Mantis is a CLI (command line interface) tool designed as a wrapper upon docker and docker compose commands for your project.
Using few commands you can:
- encrypt and decrypt your environment files
- build and push docker images
- create docker contexts
- zero-downtime deploy your application
- print logs of your containers
- connect to bash of your containers using SSH
- clean docker resources
- use specific commands using Django, PostgreSQL and Nginx extensions
- and much more
pip install mantis-cli
Create a mantis.json configuration file in JSON format.
You can use <MANTIS>
variable in your paths if needed as a relative reference to your mantis file.
argument | type | description |
---|---|---|
manager_class | string | class path to mantis manager class |
extensions | dict | Django, Postgres, Nginx |
encryption | dict | encryption settings |
encryption.deterministic | bool | if True, encryption hash is always the same for same value |
encryption.folder | bool | path to folder with your environment files |
configs | dict | configuration settings |
configs.folder | string | path to folder with your configuration files |
build | dict | build settings |
build.tool | string | "docker" or "compose" |
compose | dict | docker compose settings |
compose.command | string | standalone "docker-compose" or "docker compose" plugin |
compose.folder | string | path to folder with compose files |
environment | dict | environment settings |
environment.folder | string | path to folder with environment files |
environment.file_prefix | string | file prefix of environment files |
zero_downtime | array | list of services to deploy with zero downtime |
project_path | string | path to folder with project files on remote server |
connections | dict | definition of your connections for each environment |
TODO:
- default values
See template file for exact JSON structure.
Connection for each environment except localhost can be defined either as an SSH or Docker context:
For example:
"connections": {
"stage": "context://<context_name>",
"production": "ssh://<user>@<host>:<port>"
}
If you plan to use encryption and decryption of your environment files, you need to create encryption key.
Generation of new key:
mantis --generate-key
Save key to mantis.key file:
echo <MANTIS_KEY> > /path/to/encryption/folder/mantis.key
Then you can encrypt your environment files using symmetric encryption. Every environment variable is encrypted separately instead of encrypting the whole file for better tracking of changes in VCS.
mantis <ENVIRONMENT> --encrypt-env
Decryption is easy like this:
mantis <ENVIRONMENT> --decrypt-env
When decrypting, mantis prompts user for confirmation. You can bypass that by forcing decryption which can be useful in CI/CD pipeline:
mantis <ENVIRONMENT> --decrypt-env:force
General usage of mantis-cli has this format:
mantis [--mode=remote|ssh|host] [environment] --command[:params]
Mantis can operate in 3 different modes depending on a way it connects to remote machhine
Runs commands remotely from local machine using DOCKER_HOST or DOCKER_CONTEXT (default)
Connects to host via ssh and run all mantis commands on remote machine directly (nantis-cli needs to be installed on server)
Runs mantis on host machine directly without invoking connection (used as proxy for ssh mode)
Environment can be either local or any custom environment like stage, production etc. The environment is also used as an identifier for remote connection.
Command / Shortcut | Description |
---|---|
--bash:params | Runs bash in container |
--build[:params] / -b | Builds all services with Dockerfiles |
--check-config | Validates config file according to template |
--check-env | Compares encrypted and decrypted env files |
--check-health:container | Checks current health of given container |
--clean[:params] / -c | Clean images, containers, networks |
--contexts | Prints all docker contexts |
--create-context | Creates docker context using user inputs |
--decrypt-env[:params,env_file,return_value] | Decrypts all environment files (force param skips user confirmation) |
--deploy[:dirty] / -d | Runs deployment process: uploads files, pulls images, runs zero-downtime deployment, removes suffixes, reloads webserver, clean |
--down[:params] | Calls compose down (with optional params) |
--encrypt-env[:params,env_file,return_value] | Encrypts all environment files (force param skips user confirmation) |
--exec:params | Executes command in container |
--generate-key | Creates new encryption key |
--get-container-name:service | Constructs container name with project prefix for given service |
--get-container-suffix:service | Returns the suffix used for containers for given service |
--get-deploy-replicas:service | Returns default number of deploy replicas of given services |
--get-healthcheck-config:container | Prints health-check config (if any) of given container |
--get-healthcheck-start-period:container | Returns healthcheck start period for given container (if any) |
--get-image-name:service | Constructs image name for given service |
--get-image-suffix:service | Returns the suffix used for image for given service |
--get-number-of-containers:service | Prints number of containers for given service |
--get-service-containers:service | Prints container names of given service |
--has-healthcheck:container | Checks if given container has defined healthcheck |
--healthcheck[:container] / -hc | Execute health-check of given project container |
--kill[:params] | Kills all or given project container |
--logs[:params] / -l | Prints logs of all or given project container |
--manage:params | Runs Django manage command |
--networks / -n | Prints docker networks |
--pg-dump[:data_only,table] | Backups PostgreSQL database [data and structure] |
--pg-dump-data[:table] | Backups PostgreSQL database [data only] |
--pg-restore[:filename,table] | Restores database from backup [data and structure] |
--pg-restore-data:params | Restores database from backup [data only] |
--psql | Starts psql console |
--pull[:params] / -p | Pulls required images for services |
--push[:params] | Push built images to repository |
--read-key | Returns value of mantis encryption key |
--remove[:params] | Removes all or given project container |
--remove-suffixes[:prefix] | Removes numerical suffixes from container names (if scale == 1) |
--restart[:service] | Restarts all containers by calling compose down and up |
--restart-service:service | Stops, removes and recreates container for given service |
--run:params | Calls compose run with params |
--scale:service,scale | Scales service to given scale |
--send-test-email | Sends test email to admins using Django 'sendtestemail' command |
--services | Prints all defined services |
--services-to-build | Prints all services which will be build |
--sh:params | Runs sh in container |
--shell | Runs and connects to Django shell |
--start[:params] | Starts all or given project container |
--status / -s | Prints images and containers |
--stop[:params] | Stops all or given project container |
--try-to-reload-webserver | Tries to reload webserver (if suitable extension is available) |
--up[:params] | Calls compose up (with optional params) |
--upload / -u | Uploads mantis config, compose file and environment files to server |
--zero-downtime[:service] | Runs zero-downtime deployment of services (or given service) |
--backup-volume:volume | Backups volume to a file |
--restore-volume:volume,file | Restores volume from a file |
Few examples:
mantis --version
mantis local --encrypt-env
mantis stage --build
mantis production --logs:container-name
# you can also run multiple commands at once
mantis stage --build --push --deploy -s -l
Check mantis --help
for more details.
Once you define mantis config for your project and optionally create encryption key, you can build your docker images:
mantis <ENVIRONMENT> --build
Mantis either uses docker-compose --build
or docker build
command depending on build tool defined in your config.
Build image names use '_' as word separator.
Built images needs to be pushed to your repository defined in compose file (you need to authenticate)
mantis <ENVIRONMENT> --push
Deployment to your remote server is being executed by calling simple command:
mantis <ENVIRONMENT> --deploy
The deployment process consists of multiple steps:
- If using --mode=ssh, mantis uploads mantis config, environment files and compose file to server
- pulling docker images from repositories
- zero-downtime deployment of running containers (if any)
- calling docker compose up to start containers
- removing numeric suffixes from container names (if scale==1)
- reloading webserver (if found suitable extension)
- cleaning docker resources (without volumes)
Docker container names use '-' as word separator (docker compose v2 convention).
Once deployed, you can verify the container status:
mantis <ENVIRONMENT> --status
list all docker networks:
mantis <ENVIRONMENT> --networks
and also check all container logs:
mantis <ENVIRONMENT> --logs
If you need to follow logs of a specific container, you can do it by passing container name to command:
mantis <ENVIRONMENT> --logs:<container-name>
Sometimes, instead of calling whole deployment process, you just need to call compose commands directly:
mantis <ENVIRONMENT> --up
mantis <ENVIRONMENT> --down
mantis <ENVIRONMENT> --restart
mantis <ENVIRONMENT> --stop
mantis <ENVIRONMENT> --kill
mantis <ENVIRONMENT> --start
mantis <ENVIRONMENT> --clean
Commands over a single container:
mantis <ENVIRONMENT> --bash:container-name
mantis <ENVIRONMENT> --sh:container-name
mantis <ENVIRONMENT> --run:params
Mantis has own zero-downtime deployment implementation without any third-party dependencies. It uses docker compose service scaling and docker health-checks.
Works as follows:
- a new service container starts using scaling
- mantis waits until the new container is healthy by checking its health status. If not health-check is defined, it waits X seconds defined by start period
- reloads webserver (to proxy requests to new container)
- once container is healthy or start period ends the old container is stopped and removed
- new container is renamed to previous container's name
- webserver is reloaded again
Mantis uses semantic versioning. See more in changelog.