[openstack-dev] [kolla] on Dockerfile patterns
Lars Kellogg-Stedman
lars at redhat.com
Tue Oct 14 17:28:23 UTC 2014
On Tue, Oct 14, 2014 at 12:33:42PM -0400, Jay Pipes wrote:
> Can I use your Dockerfiles to build Ubuntu/Debian images instead of only
> Fedora images?
Not easily, no.
> Seems to me that the image-based Docker system makes the
> resulting container quite brittle -- since a) you can't use configuration
> management systems like Ansible to choose which operating system or package
> management tools you wish to use...
While that's true, it seems like a non-goal. You're not starting with
a virtual machine and a blank disk here, you're starting from an
existing filesystem.
I'm not sure I understand your use case enough to give you a more
useful reply.
> So... what am I missing with this? What makes Docker images more ideal than
> straight up LXC containers and using Ansible to control upgrades/changes to
> configuration of the software on those containers?
I think that in general that Docker images are more share-able, and
the layered model makes building components on top of a base image
both easy and reasonably efficient in terms of time and storage.
I think that Ansible makes a great tool for managing configuration
inside Docker containers, and you could easily use it as part of the
image build process. Right now, people using Docker are basically
writing shell scripts to perform system configuration, which is like a
20 year step back in time. Using a more structured mechanism for
doing this is a great idea, and one that lots of people are pursuing.
I have looked into using Puppet as part of both the build and runtime
configuration process, but I haven't spent much time on it yet.
A key goal for Docker images is generally that images are "immutable",
or at least "stateless". You don't "yum upgrade" or "apt-get upgrade"
in a container; you generate a new image with new packages/code/etc.
This makes it trivial to revert to a previous version of a deployment,
and clearly separates the "build the image" process from the "run the
application" process.
I like this model.
--
Lars Kellogg-Stedman <lars at redhat.com> | larsks @ {freenode,twitter,github}
Cloud Engineering / OpenStack | http://blog.oddbit.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141014/a54ec62b/attachment.pgp>
More information about the OpenStack-dev
mailing list