[talk] Containerization
Edward Capriolo
edlinuxguru at gmail.com
Sat Apr 8 12:52:43 EDT 2017
On Sat, Apr 8, 2017 at 12:04 PM, Pete Wright <pete at nomadlogic.org> wrote:
>
>
> On 04/08/2017 07:01, Edward Capriolo wrote:
>
>
>
> On Sat, Apr 8, 2017 at 9:38 AM, Jesse Callaway <bonsaime at gmail.com> wrote:
>
>>
>>
>> On Sat, Apr 8, 2017 at 12:19 AM, Sujit K M <kmsujit at gmail.com> wrote:
>>
>>> On Sat, Apr 8, 2017 at 4:17 AM, Mark Saad <mark.saad at ymail.com> wrote:
>>> > All
>>> > I have a thought experiment head over to
>>> http://99percentinvisible.org/
>>> > and listen to the current talk on containerization ; and how it
>>> transforms
>>> > the dock cities . It has some good background on 70's urban blight
>>> with the
>>> > decline of the dock worker jobs and how this drags the related
>>> economies
>>> > down . So now think about how this works with regards to computer
>>> > containers. Does docker / vms supplant the old way of by hand rolling
>>> > software ? Do we loose admin jobs like we lost longshoreman? Is a super
>>> > container ship on the horizon for operating systems. It's damn
>>> interesting
>>> > to think about . Does the shipping industry parallel developers and
>>> > administrators dealing with docker and vms ? You decide .
>>> >
>>> Too Much Automation?
>>>
>>> _______________________________________________
>>> talk mailing list
>>> talk at lists.nycbug.org
>>> http://lists.nycbug.org/mailman/listinfo/talk
>>>
>>
>>
>> I used to work for a small web design firm that needed someone to manage
>> their TWO servers, to cram all the customers we could into one box and help
>> troubleshoot email issues, as their dedicated sysadmin. I had seriously a
>> single 100 line bash script that did my job, and the rest of the time I
>> spent tuning our phone system to improve call quality to the SF office.
>>
>> Eventually I had to quit because they couldn't make payroll during a lull
>> in acquiring customers. I don't think this position is available anymore,
>> but the good news is that the people working there continue to make great
>> custom websites. They have absolutely no need for someone in particular to
>> maintain an operating system on a given piece of hardware, and that's great
>> for their business.
>>
>> Now at my current position we have a very small team who manages quite a
>> large amount of infrastructure. Millions and millions of dollars of
>> hardware and networking. However, I've never seen any of it. Someone DOES
>> have the job of racking it all up and replacing broken hard disks on the
>> SAN, but I'll never know who or even what brand of disks they use or even
>> what type of SAN. There are fewer of these jobs per resource managed due to
>> increased efficiency, I would assume.
>>
>> So that small business admin maintaining a LAMP platform is gone. That
>> job doesn't exist. Soon enough, and it's happening right now at my
>> employer, the dedicated DevOps team also will go. Their jobs will be given
>> to three positions which will not go away.. the accountant/controller, the
>> security chief (one person), and the application developer who is also
>> interested a bit in plumbing.
>>
>> Remember what "computers" used to be when they were people? No, nobody
>> does. Yes the traditional sysadmin has been replaced by a computer program.
>> There is a rack-and-stack person and a person who designs datacenters and a
>> person who ensures uptime and someone who makes sure the VPN is up. But
>> nobody is upgrading Apache in-place and crossing their fingers.
>>
>> --
>> -jesse
>>
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
>>
>
> Think about this: FreeBSD ports vs Fedora packages, vs Debian whatevers,
> vs mac freshports. The industry was wasting a lot of time packaging and
> re-packaging things.
>
> I used to use linux vserver which had a similar system to create
> containers: vserver --create --name mything --ip 34.34.34.34 --src
> rsync:/myweb/server/
>
> Docker just become an easy efficient way to share packages. It lets the
> people who build the software build a package and distribute to all people
> that have docker. This is much more efficient then having every distro of
> every unix/linux build a package ./configure && make && make install &&
> customize.
>
> That is why it is winning. Speed/cross platform/ ease of use.
>
> Take for example a piece of software like c-actor framework. The freebsd
> port struggles somewhat because none of the devs are on that platform. The
> user really does not want to take up that burden, they just want to use it.
> If a docker exists you just use that on any platform and you can deploy it
> to amazon container service as well your going to be more inclined to use
> that then to get sidetracked into fixing a port which is not actually what
> you want to do.
>
>
> meh not sure i really agree here - i've seen people struggling to use
> docker in prod (both standalone as well as using Mesos/DCOS and Kubernetes)
> and really they spend more time fighting their tools than actually
> administrating and understanding their infrastructure. The DCOS team has
> done *3* complete delete/reinstall cycles because it's "easier than
> upgrading" - i.e. they have no idea as to how their infrastructure is
> actually being build. why are they using DCOS - they think they want
> zookeeper/ha-proxy etc but have no idea as to how to admin it. not really
> a good recipe for stable infrastructure.
>
> the pure docker team as far as i can tell doesn't have a handle as to what
> bits their images are being built with. oh ssl vuln we need to patch, well
> time to rebuild all our docker images and re-deploy an entire new stack and
> hope i didn't miss any systems. oh admin left or cycled ssh keys, well
> configuration management is for fools - we'll just redeploy our entire
> docker infrastructure.
>
> imho there may be valid use cases for jails/containers - but i've rarely
> seen it implemented correctly. and when i do see it implemented in a sane
> manner it really does look like traditional systems architecture containing:
>
> 1) configuration mgmt is in place with strong auditing/reporting
> 2) detailed auditing of software installed using either native or software
> stack (pip, npm, etc.) packages
>
>
> -pete
>
> --
> Pete Wrightpete at nomadlogic.org
> @nomadlogicLA
>
> I 100 % agree with what you are saying. I have used DCOS packages that are
crap. They do a cookie cutter job of installing X. And do not give you a
ton of tools to manage this.
Example: I wrote this blog to use dcos to setup Cassandra
http://thelastpickle.com/blog/2016/05/07/dcos.html (I was paid to do this :)
As someone who has setup Cassandra I KNOW that dcos and this packager are
just kids toys. But I think that because I am a system admin historically
and I know Cassandra in and out.
Lets say on a scale of 1-10 a blog with setting up Cassandra on DCOS on
mesos is a 4/10. The reasons are the exact ones your are describing and
some of my own.
If I were to take a developer that did not know Cassandra and a Sysadmin
that did not know Cassandra and asked them to set it up. I can bet that the
what they would come up with after 2 weeks would be something that scores
about 2/10.
The sysadmin would spend some time hacking cloud formation stuff, the
developer would only know enough about the configuration process to setup
on laptop. No system would be in place to do rollling restarts or backups.
The sysamdmin would start grumbling about hating Java and forcing you to
switch to mongo, the CEO would start asking "why dont we just use
DynamoDB?" another person says "why dont we pay commercial company X to run
there fork of it with management tools"
Realize DCOS/Docker its like your IPAD.... It is not expandable. It is made
to throw away.
Again, I give c actor framework as an example, 9999999%of people are not at
google scale. Likely 1 instance of c-actor framework on a VM gets the job
done. DCOS docker, you click you got it. It is done in 20 minutes. Its
crap but its done, the project might fail anyway in 2 months.
Lets do the classic system admin route.
Developer email: I need c-actor-framework installed on our systems
Admin: package tool install c-actor-framework
1 week later
Developer email: Can not find symbol error...I need version 4.4.
Admin: our packaging only supports 4.2. Ill look into this.
Admin: hacks at port. maybe sends pr to someone to fix port....maybe not
Admin: Ok now its ready
Developer: thanks:
1 month later:
We have decided to use aka not the c-actor framework... can you install
that now? :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20170408/04fbe80a/attachment.htm>
More information about the talk
mailing list