I built an RPM as an attempt to integrate Shorewall and Docker on NethServer 7. It can be downloaded from nethforge-testing repo: nethserver-docker-0.0.0-1.ns7.noarch.rpm.
Things to notice:
- a shorewall template that probes container ports with
docker inspect: /etc/e-smith/templates/etc/shorewall/rules/50docker
- a systemd service unit that reloads shorewall configuration when a container is started/stopped: /usr/libexec/dckfwatch
From the admin point of view there’s no difference between a service running inside a container and host services. Configuration RPMs should
- provide service unit files for systemd and e-smith DB defaults
- take care of docker images pulls/updates
- container creation
- service startup
For instance let’s see a “demo” service; I’m assuming docker is already running. What demo.rpm should provide is
# In /etc/systemd/system/demo.service [Unit] Description=Demo container Requires=dckfwatch.service After=dckfwatch.service [Service] Restart=on-failure ExecStart=/usr/bin/docker start -a demo ExecStop=/usr/bin/docker stop demo [Install] WantedBy=local.target
# Create the "demo" container: docker create --name=demo -h demo.$HOSTNAME -p 9980:980 nethserver/docker-demo # Start the "demo" container. dckfwatch will update shorewall configuration systemctl start demo
We had some great discussions in the past about Docker and NethServer. I’m exploring Linux containers because they seems a clean way to install on the system different (and incompatible) versions of a software. In the past we sacrificed being upstream-compliant to have some nice features and vice-versa. Some notable examples:
Docker is not the only software based on Linux Containers. I found also systemd-nspawn very interesting and it has Docker Hub integration, too.
Of course this little package is not feature complete but I hope it will open interesting scenarios on NethServer; please comment!