| Time |
S |
Nick |
Message |
| 01:06 |
|
|
philbot joined #sourcefu |
| 01:06 |
|
|
Topic for #sourcefu is now http://sourcefu.com | logs at http://irclog.greptilian.com/sourcefu/today |
| 01:18 |
|
pdurbin |
ah |
| 02:28 |
|
|
kzisme joined #sourcefu |
| 02:34 |
|
pdurbin |
prologic bear: if I'm going to modernize and run apps on Docker, which Linux distribution should I use? I was planning on upgrading my Digital Ocean droplet from Ubuntu 14.04 to the latest LTS, which I guess is 16.04. Or maybe I should just wait for 18.04. |
| 02:36 |
|
prologic |
I would highly recommend Rancher OS |
| 02:36 |
|
prologic |
Gimme a few mins to answer properly |
| 02:36 |
|
prologic |
Wife is on my laptop |
| 02:38 |
|
pdurbin |
Interesting. A guy at work just gave a talk saying he's using Rancher for the new thing he built. |
| 02:39 |
|
pdurbin |
"Install Rancher environment to Clouds" https://github.com/hmdc/cloud_project_plan/blob/d2185bf1152157bb155ca7f2f810114cd86d6c28/RCECloud.oplx/Actual.xml#L650 |
| 02:53 |
|
prologic |
So... |
| 02:53 |
|
prologic |
Let's talk about Rancher OS for a sec |
| 02:53 |
|
prologic |
The great thing about Rancher OS is that is basically is Linux + Docker |
| 02:53 |
|
prologic |
There is effectively no userland to maintain |
| 02:54 |
|
prologic |
Its as minimal and maintenance free as it gets which is nice for when all you want to do is run and manage docker services/containers |
| 02:54 |
|
prologic |
That being said if you're planning on doing this on DO then you may have ot use the CLI as the fancy UI doesn't quite yet have Rancher OS as a available/selectable option |
| 02:54 |
|
prologic |
If you're good with CLI(s) then I still highly reocmmend this |
| 02:54 |
|
prologic |
I have been running my infra with Rancher OS for a couple of years now with great success |
| 02:55 |
|
prologic |
Also I highly recommend you setup monitoring via prometheus and alerting via alertmanager -- which I have all the configs you can "rip off" / borrow :) |
| 03:23 |
|
prologic |
https://github.com/prologic/eris/releases/tag/v1.6.3 |
| 03:23 |
|
prologic |
Eris v1.6.3 is out |
| 04:04 |
|
|
kzisme joined #sourcefu |
| 04:04 |
|
bear |
I would agree with Rancher - the other option is Alpine but Rancher gives you a lot of benefits for being blessed by Docker |
| 04:09 |
|
prologic |
its not so much that its blessed by Docker per se |
| 04:09 |
|
prologic |
its just most of the time when you run non-trivial infra you don't need anything but something to run a binary or two or three or a dozen |
| 04:10 |
|
prologic |
you don't need all the other shit that comes with a tranditional full-blown Linux distro that you have to constantly "sysadmin" |
| 04:10 |
|
bear |
ugh - the perils of a quick reply |
| 04:11 |
|
prologic |
:D |
| 04:11 |
|
bear |
by "blessed" I mean that you get an OS that is known to work in the container realm which includes all of the cruft removal that you have to do by hand with other distros |
| 04:12 |
|
bear |
I spend more time hunting down the latest gizmo added by ubuntu or debian to remove than I do with coreos or alpine or rancher |
| 04:14 |
|
prologic |
ahh yes |
| 04:15 |
|
prologic |
indeed |
| 04:15 |
|
prologic |
and you end up inevitably wasting a tonne of time on upgrades to various pieces of userland that ruin your day |
| 04:16 |
|
prologic |
I think (with 1 exception where there was a bug that broke upgrdes) I've just done: sudo ros os upgrade |
| 04:17 |
|
bear |
yea, and if you put your container root image in a CD pipeline, then it's always primed with the latest |
| 04:19 |
|
prologic |
with the latest what? |
| 04:20 |
|
prologic |
I actually run most of my apps (especially those written in Go) with zero userland in the image |
| 04:20 |
|
prologic |
you effectively cannot "exec" into the container as there is no shell or other binary to exec except the thing that makes the image what it is |
| 11:47 |
|
pdurbin |
prologic: ah, good point that Rancher may not be available in the Digital Ocean GUI |
| 11:50 |
|
pdurbin |
I guess I'm wondering if I can have my cake and eat it too. It would be nice to be able to continue to run Ubuntu or whatever and just used apt-get to install certain software I depend on like ikiwiki, apache, and mysql. Additionally, it would be nice to be able to experiment with running some services under Docker. All on a $5 per month 512 MB VM. :) |
| 13:14 |
|
dotplus |
as an alternative viewpoint: not a fan of rancher for large (custom/diverse) container management. I mean it's cool, unless you really want the flexibilty it provides, the constraints are too much. Better stick to regular installs of kubernetes, swarm, whatever. I do agree that if you need userland and your container is not a single binary, then Alpine is absolutely the way to go. Simplicity almost |
| 13:14 |
|
dotplus |
always dominates over almost all other concerns. |
| 13:15 |
|
dotplus |
and yes, Alpine has lots of packages available: https://pkgs.alpinelinux.org check whether they have what you need. |
| 13:18 |
|
dotplus |
in "normal" usage (whatever that is), the only real "oddity" I've seen with Alpine is that it uses busybox which sometimes has slightly surprising versions of standard userland tools. And that's not really _that_ odd, also commonly found if you also play with live CDs, router distros, SBC, etc. |
| 13:28 |
|
pdurbin |
SBC? |
| 13:29 |
|
dotplus |
single board computers: Pi, BeagleBone, "plug" computers, etc. |
| 13:33 |
|
pdurbin |
ah |
| 13:35 |
|
pdurbin |
Maybe I'll stick with Ubuntu for home, for my $5 per month Digital Ocean droplet. I'm just not sure if I can also run Docker apps on it with only 512 MB of RAM. |
| 13:41 |
|
dotplus |
There are 2 questions here and perhaps I'm misunderstanding. 1) What should our container images be based on? 2) what os/distro & management platform should _run_ our containers? |
| 13:42 |
|
dotplus |
1) "As little as possible" which hopefully means at most (heaviest) Alpine, but preferably where the container is a single binary as described by prologic above. |
| 13:46 |
|
dotplus |
2) The distro should quite probably be whatever the admin [team] is most familiar with. (although if (a) the hosts are dedicated to hosting containers (b) the admin [team] eats new OSen/distros for breakfast, alpine is a good candidate there too. The container management platform choice is a little more nuanced: if you want stable (in the sense of unchanging), (fairly) mature software, with a nice, |
| 13:47 |
|
dotplus |
comfortable webUI, Rancher Labs might well ... |
| 13:47 |
|
dotplus |
... be the sensible choice. |
| 13:49 |
|
dotplus |
If you need to even moderately keep up with the rapid pace of change in the ecosystems (even if only because lagging behind introduces extra risk, not because you _need_ the new features), then you'll do better with kubernetes or swarm or whatever so long as it's managed by "standard" CM approaches. |
| 13:50 |
|
dotplus |
But for an individual, you might well be better off using a ContainersAsAService provider |
| 16:58 |
|
prologic |
dotplus I'm only talking about Rancher OS itself |
| 16:58 |
|
prologic |
not Rancher :) |
| 16:58 |
|
prologic |
I basically run all my infra with Rancher OS with a cluster configured in Swarm Mode |
| 17:23 |
|
pdurbin |
I just have the one 512 MB droplet on Digital Ocean. Five bucks a month. How much infra do others have for home stuff? |
| 17:41 |
|
aditsu |
I have 2 VPSes, should really be one but I can't seem to find the time to move things over.. |
| 18:17 |
|
pdurbin |
I can't seem to find the time to upgrade from Ubuntu 14.04 :/ |
| 18:22 |
|
dotplus |
== aditsu . I did manage to squeeze one down to just a $5/month instance so I'm not wasting too much:) |
| 18:23 |
|
dotplus |
prologic: ah, haven't looked at that. For me, it's either a "real" distro debian or derivatives, redhat or derivatives or alpine. there's enough proliferation already:) |
| 19:37 |
|
pdurbin |
so many tasty flavors |
| 20:10 |
|
codex |
prologic: not beging you - but don't use something that the creator of is going "it's basically dead" |
| 20:10 |
|
codex |
lastpass did it right |
| 20:11 |
|
codex |
I was skeptical until they published what their security involves. Even if you have an employee with root, they can't get to your passwords |
| 20:12 |
|
codex |
(if you dont want to use a saas - you can use 1pass) |
| 20:12 |
|
codex |
prologic: not sure if you saw this: https://motherboard.vice.com/en_us/article/vvbw9a/even-the-inventor-of-pgp-doesnt-use-pgp |
| 20:15 |
|
codex |
dotplus: I like alpine, but one thing that frustrates me to no end is that they market themselves as "security first" and in reality, they are the last to patch stuff (at least for Docker) |
| 22:12 |
|
dotplus |
really? motherboard.vice.com, that bastion of reliable tech journalism? I, and many others, use [Open]PGP every day. I'm not necessarily saying that it's the right solution for prologic's crypto task, but it certainly isn't "basically dead", whether zimmerman think so, uses it or not. |
| 22:14 |
|
dotplus |
and alpine? yes, I agree rapid security updates are kind of a requirement if you're going to claim security as a focus. although, I think it's more or less just a couple/few part-timers, so i Cut 'em a little slack cos they're definitely doing the world a favour. |
| 22:15 |
|
dotplus |
personally I recommend alpine because it's small and simple rather than because of their security claim/status. |
| 23:04 |
|
bear |
same - I check the security of the host server much more closely for my home stuff than I do the containers running on it |
