>>>>> "Joe" == Joe Landman <land...@scalableinformatics.com> writes:
Joe> On 06/30/2014 11:27 AM, Prentice Bisbal wrote:
>> I second Gavin.
>>
Prentice> A lot of people have been mentioning LXC and Docker ans
Prentice> cures to this problem, and to paraphrase The Princess
Prentice> Bride, you keep using those words I don't think they mean
Prentice> what you think they mean. Docker and LXC are great for
Prentice> isolating running services: apache, DNS, etc. For the most
Prentice> part, we are stalking about user-space libraries and
Prentice> programs. I don't see how Docker and LXC could be used or
Prentice> provide any benefit in this context.
Joe> We can create a completely repeatable portable mechanism to
Joe> distribute applications with full dependency chains as part of
Joe> the distribution, across machines of any linux distro type,
Joe> without impact core packages (which in the case of specific
Joe> distros are often non-functional for anything but legacy system
Joe> work) ... and you don't see the benefit to this?
Joe> Seriously?
Joe> Quick show of hands: Anyone running an HPC system, ever run
Joe> into, say, a dependency hell/nightmare due to a package
Joe> requirement?
I think your overemphasizing the upside of this approach. Sure, if you
have 2-3 apps like this, it's still feasible to manage. If it becomes a
lot more than that (and in a larger compute center it would), you
essentially have to manage Docker instances like OS installations (minus
kernel). Do you really want to do that for more than a couple of them?
You might say: Well the software vendors are going to supply and manage
the Docker instances. Will you trust them? I'd say: Welcome to the Android app
world, trojans, backdoors, other security holes. And I'm not really
convinced the container isolation is always going to protect us from this.
I believe nobody wants this in their data center.
Don't get me wrong. I also find the Docker concept appealing at first
sight. But I somehow see a security and/or manageability nightmare wave
coming up upon us with it ...
Roland
-------
http://www.q-leap.com / http://qlustar.com
--- HPC / Storage / Cloud Linux Cluster OS ---
_______________________________________________
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit
http://www.beowulf.org/mailman/listinfo/beowulf
