Docker


  • I survived the hour long Uno hand

    Okay, I think I get this docker thing. And let's say I have a list of images and dockerfiles (to build custom images) that I would want spun up. And I hand this to someone to manage, and they will want an easy way to oversee the various containers and spin up more copies if necessary (as this is a Selenium Grid stack, it scales out automatically when you bring up more node images).

    What do they use to do that? I assume there's something easier than doing it all command-line....



  • @Yamikuronue said in Docker:

    What do they use to do that? I assume there's something easier than doing it all command-line....

    Your first mistake!

    ...though I hear you can do it in Minecraft.


  • Winner of the 2016 Presidential Election

    @Magus Yeah I saw that. Right up there with the Pokemon simulator....


  • area_pol

    @Yamikuronue said in Docker:

    What do they use to do that? I assume there's something easier than doing it all command-line....

    Try Docker Compose, in which you specify a group of containers in a config file and then can launch them together.
    It also has the option to automatically build an image from dockerfile if you specify a dir to build from instead of image name.
    I do not know all the features it has, but I got the impression this presents Docker's API in a sane way.

    And for advanced management of a cluster of containers, probably Kubernetes.


  • ♿ (Parody)

    @Yamikuronue said in Docker:

    I assume there's something easier than doing it all command-line....

    If they can't do this all from the command line, then hire someone competent.

    // actual advice I heard at a conf


  • I survived the hour long Uno hand

    @Adynathos said in Docker:

    probably Kubernetes.

    I think that's the answer I'm looking for.


  • area_pol

    easier than command-line

    On a related note, does anyone know any sane way of setting iptables?



  • @Adynathos The sanctioned :wtf: way is "service iptables stop", and "chkconfig iptables off" (for RHEL based distributions).

    On a less sarcastic note, I usually just used VIM (or insert your editor of choice) on the iptables config file directly, and then restarted the iptables service (there's a command to do a running reload as well) to apply the changes.

    If you're running iptables on a box that's doing NAT (some types of VM hosting, or functioning as a gateway firewall/router), I don't recommend restarting the service to apply changes - doing so would break existing connections and cause a visible impact. Similarly, if the server has a public facing interface, there's some risk to restarting the service, as it basically turns the firewall off and then back on again.

    But if iptables is just a firewall for a single server that has another hardware firewall between it and the Internet, restarting the service basically just puts the firewall in Hillary mode fully open mode for a brief couple of seconds until iptables can read the configuration file and restart.


  • 🚽 Regular

    @Adynathos said in Docker:

    On a related note, does anyone know any sane way of setting iptables?

    I use @izzion's method of editing the config file directly and then bouncing the service. Having the first input and output rules always be emergency ssh accepts for an administrative IP you control is good for saving your bacon too.

    The most helpful tool I found for working with iptables was this drawing:

    I have it printed on A3 and it makes it simple(ish) to work out what rules need to be where to get the desired result.



  • I usually use webmin to manage iptables. Easy as pi


Log in to reply