1 |
Daniel Campbell: |
2 |
> On Sun, Mar 12, 2017 at 08:56:00PM +0000, Ural wrote: |
3 |
>> Hello guys. I am sorry about a bit of offtopic, but if everyone is |
4 |
>> interested, I am inviting anyone into |
5 |
>> https://github.com/edannenberg/gentoo-bb project discussion thread here: |
6 |
>> https://github.com/edannenberg/gentoo-bb/issues/102, where we user |
7 |
>> Docker as engine and Gentoo GNU/Linux as host OS. We have some ideas on |
8 |
>> (possibly) the best server and LAMP/LEMP management using Gentoo, Docker |
9 |
>> and GentooBB. Discussing the most table, fastest and secure dedicated |
10 |
>> server configuration to host everything. Thanks |
11 |
>> |
12 |
> |
13 |
> The concept sounds pretty neat; what do you guys do different than a |
14 |
> typical Gentoo installation? |
15 |
> |
16 |
> What does Gentoo do for a containerized environment? Does this project |
17 |
> include easier container management than usual? I like the |
18 |
> containers-as-services idea. If it's not hard to write/make one, I could |
19 |
> see this project taking off. |
20 |
|
21 |
The idea of this project is very simple. Manage containers, based on |
22 |
Gentoo. The only OS you can configure everything. I.E. -march=native, |
23 |
which decreases php memory usage by 25% and accelerates binaries. |
24 |
|
25 |
But in usual way, you will do |
26 |
# docker import stage3-xxx.tar.bz2 gentoo |
27 |
and emerge needed service, like nginx, mariadb or php. |
28 |
This way you will have bunch of unmanaged >1GB containers, which have |
29 |
90% unneded files and is hard to update. |
30 |
|
31 |
Our project solves this problem. You have bunch of preconfigured |
32 |
packages, which you already can install and use. Or you can easily |
33 |
create yours. The images are layered and nested, and your nginx |
34 |
container will be 17MB and have only what it need. |
35 |
You can easily rebuild/upgrade/recompile any container, or upgrade all |
36 |
at once. You just define all settings once. |
37 |
Example. To build php7 container, it will build busybox, glibc, openssl, |
38 |
and then including all previous containers will create a resulting |
39 |
nested container. So you have only one glibc or one bash for all child |
40 |
containers. So you can take one container as source, add to it a package |
41 |
and have another nested container. |
42 |
|
43 |
Why this 'container-per-service' is the best way? |
44 |
* Security. Containers are just isolated from host OS, thanks to |
45 |
cgroups, and if hijacked, don't access your rest system. That way if I |
46 |
use separate php containers for phpBB, piwik and other community-driven |
47 |
projects, hijacking phpBB will not allow access to rest services. Most |
48 |
containers runs unprivileged. |
49 |
|
50 |
* No any overhead. It is just another namespace inside kernel. |
51 |
|
52 |
* Ability to have blk and cpu priorities for different services, even |
53 |
when it is not possible to assign in usual native way, like priority for |
54 |
a mariadb database. If you have 3 mariadb containers, you can easily |
55 |
manage priorities as needed. |
56 |
|
57 |
* Easy to upgrade on production, preserving old versions. I described my |
58 |
way to do this in referenced issue, and I have just a few seconds of |
59 |
downtime, when I turn off old containers and start new, but all configs |
60 |
and data are mounted as volumes. If something is not well with upgraded |
61 |
containers, I can switch it back temporarily. |
62 |
|
63 |
* This project is already working well, mostly stable and is used on |
64 |
production. All I did was edited package config files for my need, and |
65 |
./main.sh build mynamespace. It builds all packages, emerging latest |
66 |
versions and compiling them from scratch, creating docker containers. |
67 |
After all built, you start using your containers. |
68 |
|
69 |
(the developing is going in spring branch and soon we will have big |
70 |
version update) |
71 |
|
72 |
|
73 |
|
74 |
> |
75 |
> Thanks for sharing! |
76 |
> |