[talk] Containerization

Pete Wright pete at nomadlogic.org
Sat Apr 8 12:04:55 EDT 2017



On 04/08/2017 07:01, Edward Capriolo wrote:
>
>
> On Sat, Apr 8, 2017 at 9:38 AM, Jesse Callaway <bonsaime at gmail.com 
> <mailto:bonsaime at gmail.com>> wrote:
>
>
>
>     On Sat, Apr 8, 2017 at 12:19 AM, Sujit K M <kmsujit at gmail.com
>     <mailto:kmsujit at gmail.com>> wrote:
>
>         On Sat, Apr 8, 2017 at 4:17 AM, Mark Saad <mark.saad at ymail.com
>         <mailto:mark.saad at ymail.com>> wrote:
>         > All
>         >    I have a thought experiment head over to
>         http://99percentinvisible.org/
>         > and listen to the current talk on containerization ; and how
>         it transforms
>         > the dock cities . It has some good background on 70's urban
>         blight with the
>         > decline of the dock worker jobs and how this drags the
>         related economies
>         > down .  So now think about how this works with regards to
>         computer
>         > containers. Does docker / vms supplant the old way of by
>         hand rolling
>         > software ? Do we loose admin jobs like we lost longshoreman?
>         Is a super
>         > container ship on the horizon for operating systems. It's
>         damn interesting
>         > to think about . Does the shipping industry parallel
>         developers and
>         > administrators dealing with docker and vms ? You decide .
>         >
>         Too Much Automation?
>
>         _______________________________________________
>         talk mailing list
>         talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>
>         http://lists.nycbug.org/mailman/listinfo/talk
>         <http://lists.nycbug.org/mailman/listinfo/talk>
>
>
>
>     I used to work for a small web design firm that needed someone to
>     manage their TWO servers, to cram all the customers we could into
>     one box and help troubleshoot email issues, as their dedicated
>     sysadmin. I had seriously a single 100 line bash script that did
>     my job, and the rest of the time I spent tuning our phone system
>     to improve call quality to the SF office.
>
>     Eventually I had to quit because they couldn't make payroll during
>     a lull in acquiring customers. I don't think this position is
>     available anymore, but the good news is that the people working
>     there continue to make great custom websites. They have absolutely
>     no need for someone in particular to maintain an operating system
>     on a given piece of hardware, and that's great for their business.
>
>     Now at my current position we have a very small team who manages
>     quite a large amount of infrastructure. Millions and millions of
>     dollars of hardware and networking. However, I've never seen any
>     of it. Someone DOES have the job of racking it all up and
>     replacing broken hard disks on the SAN, but I'll never know who or
>     even what brand of disks they use or even what type of SAN. There
>     are fewer of these jobs per resource managed due to increased
>     efficiency, I would assume.
>
>     So that small business admin maintaining a LAMP platform is gone.
>     That job doesn't exist. Soon enough, and it's happening right now
>     at my employer, the dedicated DevOps team also will go. Their jobs
>     will be given to three positions which will not go away.. the
>     accountant/controller, the security chief (one person), and the
>     application developer who is also interested a bit in plumbing.
>
>     Remember what "computers" used to be when they were people? No,
>     nobody does. Yes the traditional sysadmin has been replaced by a
>     computer program. There is a rack-and-stack person and a person
>     who designs datacenters and a person who ensures uptime and
>     someone who makes sure the VPN is up. But nobody is upgrading
>     Apache in-place and crossing their fingers.
>
>     -- 
>     -jesse
>
>     _______________________________________________
>     talk mailing list
>     talk at lists.nycbug.org <mailto:talk at lists.nycbug.org>
>     http://lists.nycbug.org/mailman/listinfo/talk
>     <http://lists.nycbug.org/mailman/listinfo/talk>
>
>
> Think about this: FreeBSD ports vs Fedora packages, vs Debian 
> whatevers, vs mac freshports. The industry was wasting a lot of time 
> packaging and re-packaging things.
>
> I used to use linux vserver which had a similar system to create 
> containers:  vserver --create --name mything --ip 34.34.34.34 --src 
> rsync:/myweb/server/
>
> Docker just become an easy efficient way to share packages. It lets 
> the people who build the software build a package and distribute to 
> all people that have docker. This is much more efficient then having 
> every distro of every unix/linux build a package  ./configure && make 
> && make install && customize.
>
> That is why it is winning. Speed/cross platform/ ease of use.
>
> Take for example a piece of software like c-actor framework. The 
> freebsd port struggles somewhat because none of the devs are on that 
> platform. The user really does not want to take up that burden, they 
> just want to use it. If a docker exists you just use that on any 
> platform and you can deploy it to amazon container service as well 
> your going to be more inclined to use that then to get sidetracked 
> into fixing a port which is not actually what you want to do.
>
>
meh not sure i really agree here - i've seen people struggling to use 
docker in prod (both standalone as well as using Mesos/DCOS and 
Kubernetes) and really they spend more time fighting their tools than 
actually administrating and understanding their infrastructure.  The 
DCOS team has done *3* complete delete/reinstall cycles because it's 
"easier than upgrading" - i.e. they have no idea as to how their 
infrastructure is actually being build.  why are they using DCOS - they 
think they want zookeeper/ha-proxy etc but have no idea as to how to 
admin it.  not really a good recipe for stable infrastructure.

the pure docker team as far as i can tell doesn't have a handle as to 
what bits their images are being built with.  oh ssl vuln we need to 
patch, well time to rebuild all our docker images and re-deploy an 
entire new stack and hope i didn't miss any systems.  oh admin left or 
cycled ssh keys, well configuration management is for fools - we'll just 
redeploy our entire docker infrastructure.

imho there may be valid use cases for jails/containers - but i've rarely 
seen it implemented correctly.  and when i do see it implemented in a 
sane manner it really does look like traditional systems architecture 
containing:

1) configuration mgmt is in place with strong auditing/reporting
2) detailed auditing of software installed using either native or 
software stack (pip, npm, etc.) packages


-pete

-- 
Pete Wright
pete at nomadlogic.org
@nomadlogicLA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20170408/eb2db13c/attachment.html>


More information about the talk mailing list