On Sat, 15 Aug 2015 00:34:21 -0400 Jon Stanley <jstanley@xxxxxxxx> wrote: Sorry for the massive delay here. Have had this marked to look closely at, but haven't had a chance until now. ;) > I just completed a bit of a Docker POC at Flock, and put together a > bit of a wiki page on it. Not a whole ton there right now, but as we > look towards more nimble deployment mechanisms, Docker might be > something worth looking at. Yeah. > > I hacked together a container with pastebin (sticky-notes) in it, and > a database external to the container. It didn't take more than a few > hours of work going from an Ansible playbook to a working container. > > Let me know if anyone has questions or comments on the work so far. > Currently it's just on a transient cloud instance, and there are a lot > of things to think about (some of which I noted on the wiki page) > before we think about moving stuff somewhere more permanent. > > There's a mention of something on the wiki page called Custodia. This > is a mechanism for securely provisioning, storing, distributing, and > auditing access to secret data. I wasn't able to find much on the > Internet, but Simo gave a talk on it at Flock if you went there :) > > Anyhow, the wiki page is > https://fedoraproject.org/wiki/Infrastructure_Docker_POC So, some questions. ;) The "FROM rhel6" does that pull rhel 6.7 ? 6.0? 6.7 + updates? Does it change? or its always whatever it is? "It's very important that the thing in CMD not exit before the application is finished executing, or the container will be destroyed." So, that script should be in a loop in case httpd is killed by an OOM? Or it's expected if something bad like that happens that the container would be killed off? Some other things to look into: * ansible has a docker module, so we could use that to create/spin things. * Perhaps we could have ansible popuate templates on a volume and share that with the container for templates? * I would think we would want our own registery, as depending on docker hub seems poor to me... how hard are they to setup? The Cloud working group and releng have been talking about on for fedora images, so we could look at something similar for infra. So, since sticky-notes is dead upstream and we need to find a new one, perhaps a better case for this might be wordpress, since we now have fedoramagazine, developer and perhaps flocktofedora to deal with. kevin
Attachment:
pgp3Ys4tS2sBN.pgp
Description: OpenPGP digital signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/postorius/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx