Discourses does a good job allowing code update from the container.

We want to produce a Phabricator application and ship it with rDPHAB to allow our users to get monitoring of container specific stuff (does all the services run?) and allow upgrade

Monitoring

For DevCentral, we run a test added in D62 to check if expected processes run in Docker.

If we want to transform this test into a monitoring solution (see T948), or allow monitoring to operate, external tool must currently attach a ps process to the running container (and so have access to the Docker engine).

Instead, we could offer a reporting of this ps information as a JSON document to get the relevant processes and a web view to explore results.

Upgrade workflow

Docker motto "fire a new container, destroy the old one" works in the HA paradigm, but

Upgrade procedure is a series of commands like this:

# 1. Update code
$ cd /opt/libphutil && git pull
$ cd /opt/phabricator && git pull

# 2. Upgrade database schema
$ sv stop phd
$ bin/storage upgrade -f

# 3. Restart application
$ sv restart php-fpm
$ sv start phd

Or, for a modified version of Phabricator using a custom production branch to rebase against Phabricator master, like that:

# 1. Update code
$ cd /opt/libphutil
$ git pull
$ cd /opt/phabricator 
$ git fetch
$ git rebase origin/master
$ bin/celery map

# 2. Upgrade database schema
$ sv stop phd
$ bin/storage upgrade -f

# 3. Restart application
$ sv restart php-fpm
$ sv start phd

There is a condition to run automatically the modified version update code: git rebase origin/master must be rebased if and only if that wouldn't produce a conflict

http://stackoverflow.com/a/6283843/1930997 provides a clean way to test for such conflict:

git-merge tree `git merge-base production origin/master` production master | grep -q "changed in both"
if [ $? ]; then
    # Green light
    git rebase master
else
    # Pick here an exit code to say "human merge required"
    exit 1

fi