
A Docker Container Pattern – Compose Configuration - jayjohnson
http://blog.levvel.io/blog-post/a-docker-container-pattern-compose-configuration/
======
lukeck
WARNING that compose file gives the container ALL, SYS_ADMIN and NET_ADMIN
capabilities, effectively giving it root on your machine. Doing that for some
random image seems like a very bad idea.

OP why are these needed? Can you remove them?

~~~
jayjohnson
I totally agree and this is not a great idea for new comers. I do find it
easier to debug things with all the bells and whistles turned on, but yea the
CAP adds are NOT production ready. I will remove them to prevent confusion for
those looking to get started with docker.

------
Annatar
Database choice: MySQL over Oracle or PostreSQL: suboptimal due to silent data
corruption issues and lack of OS authentication mechanism in MySQL.

Database provisioning: why not implement a generic createdb(1M) program with
required command line switches which OS packages delivering the required
filesystem structures could call in their postinstall phase? I wrote such a
program (for Oracle DB) in shell and AWK and it works great for all sorts of
OS configuration packages which create all kinds of databases; it makes Docker
completely unnecessary, not to mention superflouous;

Substrate choice: what techical advantages does Docker provide over imgadm(1M)
and zones built into SmartOS ("people might be more familiar with Linux and
Docker" is not a technical advantage)?

~~~
jayjohnson
These are great points, but with the post I wanted to share how I approach
designing and building docker containers, because I hope it saves others time
building them. When I started trying to deploy containers on production
without Docker Compose it was painful. Now that I know what that time sink
feels like, I try to focus on using configuration management during
initialization inside the container instead of at the Dockerfile RUN directive
(which requires a rebuild).

Back to your points, can I ask if you are interested in using this container
approach to build a database container cluster in docker and then benchmark
against a working imgadm(1M) + SmartOS environment? From the docker-side when
I scale out a cluster of database runtime-only containers, I utilize the
volume mounting attribute that is commented out in the repo's compose file
([https://github.com/jay-johnson/docker-schema-prototyping-
wit...](https://github.com/jay-johnson/docker-schema-prototyping-with-
mysql/blob/9ae4155632e4162efe6eaaad0ca0a400f9d1e180/docker-
compose.yml#L24-L25)) and then host the database files outside of the
containers in a persistent storage location that is mounted + available on the
hosts where the docker containers are running. As for building the database
container for this proposed solution I would still utilize this Docker
Compose-centric approach in development and then in production because I can
build the container one time and not deal with a rebuild which invalidates
testing a container within my DevOps artifact pipeline.

Wrapping up, I live more on the application development side so I cannot speak
specifically to SmartOS or imgadm(1M), but I know the docker documentation and
community are pretty helpful for getting/finding technical solutions that
helped me build + launch products (go team!). If you are interested we can
discuss more details about how I would approach bench marking these two
database environments. I am a big proponent of testing everything and I would
enjoy discussing how to tackle a db perf/load/ha + test harness like my
message simulator ([https://github.com/GetLevvel/message-
simulator](https://github.com/GetLevvel/message-simulator)).

Feel free to connect with me on LinkedIn anytime:
[https://www.linkedin.com/in/jay-
johnson-27a68b8a](https://www.linkedin.com/in/jay-johnson-27a68b8a)

~~~
Annatar
imgadm(1M) fetch time depends on the type and size of the image, as well as
the speed of one's network connection. This is performed only once.

vmadm(1M) provisioning can take anywhere from 5 to 25 seconds.

Oracle DB provisioning with my program takes 45 minutes, as it performs a
CREATE DATABASE and is constant irrespective of hardware.

------
maque_onlyverse
looks like you just reinvent wheel called kubernetes (secrets, mounted
volumes). Also when following [http://12factor.net/](http://12factor.net/)
there shouldn't be issues with production/testing

~~~
AdrianRossouw
kubernetes seems like it could be overkill for many situations.

this seems like it has fewer moving parts.

~~~
hosh
Kubernetes solves some things that Compose fails on. It's not that Kubernetes
is overkill, but that Compose is an inadequate solution.

~~~
jayjohnson
I am pretty new kubernetes. What are some of the gaps with docker compose vs
kube's deployment orchestration? I am pretty happy with docker 1.10.3, but am
always interested in hearing about something better/cleaner (I don't know what
I don't know). I'm looking over your github for some samples at the moment.

~~~
jayjohnson
So if I take a sample out of your Matsuri repo, how does this get changed as
an "Overridables":
[https://github.com/shopappsio/matsuri/blob/f966480380b685d34...](https://github.com/shopappsio/matsuri/blob/f966480380b685d34e7c161fbb89ad55505cf571/lib/matsuri/kubernetes/service.rb#L6-L13)

~~~
hosh
let() is define a memoized method. When you inherit or include that module
into a new class, you can redefine that same let() and the new class will use
the redefined method instead of what is inherited. You can do that with any of
the let() that gets defined. This lets you use as much or as little of the
shared code that you want.

------
hosh
I wrote something like that for Kubernetes, called Matsuri:
[https://github.com/shopappsio/matsuri](https://github.com/shopappsio/matsuri)

I had tried Compose in a previous incarnation of Matsuri, but Compose has
flaws in it that Kubernetes solves.

~~~
dockerlocker
Please add a description to your code. Yes, we can read the source, but at
least a few sentences about what your work is about and what it will do will
motivate many more people to take a closer look. Adding good docs values your
own work!

~~~
hosh
You are right in that adding good doc adds value to my work. However, there
are a lot of other things I need to do, and the value of those outweighs the
value of documenting this code.

Besides, that code doesn't make sense without an example. The best example is
locked behind proprietary code. Feel free to ping me if you want me to walk
you through what it is about.

~~~
dockerlocker
Ah, so you are that one guy on the internet that has so many other things to
do, nice to meet you!

It is not about time. We have 24 hours every day, everyone has lots of things
to do.

If I could read just one or two sentences describing what your code does, I
had at least some basic information to consider if it is worth spending some
time on this.

As there is nothing and you think it is a waste of time to document that code,
why should I spend my time with some code that you think is a waste of time to
document?

Anyway, have a nice day!

~~~
hosh
I never asked you to look at it. You choose to look at it or you don't. What
social contract do you think I am violating here?

------
tyingq
Just be careful about where "docker-compose.yml" ends up...the examples have
database credentials.

~~~
maque_onlyverse
yeah, also, isn't composed file part of docker layer and thus can be traced
back even if you change them?

~~~
lukeck
No. A docker-compose.yml just provides runtime configuration.

In other words, a Dockerfile specifies what you want to build, and a compose
file specifies how you will run it.

