[ale] Behind on your "Container Skills"
Jim Kinney
jim.kinney at gmail.com
Mon Jan 8 12:27:43 EST 2018
I do get it. Containers are basically a chroot with cgroup isolation.
It's just I've seen too many that with a deployment script of "download
a tarball from http://unknown_ip/ and run as root".
As an admin, I will happily build an environment to spec for the devs.
That way they get a supportable setup that doesn't allow for them to
run anything as root. Until EVERY line of code is evaluated under every
condition, a stack smash as root is just a bad day/week/month/new-job
event I would rather avoid.
On Mon, 2018-01-08 at 12:16 -0500, Ed Cashin wrote:
> Hmm. Containers are really just a mechanism to make advancements in
> process isolation easier to use.
> You must be thinking of using containers instead of VMs or separate
> physical machines. It's easy to beat up on containers if you compare
> them to VMs or hardware isolation.
>
> Usually I think of it as a choice between running a process in the
> global namespace or running the process with more isolation via
> cgroups, filesystem namespaces, etc. Running containers is really
> just running processes, like running a process in chroot but less
> broken.
>
>
> On Mon, Jan 8, 2018 at 12:05 PM, Jim Kinney via Ale <ale at ale.org>
> wrote:
> > Devs LOVE containers. SysAdmins hate them. They are difficult to
> > manage for updates (toss and rebuild) and most devs pull latest-
> > greatest libs even though they are all right from git repo and not
> > checked for problems. None of the security checks that exist for vm
> > control work for containers and they leak like screen door on a
> > submarine.
> >
> >
> >
> > Good for development. Should be barred from production use.
> >
> > On January 8, 2018 11:34:07 AM EST, DJ-Pfulio via Ale <ale at ale.org>
> > wrote:
> > > From the article, seems most enterprises still use VMs and real
> > > hardware
> > > for their production loads. Containers are mostly used for
> > > development
> > > needs, not production.
> > >
> > > https://www.theregister.co.uk/2018/01/08/container_shock_not_ever
> > > ybody_is_doing_it/
> > >
> > >
> > > Ale mailing list
> > > Ale at ale.org
> > > http://mail.ale.org/mailman/listinfo/ale
> > > See JOBS, ANNOUNCE and SCHOOLS lists at
> > > http://mail.ale.org/mailman/listinfo
> >
> >
> > --
> >
> > Sent from my Android device with K-9 Mail. All tyopes are thumb
> > related and reflect authenticity.
> > _______________________________________________
> >
> > Ale mailing list
> >
> > Ale at ale.org
> >
> > http://mail.ale.org/mailman/listinfo/ale
> >
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> >
> > http://mail.ale.org/mailman/listinfo
> >
> >
>
>
>
--
James P. Kinney III
Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
http://heretothereideas.blogspot.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20180108/39f338f8/attachment.html>
More information about the Ale
mailing list