May Docker Discussion
-
@gotwf said in Which is better NodeBB or Discourse?:
ocker is for lamers who don't know how to be system admins
That's how I would sum it up as well. It has its place, I've been a container fan for a very long time. But the idea that you can simply put an isolated app into a container and no longer have to maintain anything is crazy. You isolate to a point and suddenly it's just an app and you are back to where you started. We already have operating systems to isolate applications like that. This is just another layer if you don't manage it correctly.
I think, like so many things in IT, people see the "magic black box" and think that by choosing the buzz word tech of the moment that magic will happen and they can not bother to actual manage things.
-
WRT containerization, I honestly really do get the appeal. You can pretend it's all about making your dev environment mimic production, etc... but it all boils down to that "new server feeling", every single time you deploy a container.
Sysadmins used to brag about their
uptimerecords... now it's a soft sign that you might not be keeping up with the latest security patches
Is it worth the overhead? That's up to you... I like tinkering with my servers, personally. Pretty soon it'll be a lost art.
-
@julian said in Which is better NodeBB or Discourse?:
Sysadmins used to brag about their uptime records... now it's a soft sign that you might not be keeping up with the latest security patches
We were saying that "uptime" was a sign of not maintaining systems a really long time ago. By the mid-2000s it was common to see uptimes of over a few weeks as a sign of something being really wrong.
-
@julian said in Which is better NodeBB or Discourse?:
WRT containerization, I honestly really do get the appeal. You can pretend it's all about making your dev environment mimic production, etc... but it all boils down to that "new server feeling", every single time you deploy a container.
Sysadmins used to brag about their
uptimerecords... now it's a soft sign that you might not be keeping up with the latest security patchesIs it worth the overhead? That's up to you... I like tinkering with my servers, personally. Pretty soon it'll be a lost art.
If you love containers, try SmartOS, OmniOSCE, or anything IllumOS based for that matter. They do containers right. And if you really want/need Docker, you can run them in a SmartOS container, for "double hulled" (sticking with the shipping analogy) isolation and security.
I'd also rank FreeBSD's jails as superior to Docker. Now cgroups done right? That may be a different matter. Rkt? Hmmm... maybe but I've not been keeping up with Linux since systemd bit me in the arse ten times too many (and before any of y'all Lennart lovers lock and load, I've been doing this stuff since the early 80's when VT52's were the cat's meow and we ran BSD on Digital VMS Vax monsters in the SDSC running tape drives - so no, they weren't pebkac errors).
Peace-- o/
-
@gotwf said in Which is better NodeBB or Discourse?:
If you love containers, try SmartOS, OmniOSCE, or anything IllumOS based for that matter. They do containers right. And if you really want/need Docker, you can run them in a SmartOS container, for "double hulled" (sticking with the shipping analogy) isolation and security.
You mean with a Zones deriv? I was a Zones admin circa 2006.
-
@gotwf said in Which is better NodeBB or Discourse?:
I'd also rank FreeBSD's jails as superior to Docker. Now cgroups done right? That may be a different matter. Rkt? Hmmm... maybe but I've not been keeping up with Linux since systemd bit me in the arse ten times too many (and before any of y'all Lennart lovers lock and load, I've been doing this stuff since the early 80's when VT52's were the cat's meow and we ran BSD on Digital VMS Vax monsters in the SDSC running tape drives - so no, they weren't pebkac errors).
LXC does a really good job. Simple, straightforward, and really flexible. It's what Docker was built on originally (not any longer.) But gives you a whole OS, not just a single app.
-
@scottalanmiller said in Which is better NodeBB or Discourse?:
@gotwf said in Which is better NodeBB or Discourse?:
If you love containers, try SmartOS, OmniOSCE, or anything IllumOS based for that matter. They do containers right. And if you really want/need Docker, you can run them in a SmartOS container, for "double hulled" (sticking with the shipping analogy) isolation and security.
You mean with a Zones deriv? I was a Zones admin circa 2006.
Yes. Terminology *Solaris side has evolved a bit:
https://en.wikipedia.org/wiki/Solaris_Containers
Joyent ported KVM to IllumOS so you can get the near bare metal hypervisor - maybe about a decade back? More recently they are porting FreeBSD's BHYVE, and I think may actually be using in production by now? Or very close. They cite far superior performance and maintainability from BHYVE.
Great support from Joyent and #smartos (freenode). Worth a gander since you've some Solaris experience. Run most of my stuff on Joyent Public Cloud. Nothing on AWS anymore. But then I like building from ground up rather than the one click mentality so those who favor the latter and have the deep pockets to sustain it, may want to stick with AWS. If you're into doing your own private cloud, Joyent has also open sourced Trident. SmartOS, Manatee, Manta, ZFS, DTRACE, Crossbow... what's not to love, eh? Oh, yeah, Kubernetes as well.
P.S.; Apologies to OP if I've hijacked this a bit. Did not intend to get so far afield from original topic. Mea culpa.
-
@gotwf said in Which is better NodeBB or Discourse?:
Yes. Terminology *Solaris side has evolved a bit:
Yeah, so dumb...
"Before the launch of Solaris Zones in 2005, a Solaris Container was any type of workload constrained by Solaris resource management features. The latter had been a separate software package in earlier history. By 2007 the term Solaris Containers came to mean a Solaris Zone combined with resource management controls. "
-
However, Solaris Containers are gone now, so the current is back to Zones. So it was Containers, then Zones, then Containers, but now it is once again Zones.
"To simplify terminology, Oracle dropped the use of the term Container in Solaris 11, and has reverted to use of the term Solaris Zone irrespective of the use of resource management control"
-
@gotwf said in Which is better NodeBB or Discourse?:
They cite far superior performance and maintainability from BHYVE.
This is one hypervisor that I've yet to have time to play around with. Need to get to it one of these days.
-
@scottalanmiller said in Which is better NodeBB or Discourse?:
However, Solaris Containers are gone now, so the current is back to Zones. So it was Containers, then Zones, then Containers, but now it is once again Zones.
"To simplify terminology, Oracle dropped the use of the term Container in Solaris 11, and has reverted to use of the term Solaris Zone irrespective of the use of resource management control"
Heh, Oracle Solaris is dead. I could link Oracle's PR but I think a better read is Cantrill's take on it:
http://dtrace.org/blogs/bmc/2017/09/04/the-sudden-death-and-eternal-life-of-solaris
In any event, I am unsure what terminology IllumOS folks are embracing these days, but, yeah, you got it: Isolation plus resource provisioning.
-
@gotwf said in Which is better NodeBB or Discourse?:
@julian said in Which is better NodeBB or Discourse?:
WRT containerization, I honestly really do get the appeal. You can pretend it's all about making your dev environment mimic production, etc... but it all boils down to that "new server feeling", every single time you deploy a container.
Sysadmins used to brag about their
uptimerecords... now it's a soft sign that you might not be keeping up with the latest security patchesIs it worth the overhead? That's up to you... I like tinkering with my servers, personally. Pretty soon it'll be a lost art.
If you love containers, try SmartOS, OmniOSCE, or anything IllumOS based for that matter. They do containers right. And if you really want/need Docker, you can run them in a SmartOS container, for "double hulled" (sticking with the shipping analogy) isolation and security.
I'd also rank FreeBSD's jails as superior to Docker. Now cgroups done right? That may be a different matter. Rkt? Hmmm... maybe but I've not been keeping up with Linux since systemd bit me in the arse ten times too many (and before any of y'all Lennart lovers lock and load, I've been doing this stuff since the early 80's when VT52's were the cat's meow and we ran BSD on Digital VMS Vax monsters in the SDSC running tape drives - so no, they weren't pebkac errors).
Peace-- o/
https://www.qubes-os.org/ - Saw this a long time ago haven't kept up with it but it was interesting.
-
@Joykiller said in Which is better NodeBB or Discourse?:
@gotwf said in Which is better NodeBB or Discourse?:
@julian said in Which is better NodeBB or Discourse?:
WRT containerization, I honestly really do get the appeal. You can pretend it's all about making your dev environment mimic production, etc... but it all boils down to that "new server feeling", every single time you deploy a container.
Sysadmins used to brag about their
uptimerecords... now it's a soft sign that you might not be keeping up with the latest security patchesIs it worth the overhead? That's up to you... I like tinkering with my servers, personally. Pretty soon it'll be a lost art.
If you love containers, try SmartOS, OmniOSCE, or anything IllumOS based for that matter. They do containers right. And if you really want/need Docker, you can run them in a SmartOS container, for "double hulled" (sticking with the shipping analogy) isolation and security.
I'd also rank FreeBSD's jails as superior to Docker. Now cgroups done right? That may be a different matter. Rkt? Hmmm... maybe but I've not been keeping up with Linux since systemd bit me in the arse ten times too many (and before any of y'all Lennart lovers lock and load, I've been doing this stuff since the early 80's when VT52's were the cat's meow and we ran BSD on Digital VMS Vax monsters in the SDSC running tape drives - so no, they weren't pebkac errors).
Peace-- o/
https://www.qubes-os.org/ - Saw this a long time ago haven't kept up with it but it was interesting.
That's a Xen and Linux based system AFAIK. I see it pop up from time to time.
-
@gotwf I'm not sure if it matters if Docker isn't the "best" container solution. Docker has become the defacto standard for containerization.
-
@djensen47 said in Which is better NodeBB or Discourse?:
@gotwf I'm not sure if it matters if Docker isn't the "best" container solution. Docker has become the defacto standard for containerization.
I think we all love containers as a general thing, it really is the "Docker" situation of which we are all wary.
-
This post is deleted!
-
@djensen47 said in Which is better NodeBB or Discourse?:
@gotwf I'm not sure if it matters if Docker isn't the "best" container solution. Docker has become the defacto standard for containerization.
Please pass some of what you've been smoking, bruh! I know more than a few folks who refuse to use Docker in production. So, I disagree. Maybe a few years back but seems to me it's been loosing much of its shine with an increasing number of clued in types. I have friends who are security gurus at bigco.com. These folks audit financial institutions and such., They refuse to allow 1) systemd (will stay on RHEL6.x until unsupported and then migrate to new platform), and 2) Docker in production - rapid dev use only.
Following the herd has it's advantages, granted. But..... a few of us rare breed types prefer the pursuit of technical excellence, even if it requires a bit more challenging path.
But hey, feel free to disagree and enjoy your Docker. Not worth arguing over and I've bailed on Linux for what I assess to be superior, if less popular, platforms. But then I am willing to do some trail maint work from time to time as well. You may well choose different priorities for very valid reasons.
Peace-- o/
P.S.; I do find it ironically amusing that the Docker folks stuck with a Solaris container analogy for their product, hoping to leverage Solaris Container buzz. Imitation is the sincerest form of flattery, and yep... Linux is STILL playing catch up after all these years. If you've never had your fingers into the big iron it is considerably easier for Linux to shine.
P.P.S.; Zones/Container and fbsd jails have also been around for a lot longer, are more mature, and offer a more proven track record. So I feel 'safer' trusting them. I could well be wrong, but a little PPP (Purely Psychological Protection) is not always a bad thing. lol.
-
@djensen47 said in May Docker Discussion:
Docker has become the defacto standard for containerization.
And Windows is the de facto standard desktop. It works. Docker works. But is it the best idea? No, it's just what the masses do. The masses rarely make good decisions. Working decisions, but not good ones.
