Andrew Libby on 24 Aug 2016 11:12:41 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Docker Best-practices guide / intro?

On 8/24/16 2:07 PM, Rich Freeman wrote:
> On Wed, Aug 24, 2016 at 12:28 PM, Andrew Libby <> wrote:
>> We never patch live containers.  We rebuild images and re-create the
>> container.  As long as you adhere to one step build and have a good way
>> to destroy/ re-crteate your containers this is pretty straight forward.
>> I've done things like having a script for each container or used systemd
>> units.
> I'd really prefer not to go this route.
> Typically I shut down a container, snapshot it, start it up, run
> updates, shut it down, snapshot again, start back up, and test, then
> either leave in production or roll back.

This can be done with docker, though it might look different than you're
hoping.  You can build a new image, run/test, etc and then recreate your
production instance only after testing passes.

> The problems with building from scratch each time are:
> 1.  In order to figure out how to build one I need to first take lots
> of notes while I get one working.  Then I'd need to fuss with the
> scripting system to automate it.  Or I could just call it done as soon
> as I've gotten it working in the first place and I don't even need to
> take notes.  I never deploy more than one instance of a container
> typically.  If I did I'd probably give that more thought.

Generally, the image builds are all automated with docker build and
described in the Dockerfile.

> 2.  Most often my containers will run Gentoo, and building that from
> scratch every time I want to do updates is going to be time-consuming,
> and failure-prone.

Yeah, this is a real head scratcher for me. You could have a gentoo base
image that you build only once for each update, and then rebuild each
derived image.  Still the costs are high.  If you're adamant on using s
source based distro, maybe Docker isn't your best option.

> This has been one of the things keeping me off of Docker.  I might
> just stick with nspawn, but I can also see the value in moving to
> Docker if it makes sense and I don't end up fighting it.
> My containers do only run one application.  They're rarely completely
> stateless though.

Yeah, we've had to adopt the mindset that the only thing holding any
state exists in a volume mount.  It took a little getting used to
though, I'll admit.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --