Containers in IT
-
@Dashrender said:
@scottalanmiller said:
@dafyre said:
I realize that with containers, spinning up a new machine is easy and fast, but you lose the data that was in the original container if I understand the way the work correctly.
I idea is that containers should be stateless. Nothing makes this true at the technology level, of course, but the idea is that things like databases don't run in containers, only stateless application code. So there should be nothing to migrate over.
For us noobs, can you give an example or two of stateless things used in containers?
Webservers or proxies/load balancers would be my first guess.
-
@Dashrender said:
For us noobs, can you give an example or two of stateless things used in containers?
Anything that doesn't contain data. So databases and file servers are the key examples that are NOT good for containers. Mostly, everything else is.
Any application or processing or networking system would be stateless.
-
@coliver said:
Webservers or proxies/load balancers would be my first guess.
Yes, application servers (web or otherwise) are the vast majority of these.
-
Some people put database clusters into containers with the understanding that they have to all be in sync all the time and that at least three or more have to never shut down. I don't like that model, though.
-
@scottalanmiller said:
@coliver said:
Webservers or proxies/load balancers would be my first guess.
Yes, application servers (web or otherwise) are the vast majority of these.
Pretty much anything that has relatively static content, right? You wouldn't host say... a Wordpress install in a container, would you?
Edit: Even if you do keep the Database server somewhere else.
-
@dafyre said:
Pretty much anything that has relatively static content, right? You wouldn't host say... a Wordpress install in a container, would you?
Normally yes and normally, yes. LOL. You would expect Wordpress to update very infrequently (other than what is in the database) and you would rebuild the container if and when that happened. Or you would put the non-static content, which is generally very tiny amounts, into a shared NFS share.
-
So the application - the web daemon - can be in a container, and it just pulls data from sources behind it. OK.
This is for load balancing?
-
@Dashrender said:
So the application - the web daemon - can be in a container, and it just pulls data from sources behind it. OK.
This is for load balancing?
If it is a load balancer like HA-Proxy that we are discussing, yes.
-
@Dashrender said:
So the application - the web daemon - can be in a container, and it just pulls data from sources behind it. OK.
This is for load balancing?
This is what I am wondering too. What is the advantage of a container over a VM? Both can be built and destroyed in moments but the VM has added flexibility that the container doesn't necessarily have. Would this be for performance and resource utilization?
-
@coliver said:
@Dashrender said:
So the application - the web daemon - can be in a container, and it just pulls data from sources behind it. OK.
This is for load balancing?
This is what I am wondering too. What is the advantage of a container over a VM? Both can be built and destroyed in moments but the VM has added flexibility that the container doesn't necessarily have. Would this be for performance and resource utilization?
Containers are lighter and faster, have different licensing concerns, are smaller to deploy, smaller to store, easier to pass around, etc.
-
Also, containers provide some of these features for shops too small to have cloud to do this with VMs.
-
@scottalanmiller said:
Also, containers provide some of these features for shops too small to have cloud to do this with VMs.
Like you were talking about earlier... Doing both can be beneficial. Have a couple of big VMs for LXC containers, and what-not... You get the benefits of both virtualization and containers.
-
Yes, and I think that that is the direction that we will see most companies go.
-
That's what I have. I have a VM that hosts LXC containers. I have XO in one container. It makes updating easy. I can use ansible to either clone the container and update XO or just fire up a new container and install XO quickly. I don't need things like reboot scripts then because I can just include that in the ansible playbook and reboots take about 1 second.
It also allows me to pass variables to the playbook so I can install XO from different git branches.
Another advantage is if you want to send a file to another container you can just copy from the container directory and put it inside the other container. Very quick with large files vs using the network. That is assuming you're using a dir backing store and not a logical volume or something else.
-
Ubuntu is making some big strides with LXC. they call it LXD and it will have live migration of containers.
-
I have a small EC2 instance running a containerized instance of discourse for a set of support forums we use for supporting a specific product. It has been up for ~8 months without issue.
-
I also have my website in an unprivileged container. That way if someone were to gain root access to the web server and somehow break out of the container, the only thing they can affect is the home folder for that non-sudo user.
-
Sorry to necro this but it's relevant to my new job. My understanding of the benefit of containers is resource management. Hypervisors emulate virtual hardware essentially and they are more resource intensive because of that where as containers use a shared operating system which makes them much more efficient resource wise but also creates limitations. You can also have more server applications running for less money (reduced cost of hardware). Especially if you have a reason to run multiple copies of an application. There are positives and negatives to it.
Am I looking at this correctly @scottalanmiller ?
-
@wirestyle22 It also allows you to add in additional levels of security by essentially walling off each instance of a service versus running said service in parallel with other services that your application(s) might depend upon. So instead of having a single virtual machine running Apache, MySQL, and PHP; you'd have a container for each service, each with their own hardened attack surface. Also, it allows for a more efficient and responsive dynamic scaling model for applications that is mostly platform independant.
-
@RamblingBiped said in Containers in IT:
@wirestyle22 It also allows you to add in additional levels of security by essentially walling off each instance of a service versus running said service in parallel with other services that your application(s) might depend upon. So instead of having a single virtual machine running Apache, MySQL, and PHP; you'd have a container for each service, each with their own hardened attack surface. Also, it allows for a more efficient and responsive dynamic scaling model for applications that is mostly platform independant.
Makes sense