Docker is shit

BernieTheBernie

Learn some new technology - what about docker?
Looked at their website, full of "industry standard" buzz, and the tried their tutorial

Moby Dock  /  Feb 22, 2023

Docker 101 Tutorial | Docker

Learn how to build and share your first containerized application with this self-paced Docker tutorial.

Well, there's the "Docker desktop". OK, downloaded it. Half a Gigabyte. Installed it with a local admin account. Restarted the computer. Opened Docker Desktop.

And it complains. Bad Bernie! You not allowed do that! You not member docker-users.
Asked Google what to do. OK, open user manager, and add Bernie to the group. Fails.
Why? Bernie is not admin. How to open user manager as an admin? What's the f***ing command? Ah, lusrmgr.msc, does that l mean it's for loosers? Still fails. Wait... Bernie's account is a domain account...
After anaother round with Google, the thing is: connect the VPN first, then do the rest. Worked - but had to restart the computer first.

Now I evetnually could start Docker Desktop. Oh great! Some Linux on Windows must be installed extra. Did that. Restarted the computer again.

Eventually I should now be capable of doing the step 2 of the tutorial:

Type the following command in your terminal: docker run -dp 80:80 docker/getting-started

Error. Something like blah blah blah Bind 0.0.0.0:80 Port accessed in unlawful way (cannot be reproduced any more ... because Docker).
Asked Google. Found some blah blah, but also netstat -aon which tells me that a process with PID 4 is listening there.

And wtf can I do here?

Try the simplest thing: there is a 80:80 in the command - change that to 8080:8080. And yeah! A dialog from the firewall pops up, and I can add a rule for Docker for that port.

Done? Let me see. Step 3:

Open your browser to http://localhost

I guess I'll need localhost:8080now. And ... you guess it: Error.
Connection was reset while blah blah blah.

That's current Industry Standard, isn't it?

Gribnit

@BernieTheBernie luser is a technical term for local user, it descends from loser but isn't identical.

Steve_The_Cynic

@BernieTheBernie said in Docker is shit:

Why? Bernie is not admin. How to open user manager as an admin? What's the f***ing command? Ah, lusrmgr.msc, does that l mean it's for loosers? Still fails. Wait... Bernie's account is a domain account...

"local user manager", I think.

And yes, you can add domain users to a local group, but you have to have UAC-style access to an account with local admin privileges(1).

(1) And the said account's local profile must be intact, which can cause significant pain if you have neighbours who are informatically inept(3), and manage to corrupt the profile of the sole accessible administrator-privileged account on their PC. They came to me for advice when installing a new printer. I unboxed it, joined it to their network, and, as a rapid test, printed something from my smartphone. So, mechanically, it works fine.

But the drivers for Windows turned out to be impossible to install, since the only enabled account that functions on the machine is guest, and the only enabled account that has admin privileges (and therefore gets used for UAC purposes) has a corrupt profile. Turns out that when an account is used in UAC, it must have a valid local profile.(2) That made installing the drivers impossible, and it turns out that repairing the sole enabled administratorish account's profile is really, really hard. I'm still not entirely sure how to do it.

(2) It makes sense, mostly. If the logged-in account doesn't have admin privileges, Windows/UAC must launch the administration-type program in "Run As adminaccount" mode, and that requires that the profile of adminaccount is in a usable state, but in their case it is not.

It also doesn't help that they are somehow still on Windows 7.

Lesson for the day: never, ever tell neighbours that you work in IT.

(3) In 2013, I visited them to do I-don't-remember-what with their PC, and totally flummoxed their (then) 13-year-old son. See, although he was reasonably technologically ept, he had no awareness that "adult who knows about computers" was a thing.

Gribnit

@Steve_The_Cynic said in Docker is shit:

See, although he was reasonably technologically ept, he had no awareness that "adult who knows about computers" was a thing.

I recall it was yeah, a few years before I put it together that there was no way all this stuff was made by children. Starting on DOS didn't help, of course.

Steve_The_Cynic

@Gribnit said in Docker is shit:

@Steve_The_Cynic said in Docker is shit:

See, although he was reasonably technologically ept, he had no awareness that "adult who knows about computers" was a thing.

I recall it was yeah, a few years before I put it together that there was no way all this stuff was made by children. Starting on DOS didn't help, of course.

It helped me that my dad worked for a long time in what we'd now call outsourced (er, not "offshored", mind) IT support in the 70s and 80s, but above all that in the 60s, my mother rose to be a "Chief Programmer" for Lyons Electronic Office, programming LEO IIIs.

Gribnit

@Steve_The_Cynic oh, my dad was a programmer. It still took a few years. I had a disconnect between what people do and where stuff comes from until a lot more information came in, a standard huge invisible yawning gap of senselessness.

Kamil Podlesak

@BernieTheBernie said in Docker is shit:

Learn some new technology - what about docker?

What's new about docker?

Looked at their website, full of "industry standard" buzz, and the tried their tutorial

That should be a dead giveaway: "industry standard" == old

Moby Dock  /  Feb 22, 2023

Docker 101 Tutorial | Docker

Learn how to build and share your first containerized application with this self-paced Docker tutorial.

Well, there's the "Docker desktop". OK, downloaded it. Half a Gigabyte. Installed it with a local admin account. Restarted the computer. Opened Docker Desktop.
....

Now there is a lot of stuff here, easily summed up as a bad case of 

Well, some other people helped you with that, for some of us it's just crickets :-)

Error. Something like blah blah blah Bind 0.0.0.0:80 Port accessed in unlawful way (cannot be reproduced any more ... because Docker).
Asked Google. Found some blah blah, but also netstat -aon which tells me that a process with PID 4 is listening there.

And wtf can I do here?

Try the simplest thing: there is a 80:80 in the command - change that to 8080:8080.

Wrong. You need to change only one of those port - the external one, the one that will be bound to the bridge network. The internal one, used by the application inside connection, is still the same and its configuration has not changed.

-p 8080:80

Done? Let me see. Step 3:

Open your browser to http://localhost

I guess I'll need localhost:8080now. And ... you guess it: Error.
Connection was reset while blah blah blah.

Yes, there is nothing listening on the port 8080 inside the container. Duh.

That's current Industry Standard, isn't it?

Yes.

And yes, it's not 100% fit in the current era, because it kinda does require you to actually know something about the stuff, what it does and how, what do you need and why (especially when you want something special, like running linux containers on Windows). It this really a ?

topspin

@Kamil-Podlesak said in Docker is shit:

@BernieTheBernie said in Docker is shit:

Learn some new technology - what about docker?

What's new about docker?

He said learn something new. I've never played the violin and I've never used docker. Both would be new to me.

it kinda does require you to actually know something about the stuff, what it does and how, what do you need and why (especially when you want something special, like running linux containers on Windows). It this really a ?

It's fine if and only if they actually explain it somewhere.

Gribnit

Psht. The new thing is to have each container itself be an executable running in an orchestrating container.

Kamil Podlesak

@topspin said in Docker is shit:

@Kamil-Podlesak said in Docker is shit:

@BernieTheBernie said in Docker is shit:

Learn some new technology - what about docker?

What's new about docker?

He said learn something new. I've never played the violin and I've never used docker. Both would be new to me.

he said "some new technology", which is AFAIK quite something different than "something new . But then again, neither of us is native English speaker...

it kinda does require you to actually know something about the stuff, what it does and how, what do you need and why (especially when you want something special, like running linux containers on Windows). It this really a ?

It's fine if and only if they actually explain it somewhere.

Fair enough - there is some basic overview in the documentation, but it's definitely not proper explanation and the most important points are skimmed at best, or even completely missing. And yes, pointing people directly to basic tutorial with pretension that you can use Windows just as easily as Linux is definitely

I remember times when it was expected of us to read a book (IBM) or get some certification training (Microsoft) first, before one had a chance to make a heads and tails of the gizmo. And it still helped only in, like, 50% cases at best. Which is why I prefer to use Open Source, because Source Code is the ultimate documentation.

Gribnit

@Kamil-Podlesak said in Docker is shit:

the ultimate documentation.

close. MSDN subscriptions are still slightly more ultimate, since they come in a binder.

Kamil Podlesak

@Gribnit said in Docker is shit:

@Kamil-Podlesak said in Docker is shit:

the ultimate documentation.

close. MSDN subscriptions are still slightly more ultimate, since they come in a binder.

So they can be used as a cluebatclub? Good idea.

BernieTheBernie

@Kamil-Podlesak said in Docker is shit:

like running linux containers on Windows

Or the other way round: a (Windows) WPF application on Linux. Would that work? With acceptable performance?
That's something I am interested to find out.

BernieTheBernie

@Kamil-Podlesak said in Docker is shit:

-p 8080:80

Yes, that works. Still it's http://localhost:8080 afterwards, as could also be guessed from your explanation.

And: I had to start the Docker desktop with the "Run as admin" command, because ... with my normal account, I do not get that start page anymore. And I don't know how to get to the "terminal" part of the Docker window...
Perhaps it's described some where in the "Getting Started" tutorial which I can access now...

Kamil Podlesak

@BernieTheBernie said in Docker is shit:

@Kamil-Podlesak said in Docker is shit:

like running linux containers on Windows

Or the other way round: a (Windows) WPF application on Linux. Would that work? With acceptable performance?
That's something I am interested to find out.

It would definitely run inside VM. Maybe even with acceptable performance, that depends on specifics.

I can imagine that some company might pack their WPF application with virtualbox and call it a "Linux release". Actually, I am pretty sure I have already seen it, but it might have been on Mac. In any case, it works flawlessly only the basic scenario (the "rainbow-and-butterflies" case).

@BernieTheBernie said in Docker is shit:

@Kamil-Podlesak said in Docker is shit:

-p 8080:80

Yes, that works. Still it's http://localhost:8080 afterwards, as could also be guessed from your explanation.

And: I had to start the Docker desktop with the "Run as admin" command, because ... with my normal account, I do not get that start page anymore. And I don't know how to get to the "terminal" part of the Docker window...
Perhaps it's described some where in the "Getting Started" tutorial which I can access now...

Yeah, docker pretty much requires administrator privileges and this is not something that is explicitly explained. It is, however, obvious in retrospect: one of the main features is networking shenanigan that pretty much requires special internal bridged networks. There's more, but this is really the most important one.

BernieTheBernie

@BernieTheBernie said in Docker is shit:

Or the other way round: a (Windows) WPF application on Linux

Ha ha ha
What about

dockerize a wpf application and use it

I'm trying to dockerize a wpf application. Just a simple app for that time. for now i got this dockerfile : FROM microsoft/nanoserver WORKDIR C run "$PATH" #ENTRYPOINT ["C:\Users\TestDev\Documents\

BernieTheBernie

@Kamil-Podlesak said in Docker is shit:

pretty much requires administrator privileges

That was not the point here: Docker likely stores if a user has already completed the tutorial, so next time it won't bother you with it again. But you cannot get there also.
So by using the "run as admin" option, I could run it as a different user - some one who hasn't done the tutorial yet.

Kamil Podlesak

@BernieTheBernie said in Docker is shit:

@Kamil-Podlesak said in Docker is shit:

pretty much requires administrator privileges

That was not the point here: Docker likely stores if a user has already completed the tutorial, so next time it won't bother you with it again. But you cannot get there also.
So by using the "run as admin" option, I could run it as a different user - some one who hasn't done the tutorial yet.

Ooooh, I see, they have added a tutorial to the Desktop version. With an interactive terminal in a side panel. This is definitely a new thing, I have never seen this.

And yes, definitely a I have a feeling that the main reason is to pester user with "upgrade to paid version" buttons.

TwelveBaud

@BernieTheBernie said in Docker is shit:

Or the other way round: a (Windows) WPF application on Linux. Would that work? With acceptable performance?

For many years it worked fine: there was an extension to Mono called Moonlight, produced and "supported" by Microsoft themselves, that enabled Silverlight applets to run in the browser, and Novell tweaked Mono slightly to recognize BAML being loaded and run it through the Moonlight engine so it had WPF support at minimal additional effort. Since the drawing commands were delivered from Avalon MIL to the GPU instead of indirecting through a vGPU, and since the JITter knew it was running on Linux and could adapt the generated x86 code to that ABI, it was as performant as on a Windows host.

Sadly, Moonlight burned down, fell over, and sank into the swamp, so it is no longer possible...

izzion

@topspin said in Docker is shit:

I've never played the violin and I've never used docker. Both would be new to me.

But only one would be useful

Bulb

@BernieTheBernie said in Docker is shit:

Eventually I should now be capable of doing the step 2 of the tutorial:

Type the following command in your terminal: docker run -dp 80:80 docker/getting-started

The tutorial was clearly written by an idiot:

• By assuming port 80 is free and bindable they make ass of you and me (and themselves).
• Even if it is, it's not a good idea to expose random test app on a random machine on port 80.
• Of course they need to explain what is going on—otherwise it's not a learning material.

@Kamil-Podlesak said in Docker is shit:

Wrong. You need to change only one of those port - the external one, the one that will be bound to the bridge network. The internal one, used by the application inside connection, is still the same and its configuration has not changed.
-p 8080:80

I would make it -p 127.0.0.1:3666:80 or something like that. To avoid exposing the port to the world.

On Linux I almost never expose the ports at all. The container gets its own IP address, masqueraded by the host machine, and I just set whatever I need to connect to it to connect to that address.

However last time I used Docker-for-Desktop on Windows the virtual machine connected to the host by a userland proxy (something like slirp; it captures the connections and forwards them as a normal application was making them), so there was no way to initiate connection from host into the virtual network except by mapping the port. But that was before WSL2, so maybe it works now.

Of course that's for testing and local use. For actual services the ports have to be exposed, but then Kubernetes and the Ingress controller installed there do it for me—I don't use raw Docker to run services.

@Kamil-Podlesak said in Docker is shit:

especially when you want something special, like running linux containers on Windows

Docker is fundamentally a Linux tool, it's design is deeply rooted in Linux namespaces and control groups. The Windows port is a kludge. Which has got simpler and more efficient with WSL2, but WSL2 is itself also a kludge.

@Kamil-Podlesak said in Docker is shit:

Yeah, docker pretty much requires administrator privileges and this is not something that is explicitly explained. It is, however, obvious in retrospect: one of the main features is networking shenanigan that pretty much requires special internal bridged networks. There's more, but this is really the most important one.

You can do a virtual network without administrator privileges if you use the userland proxy/masquerade. I used slirp with user-mode-linux like this 20 years ago, and with co-linux (Windows version of the same thing) some time later, and nothing made that tooling impossible since.

The service needs administrator privileges to set up the virtualization though, and to bind low ports. But that's the service, not the UI.

MrL

@Bulb said in Docker is shit:

You can do a virtual network without administrator privileges without administrator privileges

But can you do it without administrator privileges?

Shoreline

@BernieTheBernie said in Docker is shit:

Learn some new technology - what about docker?
Looked at their website, full of "industry standard" buzz, and the tried their tutorial

Moby Dock  /  Feb 22, 2023

Docker 101 Tutorial | Docker

Learn how to build and share your first containerized application with this self-paced Docker tutorial.

Well, there's the "Docker desktop". OK, downloaded it. Half a Gigabyte. Installed it with a local admin account. Restarted the computer. Opened Docker Desktop.

And it complains. Bad Bernie! You not allowed do that! You not member docker-users.
Asked Google what to do. OK, open user manager, and add Bernie to the group. Fails.
Why? Bernie is not admin. How to open user manager as an admin? What's the f***ing command? Ah, lusrmgr.msc, does that l mean it's for loosers? Still fails. Wait... Bernie's account is a domain account...
After anaother round with Google, the thing is: connect the VPN first, then do the rest. Worked - but had to restart the computer first.

Now I evetnually could start Docker Desktop. Oh great! Some Linux on Windows must be installed extra. Did that. Restarted the computer again.

Eventually I should now be capable of doing the step 2 of the tutorial:

Type the following command in your terminal: docker run -dp 80:80 docker/getting-started

Error. Something like blah blah blah Bind 0.0.0.0:80 Port accessed in unlawful way (cannot be reproduced any more ... because Docker).
Asked Google. Found some blah blah, but also netstat -aon which tells me that a process with PID 4 is listening there.

And wtf can I do here?

Try the simplest thing: there is a 80:80 in the command - change that to 8080:8080. And yeah! A dialog from the firewall pops up, and I can add a rule for Docker for that port.

Done? Let me see. Step 3:

Open your browser to http://localhost

I guess I'll need localhost:8080now. And ... you guess it: Error.
Connection was reset while blah blah blah.

That's current Industry Standard, isn't it?

I think I'm supposed to sign up for Windows Insider to get mine working. I haven't tried that yet because I burned all my patience using up my other leads.

Bulb

@Shoreline said in Docker is shit:

Windows Insider

Why? That shouldn't be needed. Enabling hyper-v might be needed. At least it used to be unless WSL2 learned to enable it itself.

Jaloopa

Confession time: I use Docker and still don't have a clue what it's meant to solve or how it works. When a recent update to the windows client broke everything, I gave up and installed Mongo locally

Bulb

@Jaloopa We are using it a lot on several projects (building our containers, not just using existing ones) and all the windows folks who need it managed to keep it working (I develop on Linux and there it works much better). But I remember there were some hiccups due to the switch to WSL2.

Kamil Podlesak

@Jaloopa said in Docker is shit:

Confession time: I use Docker and still don't have a clue what it's meant to solve or how it works. When a recent update to the windows client broke everything, I gave up and installed Mongo locally

There is only one good use case for Docker for Windows: when you're involved in development/deployment of dockerized application and you need/like Windows.

In pretty much all other cases, you are better with normal Linux VM (you can even run docker in it, and then you have Docker Desktop without GUI crap). Or WSL, whatever.

Looks like Docker Desktop for Windows really is shit. Much more so than Docker Desktop for Mac - I don't have any real complaints about it, but it's true that they started to put all various annoying popups and dialog windows lately. I don't even check their content and just close them as a reflex. I mean, who needs GUI?

dcon

@Jaloopa said in Docker is shit:

Confession time: I use Docker and still don't have a clue

#MeToo (but at least we're on linux, not windows!)

(for us, it's a magic build container so we don't need to install shit. And right now, the build is downloading a new image because somethingsomething.)

Gribnit

@MrL said in Docker is shit:

@Bulb said in Docker is shit:

You can do a virtual network without administrator privileges without administrator privileges

But can you do it without administrator privileges?

Assuming your admin has allowed it, that depends.

Bulb

@Kamil-Podlesak said in Docker is shit:

In pretty much all other cases, you are better with normal Linux VM (you can even run docker in it, and then you have Docker Desktop without GUI crap). Or WSL, whatever.

With WSL2 it's even decently integrated. And because the new GUI just runs docker in WSL2 anyway, just installing WSL2 and normal Linux Docker inside is what I'd probably recommend now—unless you want Windows Containers, which obviously run on Windows directly (but I've never heard anybody say that that thing is production ready—even Microsoft does not really care about Windows on server any more anyway).

Shoreline

@Bulb said in Docker is shit:

@Shoreline said in Docker is shit:

Windows Insider

Why? That shouldn't be needed. Enabling hyper-v might be needed. At least it used to be unless WSL2 learned to enable it itself.

Unfortunately I don't remember specifics, but I do remember that I tried to do that and either it wouldn't enable or it enabled and something undiagnosed was blocking me.