Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Laura Frank
    @rheinwein
    you want to ssh into it or somesuch? the web browser is best, but there is a docker machine driver if you want something else: https://github.com/play-with-docker/docker-machine-driver-pwd
    Mark Garrison
    @garrmark
    my coin miner flatlined when I ran the docker service create --name rng --network dockercoins --mode global \
    --detach=false $REGISTRY/rng:$TAG but everyting appears to be running
    [ip-172-31-27-200] (local) docker@52.53.244.51 ~
    $ docker service ls
    ID NAME MODE REPLICAS IMAGE PORTS
    7kk6e1ccwk3l redis replicated 1/1 redis:latest
    of4lyei1dx34 hasher replicated 1/1 127.0.0.1:5000/hasher:v1
    phivtrd2ye2h registry replicated 1/1 registry:2 :5000->5000/tcp
    qhn22vbhk461 webui replicated 1/1 127.0.0.1:5000/webui:v1     :8000->80/tcp
    wsekrt658omu rng global 5/5 127.0.0.1:5000/rng:v1
    zxeku7ip9h1z worker replicated 10/10 127.0.0.1:5000/worker:v1
    Rubén López
    @rubenclopez
    So what is the difference between docker run vs docker service ?
    Nicolas Degory
    @ndegory
    docker run creates and starts a container on your local docker engine
    Rubén López
    @rubenclopez
    oh docker service is swarm?
    Nicolas Degory
    @ndegory
    docker service creates a service on the swarm, and the orchestration will take care of scheduling tasks on the swarm
    right
    Rubén López
    @rubenclopez
    Got it. Thanks.
    Karl Girthofer
    @Kgirthofer
    does docker service have built in self-healing?
    Tony Pujals
    @subfuzion
    @rubenclopez Yes, to be clear you can use docker service create to create individual services and you can use docker stack deploy to deploy a whole stack of services, but this all relies on Docker swarm mode and that idea of services -> tasks/replicas -> containers
    @Kgirthofer Yes, in swarm mode, the scheduler attempts to maintain your desired state
    Laura Frank
    @rheinwein
    @Kgirthofer the docker service API is declarative, so swarm is constantly evaluating whether or not the actual state matches your desired state
    Karl Girthofer
    @Kgirthofer
    sweet
    Karl Girthofer
    @Kgirthofer
    all of that is configurable I presume?
    quantities of b/g
    i.e. 1000 containers, not going to b/g one at a time?
    Nicolas Degory
    @ndegory
    yes, deploy options in the compose file
    Karl Girthofer
    @Kgirthofer
    ah - as touched just now
    Don Ebben
    @debben
    When we built, pushed, and deployed again, how did swarm know that there was a change despite the image tag staying the same? Is there a "always pull" behaviour by default?
    Tony Pujals
    @subfuzion

    @Kgirthofer You can see docs for the compose options here:
    https://docs.docker.com/compose/compose-file/#deploy

    And service update command options here:
    https://docs.docker.com/engine/reference/commandline/service_update/

    Nicolas Degory
    @ndegory
    unlike docker run, when creating tasks swarm will try to pull if there's a new version of the image
    it checks the digest
    Tony Pujals
    @subfuzion
    @debben Docker actually always pulls
    in swarm mode each node will always pull the node image, the digest is used instead of the tag (which isn't necessarily the "latest" version with the same tag)
    Laura Frank
    @rheinwein
    ProTip: see image digests with docker images --digests
    Tony Pujals
    @subfuzion
    (and remember, there is only a digest once it is pushed to a registry)
    Laura Frank
    @rheinwein
    pull an image at a digest with docker pull image@$digest
    Jean Evans Pierre
    @nucklehead
    You mentioned the health-cmd is also supported in run/compose. What is the behavior when the health check fails?
    Laura Frank
    @rheinwein
    in compose, if there is some dependency order where the dependency has a healthcheck (i.e. a database), the application that depends on that database will not start until the healthcheck for the dependency comes back OK
    Jean Evans Pierre
    @nucklehead
    Ah ok great thanks
    chankris2311
    @chankris2311
    This might be a stupid question for I am new to Containers. While updating, could you limit the update to less than 5 for a regressed image per se to avoid increased request on the healthy ones?
    Didip Kerabat
    @didip
    If users prefer flexibility, is it better to hit /services HTTP API or use stack YAML?
    Tony Pujals
    @subfuzion
    @nucklehead In v3 compose it's a bit different ... there is no formal mechanism for service startup dependency order ... there are a number of strategies to handle this. One of the simplest is if B depends on A, then B should just exit with an error if A is not available. Docker will continue to retry starting B (subject to any specific options). At some point if A is healthy (ie, ready), then B will also succeed.
    benzvan
    @benzvan
    Why are secrets stored world readable rather than more restricted?
    Tony Pujals
    @subfuzion
    Another way is to divide your stackfile so that dependents start after the services they depend on. The stack files can still start services that will be part of the same named stack. But you can run separate checks to ensure the required services are ready from stackfile A and then start stackfile B (and again, to drive this point home, these can start services that are assigned to the same logical stack)
    Nicolas Degory
    @ndegory
    @benzvan there's no assumption on which user will have to read it in the container
    benzvan
    @benzvan
    Interesting. Makes sense.
    Laura Frank
    @rheinwein
    @benzvan it's also recommended to 'lock' your swarm
    https://docs.docker.com/engine/swarm/swarm_manager_locking/
    Chadwick Gray
    @chgray54
    Could the config feature just discussed be used to run custom postgresql sql scripts that setup an application's tables, users, roles etc.. and avoid the need to create custom images with those scripts?
    Tony Pujals
    @subfuzion
    And to augment @ndegory's statement, if you follow the general "one process per container model", then it is assumed the process you're running is authorized, regardless of the user you run it under. Obviously if you run other services in your container (not as root and not as your "main" process), then you need to be aware of the security ramifications.
    Jean Evans Pierre
    @nucklehead
    @subfuzion Ok I see.
    Tony Pujals
    @subfuzion
    @chgray54 I think the answer for you is yes -- but to be clear, only in the sense that you can use it to provide a script if your service already expects to run it at the mounted location
    Chadwick Gray
    @chgray54
    okay yeah - thanks @subfuzion
    Laura Frank
    @rheinwein
    you can play with configs here: http://training.play-with-docker.com/swarm-config/
    Didip Kerabat
    @didip
    finally! docker system prune
    victorpjulio
    @victorpjulio
    i'd like to build java/scala apps using swarm/docker. is there an online reference i can be pointed to to look at for best practice? (what image to use, example dockerfile, etc)
    Bret Fisher
    @BretFisher
    Thanks so much for attending the workshop today, come chat with tomorrow on your questions at O'Reilly's "meet the expert" thingy in expo hall at 11:25 before lunch: https://conferences.oreilly.com/velocity/vl-ca/public/schedule/detail/62701
    To learn more about Swarm Internals, see Laura's talk tomorrow at 2:10 in LL21 A/B: https://conferences.oreilly.com/velocity/vl-ca/public/schedule/detail/58658