refactor(docs): Explain Docker registry use

... instead of docker compose --profile
'build-service' build since the latter won't exist.

docker-compose/examples/grafana/README.md

@@ -45,12 +45,16 @@ Copy images to target Docker host, that is assuming you deploy to a machine that
 source "${COMPOSE_ENV}"
 # FIXME Docker Hub image name with or without slash? FIXME
 for image in 'grafana:'"${GRAFANA_VERSION}" 'nginx:'"${NGINX_VERSION}"; do
-    copy-docker.sh "${image}" fully.qualified.domain.name
+    copy-docker "${image}" fully.qualified.domain.name
 done
 ```
 
 ## Start
 
+FIXME Does the service use a virtual IP address? FIXME
+
+Make sure your service's virtual IP address is bound on your target host then start containers.
+
 ```
 docker --context 'fully.qualified.domain.name' compose --project-name "${COMPOSE_PROJECT}" --file "${COMPOSE_FILE}" --env-file "${COMPOSE_ENV}" --profile 'full' up --detach
 ```

docker-compose/examples/grafana/compose.yaml

@@ -10,10 +10,10 @@ services:
             nginx:
                 condition: service_healthy
         ulimits:
-            nproc: ${ULIMIT_NPROC-65535}
+            nproc: ${ULIMIT_NPROC:-65535}
             nofile:
-                soft: ${ULIMIT_NPROC-65535}
-                hard: ${ULIMIT_NPROC-65535}
+                soft: ${ULIMIT_NPROC:-65535}
+                hard: ${ULIMIT_NPROC:-65535}
         extends:
             file: common-settings.yaml
             service: common-settings
@@ -42,10 +42,10 @@ services:
             retries: 60
             start_period: 2s
         ulimits:
-            nproc: ${ULIMIT_NPROC-65535}
+            nproc: ${ULIMIT_NPROC:-65535}
             nofile:
-                soft: ${ULIMIT_NPROC-65535}
-                hard: ${ULIMIT_NPROC-65535}
+                soft: ${ULIMIT_NPROC:-65535}
+                hard: ${ULIMIT_NPROC:-65535}
         extends:
             file: common-settings.yaml
             service: common-settings

docker-compose/examples/hashicorpvault/README.md

@@ -37,12 +37,14 @@ docker context create fully.qualified.domain.name --docker 'host=ssh://root@full
 FIXME We build the `vault` image locally. Our adjustment to the official image is simply adding `/tmp/vault` to it. See [build-context/Dockerfile](build-context/Dockerfile). We use `/tmp/vault` to bind-mount a dedicated ZFS dataset for the application's `tmpdir` location.
 
 ```
-docker compose --project-name "${COMPOSE_PROJECT}" --file "${COMPOSE_FILE}" --file "${COMPOSE_OVERRIDE}" --env-file "${COMPOSE_ENV}" --profile 'build-vault' build
+docker compose --project-name "${COMPOSE_PROJECT}" --file "${COMPOSE_FILE}" --file "${COMPOSE_OVERRIDE}" --env-file "${COMPOSE_ENV}" --profile 'build' build
 ```
 
 ## Push
 
-Push to Docker Hub or your private registry. Setting up a private registry is out of scope of this repo.
+Push to Docker Hub or your private registry. Setting up a private registry is out of scope of this repo. Once you have a registry available you can use it like so:
+- On your OS install a Docker credential helper per [github.com/docker/docker-credential-helpers](https://github.com/docker/docker-credential-helpers). This will make sure you won't store credentials hashed (and unencrypted) in `~/.docker/config.json`. On an example Arch Linux machine where D-Bus Secret Service exists this will come via something like the [docker-credential-secretservice-bin](https://aur.archlinux.org/packages/docker-credential-secretservice-bin) Arch User Repository package. Just install and you're done.
+- Do a `docker login registry.example.com`, enter username and password, confirm login.
 
 ```
 source "${COMPOSE_ENV}"
@@ -66,7 +68,7 @@ Copy images to target Docker host, that is assuming you deploy to a machine that
 ```
 source "${COMPOSE_ENV}"
 # FIXME Docker Hub image name with or without slash? FIXME
-copy-docker.sh 'vault:'"${VAULT_VERSION}" fully.qualified.domain.name
+copy-docker 'vault:'"${VAULT_VERSION}" fully.qualified.domain.name
 ```
 
 ## Start

docker-compose/examples/hashicorpvault/compose.override.yaml

@@ -4,7 +4,7 @@ services:
         image: "registry.example.com/project/vault:${VAULT_BUILD_DATE}-${VAULT_VERSION}"
         profiles: ["build"]
         build:
-            context: "build-context/vault"
+            context: "build-context"
             dockerfile: Dockerfile
             args:
                 EXAMPLE_ARG_FOR_DOCKERFILE: "${EXAMPLE_ARG_FROM_ENV_FILE}"

docker-compose/examples/hashicorpvault/compose.yaml

@@ -6,10 +6,10 @@ services:
         networks:
             vault-default:
         ulimits:
-            nproc: ${ULIMIT_NPROC-65535}
+            nproc: ${ULIMIT_NPROC:-65535}
             nofile:
-                soft: ${ULIMIT_NPROC-65535}
-                hard: ${ULIMIT_NPROC-65535}
+                soft: ${ULIMIT_NPROC:-65535}
+                hard: ${ULIMIT_NPROC:-65535}
         extends:
             file: common-settings.yaml
             service: common-settings

docker-compose/{{ cookiecutter.__project_slug }}/README.md

@@ -41,13 +41,15 @@ docker context create fully.qualified.domain.name --docker 'host=ssh://root@full
 FIXME We build the `{{ cookiecutter.__service_slug }}` image locally. Our adjustment to the official image is simply adding `/tmp/{{ cookiecutter.__service_slug }}` to it. See {% if ',' in cookiecutter.__component_list_slug %}[build-context/{{ cookiecutter.__service_slug }}/Dockerfile](build-context/{{ cookiecutter.__service_slug }}/Dockerfile){%- else %}[build-context/Dockerfile](build-context/Dockerfile){%- endif %}. We use `/tmp/{{ cookiecutter.__service_slug }}` to bind-mount a dedicated ZFS dataset for the application's `tmpdir` location.
 
 ```
-docker compose --project-name "${COMPOSE_PROJECT}" --file "${COMPOSE_FILE}" --file "${COMPOSE_OVERRIDE}" --env-file "${COMPOSE_ENV}" --profile 'build-{{ cookiecutter.__service_slug }}' build
+docker compose --project-name "${COMPOSE_PROJECT}" --file "${COMPOSE_FILE}" --file "${COMPOSE_OVERRIDE}" --env-file "${COMPOSE_ENV}" --profile 'build{% if ',' in cookiecutter.__component_list_slug %}-{{ cookiecutter.__service_slug }}{%- endif %}' build
 ```
 {%- endif %}
 {% endfor %}
 ## Push
 
-Push to Docker Hub or your private registry. Setting up a private registry is out of scope of this repo.
+Push to Docker Hub or your private registry. Setting up a private registry is out of scope of this repo. Once you have a registry available you can use it like so:
+- On your OS install a Docker credential helper per [github.com/docker/docker-credential-helpers](https://github.com/docker/docker-credential-helpers). This will make sure you won't store credentials hashed (and unencrypted) in `~/.docker/config.json`. On an example Arch Linux machine where D-Bus Secret Service exists this will come via something like the [docker-credential-secretservice-bin](https://aur.archlinux.org/packages/docker-credential-secretservice-bin) Arch User Repository package. Just install and you're done.
+- Do a `docker login registry.example.com`, enter username and password, confirm login.
 
 ```
 source "${COMPOSE_ENV}"
@@ -83,15 +85,23 @@ source "${COMPOSE_ENV}"
 {%- set components = cookiecutter.__component_list_slug.split(',') -%}
 {%- if ',' in cookiecutter.__component_list_slug %}
 for image in{% for component in components %} '{{ component }}:'"${% raw %}{{% endraw %}{{ component.upper() }}_VERSION{% raw %}}{% endraw %}"{%- endfor %}; do
-    copy-docker.sh "${image}" fully.qualified.domain.name
+    copy-docker "${image}" fully.qualified.domain.name
 done
 {%- else %}
-copy-docker.sh '{{ cookiecutter.__component_list_slug }}:'"${% raw %}{{% endraw %}{{ cookiecutter.__component_list_slug.upper() }}_VERSION{% raw %}}{% endraw %}" fully.qualified.domain.name
+copy-docker '{{ cookiecutter.__component_list_slug }}:'"${% raw %}{{% endraw %}{{ cookiecutter.__component_list_slug.upper() }}_VERSION{% raw %}}{% endraw %}" fully.qualified.domain.name
 {%- endif %}
 ```
 
 ## Start
 
+{%- if ',' in cookiecutter.__component_list_slug %}
+
+FIXME Does the service use a virtual IP address? FIXME
+
+Make sure your service's virtual IP address is bound on your target host then start containers.
+
+{%- endif %}
+
 ```
 {%- if ',' in cookiecutter.__component_list_slug %}
 docker --context 'fully.qualified.domain.name' compose --project-name "${COMPOSE_PROJECT}" --file "${COMPOSE_FILE}" --env-file "${COMPOSE_ENV}" --profile 'full' up --detach

docker-compose/{{ cookiecutter.__project_slug }}/compose.override.yaml

@@ -19,7 +19,7 @@ services:
         image: "{%- if cookiecutter.build == "yes" -%}registry.example.com/project/{%- endif -%}{{ cookiecutter.__component_list_slug }}:{%- if cookiecutter.build == "yes" -%}${% raw %}{{% endraw %}{{ cookiecutter.__component_list_slug.upper() }}_BUILD_DATE{% raw %}}{% endraw %}-{%- endif -%}${% raw %}{{% endraw %}{{ cookiecutter.__component_list_slug.upper() }}_VERSION{% raw %}}{% endraw %}"
         profiles: ["build"]
         build:
-            context: "build-context/{{ cookiecutter.__component_list_slug }}"
+            context: "build-context"
             dockerfile: Dockerfile
             args:
                 EXAMPLE_ARG_FOR_DOCKERFILE: "${EXAMPLE_ARG_FROM_ENV_FILE}"

docker-compose/{{ cookiecutter.__project_slug }}/compose.yaml

@@ -31,10 +31,10 @@ services:
             start_period: 2s
         {%- endif %}
         ulimits:
-            nproc: ${ULIMIT_NPROC-65535}
+            nproc: ${ULIMIT_NPROC:-65535}
             nofile:
-                soft: ${ULIMIT_NPROC-65535}
-                hard: ${ULIMIT_NPROC-65535}
+                soft: ${ULIMIT_NPROC:-65535}
+                hard: ${ULIMIT_NPROC:-65535}
         extends:
             file: common-settings.yaml
             service: common-settings
@@ -58,10 +58,10 @@ services:
         networks:
             {{ cookiecutter.__service_slug }}-default:
         ulimits:
-            nproc: ${ULIMIT_NPROC-65535}
+            nproc: ${ULIMIT_NPROC:-65535}
             nofile:
-                soft: ${ULIMIT_NPROC-65535}
-                hard: ${ULIMIT_NPROC-65535}
+                soft: ${ULIMIT_NPROC:-65535}
+                hard: ${ULIMIT_NPROC:-65535}
         extends:
             file: common-settings.yaml
             service: common-settings