May Docker Discussion
-
One thing that I fear from Docker is the community. It's the latest buzzword and hype and because of that, most people using it see it as some magic panacea, and that creates hubris, and hubris leads to instability and insecurity. People who think technology is magic and not subject to the normal rules or rigors are how bad things happen.
-
@scottalanmiller oh you could say that with most of the js libraries that come out. JavaScript has been the new hotness for the last little while and it shows
-
Interesting recent discussion re: Docker
Some parallels to what was discussed here
-
@julian said in May Docker Discussion:
@scottalanmiller oh you could say that with most of the js libraries that come out. JavaScript has been the new hotness for the last little while and it shows
Very true.
-
@julian said in May Docker Discussion:
Interesting recent discussion re: Docker
Some parallels to what was discussed here
Totally true. People put so much into each new thing that they hear about thinking that it is going to change the world, without any clear idea of what problem it is even trying to address!
-
@scottalanmiller said in May Docker Discussion:
Billions wasted on Hadoop startups, the same will eventually be true of Docker | Hacker NewsI'll definitely be using nodeBB in Docker if I end up going with that. I found this thread via the "nodeBB vs Discourse" thread - which I'm still analyzing. It is good that Discourse maintains a Docker image, but wait... Looking into it is a huge monstrosity - and this is going to be a deal breaker if they can't help me use a more striped down setup. I don't want to use their nginx, SSL cert setup, etc... Another check in the box of 'nodeBB'. My main interest is maintainability over a long period of time.
-
@scottalanmiller said in May Docker Discussion:
@Bri said in May Docker Discussion:
But thatβs what Docker brings to the table that no one else has done (as consumer friendly) yet: containerization on the desktop.
Does it really do that? I can containerize with Snap, Flatpak, LXC, etc. on the desktop just the same, unless I am missing some feature. What does Docker do that I didn't already have?
Yes, but I'm only coming from the perspective of development experience. Admittedly, I haven't tried any of the things you mentioned, but a cursory search shows that:
- Snap doesn't work on windows yet
- flatpak appears to only work on Linux distros
- Docker is a high level abstraction of LXC, which again only works on Linux kernels
So how much work do you think it would take to get this to work on both Windows (your preferred development machine) and macOS?
You could just give a Linux VM image to devs, or make them dev on a Linux machine, but I've worked that way before (in a VM) and I hated it. Docker has by far been the most portable and reproducible solution for development work that I've experienced.
-
@julian said in May Docker Discussion:
Case in point https://duo.com/decipher/docker-bug-allows-root-access-to-host-file-system
Ouch...!
This article is pure FUD; it's like saying that because a car thief can open your door right after you unlock it and before you get in, all of the locks and the car alarm are useless.
From one of the paragraphs near the end:
This scenario would only be possible if the container was already compromised and a user was using 'docker cp' to replicate the container files and occurred at the same time the copy was being made, a window that is only a few milliseconds.
There were some other, more prominent articles describing root exploits by attaching the docker socket into the container, a scenario which is both unnecessary and uncommon (it would only be used if you're trying to run Docker in Docker).
So while it's not bullet proof (I mean, what technology really is?), it's more secure than installing a random package from the internet with
sudo npm install -
@xenforum said in May Docker Discussion:
I'll definitely be using nodeBB in Docker if I end up going with that.
Like this, it would make dabbling with it more approachable for less technical users (not suggesting that @xenforum is less technical), but
docker-compose upis much easier than, at minimum,- install node (from nodejs.org? nvm? apt-get? brew?)
- clone NodeBB repo
- install Mongo / redis / Postgres (again, multiple ways to do this)
- run
npm install(hopefully not with sudo) - run install script
- (maybe even) install and configure nginx.
The only thing running in docker makes more difficult is developing plugins. I can't house the plugin repo from within
node_modulesbecause for all intents and purposes, the stuff innode_modulesis ephemeral, and you can't symlink from outside the NodeBB root because of the way Docker context works. -
@Bri the helps people who know how to use docker, but it seems it just moves the burden from "installing NodeBB and dependencies" to "installing docker and dependencies, using docker".
Also, there's the question of porting out. It is best practice to run the container with privileged access so it can port out 443 directly or should you run nginx outside the container anyways?
-
I can't believe you guys are having this discussion in 2019. You do realize that virtualization and containerization have become a standard tool nowadays, right? A lot of you sound if you got stuck somewhere in 2010 technology.
-
@evgenymagata said in May Docker Discussion:
I can't believe you guys are having this discussion in 2019. You do realize that virtualization and containerization have become a standard tool nowadays, right? A lot of you sound if you got stuck somewhere in 2010 technology.
Well, seeing how unix technologies are a decade or two ahead of Linux, I guess we still got a pretty comfortable lead...
Put something other than Docker thru it's paces and then come back and talk. But most of the arguments have been made already above.
@julian said in May Docker Discussion:
Is it worth the overhead? That's up to you... I like tinkering with my servers, personally. Pretty soon it'll be a lost art.
Yep. And those of us who still have a clue or two will smile with quiet confidence because we actually understand wtf is going on with our stuff.
@evgenymagata Maybe the person who built your prefab Dockerized container knew what they were doing. Maybe "quick and dirty", management needed it yesterday and doesn't give a *#@ is the reality at hand. Maybe not.
Different itches need different scratchin'..... By all means, enjoy your Docker but please, please, please don't fool yourself into think that it's some kind of superior master ring to rule them all, eh? Cuz until you outline your priorities and use case it's all just a religious war.
-
wow
"some kind of superior master ring"
the admins here stuck in the 2000's are really having a weird inferiority complex in terms of docker. Its not a master ring, its not a magic supertool, its just clever, modern technology. Its a way to maintain systems with MUCH less hassle than was needed before. not everyone needs to understand the details of installing a microservice if the person that understands BEST maintains the docker and updates frequently for security and functional updates. If running a nodeBB forum is your lifes purpose, i can understand you enjoy the full install and undertanding how everything works, to the last detail. if its just another web service you are runing among 20 others, you dont give too much of a damn, you just want it to be as easily maintainable and servicable as possible.
The religious war is started by the people hating dockers, the others just want to make their job as productive as possible.BTW, lets see how quickly somebody gets up a server after a linux distribution change using traditional methods vs. a server thats dockerized
