Make a Docker Lab With Linux, Mac and Windows

Here’s a quickie realization for folks like me who naively figured it would be easy to integrate my Windows and Mac VS Code users with Docker. This realization resulted in me building a bare-metal Linux box to make everything work a lot easier for our Docker lab.

Docker Is Easy, Usually

It’s easy for most engineers to use Docker if you are working on one platform. If you’re working exclusively in Windows, MacOS or Linux, then you’re probably not going to hit the speed bump I’m about to describe.

This advice will resonate for IT pros who need to integrate Docker into an enterprise with Mac and Windows developers.

Ignore The Windows Docker Strategy

Sometimes I get led astray in my devops studies because I am lured into a vendor strategy.

I see a shiny object that makes me feel better. I am like a fish chasing a lure because this newfangled vendor strategy promises me things will be glorious once I buy into the strategy. What really happens is that I get hooked on the vendor’s offering.

If you are working with Node, PHP,  or Golang to build a cloud app, then you should know that the Windows Docker strategy is crap. 

Docker Lab
This is the good way to make a Docker Lab

The containerization “strategy” announced by Docker and Microsoft in 2017 is a good example of vendors luring in IT pros with talk of nirvana. Here is that strategy in a nutshell: if you want to run Windows servers within a Docker container, that is now possible. You still need Hyper-V running underneath Docker on a Windows 2016 server, so whatever.

Hopefully this little realization will save someone else the time and bother I wasted going down a few rabbit holes.

Linux Rules Devops

As it is with all things devops, it is always best to go back to mother, i.e. Linux.

After studying the Docker documentation and tuning my network, I realized that I needed Docker to run on a dedicated Linux platform. If I told my Docker clients that DOCKER_HOST was the Linux server, I figured I might have a solution that worked! SPOILER ALERT — It does and it’s spectacular.

Here’s the real zinger that got me to set up a dedicated server. The documentation on setting up networks and exposing containers is for Linux. The Docker networking instructions give solutions using iptables in Linux.

Set Up Your Docker Lab Server

Take note that I am using an open, unauthenticated port on the Docker server for control communication, which Docker does not recommend. You can implement TLS security on your ports to tighten things up if needed.

I went with a bare metal Linux installation for a couple of reasons. First, Docker involves the use of virtualization technology, and it’s always best to avoid nesting virtualizations. Also, just about any spare PC will do for this lab setup. Even a five-year-old desktop with a 120 GB SSD will be an awesome Linux lab server. 

I only spent an hour sitting in the lab setting up my new server. I used the latest LTS version of Ubuntu, but several Linux distros may be used for your Docker Linux host. If you use another distro, then check for distribution-specific instructions for how to open Docker port 2375.

To set up a simple Mac and Windows Docker lab without security, follow these instructions.

  1. Start with a working VS Code installation on Mac and Windows.
  2. Install Docker locally on both Mac and Windows developer workstations.
  3. Integrate VS Code with Docker on Mac and Windows. Make sure you have the Docker extension installed and working properly.
  4. Prepare a bare-metal server from the distribution ISO with Ubuntu Server 18.04 LTS.
  5. Assign the server a fixed, private IP, such as 10.0.0.20.
  6. Remove AppArmor on the Linux server to improve performance.
  7. Follow these instructions to install Docker-CE.
  8. To open up port 2375 update the following system files and reboot your server (source). 
# File: /etc/default/docker
# Use DOCKER_OPTS to modify the daemon startup options.
DOCKER_OPTS="tcp://10.0.0.20:2375 -H unix:///var/run/docker.sock"

# File: /lib/systemd/system/docker.service
## Add EnviromentFile + add "$DOCKER_OPTS" at end of ExecStart
## After change exec "systemctl daemon-reload"
EnvironmentFile=/etc/default/docker
ExecStart=/usr/bin/dockerd -H fd:// $DOCKER_OPTS

Update Mac and Windows Environments

Start configuring your clients by adding the following line to your  .zshrc and .bashrc files on the Mac:

export DOCKER_HOST=tcp://10.0.0.20:2375

On Windows, go into the System control panel, Advanced Settings, Environment Variables and add the following:

DOCKER_HOST=tcp://10.0.0.20:2375

If you are using Windows Subsystem for Linux (WSL), and you use Docker with WSL, then add the export statement to your .zshrc and .bashrc files too.

Restart VS Code and any terminal or shell programs you have running. Launch a new shell and test it with docker info. You should see Ubuntu 18.04 OS listed in the output.

Troubleshooting

First, double-check the export statements and Environment Variable settings in your client environments. Make sure you have the “:2375” on the end.

If you have doubts whether you have successfully opened up port 2375 on your Linux server check the port manually. First, make sure you have telnet installed on your Windows, Mac or WSL. Issue this telnet command to see if the port on host 10.0.0.20 is open.

$ telnet 10.0.0.20 2375

If the port is open, then telnet will continue to run and you will need to quit it with CTRL-C or CTRL-]. If the port is not open, then you will get a communication refused error message.

Celebration Time!

After installing your new host, disable the Docker daemons running on Mac and Windows. The Docker CLI works without the local servers running.

Now it’s time to bask in the glory of your conquest. Run into the next office and claim victory!

Start a PHP 7.2 Slim Project on Ubuntu 18.04

I use Slim, a lightweight PHP framework for creating HTTP applications and APIs using “routes.”

Here’s my formula for deploying my Slim app on Ubuntu 18.04 with PHP 7.2. This has worked on GCP and AWS, as well as my own hosted cluster.

Please note that I will be working with a raw sudo terminal session, so I will omit the use of sudo from these instructions.

One Fresh LAMP Image, Please

Let us start with a fresh installation of Ubuntu 18.04.

# important!
apt update
apt -y upgrade
reboot

I like using tasksel to install LAMP (Apache, MySql and PHP). tasksel is the menu you encounter when installing Ubuntu from an ISO. If I am installing on a cloud service, I don’t get the opportunity to use this menu, so I have to install it manually.

apt install -y tasksel
tasksel
# Scroll down to LAMP Server
# Hit Spacebar to select
# Tab to the OK button and hit Enter

After I install MySql, I always secure it.

mysql_secure_installation
# Follow the prompts and accept all security recommendations

Use Certbot for Free SSL

Hooray for Certbot and Let’s Encrypt! Now it only takes a few minutes to configure Apache with SSL certificates.

Configure Public Domain Names

Super-important first step: assign a domain name you control to the public IP address of your hosted Ubuntu instance. The public clouds give you a public IP when you set up a new instance. Use that IP address to set up DNS A records for your host.

For example, if I have a domain called mydomain.com, and I want a host to be called api.mydomain.com and www.mydomain.com, and I want mydomain.com to work as well, and my public-facing IP address is 34.34.34.34, then I need these A records in my mydomain.com.db DNS zone file:

@    14400  IN  A  34.34.34.34
api  14400  IN  A  34.34.34.34
www 14400 IN A 34.34.34.34

Use Certbot to Install Let’s Encrypt Certificates

Start by installing Certbot and accepting the license terms.

add-apt-repository ppa:certbot/certbot
# Hit Enter to accept the terms
apt install -y python-certbot-apache

Run the certbot command as shown, entering all of your domain names. Enter your email address for identification and sign up for the EFF.org newsletter! Pick the option to automatically redirect your HTTP traffic to HTTPS.

certbot --apache -d mydomain.com -d www.mydomain.com -d api.mydomain.com
# Enter your email address
# Pick the option to redirect HTTP to HTTPS

Install PHP Modules and Composer

Slim uses the popular Composer module management system for PHP. I need a few PHP modules to get Composer to work with my Slim projects.

apt install -y composer zip php-curl php-xml php-mbstring php-zip

Load Project Files

For day-to-day work on a PHP/Slim project, I use a regular, unprivileged user account. I set up a new account with the adduser command. In this example the username vern is just an example. Select any username you want.

adduser vern
# Select a strong password
# Complete the "Full Name" field
# Hit Enter for the remaining prompts

Now, I need to impersonate the new user and load the project files from GitHub (or wherever I have my repository) into the project directory. After that I bring in all the dependent modules by running Composer.

In this example, I start a new Slim project called myproject using the Slim Skeleton repository.

cd ~vern
su vern
git clone https://github.com/slimphp/Slim-Skeleton.git myproject
cd myproject
composer install
exit

The last step in developer account preparation is to give Apache ownership of the log directory. Change vern to your developer account name.

chown www-data:www-data /home/vern/myproject/logs

Configure Apache for Slim

Edit the Apache SSL configuration file that was generated by Certbot:

vi /etc/apache2/sites-enabled/000-default-le-ssl.conf

The contents should like like this.

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName api.mydomain.com
SSLCertificateFile /etc/letsencrypt/live/api.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/api.mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Change the DocumentRoot directive to point to the project’s public directory.

DocumentRoot /home/vern/myproject/public

Add the following <Directory> directive before the </VirtualHost> tag.

<Directory "/home/vern/myproject/public">
  Options Indexes FollowSymLinks MultiViews
   AllowOverride all
   Require all granted
   <IfModule mod_rewrite.c>
    RewriteEngine on
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteRule ^(.*)$ index.php?_url=/$1 [QSA,L]
   </IfModule>
</Directory>

Finally, your 000-default-le-ssl.conf file should look like this:

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /home/vern/myproject/public
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName api.telnexus.com
SSLCertificateFile /etc/letsencrypt/live/api.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/api.mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
<Directory "/home/vern/myproject/public">
   Options Indexes FollowSymLinks MultiViews
   AllowOverride all
   Require all granted
   <IfModule mod_rewrite.c>
     RewriteEngine on
     RewriteCond %{REQUEST_FILENAME} !-f
     RewriteRule ^(.*)$ index.php?_url=/$1 [QSA,L]
   </IfModule>
</Directory>
</VirtualHost>
</IfModule>

Save and restart Apache.

apache2ctl restart

Bask In The Glory!

Fire up your browser and go to https://api.mydomain.com/ and you should see the Slim default page.

Salesforce Apex Beautified in VS Code with Uncrustify

Why Beautify?

As a Salesforce Apex coder I admit to being a little persnickety when it comes to my code. Who doesn’t want their code to look just the way you want it to? But, when working in teams personal coding habits can lead to conflict.

Don’t do this! Use a beautifier instead!

What to do? Your dev team can’t have internal battles over spaces or tabs!

Fortunately, long before Silicon Valley parodied the anal-retentive nature of coders, a technical solution has been figured out. It’s called a code beautifier and it’s built right into today’s hottest IDE: Microsoft VS Code.

The idea behind using a code beautifier and using a coding standard for your code appearance is to standardize your formatting for the benefit of your fellow coders. We all know how one gets used to how curly braces are used in as class or method definition. If your coding buddy doesn’t have the same philosophy, it creates angst and conflict when you have to re-wire your brain to read this mess!

JavaScript and TypeScript coders have the benefit of prettier, a Microsoft-supplied VS Code extension that will auto-format your JavaScript code.

To beautify Salesforce Apex in VS Code one needs to recite some magical incantations with a new extension called Uncrustify.

While no one has made an Apex-specific beautifier yet, we can use the VS Code extension uncrustify and it’s ability to format Java, a close cousin of Apex. The trick is to tell uncrustify to treat Apex files like Java.

Steps To Auto-Format Apex in VS Code with Uncrustify

  1. Visit and star the vscode-uncrustify Github repository to show your appreciation!
  2. Linux users download and install the repo. Mac users install with brew install uncrustify or see http://macappstore.org/uncrustify. Windows users download the binary from Sourceforge and install it in your PATH.
  3. Install the Uncrustify VS Code Extension and reload.
  4. Set up a default configuration file in your current workspace with
    uncrustify.create command.
  5. Tell uncrustify to treat Apex like Java with this setting:
{    "uncrustify.langOverrides": {
        "apex": "JAVA"
    }
}

That is it! Now the VS Code format command should format your document. Select part of your file, right click and you’ll have a
Format Selection command available. Be sure to check the read.me and learn about all options.

Now your code will be beautiful and your team can resume their fight about your tech stack!

Hello, world!

Welcome to Integration Junction, the Salesforce-oriented developer blog by Vernon Keenan and the team at Taxnexus.

I am the proud owner and operator of a communication service provider in Berkeley called  Telnexus. We use the 2600hz communications cloud.

We are finishing up a giant telecom billing project. This code has spun out of the telecom into Taxnexus, and I’ve taken on the role of Tech Lead for all Telnexus and Taxnexus system development work.

Coding is fun!

We need excellent developers at Taxnexus, and we are working on stuff more fun than tax algorithms! By sharing my coding secrets with you, gentle reader, I hope to engage with just the right person to join our team! If you think that person is you, send us an email to jobs@taxnexus.net.

If you do send us an email, be sure to prove you have checked out our website, as well as delving into this blog.

What will Integration Junction become? That’s the real question here! Probably some tips and tricks for the Salesforce developer community, and maybe some observations on the state of developer-type things.

Here’s a list of possible topics to come:

  • Object-Relational Modeling and Salesforce: Is there such a thing?
  • Killing off Conga — It Can Be Done!
  • PHP and Go as Salesforce App Server environments — Pros and Cons

Let’s hope these posts will be useful. And, here we go!