogin · January 21, 2017, 5:44pm

Hi, I’m going to create my first swarm cluster and I have a question about how to update service in swarm.

Is there nice way to talk directly to docker in publish pipeline, that I want update my service?

ma0 · April 26, 2017, 4:06am

I’m not such an expert, but I have not found a plugin that make this for me.

My solution was use Drone SSH plugin and execute my own docker service update commands

aPoCoMiLogin · April 27, 2017, 8:45am

Yeah, ssh was my last hope, but I did something different. Since my drone instance is running on manager instance there was no point in ssh session. What I did? Just used docker in docker image, with volume to docker.sock to execute docker commands:

deploy:
  privileged: true
  image: docker:17.04.0-dind
  volumes:
    - /var/run/docker.sock:/var/run/docker.sock
  when:
    status: success
    event: tag
  commands:
    - "docker service update --image repo/image:${DRONE_TAG} service_name"

cavet is that it have to run in privilaged mode, but since you will ededed with ssh session with privilages to execute docker commands, for me was on same security level.

amq · September 23, 2017, 10:43pm

Is anyone working on a Swarm Mode plugin? The docker.sock way works, but is definitely not optimal. It limits the agent to the manager node and it gives the repo/build basically root privileges over your whole Swarm.

aPoCoMiLogin · September 27, 2017, 9:37am

There is another way to connect to docker from non-swarm-master but it requires to join to the swarm as master in availability=drain. Still this will give all privileges to your cluster.

aPoCoMiLogin · July 23, 2018, 6:18am

You have to mark your repo as trusted in drone UI or drone CLI. Here is more about it: http://docs.drone.io/privileged-mode/

igor-petruk · September 4, 2018, 8:09pm

I am trying to do the same here

I have a problem injecting secrets, it seems like inside of dind you cannot see them as environment variables.

aPoCoMiLogin · September 5, 2018, 8:03am

You can access them but sometimes shell have problem with $VARIABLE syntax, so you have to use ${VARIABLE} syntax instead. Also, there is no point to wrap your command in double quotes.

docker:
    image: plugins/docker:linux-arm
    repo: registry/img1
    registry: registry
    tags: latest
    secrets: [ docker_username, docker_password ]
  deploy:
    privileged: true
    image: docker:18-dind
    secrets: [ docker_username, docker_password ]
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    commands:
      - echo ${DOCKER_USERNAME}
      - echo ${DOCKER_USERNAME}
      - docker login --username=${DOCKER_USERNAME} --password=${DOCKER_PASSWORD} registry
      - docker service update --image registry/img1:latest my-service