What about Docker on NethServer 7?

Ya! I was missing the dynamic of this community :wink:
But all my works and clients are on .DEB
For now Rancher sound a great working alternative of what they try to do with the Docker 1.12 and their UCP.

I’ll see, until the end of the month I have to convince one of my client to switch from Proxmox (KVM LXC) to Docker+Rancher which is able to manage Docker + KVM.

1 Like

@davidep do you have any plan on this? Could making docker deployment easy be our new 7 goal?

No plans for it until Final has been released.

1 Like

After a few experiences with Docker on and off with CoreOS, RancherOS, Debian & Ubnutu
Digging into Forum and HowTo, 

Some people consider and do it on this way

At the beginning I thought they were a bunch of fools, but with time, I adopted this technique mainly for security purposes.

  • So
 the Ubuntu Community propose to run Docker into LXD
  • Some hardcore Docker users turn Docker into Docker
  • And finally what I think might be a good direction for NethServer is to run Docker into a KVM.
    In that case; you demilitarize your docker images and keep a layer between those images that are not always trustableéwell-known and your data hosted on NethServer.

For example: I’m mounting some directories into some dockers through NFS via an exclusive internal interface.

If you choose this way, it’s way less maintenance for the Neth Team
and way more secure :wink:
That was my 2 cents on this topic; I hope you like it!

4 Likes

Thanks for your advice, I think that docker will be a killer application for our next release! We have to think the best approach for NethServer, trying to keep things as simple as possible

Please keep hanging around, you won’t regret it.

1 Like

On an inverted Docker note, there is an offical centos 7 dockerfile (container) on Docker Hub.

https://hub.docker.com/_/centos/

This would mean that you could install Nethserver in a docker container using a centos installation method. This also allows for the possibility of developing our own Nethserver containers for distribution.

Oh, wait
 post is for nothing. Looks like this has already been toyed with

https://hub.docker.com/r/nethserver/docker-demo/

That’s the demo of NethServer running on the official Demo running on Docker – NethServer
We have plans to work on docker after the final release of NethServer 7.

Not sure i’m following the same idea of @Walter_Schoenly
But just in case KVM into Docker exemple :

1 Like

Have somethings moved in the meantime?

I’m experimenting Docker in 7 with little integration with standard Community release (some tweaks with shorewall and some with default values but quite fine). At the moment I have all the stuff manually set up, trying to get this working with NextCloud (no avail for the moment).

Also, do you plan to have a GUI? (I have seen there’s a cockpit-docker package but I didn’t check it out toroughly). I would advice Portainer as a GUI, if cockpit is not going to be ok with 7.

3 Likes

There is native Docker support in shorewall 5 and my experiment should not be required anymore!

I think firewall rules integration was the biggest issue. Now that the shorewall developers fixed it we could integrate the solution (trivial):

# grep -n -i docker /etc/shorewall/*
/etc/shorewall/shorewall.conf:174:DOCKER=No  # <- change to "Yes"

I’ve no plans to develop neither an API nor a GUI for NethServer+Docker at this moment: there are too many use-case specific requirements (things that depend on what I install), and few general requirements (backup? front-end http?..). I’d start with a howto/prototype, as usual, to catch them all!

2 Likes

To change shorewall.conf:

config setprop firewall Docker enabled
signal-event firewall-adjust
1 Like

I played a bit both with docker and Portainer on NS 7.
Even if Shorewall as built-in support for docker, it doesn’t work out.of.the-box.

Probably we need to hack something, but I don’t have time right now.
Does anyone want to try playing with Shorewall and Docker?

1 Like

Aye, I had to do other changes on shorewall policies to enable Portainer access. Will document it if needed, just say it is.

Not a lot of time to spare, but the argument seems interesting on my side. Not in short time, but I plan to spend some time on the issue.

3 Likes

I know I’ll probably dig deeper in a way people don’t want but
recently I tried the new FreeNAS Corral (please don’t do this error :wink:

and they claim offer VM and Docker 
 but in reality they turn boot2docker into a VM which I think it’s not for production (but again it’s me).

So all that for just saying if you/me/we/us craving so much for Docker
Why not running CoreOS inside a VM with apache proxy in Nethserver

I don’t use docker but what about their docker management panel ?

Edit: i meant cockpit and their docker panel management

See I run freenas 9.* and the jails are fantastic. The issue I have with docker on the new corral is that I dont have the resources to dedicate to a vm for EVERY docker instance, plex, nextcloud, etc. I liked the way it handled it pre-corral, and docker is a good idea for people with lots of cores, just not for home server instances. /offtopic

to be beautiful it is very beautiful
1’ but like the guy said on is demo they try (but they don’t) to not over user local resource
I means I had a hard time with my old MacBookPro 8.1 to run it.

2’ My second point is I don’t like the fact they force me to use Chrome.

But at the end it’s look like a https://my-netdata.io/ with over kill demand of resource.


As you probably figure I try a lot of stuff :wink:
One cockpit I try these days for Docker is : http://portainer.io/
It’s light but give you power to dig and is quite intuitive.

Yes it looks nice, did you try it On NS ?

hum netdata ? yes I try it on nethserver

portainer ? yes and no, it’s what I use with my CoreOS which is in KVM on Nethserver.

I recall a conference at the fosdem last year
5 levels of virtualisation
 It could be nice to test it directly in NS.