Configure docker4drupal to work with drush aliases and Pantheon

In last days I've reinstalled my laptop, with Ubuntu 16.04 and I want to keep it "clean" from Apache, Mysql, etc. I've decided to switch to docker for my local development.
I'm almost a Drupal developer and I often work with Pantheon, a cloud platform Drupal-Worpdress oriented.

I'm starting to use and study Docker, so I found a great project: docker4drupal.
This is simply a docker-compose file that create an entire environment to develop (and deploy) a complete Drupal architecture. This great tool is part of the Wodby project.
With docker4drupal and few simple steps I've a local environment for my sites.

My sites are also hosted on Pantheon, so I need to sync database and media files from Pantheon to my local (dockerized) installation.

The context:

  • with docker4drupal the document root from the host is mounted inside the container
  • the container named "php" has drush installed, so you can execute it outside the container
  • to sync database or media files I have to have a drush alias with Pantheon connection

0. (optional) create a wrapper for drush

Because I've decided to not install a webserver on my host, I haven't drush installed, also.
So I've created a simple wrapper that executes drush commands inside the container (of course: you have to execute drush from document root of your site).
The wrapper is simple:

  • create the file on /usr/local/bin/drush and copy this code:

docker-compose exec --user 82 php drush $@
  • give execute permission on file:

sudo chmod +x /usr/local/bin/drush

Now if you go from shell to your document root and execute drush status, the command is executed inside the php container. Simply!

1. Define drush alias

Drush searchs alias definition from the home directory of the user that executes the command or inside the source code of the sites. Because I want to keep everything on git, I add an alias for Pantheon connection in sites/all/drush directory. So I've the drush alias on:


This is the content of my alias:

$aliases['dev'] = array(
'uri' => '',
    'db-url' => 'mysql://',
    'db-allows-remote' => TRUE,
    'remote-host' => '',
    'remote-user' => 'dev.123456789',
    'ssh-options' => '-p 2222 -o "AddressFamily inet"',
    'path-aliases' => array(
      '%files' => 'code/sites/default/files',
      '%drush-script' => 'drush',

So, if I execute drush @dev status from the document root, the command goes into the container, loads @dev alias and execute status on Pantheon.
But it doesn't work, we don't have ssh keys!

2. Mount ssh keys in the php container

If you want to use Pantheon drush aliases you have to use ssh keys. Drush is executed inside the container, so we have to mount inside the container our ssh key. We shouldn't add phisically the key to the container because we don't have to edit container files or, if we rebuild the docker architecture we lose files.

I've edited the docker-compose.yml file from docker4drupal adding the last line to the php container:

      - ./:/var/www/html
      - /home/myuser/.ssh_docker:/home/www-data/.ssh

With this change mount the directory /home/myuser/.ssh_docker inside the container in the directory where the drush alias looks for the ssh key (remember that in the drush wrapper we use user 82, aka www-data, to execute drush).

3. Fix permissions

Docker4drupal mounts source code from your host into the container. This isn't a Pantheon question, it's a problem of docker4drupal.
So if you try to write files (do you know drush dl module_name command?) the system returns an error, because docker can't write on host files.

I solved this issue (thanks to Valerio Mulas for the solution) using setfacl command, on Ubuntu.
Using these commands you override chown permissions:

sudo setfacl -Rm g:82:rwX,d:g:82:rwX path/to/dir
sudo setfacl -Rm g:MYUSER:rwX,d:g:MYUSER:rwX path/to/dir
In this way file are writable from your host user and also from *www-data* user of docker (uid 82). ##4. Enjoy drush alias! Now we can use drush alias from Pantheon to sync files, etc :) The "local" alias, inside the container, is simply **@self**. So we could execute from our document root (**check drush documentation** before execute these commands, if you don't know what you are doing):
## Check Pantheon status:
drush status

## Sync database from Pantheon to local/dockerized environment:
drush sql-drop -y
drush sql-sync @self -vv -y

## Sync media files from Pantheon to local/dockerized environment:
drush rsync --delete @self:%files -y

Enjoy it!