Skip to main content

Building and maintaining Drupal + CiviCRM application containers

In my previous two posts, I provided some background into why I decided on using containers for a boutique Drupal + CiviCRM hosting platform, and why Docker and its micro-services approach is a good choice for building and maintaining containers.

Although I promised to talk about orchestration, that was getting ahead of the story - first I'm going to look at the challenge of keeping your application containers up-to-date with OS and application-level updates. There's a fair amount of work in that, but the tooling is mature and there is lots of good documentation.

A great place to start is to visit the official Drupal docker hub page. From there, you can pull a working Drupal code container, and it gets re-built frequently with all the OS and Drupal-code updates, so you just refresh your containers whenever you want (i.e. whenever a security release comes out, or more often to stay up-to-date).

A nice thing about that project is that it demonstrates a technique for maintaining multiple Drupal versions over time, with multiple variants of each one for apache with mod_php, nginx with php-fpm, and even a variant using an alpine base image. To see how that works, visit the github docker-library drupal project, which is used to automatically generate the images on docker hub.

My first working attempt at a Drupal + CiviCRM container was loosely based on the project code at the time - I copied over the Drupal 7-apache Dockerfile and modified it with some additional requirements for CiviCRM. That attempt has evolved somewhat, but is still the basis for my production containers.

But since it's grown to include a fair amount of customization specific to my needs, and since the Drupal project code has evolved somewhat, I've re-created the idea as an "open-source" kind of Drupal + CiviCRM application container.

The way I've implemented the CiviCRM support adds some additional complexity. I want to continue to get updates from origin project, so my project's master branch just pulls from the Drupal origin project, and then I've added two new permanent custom branches. Updates from master branch can then get merged up to these two new custom branches. The first branch "civicrm-5" adds the required OS bits to host a Drupal 7/CiviCRM 5 install, i.e. things like imagemagick and SOAP. The second branch "civicrm-5-stable" also adds the civicrm code base itself. Both images are useful in different contexts. Each branch with each Drupal variant can then be used to generate a docker image, and I've set those up on docker hub, where you'll see quite a few auto-generated docker images here

https://hub.docker.com/r/blackflysolutions/drupal/tags

The convention I've used is to name the tags after the combined drupal variant - civicrm branch that generated the image. I plan to also add some additional bits to the tag to track each different drupal/civi release that they're using.

Note that I (still) haven't actually said anything about orchestration - the process of launching the container in combination with an appropriate sql container and a way to keep the files around when you replace the container with a newer one.

Docker is not for the dilettante.

Popular posts from this blog

IATS and CiviCRM

Update, Nov 2009: I've just discovered and fixed a bug I introduced in the 2.2 branch for the IATS plugin. The bug was introduced when i updated the API files from IATS and failed to notice that the legacy method for C$ one-time donations was no longer supported.
If you're using a version greater than or equal to 2.2.7, and are using IATS for C$, non-recurring donations, then you're affected.
To fix it edit the file : CRM/Core/Payment/IATS.php, and remove the line that looks like this:

$canDollar = ($params['currencyID'] == 'CAD'); //define currency type The full fix removes a conditional branch based on that value a little further on, but by removing this line, it'll never actually use that branch. Drop me a line if you have any questions.
Update, May 2009: This post is still getting quite a bit of traffic, which is great. Here are a few important things to note:
The IATS plugin code is in CiviCRM, you don't need to add any code.You do still …

Confused by online payment processing? You're not alone.

In the old days during "polite" conversation, it was considered rude to talk about sex, politics, religion and money. You might think we're done with taboos, we're not (and I'll leave Steven Pinker to make the general argument about that, as he does so well in The Better Angels of Our Nature).

The taboo I'm wrestling with is about money - not how much you make, but about online payment processing, how it works, and what it costs. In this case, I think the taboo exists mainly because of the stakes at hand (i.e. lots of money) and the fact that most of those who are involved don't get much out of explaining how it really works - i.e. the more nuanced communications are overwhelmed by sales-driven messaging, and the nuanced stuff is either proprietary secrets or likely to get slapped down by the sales department.

In other words, if you want to really understand about online payment processing because you want to decide between one system and another, you'…

Me and varnish win against a DDOS attack.

This past month one of my servers experienced her first DDOS - a distributed denial of service attack. A denial of service attack (or DOS) just means an attempt to shut down an internet-based service by overwhelming it with requests. A simple DOS attack is usually relatively easy to deal with using the standard linux firewall called iptables.  The way iptables works is by filtering the traffic based on the incoming request source (i.e., the IP of the attacking machine). The attacking machine's IP can be added into your custom ip tables 'blacklist' to block all traffic from it, and it's quite scalable so the only thing that can be overwhelmed is your actual internet connection, which is hard to do.

The reason a distributed DOS is harder is because the attack is distributed from multiple machines. I first noticed an increase in my traffic about a day after it had started - it wasn't slowing down my machine, but it did show up as a spike in traffic. I quickly saw that…