What about Docker on NethServer 7?

JOduMonT (JꙨdцӍoηҬ) 2016-07-25 00:05:19 UTC #21

Ya! I was missing the dynamic of this community
But all my works and clients are on .DEB
For now Rancher sound a great working alternative of what they try to do with the Docker 1.12 and their UCP.

I’ll see, until the end of the month I have to convince one of my client to switch from Proxmox (KVM LXC) to Docker+Rancher which is able to manage Docker + KVM.

alefattorini (Alessio Fattorini) 2016-07-27 08:35:58 UTC #22

@davidep do you have any plan on this? Could making docker deployment easy be our new 7 goal?

davidep (Davide Principi) 2016-07-27 08:43:36 UTC #23

No plans for it until Final has been released.

JOduMonT (JꙨdцӍoηҬ) 2016-09-18 08:12:19 UTC #24

After a few experiences with Docker on and off with CoreOS, RancherOS, Debian & Ubnutu
Digging into Forum and HowTo, …
Some people consider and do it on this way…
At the beginning I thought they were a bunch of fools, but with time, I adopted this technique mainly for security purposes.

So… the Ubuntu Community propose to run Docker into LXD
Some hardcore Docker users turn Docker into Docker
And finally what I think might be a good direction for NethServer is to run Docker into a KVM.
In that case; you demilitarize your docker images and keep a layer between those images that are not always trustableéwell-known and your data hosted on NethServer.

For example: I’m mounting some directories into some dockers through NFS via an exclusive internal interface.

If you choose this way, it’s way less maintenance for the Neth Team
and way more secure
That was my 2 cents on this topic; I hope you like it!

alefattorini (Alessio Fattorini) 2016-09-22 15:01:08 UTC #25

Thanks for your advice, I think that docker will be a killer application for our next release! We have to think the best approach for NethServer, trying to keep things as simple as possible

Please keep hanging around, you won’t regret it.

Walter_Schoenly (Walter Schoenly) 2016-09-23 21:23:44 UTC #26

On an inverted Docker note, there is an offical centos 7 dockerfile (container) on Docker Hub.

https://hub.docker.com/_/centos/

This would mean that you could install Nethserver in a docker container using a centos installation method. This also allows for the possibility of developing our own Nethserver containers for distribution.

Oh, wait… post is for nothing. Looks like this has already been toyed with…
https://hub.docker.com/r/nethserver/docker-demo/

filippo_carletti (Filippo Carletti) 2016-09-23 21:58:17 UTC #27

That’s the demo of NethServer running on the official http://www.nethserver.org/demo-running-on-docker/
We have plans to work on docker after the final release of NethServer 7.

JOduMonT (JꙨdцӍoηҬ) 2016-10-01 22:12:53 UTC #28

Not sure i’m following the same idea of @Walter_Schoenly
But just in case KVM into Docker exemple :

syntaxerrormmm (Emiliano Vavassori) 2017-03-16 20:43:07 UTC #29

Have somethings moved in the meantime?

I’m experimenting Docker in 7 with little integration with standard Community release (some tweaks with shorewall and some with default values but quite fine). At the moment I have all the stuff manually set up, trying to get this working with NextCloud (no avail for the moment).

Also, do you plan to have a GUI? (I have seen there’s a cockpit-docker package but I didn’t check it out toroughly). I would advice Portainer as a GUI, if cockpit is not going to be ok with 7.

davidep (Davide Principi) 2017-03-17 08:35:34 UTC #30

There is native Docker support in shorewall 5 and my experiment should not be required anymore!

I think firewall rules integration was the biggest issue. Now that the shorewall developers fixed it we could integrate the solution (trivial):

# grep -n -i docker /etc/shorewall/*
/etc/shorewall/shorewall.conf:174:DOCKER=No  # <- change to "Yes"

I’ve no plans to develop neither an API nor a GUI for NethServer+Docker at this moment: there are too many use-case specific requirements (things that depend on what I install), and few general requirements (backup? front-end http?..). I’d start with a howto/prototype, as usual, to catch them all!

filippo_carletti (Filippo Carletti) 2017-03-17 10:50:16 UTC #31

To change shorewall.conf:

config setprop firewall Docker enabled
signal-event firewall-adjust

giacomo (Giacomo Sanchietti) 2017-03-20 13:02:24 UTC #32

I played a bit both with docker and Portainer on NS 7.
Even if Shorewall as built-in support for docker, it doesn’t work out.of.the-box.

Probably we need to hack something, but I don’t have time right now.
Does anyone want to try playing with Shorewall and Docker?

syntaxerrormmm (Emiliano Vavassori) 2017-03-21 16:40:12 UTC #33

Aye, I had to do other changes on shorewall policies to enable Portainer access. Will document it if needed, just say it is.

Not a lot of time to spare, but the argument seems interesting on my side. Not in short time, but I plan to spend some time on the issue.

JOduMonT (JꙨdцӍoηҬ) 2017-03-24 14:16:02 UTC #34

I know I’ll probably dig deeper in a way people don’t want but
recently I tried the new FreeNAS Corral (please don’t do this error

and they claim offer VM and Docker … but in reality they turn boot2docker into a VM which I think it’s not for production (but again it’s me).

So all that for just saying if you/me/we/us craving so much for Docker
Why not running CoreOS inside a VM with apache proxy in Nethserver

stephdl (Stéphane de Labrusse) 2017-03-25 02:13:50 UTC #35

I don’t use docker but what about their docker management panel ?

Edit: i meant cockpit and their docker panel management

Jclendineng (Joel Clendineng) 2017-03-27 14:33:34 UTC #36

See I run freenas 9.* and the jails are fantastic. The issue I have with docker on the new corral is that I dont have the resources to dedicate to a vm for EVERY docker instance, plex, nextcloud, etc. I liked the way it handled it pre-corral, and docker is a good idea for people with lots of cores, just not for home server instances. /offtopic

JOduMonT (JꙨdцӍoηҬ) 2017-03-27 21:29:58 UTC #37

to be beautiful it is very beautiful
1’ but like the guy said on is demo they try (but they don’t) to not over user local resource
I means I had a hard time with my old MacBookPro 8.1 to run it.

2’ My second point is I don’t like the fact they force me to use Chrome.

But at the end it’s look like a https://my-netdata.io/ with over kill demand of resource.

As you probably figure I try a lot of stuff
One cockpit I try these days for Docker is : http://portainer.io/
It’s light but give you power to dig and is quite intuitive.

stephdl (Stéphane de Labrusse) 2017-03-27 21:43:17 UTC #38

Yes it looks nice, did you try it On NS ?

JOduMonT (JꙨdцӍoηҬ) 2017-03-28 08:10:12 UTC #39

hum netdata ? yes I try it on nethserver

portainer ? yes and no, it’s what I use with my CoreOS which is in KVM on Nethserver.

stephdl (Stéphane de Labrusse) 2017-03-28 09:31:52 UTC #40

I recall a conference at the fosdem last year…5 levels of virtualisation… It could be nice to test it directly in NS.