Is "deploying to Docker containers" now a thing?
-
I've definitely bitched about the stupidity that is Docker... but I'm now seeing a growing interest/workflow of "deploying applications into a running docker container".
I thought the whole point of Docker was, ship the whole thing (and all the shiney new, definitely-working-better-than-before pieces), not just the small thing that changed?
Is this a thing, or these folks just even bigger idiots than regular Docker adopters?
-
@apapadimoulis said in Is "deploying to Docker containers" now a thing?:
the whole point of Docker was, ship the whole thing
I find another aspect of Docker more important than container image management:
Docker does what is supposed to be the OS's job - manages processes and their environment:- gives control over processes' network connection to each other and outside world
- allows the process to have its own environment, install dependencies locally
- attempts to isolate processes
- controls which processes should be running - docker-compose / Kubernetes / ...
These mechanisms are inside the OS, but Docker presents a sane and usable API over them.
I find it invaluable when I need to launch a webserver or a database, not because it has an image of said server (I could install it myself), but because it allows me to run the program in a sane way.
-
@Adynathos so what you're saying is, modern operating systems suck at providing these facilities in a sane and consistent way? Sounds about right to me.
-
@Adynathos said in Is "deploying to Docker containers" now a thing?:
These mechanisms are inside the OS, but Docker presents a sane and usable API over them.
So… Docker is basically POSIX on steroids?
-
@RaceProUK except it was created within the last decade and thus they have an idea of how computers are actually being used.
-
@LB_ That is exactly what I mean. The hope is that Docker's features will be integrated into the OS.
On the other hand, I once had an assignment which involved reading and modifying the kernel code. Having seen it, I am amazed that the kernel works at all.
-
@RaceProUK said in Is "deploying to Docker containers" now a thing?:
So… Docker is basically POSIX on steroids?
Given that most cloud providers run everything in VMs, I would say POSIX failed in the multi-user use case.
-
@LB_ Do they really?
- gives control over processes' network connection to each other and outside world
If only there was something called a firewall that could manage what systems/applications are allowed to talk to each-other via the network/IPC or ACLs on files... - allows the process to have its own environment, install dependencies locally
If only there was some way for processes to setup their own un-inherited environment from the parent... - attempts to isolate processes
If only OSes didn't already do that... - controls which processes should be running - docker-compose / Kubernetes / ...
I don't have anything for that one.
Docker may simplify the administration of some of those things but lets be honest, it isn't new.
- gives control over processes' network connection to each other and outside world
-
@MathNerdCNU said in Is "deploying to Docker containers" now a thing?:
Docker may simplify the administration of some of those things but lets be honest, it isn't new.
@Adynathos said in Is "deploying to Docker containers" now a thing?:
These mechanisms are inside the OS, but Docker presents a sane and usable API over them.
Yes, that is the point.
-
@Adynathos Windows Server does all of those things.
Maybe it's just your OS that sucks.
-
@blakeyrat Yeah, Windows is pretty bad.
-
@blakeyrat said in Is "deploying to Docker containers" now a thing?:
Windows Server does all of those things.
No, it doesn't.
-
I thought Docker was like Jails on FreeBSD / Solaris.
-
@lucas1 said in Is "deploying to Docker containers" now a thing?:
I thought Docker was like Jails on FreeBSD / Solaris.
That was my interpretation as well, but I haven't actually done any research.,
-
@lucas1 as far as I know, Docker doesn't really hook in to the underlying operating system to do the separation. It uses a virtualization engine like VirtualBox to run a standard operating system image, and hooks into the virtual operating system to install/configure what you tell it.
-
@apapadimoulis said in Is "deploying to Docker containers" now a thing?:
Is this a thing, or these folks just even bigger idiots than regular Docker adopters?
Why not both?
-
@Captain said in Is "deploying to Docker containers" now a thing?:
@lucas1 as far as I know, Docker doesn't really hook in to the underlying operating system to do the separation. It uses a virtualization engine like VirtualBox to run a standard operating system image, and hooks into the virtual operating system to install/configure what you tell it.
It doesn't use VirtualBox or any virtual machine on Linux, the only image it uses is a snapshot of the filesystem with all the system tools. Everything else is built on the Linux kernel, extensions for filesystem overlays, process isolation / control groups and the firewall. Binaries run directly and there's no hypervisor or emulation involved.
Of course the Windows and Mac OSX kernels have different features which means Docker doesn't work on those platforms, which is why you need to run a virtual machine to have a Linux system available.
-
@Polygeekery said in Is "deploying to Docker containers" now a thing?:
No, it doesn't.
Which of them does it lack? In your opinion.
-
@JBert That is why they are going to support Docker via HyperV on Windows then.
-
@blakeyrat said in Is "deploying to Docker containers" now a thing?:
@Polygeekery said in Is "deploying to Docker containers" now a thing?:
No, it doesn't.
Which of them does it lack? In your opinion.
Docker is yet another shitty hack on top of the shitty LXC hack which is another shitty hack on top of the general shitpile of hacks that is the UNIX operating system.
Grown-up operating systems that have design and forethought (OS2, NT, etc) lack the shitpiles of hacks, so it's basically like saying "your TESLA doesn't spew out an awesome plume of black smoke every time I step on the accelerator; my jalopy does it, and it's awesome!"
-
@apapadimoulis Yes, but if I had to guess which he meant specifically, it's he doesn't know about the Dependencies tab in the Services control panel:
It's the one of those 4 features that's not quite entirely obvious.
-
@apapadimoulis said in Is "deploying to Docker containers" now a thing?:
TESLA
Windows is a Prius at best.
Apple would be Tesla, they have a giant cult around them.
-
@apapadimoulis said in Is "deploying to Docker containers" now a thing?:
Grown-up operating systems that have design and forethought (OS2, NT, etc) lack the shitpiles of hacks
So… is your assertion that Windows does not have shitpiles of hacks?
-
@dkf said in Is "deploying to Docker containers" now a thing?:
So… is your assertion that Windows does not have shitpiles of hacks?
Sure, there's some... but it's like, mouse droppings vs elephant dung.
-
@dkf said in Is "deploying to Docker containers" now a thing?:
So… is your assertion that Windows does not have shitpiles of hacks?
Hey, how convenient that I still have this image on my desktop:
-
@apapadimoulis So far, I do not see what problem with Docker you are trying to illustrate.
I see it as a step in a good direction, making the OS easier to use (as described earlier).Also I have not found anything about deploying applications to a running container.
-
@Adynathos said in Is "deploying to Docker containers" now a thing?:
@apapadimoulis So far, I do not see what problem with Docker you are trying to illustrate.
I see it as a step in a good direction, making the OS easier to use (as described earlier).It's less the technology, more the workflow of "just rebuild the entire container with all the latest dependencies" for any type of change.
Also I have not found anything about deploying applications to a running container.
This has been a large request/desire we're seeing, partially from our userbase, but also the community. The idea to not have to rebuild a container because there's a lot of risk to that.
-
@apapadimoulis said in Is "deploying to Docker containers" now a thing?:
This has been a large request/desire we're seeing, partially from our userbase, but also the community. The idea to not have to rebuild a container because there's a lot of risk to that.
Though there really is something appealing about building from a known clean slate instead of trying to layer changes over maybe who knows what. Like how people reinstall Windows after an infection.
-
@boomzilla Yeah, I really like the idea of Docker. "Here, QA, here's a box that contains everything you could possibly need. Plop this on a server and hit go and you're ready to test. When you're done, hand it to Ops to go into prod."
-
@Yamikuronue Yeah, unless there's some really long rebuilding process, like for large C++ projects, waiting a little bit for something to download and set up seems like it should be well worth the wait.
@apapadimoulis, why are people upset with docker rebuilds, specifically? What are the risks you referred to?
-
@apapadimoulis said in Is "deploying to Docker containers" now a thing?:
workflow of "just rebuild the entire container with all the latest dependencies"
Yeah that is indeed a bad approach, if the software needs this exact environment to even work, something is wrong with it.
Hmm, isn't Discourse distributed through Docker images only?
Oh, they even made a whole site which reads like "it is a miracle that you can install Discourse at all, we are surprised too".
Oh, and that is how the process looks like - according to the developers themselves:
@apapadimoulis said in Is "deploying to Docker containers" now a thing?:
This has been a large request/desire we're seeing
Maybe they want just to use Docker's process management features and not build their applications as images. That should be trivial to do, for example run the Apache container and mount your web application directory as a volume. Then you can change the application without touching the containers.
-
@apapadimoulis said in Is "deploying to Docker containers" now a thing?:
This has been a large request/desire we're seeing, partially from our userbase, but also the community. The idea to not have to rebuild a container because there's a lot of risk to that.
I see the move to docker mostly as a way to eliminate the WOMM support issues caused by users and devs having different versions of dependencies installed and or configured.
it's great for open source projects on the raw and bleeding edge where version 1.0.1 and version 1.0.2 can have different behaviors, or for when the developers chose to code in ruby and found their product is so complicated and the deployment steps are so arcane that th literally the only way someone other than them was going to get it was if they distributed it in docker.
it's far less useful for sane developers who follow semver and have sane dependencies..... also for windows products because docker is so linux centric that i've never seen a docker image that used windows clients, even the docker support in windows seems to be mostly a wrapper around VMs that run linux......
my advice is:
- if there's sufficient monetary incentive to make the docker container, as in someone just delivered a 24 carat gold wheelbarrow full of gemstone quality diamonds to you to make the docker image, then go ahead and docker it up
- otherwise encourage the part of the community that wants docker to make a community supported docker image, and let them support it.
-
@boomzilla said in Is "deploying to Docker containers" now a thing?:
@apapadimoulis, why are people upset with docker rebuilds, specifically? What are the risks you referred to?
So really, we're not talking about anything more than replacing the contents of one folder (service, a web app, etc), with some new files. That's it. Nothing else needs to change.
Docker encourages you to make incredibly convoluted and intertwined systems with a mess of dependencies, and then deploy the entire shitpile at once.
And then, you just toss the whole thing over the wall to QA. When they fail to discover the edge cases bugs that the new version of libfeces has, then the devs simply blame QA for not testing it.
QA says "we didn't even know about libfeces, but I guess we have to add more tests for that now". Management dedicates more budget to testing, and slows release cycles to give them time.
End result: the business pays more for shittier software that takes longer to change.
-
@apapadimoulis Precisely. You need to soapbox more, and do it more publicly. Too many Technology for Technology's Sake Technologists like Atwood around these days.
-
@apapadimoulis said in Is "deploying to Docker containers" now a thing?:
Sure, there's some... but it's like, mouse droppings vs elephant dung.
Well, I'd hate to see the size of mice you've got.
http://images2.sina.com/english/life/p/2010/0401/U135P200T1D312331F10DT20100401231000.jpg
Specifically, the shit that is the semantics of what's going on with opening and closing files, especially when there's antivirus programs about. In fact, anything with antivirus systems involved too. Too many weird things going on there where you can have a program that's done it's thing but nothing else can touch the data for a while despite the creator having received the all-clear from the OS that it is all written. That's just awful.
-
This post is deleted!
-
I thought the whole point of stuff like Docker is that you have a known OS configuration your code is supposed to work on and you can spin that up easily.
I don't see it as any different than spinning up a VM in the cloud, installing your pre-requisites that need to exist for your software to run and being able replicate that every-time you need a new instance. I've done this with Windows server Images for clunky old .NET Web applications that are a PITA to setup for juniors that aren't familiar with .NET.
-
@Weng agreed. @apapadimoulis's soapbox articles are my favorites!
-
@apapadimoulis said in Is "deploying to Docker containers" now a thing?:
So… is your assertion that Windows does not have shitpiles of hacks?
Sure, there's some... but it's like, mouse droppings vs elephant dung.
Have you ever worked with the Win32 API directly?
-
@asdf said in Is "deploying to Docker containers" now a thing?:
Have you ever worked with the Win32 API directly?
I have.
Give me .NET any day.
-
@apapadimoulis said in Is "deploying to Docker containers" now a thing?:
@Adynathos said in Is "deploying to Docker containers" now a thing?:
@apapadimoulis So far, I do not see what problem with Docker you are trying to illustrate.
I see it as a step in a good direction, making the OS easier to use (as described earlier).It's less the technology, more the workflow of "just rebuild the entire container with all the latest dependencies" for any type of change.
Um, but rebuilding and redeploying to new and different environments is an extremely common operation (even in Windows). So smoothing that workflow is a great idea.
-
@RaceProUK said in Is "deploying to Docker containers" now a thing?:
I have.
Give me .NET any day.I don't think anyone who has ever had the misfortune of seeing Win32 would deny that the Windows kernel is full of dirty hacks. In practice, you use a higher-level API which hides most of that shit. Same on Linux: You just ignore the steaming pile of dung that is the Linux audio stack and link against pulseaudio, which deals with all that shit for you.
-
@lucas1 said in Is "deploying to Docker containers" now a thing?:
I thought the whole point of stuff like Docker is that you have a known OS configuration your code is supposed to work on and you can spin that up easily.
It's more a "general concept of OS configuration" than "well known".
I don't see it as any different than spinning up a VM in the cloud, installing your pre-requisites that need to exist for your software to run and being able replicate that every-time you need a new instance.
First, pretend most the things that are built-in to .NET/Windows (SSL, IIS, etc) are third-party libraries, not built into the OS. Now, after spinning up the VM, then install all the latest versions of all the third-party libraries your software uses. Then install your software. See the problem?
-
@asdf said in Is "deploying to Docker containers" now a thing?:
@apapadimoulis said in Is "deploying to Docker containers" now a thing?:
So… is your assertion that Windows does not have shitpiles of hacks?
Sure, there's some... but it's like, mouse droppings vs elephant dung.
Have you ever worked with the Win32 API directly?
What's wrong with Win32? It's a very well documented API broken down into fairly logical categories that is intended for consumption by C programs; and it has 30+ years of backwards compatibility.
-
@apapadimoulis said in Is "deploying to Docker containers" now a thing?:
See the problem?
No. Is it that you had to use something like puppet or chef instead of docker? I think @Captain talked a lot about something called Vagrant, but all of this is a bit outside of my lane.
I do like it when I have a repeatable recipe for setting something up. Which supposedly docker gives you. If it's just "replacing one folder" then I guess stuff is easy so what's the big deal?
I'm unclear about why people dislike docker (other than for reasons) based on what you've said.
-
@apapadimoulis said in Is "deploying to Docker containers" now a thing?:
What's wrong with Win32? It's a very well documented API broken down into fairly logical categories that is intended for consumption by C programs; and it has 30+ years of backwards compatibility.
It's insanely complicated. Just look at the parameter list of most functions. And the fact that all the hacks are well-documented doesn't change the fact that they're hacks.
-
@boomzilla As far as I know, Vagrant is similar to parts of Docker, and they do similar things. Vagrant knows how to run virtual machines using VirtualBox, VMware, and a few others. You can also get plugins to hook in to Digital Ocean and other cloud hosting services. So Vagrant can start/stop/destroy virtual machines, and it's smart enough to share your folders and run configuration management tools like Chef, Puppet, Salt against your machines.
In short, this means that all your machines will have the exact same configuration. This is a good thing, because you only need to configure it once. And your development, staging, and production environments are then identical in every way that matters.
The configuration management tool handles all of the complexity that a WIndows installer would, and Vagrant makes sure that the environment starts with a blank slate and the same packages and so on.
These tools aren't suitable for "retail" applications, like a typical user would use. But they're perfect for deployable SaaS type scenarios.
-
@Captain said in Is "deploying to Docker containers" now a thing?:
But they're perfect for deployable SaaS type scenarios.
Variations on them are also awesome for where you have to keep a large cluster of machines in the same non-trivial configuration, despite users doing weird shit to them. Such as our clusters of systems used for teaching. (You can do all the configuration by hand, But Why Would You Do That?)
-
@blakeyrat said in Is "deploying to Docker containers" now a thing?:
Hey, how convenient that I still have this image on my desktop:
So you admit having this freaking diagram around for some reason? Have you been writing OSS? Where is your pride?
-
@dkf flagged for doxxing @blakeyrat