Docker and updates
-
They way to handle security updates in the OS is to update the base image, then rebuild your application image.
-
Rebuild? Not sure what you mean?
Also, where does your data live?
-
Data should live in data volumes and/or data volume containers, the official documentation should help.
https://docs.docker.com/engine/userguide/dockervolumes/ -
I'm a bit confused by that graphic....
I guess the server layer is .... well a server like Dell R710 I've got
Then is the Host OS say ESXi??? And the Docker Engine is a VM running Linux with docker installed? -
That is not how I read it. I read the server layer the same as the hypervisor.
Notice the only virtualization this graphic shows is Docker itself... That is why I assume this.
-
@hobbit666 said:
I'm a bit confused by that graphic....
I guess the server layer is .... well a server like Dell R710 I've got
Then is the Host OS say ESXi??? And the Docker Engine is a VM running Linux with docker installed?Docker is a container, not a VM in the traditional sense. We used to call these "OS Containers" before the latest wave of marketing appeared. This is old tech, not new tech, so think about products we've had for decades. Like Zones and Jails.
Containers run on an OS, not on a hypervisor. You should have your OS on a hypervisor and people normally do, but they are not showing that there at all. But it is not mislabeled. You can just as easily run Docker without a hypervisor as you can with one. Docker runs on Linux, Linux should be a VM.
-
I think Dash's question is how do you handle the OS-Layer updates... Say you have
Xen -> CentOS -> Docker -> MySQL Container ...
What happens to the MySQL Container if the underlying CentOS is updated?
-
@dafyre said:
I think Dash's question is how do you handle the OS-Layer updates... Say you have
Xen -> CentOS -> Docker -> MySQL Container ...
What happens to the MySQL Container if the underlying CentOS is updated?
Exactly!
-
The containers contain their own OS. So updating the base platform will not modify the containers. To update a container you update its image and redeploy.
-
Then why do you need and OS under the containers?
-
@Dashrender said:
Then why do you need and OS under the containers?
Because that's what they run on. They are containers, not VMs. How else would they run?
-
Docker containers run their own OS but share the parent's kernel. They don't have discrete kernels. So if you want to modify the kernel itself, you have to reboot the parent and everything reboots. But libraries and such are all in the containers.
-
That question seems loaded, but I'm guessing it's really not.
From what I can tell, the containers don't have a full OS in them, really they only have the OS components that they specifically need to get their job done. As you said, updating the OS won't affect them because the pieces needed by the container themselves are self contained - OK fine - I think I even said that in my OP or a post shortly there after.
Which of course means I shouldn't have said exactly to @dafyre post.
-
@scottalanmiller said:
Docker containers run their own OS but share the parent's kernel. They don't have discrete kernels. So if you want to modify the kernel itself, you have to reboot the parent and everything reboots. But libraries and such are all in the containers.
Where, is the flexibility vs a straight up VM, then? Each VM also contains its own Kernel, so any tweaking that I desire can be done inside the VM without affecting the Host OS (Xen, Hyper-V, et al). I get live Migration with VMs...
-
@dafyre said:
@scottalanmiller said:
Docker containers run their own OS but share the parent's kernel. They don't have discrete kernels. So if you want to modify the kernel itself, you have to reboot the parent and everything reboots. But libraries and such are all in the containers.
Where, is the flexibility vs a straight up VM, then? Each VM also contains its own Kernel, so any tweaking that I desire can be done inside the VM without affecting the Host OS (Xen, Hyper-V, et al). I get live Migration with VMs...
Docker is about application flexibility, not OS tweaking. You can't tweak a Docker container, it is set and forget. Docker is about making deployments fast, easy and dense. The DevOps ecosystem doesn't let you tweak running systems anyway.
If you want to log in and tweak running systems, you are in a snowflake systems administration model. You have to separate the two mindsets, they work on completely different problem sets.
