Discussion:
[ale] Behind on your "Container Skills"
DJ-Pfulio via Ale
2018-01-08 16:34:07 UTC
Permalink
From the article, seems most enterprises still use VMs and real hardware
for their production loads. Containers are mostly used for development
needs, not production.

https://www.theregister.co.uk/2018/01/08/container_shock_not_everybody_is_doing_it/

_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
leam hall via Ale
2018-01-08 16:51:31 UTC
Permalink
Thanks, I needed that! Sometimes it's too easy to feel like you're behind
in skills....

Leam
Post by DJ-Pfulio via Ale
From the article, seems most enterprises still use VMs and real hardware
for their production loads. Containers are mostly used for development
needs, not production.
https://www.theregister.co.uk/2018/01/08/container_shock_
not_everybody_is_doing_it/
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Jerald Sheets via Ale
2018-01-08 16:59:40 UTC
Permalink
I’ve got upwards of 30,000 containers in production. If you’re a PayPal user, you probably traversed a container last you used our suite.

Our recent acquisition “Xoom” has more. Just saying’.

—j
Thanks, I needed that! Sometimes it's too easy to feel like you're behind in skills....
Leam
From the article, seems most enterprises still use VMs and real hardware
for their production loads. Containers are mostly used for development
needs, not production.
https://www.theregister.co.uk/2018/01/08/container_shock_not_everybody_is_doing_it/ <https://www.theregister.co.uk/2018/01/08/container_shock_not_everybody_is_doing_it/>
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale <http://mail.ale.org/mailman/listinfo/ale>
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo <http://mail.ale.org/mailman/listinfo>
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Jeremy T. Bouse via Ale
2018-01-08 20:27:25 UTC
Permalink
LIkewise we are deploying containers in both development and production.
The main advantage from the SysAdmin side is that it is the same
container that gets promoted from environment to environment after it
has passed functional and integration testing. As well we run our images
through image scanner during the CI/CD process to check for known
vulnerabilities and halt the build process at that point before it gets
deployed.
I’ve got upwards of 30,000 containers in production.  If you’re a
PayPal user, you probably traversed a container last you used our suite.
Our recent acquisition “Xoom” has more.  Just saying’.
—j
Thanks, I needed that! Sometimes it's too easy to feel like you're behind in skills....
Leam
From the article, seems most enterprises still use VMs and real hardware
for their production loads.  Containers are mostly used for
development
needs, not production.
https://www.theregister.co.uk/2018/01/08/container_shock_not_everybody_is_doing_it/
<https://www.theregister.co.uk/2018/01/08/container_shock_not_everybody_is_doing_it/>
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
<http://mail.ale.org/mailman/listinfo/ale>
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
<http://mail.ale.org/mailman/listinfo>
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Matty via Ale
2018-01-08 22:22:19 UTC
Permalink
We utilize them extensively as well. I'm looking forward to kata containers:

https://katacontainers.io/

You get the speed of a container with the isolation of a VM. If this
project pans out this is going to be sweet!

- Ryan
http://prefetch.net
I’ve got upwards of 30,000 containers in production. If you’re a PayPal
user, you probably traversed a container last you used our suite.
Our recent acquisition “Xoom” has more. Just saying’.
—j
Thanks, I needed that! Sometimes it's too easy to feel like you're behind in skills....
Leam
Post by DJ-Pfulio via Ale
From the article, seems most enterprises still use VMs and real hardware
for their production loads. Containers are mostly used for development
needs, not production.
https://www.theregister.co.uk/2018/01/08/container_shock_not_everybody_is_doing_it/
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mai
James Sumners via Ale
2018-01-08 22:29:44 UTC
Permalink
Sounds like https://github.com/vmware/vic (which is what I'm hoping to use
at work).

And speaking of setting up an on-site image repo, this is surprisingly good
-- https://github.com/vmware/harbor
Post by Matty via Ale
https://katacontainers.io/
You get the speed of a container with the isolation of a VM. If this
project pans out this is going to be sweet!
- Ryan
http://prefetch.net
Post by Jerald Sheets via Ale
I’ve got upwards of 30,000 containers in production. If you’re a PayPal
user, you probably traversed a container last you used our suite.
Our recent acquisition “Xoom” has more. Just saying’.
—j
Thanks, I needed that! Sometimes it's too easy to feel like you're
behind in
Post by Jerald Sheets via Ale
skills....
Leam
Post by DJ-Pfulio via Ale
From the article, seems most enterprises still use VMs and real hardware
for their production loads. Containers are mostly used for development
needs, not production.
https://www.theregister.co.uk/2018/01/08/container_shock_
not_everybody_is_doing_it/
Post by Jerald Sheets via Ale
Post by DJ-Pfulio via Ale
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
--
James Sumners
http://james.sumners.info/ (technical profile)
http://jrfom.com/ (personal site)
http://haplo.bandcamp.com/ (music)
Matty via Ale
2018-01-08 22:26:56 UTC
Permalink
Jerald,

What are you using to orchestrate all of those containers? Kubernetes?
Mesos? Swarm? ECS? Something else? I've spent the past two months
digging into the guts of Kubernetes and it has some SERIOUS potential.
It's got a steep learning curve but it's definitely worth pursuing if
you have the right people in your organization.

- Ryan
http://prefetch.net
I’ve got upwards of 30,000 containers in production. If you’re a PayPal
user, you probably traversed a container last you used our suite.
Our recent acquisition “Xoom” has more. Just saying’.
—j
Thanks, I needed that! Sometimes it's too easy to feel like you're behind in skills....
Leam
Post by DJ-Pfulio via Ale
From the article, seems most enterprises still use VMs and real hardware
for their production loads. Containers are mostly used for development
needs, not production.
https://www.theregister.co.uk/2018/01/08/container_shock_not_everybody_is_doing_it/
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://
Jim Kinney via Ale
2018-01-08 17:05:09 UTC
Permalink
Devs LOVE containers. SysAdmins hate them. They are difficult to manage for updates (toss and rebuild) and most devs pull latest-greatest libs even though they are all right from git repo and not checked for problems. None of the security checks that exist for vm control work for containers and they leak like screen door on a submarine.

Good for development. Should be barred from production use.
Post by DJ-Pfulio via Ale
From the article, seems most enterprises still use VMs and real
hardware
for their production loads. Containers are mostly used for development
needs, not production.
https://www.theregister.co.uk/2018/01/08/container_shock_not_everybody_is_doing_it/
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
--
Sent from my Android device with K-9 Mail. All tyopes are thumb related and reflect authenticity.
Ed Cashin via Ale
2018-01-08 17:16:08 UTC
Permalink
Hmm. Containers are really just a mechanism to make advancements in
process isolation easier to use.

You must be thinking of using containers instead of VMs or separate
physical machines. It's easy to beat up on containers if you compare them
to VMs or hardware isolation.

Usually I think of it as a choice between running a process in the global
namespace or running the process with more isolation via cgroups,
filesystem namespaces, etc. Running containers is really just running
processes, like running a process in chroot but less broken.
Post by Jim Kinney via Ale
Devs LOVE containers. SysAdmins hate them. They are difficult to manage
for updates (toss and rebuild) and most devs pull latest-greatest libs even
though they are all right from git repo and not checked for problems. None
of the security checks that exist for vm control work for containers and
they leak like screen door on a submarine.
Good for development. Should be barred from production use.
Post by DJ-Pfulio via Ale
From the article, seems most enterprises still use VMs and real hardware
for their production loads. Containers are mostly used for development
needs, not production.
https://www.theregister.co.uk/2018/01/08/container_shock_not_everybody_is_doing_it/
------------------------------
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
--
Sent from my Android device with K-9 Mail. All tyopes are thumb related
and reflect authenticity.
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
--
Ed Cashin <***@noserose.net>
Jim Kinney via Ale
2018-01-08 17:27:43 UTC
Permalink
I do get it. Containers are basically a chroot with cgroup isolation.
It's just I've seen too many that with a deployment script of "download
a tarball from http://unknown_ip/ and run as root".
As an admin, I will happily build an environment to spec for the devs.
That way they get a supportable setup that doesn't allow for them to
run anything as root. Until EVERY line of code is evaluated under every
condition, a stack smash as root is just a bad day/week/month/new-job
event I would rather avoid.
Post by Ed Cashin via Ale
Hmm. Containers are really just a mechanism to make advancements in
process isolation easier to use.
You must be thinking of using containers instead of VMs or separate
physical machines. It's easy to beat up on containers if you compare
them to VMs or hardware isolation.
Usually I think of it as a choice between running a process in the
global namespace or running the process with more isolation via
cgroups, filesystem namespaces, etc. Running containers is really
just running processes, like running a process in chroot but less
broken.
Post by Jim Kinney via Ale
Devs LOVE containers. SysAdmins hate them. They are difficult to
manage for updates (toss and rebuild) and most devs pull latest-
greatest libs even though they are all right from git repo and not
checked for problems. None of the security checks that exist for vm
control work for containers and they leak like screen door on a
submarine.
Good for development. Should be barred from production use.
Post by DJ-Pfulio via Ale
From the article, seems most enterprises still use VMs and real hardware
for their production loads. Containers are mostly used for development
needs, not production.
https://www.theregister.co.uk/2018/01/08/container_shock_not_ever
ybody_is_doing_it/
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
--
Sent from my Android device with K-9 Mail. All tyopes are thumb
related and reflect authenticity.
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
--
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain

http://heretothereideas.blogspot.com/
Jerald Sheets via Ale
2018-01-08 17:39:31 UTC
Permalink
Definitely. And the underlying superstructure is Cgroups.

(I should’ve paid more attention in RHEL “Performance Tuning” class.)

:)


—j
Hmm. Containers are really just a mechanism to make advancements in process isolation easier to use.
...
Usually I think of it as a choice between running a process in the global namespace or running the process with more isolation via cgroups, filesystem namespaces, etc. Running containers is really just running processes, like running a process in chroot but less broken.
James Sumners via Ale
2018-01-08 17:17:03 UTC
Permalink
Pfft. This admin _wants_ to start publishing via containers. It would be
_far_ easier to deploy and update all of the tiny REST apps we have/create.
Creating a completely new VM for each new one is ridiculous.
Post by Jim Kinney via Ale
Devs LOVE containers. SysAdmins hate them. They are difficult to manage
for updates (toss and rebuild) and most devs pull latest-greatest libs even
though they are all right from git repo and not checked for problems. None
of the security checks that exist for vm control work for containers and
they leak like screen door on a submarine.
Good for development. Should be barred from production use.
Post by DJ-Pfulio via Ale
From the article, seems most enterprises still use VMs and real hardware
for their production loads. Containers are mostly used for development
needs, not production.
https://www.theregister.co.uk/2018/01/08/container_shock_not_everybody_is_doing_it/
------------------------------
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
--
Sent from my Android device with K-9 Mail. All tyopes are thumb related
and reflect authenticity.
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
--
James Sumners
http://james.sumners.info/ (technical profile)
http://jrfom.com/ (personal site)
http://haplo.bandcamp.com/ (music)
Jerald Sheets via Ale
2018-01-08 17:38:00 UTC
Permalink
You solve this by only allowing an internal “hub” where you place “blessed” container images. Done.

We blackhole docker hub internally, and there is no ingress to serving nodes from the outside. In short, if you want something inside, it has to go through a vetting process, and then I have to put it onto the internal hub. Outside of that, nothing goes on a serving node that isn’t explicitly blessed on an almost file-by-file basis.

Docker is and can be secure. The problem is that most Systems folks are too lazy to build the infrastructure to make it so.

—j
Post by Jim Kinney via Ale
Devs LOVE containers. SysAdmins hate them. They are difficult to manage for updates (toss and rebuild) and most devs pull latest-greatest libs even though they are all right from git repo and not checked for problems. None of the security checks that exist for vm control work for containers and they leak like screen door on a submarine.
Good for development. Should be barred from production use.
From the article, seems most enterprises still use VMs and real hardware
for their production loads. Containers are mostly used for development
needs, not production.
https://www.theregister.co.uk/2018/01/08/container_shock_not_everybody_is_doing_it/ <https://www.theregister.co.uk/2018/01/08/container_shock_not_everybody_is_doing_it/>
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale <http://mail.ale.org/mailman/listinfo/ale>
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo <http://mail.ale.org/mailman/listinfo>
--
Sent from my Android device with K-9 Mail. All tyopes are thumb related and reflect authenticity.
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Damon L Chesser via Ale
2018-01-08 17:47:50 UTC
Permalink
To the best of my knowledge, this IS best practices.


Damon
Post by Jerald Sheets via Ale
You solve this by only allowing an internal “hub” where you place
“blessed” container images.  Done.
We blackhole docker hub internally, and there is no ingress to serving
nodes from the outside.  In short, if you want something inside, it
has to go through a vetting process, and then I have to put it onto
the internal hub.  Outside of that, nothing goes on a serving node
that isn’t explicitly blessed on an almost file-by-file basis.
Docker is and can be secure.  The problem is that most Systems folks
are too lazy to build the infrastructure to make it so.
—j
Post by Jim Kinney via Ale
Devs LOVE containers. SysAdmins hate them. They are difficult to
manage for updates (toss and rebuild) and most devs pull
latest-greatest libs even though they are all right from git repo and
not checked for problems. None of the security checks that exist for
vm control work for containers and they leak like screen door on a
submarine.
Good for development. Should be barred from production use.
From the article, seems most enterprises still use VMs and real hardware
for their production loads. Containers are mostly used for development
needs, not production.
https://www.theregister.co.uk/2018/01/08/container_shock_not_everybody_is_doing_it/
------------------------------------------------------------------------
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
--
Sent from my Android device with K-9 Mail. All tyopes are thumb
related and reflect authenticity.
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Jim Kinney via Ale
2018-01-08 17:48:22 UTC
Permalink
Post by Jerald Sheets via Ale
You solve this by only allowing an internal “hub” where you place
“blessed” container images. Done.
time. the most precious commodity. It's on the list and I'm certain it
will be appreciated when it works. I've peeps asking to run containers
on the HPC stack.
Post by Jerald Sheets via Ale
We blackhole docker hub internally, and there is no ingress to
serving nodes from the outside. In short, if you want something
inside, it has to go through a vetting process, and then I have to
put it onto the internal hub. Outside of that, nothing goes on a
serving node that isn’t explicitly blessed on an almost file-by-file
basis.
That process works in my mind but not in reality yet.
Post by Jerald Sheets via Ale
Docker is and can be secure. The problem is that most Systems folks
are too lazy to build the infrastructure to make it so.
along with the other 2 dozen infrastructure projects... yeah, too lazy
:-)
Need to study more stuff on cgroups anyway. I really like the bit about
being able to limit resources by application to avoid a runaway process
eating a system. See comment about "time" above...
Post by Jerald Sheets via Ale
—j
Post by Jim Kinney via Ale
Devs LOVE containers. SysAdmins hate them. They are difficult to
manage for updates (toss and rebuild) and most devs pull latest-
greatest libs even though they are all right from git repo and not
checked for problems. None of the security checks that exist for vm
control work for containers and they leak like screen door on a
submarine.
Good for development. Should be barred from production use.
Post by DJ-Pfulio via Ale
From the article, seems most enterprises still use VMs and real hardware
for their production loads. Containers are mostly used for development
needs, not production.
https://www.theregister.co.uk/2018/01/08/container_shock_not_ever
ybody_is_doing_it/
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
--
Sent from my Android device with K-9 Mail. All tyopes are thumb
related and reflect
authenticity._______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
--
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain

http://heretothereideas.blogspot.com/
Lightner, Jeffrey via Ale
2018-01-08 17:58:15 UTC
Permalink
We’re using containers in Production.

However, I agree with Jim on the lack of security control from a Sysadmin perspective.

One could avoid some of that by using RHEL Atomic since they vet containers they provide (and do regular updates).
Jim Kinney via Ale
2018-01-08 18:00:09 UTC
Permalink
I must admit that the greatest risk is the code developed in-house :-)
Post by Lightner, Jeffrey via Ale
We’re using containers in Production.
However, I agree with Jim on the lack of security control from a Sysadmin perspective.
One could avoid some of that by using RHEL Atomic since they vet
containers they provide (and do regular updates).
--
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain

http://heretothereideas.blogspot.com/
DJ-Pfulio via Ale
2018-01-08 18:09:36 UTC
Permalink
Post by DJ-Pfulio via Ale
From the article, seems most enterprises still use VMs and real hardware
for their production loads. Containers are mostly used for development
needs, not production.
https://www.theregister.co.uk/2018/01/08/container_shock_not_everybody_is_doing_it/
Certainly a few people here are using containers. There are over 1100+
other members, lurking.

Questions:
a) Containers or not?
b) If yes, production or not?

My answers:
a) I have a few toy containers; none running now.
b) Zero in production.
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Jim Kinney via Ale
2018-01-08 18:15:25 UTC
Permalink
Post by DJ-Pfulio via Ale
Post by DJ-Pfulio via Ale
From the article, seems most enterprises still use VMs and real hardware
for their production loads. Containers are mostly used for
development
needs, not production.
https://www.theregister.co.uk/2018/01/08/container_shock_not_everyb
ody_is_doing_it/
Certainly a few people here are using containers. There are over 1100+
other members, lurking.
a) Containers or not?
yes
Post by DJ-Pfulio via Ale
b) If yes, production or not?
not yet
Post by DJ-Pfulio via Ale
a) I have a few toy containers; none running now.
b) Zero in production.
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
--
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain

http://heretothereideas.blogspot.com/
Beddingfield, Allen via Ale
2018-01-08 19:22:49 UTC
Permalink
Questions:
a) Containers or not? (Not)
b) If yes, production or not? (Not)


I've tried to find a way that containers fit into what we do, and it just ends up being a solution looking for a problem to solve. I could see where it would work for some, but we just don't have a use case for it outside of just "hey, this is interesting stuff" tinkering.

Allen B.

--
Allen Beddingfield
Systems Engineer
Office of Information Technology
The University of Alabama
Office 205-348-2251
Post by DJ-Pfulio via Ale
From the article, seems most enterprises still use VMs and real hardware
for their production loads. Containers are mostly used for development
needs, not production.
https://www.theregister.co.uk/2018/01/08/container_shock_not_everybody_is_doing_it/
Certainly a few people here are using containers. There are over 1100+
other members, lurking.

Questions:
a) Containers or not?
b) If yes, production or not?

My answers:
a) I have a few toy containers; none running now.
b) Zero in production.
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo


_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
leam hall via Ale
2018-01-08 20:06:16 UTC
Permalink
Not using, no work on the horizon for them.
Post by Beddingfield, Allen via Ale
a) Containers or not? (Not)
b) If yes, production or not? (Not)
I've tried to find a way that containers fit into what we do, and it just
ends up being a solution looking for a problem to solve. I could see where
it would work for some, but we just don't have a use case for it outside of
just "hey, this is interesting stuff" tinkering.
Allen B.
--
Allen Beddingfield
Systems Engineer
Office of Information Technology
The University of Alabama
Office 205-348-2251
On 1/8/18, 12:09 PM, "Ale on behalf of DJ-Pfulio via Ale" <
Post by DJ-Pfulio via Ale
From the article, seems most enterprises still use VMs and real
hardware
Post by DJ-Pfulio via Ale
for their production loads. Containers are mostly used for
development
Post by DJ-Pfulio via Ale
needs, not production.
https://www.theregister.co.uk/2018/01/08/container_shock_
not_everybody_is_doing_it/
Certainly a few people here are using containers. There are over 1100+
other members, lurking.
a) Containers or not?
b) If yes, production or not?
a) I have a few toy containers; none running now.
b) Zero in production.
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Ted W. via Ale
2018-01-10 02:42:34 UTC
Permalink
Post by DJ-Pfulio via Ale
Certainly a few people here are using containers. There are over 1100+
other members, lurking.
a) Containers or not?
b) If yes, production or not?
a) I have a few toy containers; none running now.
b) Zero in production.
I am sorry to all of those who have come to the conclusion that
containers are inherently bad. I believe they (Docker in particular)
gets that reputation from many of the half baked "tutorials" due to it's
low barrier to entry as well as it's often poor documentation due to
Docker's current rapid rate of development.

It's just like any other application, if you deploy it to production
with the default settings, you're going to have a bad time. You don't
have to run containers as root just like you don't have to run Apache as
root. Set USER in your Dockerfile or pass the -u flag to your run
command. You don't have to run containers from sketchy third parties,
just like you wouldn't trust sketchy repositories. Any sysadmin
concerned about security should already be mirroring repositories
internally and controlling how patches are rolled out. Do the same thing
with your containers. Sinkhole Dockerhub and Quay and setup a local
image repository.

The tools are different but the concepts are the same.

a) Containers or not?
Yes. We've had Docker in production for a while and are currently
rolling out Kubernetes with production ramp up scheduled to start this
quarter.

b) If yes, production or not?
Yes. Currently serving internal "production" (stuff that isn't customer
facing but no less critical to the business). Customer facing production
roll out beginning this quarter.
Steve Litt via Ale
2018-01-26 18:56:55 UTC
Permalink
On Tue, 9 Jan 2018 21:42:34 -0500
Post by Ted W. via Ale
Post by DJ-Pfulio via Ale
Certainly a few people here are using containers. There are over
1100+ other members, lurking.
a) Containers or not?
b) If yes, production or not?
a) I have a few toy containers; none running now.
b) Zero in production.
I am sorry to all of those who have come to the conclusion that
containers are inherently bad. I believe they (Docker in particular)
gets that reputation from many of the half baked "tutorials" due to
it's low barrier to entry as well as it's often poor documentation
due to Docker's current rapid rate of development.
[snip]
Post by Ted W. via Ale
a) Containers or not?
Yes. We've had Docker in production for a while and are currently
rolling out Kubernetes with production ramp up scheduled to start this
quarter.
On a somewhat related topic, what's your opinion of Vagrant?

SteveT

Steve Litt
January 2018 featured book: Troubleshooting: Why Bother?
http://www.troubleshooters.com/twb
_______________________________________________
Ale mailing list
***@ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Ted W. via Ale
2018-01-27 05:03:57 UTC
Permalink
Personally, I find I like containers for any use case where I'd think to
use Vagrant. The exception to that being building kernel modules. Since
containers are going to have the same kernel as the host system building
an RPM for a module from a vendor with instructions similar to

`rpmbuild -ts totally_not_an_intel_driver.tar.gz`

can be tedious when you need it on a different kernel. I could see
Vagrant being helpful for that.

My main issue with it is the battery drain and piggishness of VMs in
general. When possible, if I'm on my laptop, I try to avoid running
them. Sure you can use one of the cloud hosting providers but I guess
for me it's not really my go-to for cloud provisioning since most of the
time I'm using terraform already for that.
Post by Steve Litt via Ale
On Tue, 9 Jan 2018 21:42:34 -0500
Post by Ted W. via Ale
Post by DJ-Pfulio via Ale
Certainly a few people here are using containers. There are over
1100+ other members, lurking.
a) Containers or not?
b) If yes, production or not?
a) I have a few toy containers; none running now.
b) Zero in production.
I am sorry to all of those who have come to the conclusion that
containers are inherently bad. I believe they (Docker in particular)
gets that reputation from many of the half baked "tutorials" due to
it's low barrier to entry as well as it's often poor documentation
due to Docker's current rapid rate of development.
[snip]
Post by Ted W. via Ale
a) Containers or not?
Yes. We've had Docker in production for a while and are currently
rolling out Kubernetes with production ramp up scheduled to start this
quarter.
On a somewhat related topic, what's your opinion of Vagrant?
SteveT
Steve Litt
January 2018 featured book: Troubleshooting: Why Bother?
http://www.troubleshooters.com/twb
_______________________________________________
Ale mailing list
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Jerald Sheets via Ale
2018-05-07 13:27:15 UTC
Permalink
A quick note on this old thread about using containers in production.

We just stood up Production container number 25,000 last week. (along with a large complement of supporting containers)

I was in an architectural meeting where we spec’d out 250,000 production containers to be deployed by year end 2018.

My density is off the chain and only getting tighter.


—j
Post by Ted W. via Ale
Post by DJ-Pfulio via Ale
Certainly a few people here are using containers. There are over 1100+
other members, lurking.
a) Containers or not?
b) If yes, production or not?
a) I have a few toy containers; none running now.
b) Zero in production.
I am sorry to all of those who have come to the conclusion that
containers are inherently bad. I believe they (Docker in particular)
gets that reputation from many of the half baked "tutorials" due to it's
low barrier to entry as well as it's often poor documentation due to
Docker's current rapid rate of development.
leam hall via Ale
2018-05-07 13:41:39 UTC
Permalink
Jerald,

Cool! Within what you can say, where do you see the market for
container technologies? Docker, AWS, OpenStack, or???

I need to work my container skills from 0.

Leam
Post by Jerald Sheets via Ale
A quick note on this old thread about using containers in production.
We just stood up Production container number 25,000 last week. (along with a large complement of supporting containers)
I was in an architectural meeting where we spec’d out 250,000 production containers to be deployed by year end 2018.
My density is off the chain and only getting tighter.
—j
Post by Ted W. via Ale
Post by DJ-Pfulio via Ale
Certainly a few people here are using containers. There are over 1100+
other members, lurking.
a) Containers or not?
b) If yes, production or not?
a) I have a few toy containers; none running now.
b) Zero in production.
I am sorry to all of those who have come to the conclusion that
containers are inherently bad. I believe they (Docker in particular)
gets that reputation from many of the half baked "tutorials" due to it's
low barrier to entry as well as it's often poor documentation due to
Docker's current rapid rate of development.
_______________________________________________
Ale mailing list
https://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
Preston via Ale
2018-05-07 14:36:55 UTC
Permalink
For those of us in the cheap seats, (roughly) how many physical hosts?
Post by Jerald Sheets via Ale
A quick note on this old thread about using containers in production.
We just stood up Production container number 25,000 last week. (along with a large complement of supporting containers)
I was in an architectural meeting where we spec’d out 250,000 production containers to be deployed by year end 2018.
My density is off the chain and only getting tighter.
—j
Post by Ted W. via Ale
Post by DJ-Pfulio via Ale
Certainly a few people here are using containers. There are over 1100+
other members, lurking.
a) Containers or not?
b) If yes, production or not?
a) I have a few toy containers; none running now.
b) Zero in production.
I am sorry to all of those who have come to the conclusion that
containers are inherently bad. I believe they (Docker in particular)
gets that reputation from many of the half baked "tutorials" due to it's
low barrier to entry as well as it's often poor documentation due to
Docker's current rapid rate of development.
--
Be who you are and say what you feel, because those who mind don’t
matter and those who matter don’t mind.
-Dr. Seuss
_______________________________________________
Ale mailing list
***@ale.org
https://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.or
Jerald Sheets via Ale
2018-05-07 15:33:35 UTC
Permalink
They don’t let me talk in public. You guys are grandfathered in since it’s a semi-private list.

We’re all Docker/Kubernetes.

We have over 250,000 physical hosts, I suppose we’re going to be there in cloud by year’s end with no end to the growth pattern as far as I can see, and our container numbers as listed below encompass all environments. Much more container penetration in dev/test.

We use AWS, GCP, and to a lesser extent, Azure. That’s for Corp stuff, all internal.

I’m actually in the process of building the new default container everyone has to use in Docker.


Now that I think about it, I bet I could get a special dispensation to talk, but it’d have to go through a full-on approval process including my slides and I’d have to submit back a vid of the talk for archival.


That’s me saying “we’ll see”.


—j
Post by Preston via Ale
For those of us in the cheap seats, (roughly) how many physical hosts?
Post by Jerald Sheets via Ale
A quick note on this old thread about using containers in production.
We just stood up Production container number 25,000 last week. (along with a large complement of supporting containers)
I was in an architectural meeting where we spec’d out 250,000 production containers to be deployed by year end 2018.
My density is off the chain and only getting tighter.
—j
Jim Kinney via Ale
2018-05-07 15:55:48 UTC
Permalink
It would be greatly appreciated!
Post by Jerald Sheets via Ale
They don’t let me talk in public. You guys are grandfathered in
since it’s a semi-private list.
We’re all Docker/Kubernetes.
We have over 250,000 physical hosts, I suppose we’re going to be
there in cloud by year’s end with no end to the growth pattern as far
as I can see, and our container numbers as listed below encompass all
environments. Much more container penetration in dev/test.
We use AWS, GCP, and to a lesser extent, Azure. That’s for Corp stuff, all internal.
I’m actually in the process of building the new default container
everyone has to use in Docker.
Now that I think about it, I bet I could get a special dispensation
to talk, but it’d have to go through a full-on approval process
including my slides and I’d have to submit back a vid of the talk for
archival.
That’s me saying “we’ll see”.
—j
Post by Preston via Ale
For those of us in the cheap seats, (roughly) how many physical hosts?
Post by Jerald Sheets via Ale
A quick note on this old thread about using containers in
production.
We just stood up Production container number 25,000 last week.
(along with a large complement of supporting containers)
I was in an architectural meeting where we spec’d out 250,000
production containers to be deployed by year end 2018.
My density is off the chain and only getting tighter.
—j
_______________________________________________
Ale mailing list
https://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
--
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain

http://heretothereideas.blogspot.com/
Phil Turmel via Ale
2018-05-07 14:30:57 UTC
Permalink
How much of this could be shared as a "case study" presentation?
Post by Jerald Sheets via Ale
A quick note on this old thread about using containers in production.
We just stood up Production container number 25,000 last week. (along with a large complement of supporting containers)
I was in an architectural meeting where we spec’d out 250,000 production containers to be deployed by year end 2018.
My density is off the chain and only getting tighter.
_______________________________________________
Ale mailing list
***@ale.org
https://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/m
A. P. Garcia via Ale
2018-05-07 15:38:39 UTC
Permalink
Post by Phil Turmel via Ale
How much of this could be shared as a "case study" presentation?
+1

I would also be very interested in attending such a presentation.
Jim Kinney via Ale
2018-05-07 14:30:23 UTC
Permalink
And Jerald will be giving a detailed talk on large scale container
deployment to ALE Central on <fill in the date here>.
Post by Jerald Sheets via Ale
A quick note on this old thread about using containers in production.
We just stood up Production container number 25,000 last week. (along
with a large complement of supporting containers)
I was in an architectural meeting where we spec’d out 250,000
production containers to be deployed by year end 2018.
My density is off the chain and only getting tighter.
—j
Post by Ted W. via Ale
Post by DJ-Pfulio via Ale
Certainly a few people here are using containers. There are over 1100+
other members, lurking.
a) Containers or not?
b) If yes, production or not?
a) I have a few toy containers; none running now.
b) Zero in production.
I am sorry to all of those who have come to the conclusion that
containers are inherently bad. I believe they (Docker in
particular)
gets that reputation from many of the half baked "tutorials" due to it's
low barrier to entry as well as it's often poor documentation due to
Docker's current rapid rate of development.
_______________________________________________
Ale mailing list
https://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
--
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain

http://heretothereideas.blogspot.com/
Loading...