by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Tony Pujals
    @subfuzion
    @debben Docker actually always pulls
    in swarm mode each node will always pull the node image, the digest is used instead of the tag (which isn't necessarily the "latest" version with the same tag)
    Laura Frank
    @rheinwein
    ProTip: see image digests with docker images --digests
    Tony Pujals
    @subfuzion
    (and remember, there is only a digest once it is pushed to a registry)
    Laura Frank
    @rheinwein
    pull an image at a digest with docker pull image@$digest
    Jean Evans Pierre
    @nucklehead
    You mentioned the health-cmd is also supported in run/compose. What is the behavior when the health check fails?
    Laura Frank
    @rheinwein
    in compose, if there is some dependency order where the dependency has a healthcheck (i.e. a database), the application that depends on that database will not start until the healthcheck for the dependency comes back OK
    Jean Evans Pierre
    @nucklehead
    Ah ok great thanks
    chankris2311
    @chankris2311
    This might be a stupid question for I am new to Containers. While updating, could you limit the update to less than 5 for a regressed image per se to avoid increased request on the healthy ones?
    Didip Kerabat
    @didip
    If users prefer flexibility, is it better to hit /services HTTP API or use stack YAML?
    Tony Pujals
    @subfuzion
    @nucklehead In v3 compose it's a bit different ... there is no formal mechanism for service startup dependency order ... there are a number of strategies to handle this. One of the simplest is if B depends on A, then B should just exit with an error if A is not available. Docker will continue to retry starting B (subject to any specific options). At some point if A is healthy (ie, ready), then B will also succeed.
    benzvan
    @benzvan
    Why are secrets stored world readable rather than more restricted?
    Tony Pujals
    @subfuzion
    Another way is to divide your stackfile so that dependents start after the services they depend on. The stack files can still start services that will be part of the same named stack. But you can run separate checks to ensure the required services are ready from stackfile A and then start stackfile B (and again, to drive this point home, these can start services that are assigned to the same logical stack)
    Nicolas Degory
    @ndegory
    @benzvan there's no assumption on which user will have to read it in the container
    benzvan
    @benzvan
    Interesting. Makes sense.
    Laura Frank
    @rheinwein
    @benzvan it's also recommended to 'lock' your swarm
    Chadwick Gray
    @chgray54
    Could the config feature just discussed be used to run custom postgresql sql scripts that setup an application's tables, users, roles etc.. and avoid the need to create custom images with those scripts?
    Tony Pujals
    @subfuzion
    And to augment @ndegory's statement, if you follow the general "one process per container model", then it is assumed the process you're running is authorized, regardless of the user you run it under. Obviously if you run other services in your container (not as root and not as your "main" process), then you need to be aware of the security ramifications.
    Jean Evans Pierre
    @nucklehead
    @subfuzion Ok I see.
    Tony Pujals
    @subfuzion
    @chgray54 I think the answer for you is yes -- but to be clear, only in the sense that you can use it to provide a script if your service already expects to run it at the mounted location
    Chadwick Gray
    @chgray54
    okay yeah - thanks @subfuzion
    Laura Frank
    @rheinwein
    you can play with configs here: http://training.play-with-docker.com/swarm-config/
    Didip Kerabat
    @didip
    finally! docker system prune
    victorpjulio
    @victorpjulio
    i'd like to build java/scala apps using swarm/docker. is there an online reference i can be pointed to to look at for best practice? (what image to use, example dockerfile, etc)
    Bret Fisher
    @BretFisher
    Thanks so much for attending the workshop today, come chat with tomorrow on your questions at O'Reilly's "meet the expert" thingy in expo hall at 11:25 before lunch: https://conferences.oreilly.com/velocity/vl-ca/public/schedule/detail/62701
    To learn more about Swarm Internals, see Laura's talk tomorrow at 2:10 in LL21 A/B: https://conferences.oreilly.com/velocity/vl-ca/public/schedule/detail/58658