On Sun, Nov 8, 2015 at 5:56 PM, Howard White <[email protected]> wrote:
> On 11/08/2015 11:02 AM, Wesley Duffee-Braun wrote: > >> Hi all, >> >> Attached is the PDF containing the slides used at Phreaknic19 Future of >> Linux session last night to talk about containers and clouds. There was >> a lot of good discussion around containers and security - could be an >> interesting future NLUG presentation? >> >> I enjoyed the panel with Dagmar and Howard, and thanks to Ben Hicks for >> setting everything up! >> >> - Wesley >> > > Wesley didn't see Michael Chaney's presentation about Jailed servers > running in BSD many ages ago. We have discussed these precursors to > containers and their operations advantages to other virtual style > implementations. Now, I bring up this point not to discourage the topic as > containers have come a long way since those jailed systems came to > practice. Yes, the point Wesley made in his presentation about the impact > of containers versus virtual guests is important. How many layers, how > many copies of what has to be maintained and supported. Some of us, okay I, > wince at the thought of having an operating system running to support > having an operating system to support a java or erlang virtual environment. > > The slides can't reflect Dagmar's comments on the practical effects of the > production environment. My experience with "update constipation" > completely echoes what Dagmar reports - nobody wants to touch anything for > fear it might break (and that "they" might have to fix). I think this is the conversation that definitely needs to be had around containers - appropriate use cases. When considering the integration of containers[1] into production environments, you do have to ask why go that route. Is your prod environment a good use case for containers? Does it scale up/scale down often? Are you updating pieces of the environment independently? Do you have multiple teams providing those pieces? Do you have multiple prod environments that should stay in sync? If you don't answer "yes" to at least some of those questions, then containers may not be a wise tool for prod. Monolithic (word of the year, right?) and static workload prod environments don't sound like container bliss to me. But dev and/or impl and/or qa - why NOT use containers? If you are keeping those environments static and persistent....why? Shouldn't those be (at least mostly) modular and stateless? > This is the way we manage our highways - we wait until the bridges fall > down and then slap dash a fix. Okay, off the soap box. > So, to me, containers help with this issue. Say you've got a new shiny version of AppFoo and want to use it, but you aren't sure if everything else will play nice[2]. Put AppFoo version N in a container and load it on a container host, put it behind a load balancer alongside version N-1, and start watching it pick up the workload. If the new version craps out...discover why and try again. Sure you can do that with a VM but (a) waste of resources and (b) how can you be 100% sure that it was the new AppFoo version that caused any issues (unless you patched/tuned/tweaked the VM to be exactly like the existing prod, which if you are doing all that work to test maybe there should be multiple environments anyway)? But this way you don't have to reset (or risk) the entire environment to put the new AppFoo through its paces. - wesley [1] To be sure, that process nowadays is not your grandmother's container process - with tools like jenkins, gerrit, puppet, ansible, etc it's apples/oranges in many ways to previous experiences. [2] Not everyone has multiple staging environments and sometimes prod is all you have. In that case, I'd say that containers are worth a look - no matter the answers to the prior questions - for many reasons. > Howard > > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- You received this message because you are subscribed to the Google > Groups "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- http://www.wesleyduffeebraun.com <http://www.ashevillephotobooth.com> -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
