Simpatico: Docker
Docker defines a reusable starting point for processes such that each process can act like it's the only process on a clean system.
Docker defines the Dockerfile which is like a shell script, but it includes more steps, going all the way back to approx "install the OS".
For Simpatico, Docker may be useful for running the reflector, simplifying installation and maintenance. This would be particularly useful to people (or systems) checking out the repo for the first time. A Dockerfile may be a nice thing to have, a de facto convention that documents how to install and run your software.
But I'm not going to use it. It's overkill for this project at this stage.
Dockerfile
The Dockerfile is a list of commands that result in an binary image.
A typical devops repository will look like a tree of directories with Dockerfiles in them.
This repository forms a trie of execution steps.
Docker Modeled with Simpatico
There is a clear correspondence between Simpatico and Docker:
The Dockerfile is like the ops array.
The image is like the residue under combine.
The repo and Docker daemon (which stores images/residues) is like the stree.
Providers
The company Docker Inc. started it all, but it may not be a viable company. (That's also a good article for exploring alternatives to Docker Hub.)
Podman
From the podman website
What is Podman? Podman is a daemonless container engine for developing, managing, and running OCI Containers on your Linux System. Containers can either be run as root or in rootless mode. Simply put: alias docker=podman. Install podman
sudo apt-get update
sudo apt-get -y install podman podman-compose
Then read the podman tutorial. Here is a kick the tires command:
podman run --memory=128M --name basic_httpd -dt -p 8080:8080/tcp -e HTTPD_VAR_RUN=/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \
-e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \
-e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \
registry.fedoraproject.org/f29/httpd /usr/bin/run-httpd
OCI
OCI stands for "Open Containers Initiative", which is a rabbit hole.
Errata
This lovely article (and in a style I quite like) jb speaks convincingly of the end of docker, and the difficulty presented by The Registry. And I realized that these are all options for "clean starting points" and how ironic that the battle for zero could be so fierce. (and "The Battle For Zero" is a killer blog post title). It seems like there is space for a paid-for Docker registry; at the very least, we could get in the habit of fully specifying the registry of our dependencies. In this way, the internet, DNS _ ICANN and BGP reassert their Zero-ness. And it's hard for a company to do business if you invent a protocol. Unless you provide a service that popularizes the protocol, and hides the service cost, until it becomes popular, and you monetize in the most obvious possible way.
Private registries: https://www.slant.co/topics/2436/~best-docker-image-private-registries
Mystery
Figure out why containerd is taking up CPU and egress on the linode. It's only 1% and 1.5kb but still. It should be 0.
Disabling Docker
From the SO discussion:
$ sudo systemctl disable docker.service
$ sudo systemctl disable docker.socket
and more of a "teach a man to fish" command:
$ systemctl list-unit-files | grep -i docker
Copyright SimpatiCorp 2024