|
 Docker & Containers
#11242
08 Nov 16 02:48 AM
|
Joined: Jun 2001
Posts: 153
OmniLedger - Tom Reynolds
OP
Member
|
|
OP
Member
Joined: Jun 2001
Posts: 153 |
Stephen brought Docker and containers up at the conference, and I made a point of noting it down for later investigation, as it’s not something that I’d come across yet, but sounded interesting. It just so happens that I was at the Google Cloud Platform conference in London the Thursday after I got back into the UK, and they were quite keen on promoting their own container engines.
So I spent a few hours last week playing around with them, and I’m really enthused about the potential benefits. In the small amount of time I was able to devote to it I was able to knock up a small working environment for A-Shell, and was pretty happy with the results.
I’ll be giving it a bit more time in the next few weeks, so before I do I thought I'd see if Stephen has any valuable insights into using A-Shell within containers, and what stumbling blocks or tricks he needed to implement when putting A-Shell in a container.
I emailed him almost exactly this message today, and he suggested bringing the discussion here, which makes a lot of sense as I could see if being of use to anyone else interested in the topic.
|
|
|
|
Re: Docker & Containers
#11243
08 Nov 16 03:28 AM
|
Joined: Nov 2006
Posts: 2,278
Stephen Funkhouser
Member
|
|
Member
Joined: Nov 2006
Posts: 2,278 |
I'll be happy to share any insight I can on how to move an application to docker, and the benefits there of.
One of Docker's guiding principles is one process per container, and no ssh server daemon inside of a container. The goal is to build micro services that become much simpler to develop and maintain over time because all it is affected by are the inputs and outputs.
Most A-Shell applications use a terminal emulator over an ssh/telnet connection, so how do we maintain one process per container when the first requirement is connecting via ssh/telnet? The approach I came up with was to ssh into the docker host server, and launch one A-Shell docker container per connection. So, instead of directly launching an A-Shell executable when the user logs in, you run a docker container that in turn launches an A-Shell executable inside it.
Another issue is persistent volume data mounting into the container, and file permissions. By default, container's run as root inside their isolated environment, and this isn't desirable for our A-Shell application. The user running A-Shell needs to match the user that launched the container. To accomplish this, the script that is executed inside the container to launch A-Shell accepts parameters for the host user, group, user id ,and group id. It then creates the user inside the container to match the host, and runs A-Shell via sudo as that user.
Next is deciding what base image to use for your images. Early on I thought it would be of benefit for Microsabio to provide a base image. I thought this for two reasons. One, using Microsabio's base image would most likely result in most developers using the strategy for how to implement A-Shell container's. Two, Jack would be able to install all of the peripheral components A-Shell uses (pcre, gnuTls, MySQL client, etc.) at a particular version that he can develop against. One huge benefit of containers is that it's easy to modify how they are run to accommodate development and production, so you can eliminate the "it worked on my development machine but not production" bugs. Jack did develop a base image that's available, and can be used to get up and running with this strategy. I don't think he's created a bitbucket repository for it yet.
There's so much other stuff that comes to mind, but I really need to get back to coding right now. I'll let you digest that, and look forward to advancing knowledge/use of technology aimed at making deploying applications easier and more consistent.
Stephen Funkhouser
Diversified Data Solutions
|
|
|
|
Re: Docker & Containers
#11244
08 Nov 16 03:30 AM
|
Joined: Nov 2006
Posts: 2,278
Stephen Funkhouser
Member
|
|
Member
Joined: Nov 2006
Posts: 2,278 |
Tom, your application can require Apache, so I would start with a basic A-Shell container that works with the terminal emulator you use, and then use that as the base image for a web server container. A component of security is minimizing our footprints, and this approach would allow to not deploy the web server when it isn't needed. You can run individual terminal based user container instances, and web server containers at the same time.
Stephen Funkhouser
Diversified Data Solutions
|
|
|
|
Re: Docker & Containers
#11245
08 Nov 16 03:36 AM
|
Joined: Jun 2001
Posts: 153
OmniLedger - Tom Reynolds
OP
Member
|
|
OP
Member
Joined: Jun 2001
Posts: 153 |
Thanks Stephen, there's already plenty there for me to take away and digest. Much appreciated!
|
|
|
|
Re: Docker & Containers
#11246
08 Nov 16 05:00 AM
|
Joined: Jun 2001
Posts: 11,945
Jack McGregor
Member
|
|
Member
Joined: Jun 2001
Posts: 11,945 |
I did post a microsabio/centos7-ashell:6.3.1531 base image at the Docker hub when Stephen and I were playing with this awhile back. But I need to review what it takes to access it and/or make it more public. I guess I've got some homework too!
|
|
|
|
Re: Docker & Containers
#11247
08 Nov 16 06:06 AM
|
Joined: Nov 2006
Posts: 2,278
Stephen Funkhouser
Member
|
|
Member
Joined: Nov 2006
Posts: 2,278 |
You can look here at the Microsabio Docker Hub . I think by default all images are public. You have to pay for a subscription to make it private. I was actually referring to a bitbucket repository for the Dockerfile and accompanying files (i.e. run.sh). I think to that end, changing the Dockerfile so that it uses wget or curl to download the latest .bin and .tz files, and then installs A-Shell in the build process would be cleaner than having a "clean" directory that gets copied in. That would make the image build resources smaller.
Stephen Funkhouser
Diversified Data Solutions
|
|
|
|
Re: Docker & Containers
#11249
12 Jan 17 05:14 AM
|
Joined: Jun 2001
Posts: 11,945
Jack McGregor
Member
|
|
Member
Joined: Jun 2001
Posts: 11,945 |
Thanks for the interesting link. I must admit that I hadn't really studied the LXC project much, although as you may have surmised from the above that I did spend a fair amount of time working out a Docker container for A-Shell. Aside from Stephen though, there hasn't been a lot of apparent interest, so it's not yet clear if it's really going to be helpful to the A-Shell community at large.
The single-process paradigm of Docker, as discussed in the LXC-vs-Docker article, definitely did present some hurdles. (Dealing with SUBMIT for background processes not dependent on the submitter job was a particular challenge. We ended up with a model using one Docker container for all the submitted background jobs, and a special socket-based client/server version of SUBMIT to allow a job in one Docker container to submit jobs to the other container.)
But even aside from that, A-Shell is fundamentally a multi-process (multi-user) environment, so the single-process focus of Docker requires some contortion to adjust to. (LXC appears to offer advantages there.)
Another issue with Docker (and probably with LXC also) is the while the entire objective is to make it easy to deploy your complete application bundle by eliminating the need to sort out package dependencies, it paradoxically introduces it's own initial package dependency, i.e. that the Docker package be installed first. That's easy enough (trading one package install to eliminate several others), but I think for Docker it means you have to be on a fairly recent version of Linux. That's fine for totally new installs, but the majority of existing Linux machines out there are still on considerably older Linux versions. (To offer one example, we have an install at a Fortune 100 site that is just now upgrading to -el6, which is below the minimum -el7 required for Docker in the RHEL environment.)
It's not yet clear to me how dependent on a newer kernel or distribution environment LXC is.
One big advantage to Docker is great documentation, lots of activity and support resources. LXC documentation and support resources, especially outside of Ubuntu (which, for whatever reason, doesn't seem very popular in the A-Shell world), appears a bit murkier.
But let me study up on it. This may be one of those things where the initial hurdle seems high, but the payoff on the other side is worth it.
|
|
|
|
Re: Docker & Containers
#11250
14 Feb 17 02:15 AM
|
Joined: Jun 2001
Posts: 153
OmniLedger - Tom Reynolds
OP
Member
|
|
OP
Member
Joined: Jun 2001
Posts: 153 |
Finally freeing up some time to look into this again soon hopefully. I'll try and make some sense of the docker images Stephen and Jack linked to earlier.
|
|
|
|
Re: Docker & Containers
#11251
14 Feb 17 06:29 AM
|
Joined: Nov 2006
Posts: 2,278
Stephen Funkhouser
Member
|
|
Member
Joined: Nov 2006
Posts: 2,278 |
It's funny that you posted this today because I was just wondering (and about to post to ask) if you had worked on this at all.
Stephen Funkhouser
Diversified Data Solutions
|
|
|
|
Re: Docker & Containers
#11252
19 Feb 17 08:43 PM
|
Joined: Jun 2001
Posts: 153
OmniLedger - Tom Reynolds
OP
Member
|
|
OP
Member
Joined: Jun 2001
Posts: 153 |
Only had an afternoon to play around with it all again so far. And after about 3 months away from it, my memory of it is more than a little foggy! Getting dragged in about 4 different directions isn't helping though, but when's that ever going to change?
One thing I did try though was to look at the images mentioned on the microsabio docker hub, for some reason I don't seem to be able to access them, but I'm pretty sure I was able to before Christmas. Any changes been made in permissions?
|
|
|
|
Re: Docker & Containers
#11253
20 Feb 17 03:49 AM
|
Joined: Jun 2001
Posts: 11,945
Jack McGregor
Member
|
|
Member
Joined: Jun 2001
Posts: 11,945 |
My memory is a little fuzzy about this too, although I'm quite sure I haven't been tinkering with the permissions or any other aspect of it since last year. Probably they had to restrict the access because the millions of downloads were bogging down the entire site.
I'll try to poke around a bit today and see if I can figure out what's happening.
|
|
|
|
Re: Docker & Containers
#11254
20 Feb 17 06:14 PM
|
Joined: Jun 2001
Posts: 11,945
Jack McGregor
Member
|
|
Member
Joined: Jun 2001
Posts: 11,945 |
I got a late start on this, so may be overlooking something, but it seems like the images should be accessible. Here's basically what I did: 1. Start the docker service... $ sudo service docker start 2. Used the search command to search for public microsabio images ... $ docker search microsabio
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
microsabio/centos7-ashell A-Shell on CentOS 7 0
microsabio/ashell A-Shell / CentOS 7 0
microsabio/docker-whale sample 0 (The first one (centos7-ashell) is the one of interest.) 3. List the available tags for microsabio/centos7-ashell ... $ docker images microsabio/centos7-ashell
REPOSITORY TAG IMAGE ID CREATED
SIZE
microsabio/centos7-ashell 6.3.1531 fdebcefce065 4 months ago
760.5 MB
microsabio/centos7-ashell 6.3.1524 4cb1e1bf324e 5 months ago
760.5 MB
microsabio/centos7-ashell <none> 93ef398e7a48 5 months ago
760.5 MBIt's obviously due for an update, but the 6.3.1531 version (tag) should be good for initial testing purposes. 4. Pull the image ... $ docker pull microsabio/centos7-ashell:6.3.1531
6.3.1531: Pulling from microsabio/centos7-ashell
Digest: sha256:2113d4eec476f009dfa8295977a605327d29650b346e31a332c28005300c4bff
Status: Image is up to date for microsabio/centos7-ashell:6.3.1531 (I already had it but hopefully you should get some other message like 'successfully pulled') 5. Run it $ docker run -it -v /vm/miame:/vm/miame --network=host centos7-ashell6.3.1531 jack 1000 $TERM
user jack
gid 1000
Press [Enter] key to continue ...
Logged in to SYS:
.ver
-- A-Shell Version 6.3.1531.0 Up and Running --Note that the above docker run command is somewhat abbreviated and assumes we can mount the internal /vm/miame filesystem on the real /vm/miame directory. Running it "as-is" like this might be useful for some purposes, but more likely you would want to use the image as a starting point for your own. I'd be happy to share the Dockerfile I used to create the image, which might be useful to you as a starting point. Most of it comes courtesy of Stephen Funkhouser who was a huge help in getting me started. (The Docker docs are quite good, but there's there are many commands, concepts, parameters, tricks and other stuff to get through. Having working examples can really speed up the process (although possibly make it that much faster to forget.)
|
|
|
|
Re: Docker & Containers
#11255
20 Feb 17 09:30 PM
|
Joined: Jun 2001
Posts: 153
OmniLedger - Tom Reynolds
OP
Member
|
|
OP
Member
Joined: Jun 2001
Posts: 153 |
That's got me up and running thanks Jack. I think I must have been missing the version tag, as it defaults to searching for latest, and couldn't find one.
Having a look at the dockerfile would be a great help thanks. I'll agree the docker site is a pretty good resource for getting started, but any extra help is welcome.
|
|
|
|
Re: Docker & Containers
#11256
21 Feb 17 03:40 AM
|
Joined: Jun 2001
Posts: 11,945
Jack McGregor
Member
|
|
Member
Joined: Jun 2001
Posts: 11,945 |
Glad to hear it. Next time I update it, I need to resolve the 'latest' tag issue so you don't need to identify it by the release number. For what it's worth, here's my Dockerfile (again with thanks to Stephen Funkhouser for getting it started)... # 16-Sep-16 created /sf
# 02-Sep-16 updating for Centos7/jdm
# 07-Sep-16 add site_perl to miame for WriteExcel/jdm
# 09-Sep-16 add /vm/lib for ashell dynamic libraries/jdm
# 09-Sep-16 consolidate some of the layers/jdm
# Notes on build environment:
#
# /vm/docker - build directory
# /vm/docker/miame/sys/001004 - clean SYS: (for -mntsys)
# /vm/docker/miame/sys/002002 - clean CMD:
# /vm/docker/miame/sys/007006 - clean BAS:
# /vm/docker/miame/bin - ashell bin files
# /vm/docker/lib - dynamic lib support (tls,mysql,etc.)
# /vm/docker/site_perl - WriteExcel modules
#
# Runtime environment:
#
# /vm/sys/###### - clean mntsys directories
# /vm/sys/bin - A-Shell bin directory
# /vm/lib - Auxiliary libraries
# /vm/site_perl - WriteExcel
# /vm/miame/* - Application /vm/miame mounted here
#
# Note above assumes that application's miame.ini doesn't define
# devices in /vm/sys, /vm/lib, or /vm/site_perl directories
FROM centos:centos7
MAINTAINER <jack@microsabio.com>
RUN yum -y update && \
yum -y install epel-release && \
yum -y install net-tools hostname && \
yum -y install --setopt=tsflags=nodocs epel-release && \
yum -y install --setopt=tsflags=nodocs python-devel.x86_64 python-pip gcc vsftp arp-scan enscript && \
yum -y install --setopt=tsflags=nodocs gnutls.i686 ncurses-libs.i686 libstdc++.i686 libgcc.i686 pcre.i686 && \
yum -y install --setopt=tsflags=nodocs mksh at
RUN yum -y install --setopt=tsflags=nodocs cups
RUN yum -y update && yum clean all
# COPY requirements.txt /tmp/ashell/requirements.txt
# RUN easy_install -U setuptools && \
# pip install -r /tmp/ashell/requirements.txt
# not sure we need this since we are going to mount real /vm/miame later
RUN mkdir -p /vm/miame
# create directories for the -mntsys system logicals
RUN mkdir -p /vm/sys
RUN mkdir -p /vm/sys/001004
RUN mkdir -p /vm/sys/002002
RUN mkdir -p /vm/sys/007006
RUN mkdir -p /vm/sys/bin
RUN mkdir -p /vm/site_perl
RUN mkdir -p /vm/lib
# MIAME clean system device (001004, 002002, 007006)
COPY miame/sys /vm/sys/
# A-Shell 6.3.1531 executables ...
COPY miame/bin/* /vm/sys/bin/
#set up directory for libraries used by ashell...
COPY lib /vm/lib/
#ashell-specific perl libraries (WriteExcel)
COPY site_perl /vm/site_perl/
#startup/launch script (for ENTRYPOINT)
COPY run.sh /opt/run.sh
RUN chmod 755 /opt/run.sh && \
ln -s /vm/sys/bin/libashtls.so.1.0.206 /lib/libashtls.so.1 && \
ln -s /vm/sys/bin/libxl.so.3.6.5.el6 /vm/sys/bin/libxl.so.1 && \
ln -s /vm/sys/bin/libashmysql.so.1.4.140 /lib/libashmysql.so.1 && \
ln -s /vm/sys/bin/libmysqlclient.so.16.0.0 /vm/sys/bin/libmysqlclient.so &&\
ln -s /vm/lib/mysql/libmysqlclient.so.16.0.0 /lib/libmysqlclient.so.16
ENV MIAME=/vm/miame
ENV PERL5LIB=/vm/site_perl
ENTRYPOINT ["/opt/run.sh"]And here's the container startup script run.sh (again, mostly Stephen's work). #!/bin/bash
# A-Shell / docker startup
#
# Usage:
# run.sh <userid> <gid> <TERM>
#
# Edit History
# [000] ??-???-16 Created /sf
# [001] 03-Sep-16 Add 3rd arg to pick up TERM env var (which seems to
# get reset to xterm on the docker launch; perhaps there
# is a better way to just preserve the host TERM directly?) /jdm
# [002] 04-Sep-16 Add -silo switch (new in ashell 6.3.1524 to stifle
# pid-related logic which assumed normal/visible pids /jdm
PATH=$PATH:$HOME/bin:/vm/miame/bin
export PATH TERM
set +o monitor
echo 'user ' $1`
echo 'gid ' $2
read -p "Press [Enter] key to continue ..."
groupadd -g $2 ashell
useradd -g $2 $1
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
# exec su -m $1 --command="ashell -hetcki bn"
# exec ashell -n log sys:
exec /vm/sys/bin/ashell -silo -td $3 -mntsys sys63:=/vm/sys -n log sys: (I should probably add this and any other related files to one of the MicroSabio repositories.)
|
|
|
|
Re: Docker & Containers
#11257
21 Feb 17 04:27 AM
|
Joined: Jun 2001
Posts: 153
OmniLedger - Tom Reynolds
OP
Member
|
|
OP
Member
Joined: Jun 2001
Posts: 153 |
Thanks Jack, I managed to ferret out some of it today, but this clears up, and makes sense of a lot of stuff.
|
|
|
|
Re: Docker & Containers
#11258
21 Feb 17 04:57 AM
|
Joined: Nov 2006
Posts: 2,278
Stephen Funkhouser
Member
|
|
Member
Joined: Nov 2006
Posts: 2,278 |
If you're going to follow this pattern, you should create your own Dockerfile with a from statement that uses Microsabio's as the base layer FROM microsabio/centos7-ashell:6.3.1531 From there you can customize it, but that'll already have the version of A-Shell installed. This also allows Jack to change some of how the image is built without everyone else having to change their entire docker files to match (think object-oriented programming). As long as there are standard directories for the clean install he can easily change the version of gnutls for example without each developer having to as well. This is really nice when the only way to install a dependency is to compile it. Jack can compile it into the image, and run containers to develop with and this solves the "it worked on my development machine, but it's not working here" problem. One thing to know about the Dockerfile. Each command is committed as a separate layer to final image, so you really want to combine as many commands as possible into one. This is especially true when you need to copy in something temporarily, and then delete it. If you copy it with one command, and then delete it with another the total size of the image is going to include the layer that includes the files copied in. I think it's usually better to stage files on an HTTP(S) server and use wget/curl to copy them because you can chain multiple Linux command lines as long as they're used via the RUN command. COPY should be used very sparingly.
Stephen Funkhouser
Diversified Data Solutions
|
|
|
|
Re: Docker & Containers
#11259
21 Feb 17 08:20 PM
|
Joined: Jun 2001
Posts: 153
OmniLedger - Tom Reynolds
OP
Member
|
|
OP
Member
Joined: Jun 2001
Posts: 153 |
Good idea Stephen, it would certainly make a lot of sense if the underlying AShell container was standardised.
Nice tip on the command execution too. I suspected as much from watching it build an image, but hadn't delved into the implications of it yet.
|
|
|
|
Re: Docker & Containers
#11260
22 Feb 17 03:31 AM
|
Joined: Nov 2006
Posts: 2,278
Stephen Funkhouser
Member
|
|
Member
Joined: Nov 2006
Posts: 2,278 |
It would also be good to determine a set of standard tags for the Microsabio image's.
latest = latest production image
devel = latest devel image
6.3.1544.8 = Specific version number of image
You can have multiple tags per image, so the newest production image could be tagged both 6.3.1544.8 and latest.
This allows either using :latest in your FROM command, or version pinning via the specific version number. This provides flexibility to fit developers who are on the "bleeding edge" and ones that require inhouse QA testing a specific version before releasing. This is especially useful when you need to rebuild your image so that you can update/add new packages and don't want the A-Shell version to change.
Stephen Funkhouser
Diversified Data Solutions
|
|
|
|
Re: Docker & Containers
#11261
22 Feb 17 03:45 AM
|
Joined: Jun 2001
Posts: 11,945
Jack McGregor
Member
|
|
Member
Joined: Jun 2001
Posts: 11,945 |
It was the intent that this image could be used as a standardized base image, and I think it's reasonably close (although slightly out of date). But it probably needs some more feedback from actual attempts at using it to clean it up, and a lot better documentation before it can really achieve the goal of making deployment simpler rather than more complex.
Along those lines, you'll probably notice as you attempt to go down that path that a number of issues/questions will pop up, like how to handle printing. I've sent you a link to a google doc that I started awhile back to keep track of these details, which may or may not be useful. (If anyone else is interested, send me your google email/login and I'll forward the link.)
|
|
|
|
Re: Docker & Containers
#11262
22 Feb 17 03:48 AM
|
Joined: Jun 2001
Posts: 11,945
Jack McGregor
Member
|
|
Member
Joined: Jun 2001
Posts: 11,945 |
- indeed that's a very good idea (about the latest/devel/#.#.#### tags). Now I just need to get to it...
|
|
|
|
Re: Docker & Containers
#11263
22 Feb 17 04:07 AM
|
Joined: Jun 2001
Posts: 153
OmniLedger - Tom Reynolds
OP
Member
|
|
OP
Member
Joined: Jun 2001
Posts: 153 |
I didn't realise you can attach multiple tags, that would certainly help managing the various possible image versions.
I've put together a dockerfile that seems a good place for me to start from. It's taking the base ashell image Jack has provided, and is incorporating our own software on top of that.
It all seems nice, clean and straight forward for the most part. I'm sure there's something I must be missing, that will no doubt trip me up in time!
There are a few wrinkles to iron out, and some further customisation to get it to work seamlessly for an actual user, but I'm pretty hopeful.
|
|
|
|
Re: Docker & Containers
#11264
22 Feb 17 04:11 AM
|
Joined: Nov 2006
Posts: 2,278
Stephen Funkhouser
Member
|
|
Member
Joined: Nov 2006
Posts: 2,278 |
I might suggest moving the clean install directories/files to be hosted on your website under specific version numbers, and then use wget in the Dockerfile to download the correct version number. This has a couple of benefits.
1. You don't need to use the COPY command, so you can put the wget in the same RUN command that installs everything. This will make few layers in the image.
2. Each version of the Dockerfile can be reliably rebuilt with the exact files they were originally built with. This allows you to upgrade the underlying CentOS for security patches in all the available images.
Stephen Funkhouser
Diversified Data Solutions
|
|
|
|
Re: Docker & Containers
#11265
22 Feb 17 04:20 AM
|
Joined: Jun 2001
Posts: 11,945
Jack McGregor
Member
|
|
Member
Joined: Jun 2001
Posts: 11,945 |
Another good idea. I'll try to put some time into it today...
|
|
|
|
Re: Docker & Containers
#11266
22 Feb 17 04:32 AM
|
Joined: Jun 2001
Posts: 11,945
Jack McGregor
Member
|
|
Member
Joined: Jun 2001
Posts: 11,945 |
FYI - here's the public link to that document for anyone interested ... A-Shell Docker notes
|
|
|
|
Re: Docker & Containers
#11267
23 Feb 17 04:47 AM
|
Joined: Jun 2001
Posts: 11,945
Jack McGregor
Member
|
|
Member
Joined: Jun 2001
Posts: 11,945 |
I just posted new a new microsabio/centos7-ashell images (under the tags 6.3.1545.0, devel, and latest per Stephen's suggestion above). (Perhaps technically it doesn't deserve the 'latest' tag since it isn't really a production image, but for now we can pretend...) See the ash63notes.txt for changes. I haven't yet worked on the Dockerfile layering, but it's on the to-do list.
|
|
|
|
Re: Docker & Containers
#11268
23 Feb 17 09:04 AM
|
Joined: Sep 2002
Posts: 5,486
Frank
Member
|
|
Member
Joined: Sep 2002
Posts: 5,486 |
Ok, what is this sorcery? Herman, what are they talking about??  Seriously, trying to follow along here, but to my naive understanding, i don't see what the fuss is about. I'm sure i am missing the entire point, just curiously following along...
|
|
|
|
Re: Docker & Containers
#11269
25 Feb 17 03:54 AM
|
|
Anonymous
Unregistered
|
|
Anonymous
Unregistered
|
Just do like me, Frank. Just smile and pretend you understand 
|
|
|
|
Re: Docker & Containers
#11270
27 Feb 17 03:11 AM
|
Joined: Sep 2002
Posts: 5,486
Frank
Member
|
|
Member
Joined: Sep 2002
Posts: 5,486 |
|
|
|
|
Re: Docker & Containers
#11271
08 Mar 17 01:15 AM
|
Joined: Jun 2001
Posts: 153
OmniLedger - Tom Reynolds
OP
Member
|
|
OP
Member
Joined: Jun 2001
Posts: 153 |
Well I got all of our software up and running without too much fuss. The size of the final package is very impressive, especially the minimal setup outside of docker that it would need going forward.
Unfortunately I've got to leave it alone for a while now, as some other work has popped up. Hopefully I can revisit it again some time soon, and add a little more fuel to the fire once more!
|
|
|
|
Re: Docker & Containers
#11272
10 Apr 17 11:52 PM
|
Joined: Jun 2001
Posts: 153
OmniLedger - Tom Reynolds
OP
Member
|
|
OP
Member
Joined: Jun 2001
Posts: 153 |
I've gradually been building up a setup with Docker, and been having some success that bodes well. Any chance I could get a 6.4 version of the container you've been building Jack?
|
|
|
|
Re: Docker & Containers
#11273
11 Apr 17 04:08 AM
|
Joined: Jun 2001
Posts: 11,945
Jack McGregor
Member
|
|
Member
Joined: Jun 2001
Posts: 11,945 |
It's on my to-do list, hopefully done by tomorrow!
|
|
|
|
Re: Docker & Containers
#11275
12 Apr 17 03:29 AM
|
Joined: Jun 2001
Posts: 11,945
Jack McGregor
Member
|
|
Member
Joined: Jun 2001
Posts: 11,945 |
I posted updated an updated image last night, tagged as 6.4.1548.1 (and 'latest'). Let me know if you have any problems with it.
|
|
|
|
Re: Docker & Containers
#11276
12 Apr 17 04:05 AM
|
Joined: Nov 2006
Posts: 2,278
Stephen Funkhouser
Member
|
|
Member
Joined: Nov 2006
Posts: 2,278 |
Should that also be tagged as 'devel'?
Stephen Funkhouser
Diversified Data Solutions
|
|
|
|
Re: Docker & Containers
#11277
12 Apr 17 04:21 AM
|
Joined: Jun 2001
Posts: 11,945
Jack McGregor
Member
|
|
Member
Joined: Jun 2001
Posts: 11,945 |
I wasn't sure if that made sense for the release version. Or to put it a different way, I wasn't sure under what circumstances anyone would expect the 'latest' and 'devel' versions to be different. Is 'latest' expected to be the latest release version? (In our dev/rel dichotomy, you might argue that 'latest' is the latest release and 'devel' is the latest in the dev branch. But at the moment, the 6.5 dev branch hasn't been started yet.)
|
|
|
|
Re: Docker & Containers
#11278
12 Apr 17 06:25 AM
|
Joined: Nov 2006
Posts: 2,278
Stephen Funkhouser
Member
|
|
Member
Joined: Nov 2006
Posts: 2,278 |
I think the context when you're rolling the stable/devel branches to new minor patch numbers are oddities, and until there's a new development branch 'latest' and 'devel' should be the same. I suppose an argument could be made that 'latest' should always refer to the latest releasable version (either stable or development branch), and the even patch numbers should be tagged as 'stable'. There would be no need for 'devel' then, it's just semantics anyway, except that 'latest' is the default tag used by "docker pull" if no other tag is specified.
So right now, 6.4.1548.1 should be tagged as both 'latest' and 'stable' as you would want 6.3 to still be considered the latest. Any other versions would be tagged with just there version number.
We should probably use 'beta' as well when needed.
Stephen Funkhouser
Diversified Data Solutions
|
|
|
|
Re: Docker & Containers
#11279
12 Apr 17 06:49 AM
|
Joined: Jun 2001
Posts: 11,945
Jack McGregor
Member
|
|
Member
Joined: Jun 2001
Posts: 11,945 |
Unfortunately, even though 'latest' is the default, it's not entirely obvious whether it should refer to the latest stable, latest devel, or latest beta release. If taken literally, it really should be the latest, but since it is the default, it might make sense for it to be the latest stable release. I can't see any argument for making it refer to the 6.3 release which is now completely superseded. (In the absence of a 6.5 devel branch, 6.4 serves as both.)
So for now, I've added a 'stable' tag (which is currently equivalent to the 'latest' and 'devel' and '6.4.1548.1' tags). At some point they may diverge.
|
|
|
|
Re: Docker & Containers
#11280
12 Apr 17 09:48 AM
|
Joined: Nov 2006
Posts: 2,278
Stephen Funkhouser
Member
|
|
Member
Joined: Nov 2006
Posts: 2,278 |
FYI, the image you just pushed is built on CentOS with a build-date=20160729. To ensure you use the latest image in your FROM statement you can use the --pull switch for the docker build command; otherwise, if you have a version of the image cached locally it won't attempt to pull the base image.
As an aside, I used anchore.io to see the layers of the image directly from hub.docker.com. One of the things Anchore does is scan images and report on CVE vulnerabilities in the layers.
Stephen Funkhouser
Diversified Data Solutions
|
|
|
|
Re: Docker & Containers
#11281
12 Apr 17 10:59 AM
|
Joined: Jun 2001
Posts: 11,945
Jack McGregor
Member
|
|
Member
Joined: Jun 2001
Posts: 11,945 |
Thanks for the heads up, and the tip on Anchore. I've rebuilt the image using the --pull (new CentOS build-date=20170406), eliminated a few layers by combining some RUN commands, and re-uploaded it.
|
|
|
|
|
