| Andrew Libby on 24 Aug 2016 11:12:41 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Docker Best-practices guide / intro? |
On 8/24/16 2:07 PM, Rich Freeman wrote: > On Wed, Aug 24, 2016 at 12:28 PM, Andrew Libby <andrew.libby@gmail.com> wrote: >> >> We never patch live containers. We rebuild images and re-create the >> container. As long as you adhere to one step build and have a good way >> to destroy/ re-crteate your containers this is pretty straight forward. >> I've done things like having a script for each container or used systemd >> units. >> > > I'd really prefer not to go this route. > > Typically I shut down a container, snapshot it, start it up, run > updates, shut it down, snapshot again, start back up, and test, then > either leave in production or roll back. This can be done with docker, though it might look different than you're hoping. You can build a new image, run/test, etc and then recreate your production instance only after testing passes. > > The problems with building from scratch each time are: > 1. In order to figure out how to build one I need to first take lots > of notes while I get one working. Then I'd need to fuss with the > scripting system to automate it. Or I could just call it done as soon > as I've gotten it working in the first place and I don't even need to > take notes. I never deploy more than one instance of a container > typically. If I did I'd probably give that more thought. Generally, the image builds are all automated with docker build and described in the Dockerfile. > 2. Most often my containers will run Gentoo, and building that from > scratch every time I want to do updates is going to be time-consuming, > and failure-prone. Yeah, this is a real head scratcher for me. You could have a gentoo base image that you build only once for each update, and then rebuild each derived image. Still the costs are high. If you're adamant on using s source based distro, maybe Docker isn't your best option. > > This has been one of the things keeping me off of Docker. I might > just stick with nspawn, but I can also see the value in moving to > Docker if it makes sense and I don't end up fighting it. > > My containers do only run one application. They're rarely completely > stateless though. Yeah, we've had to adopt the mindset that the only thing holding any state exists in a volume mount. It took a little getting used to though, I'll admit. > > ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug