Imbedded Docker
-
I work in an environment where there is the occasional desire to spin up applications on demand, Docker is pretty much the standard for this (at least it's well known).
I've not yet gone through the process of modifying a host to support Docker (and to see what containers are running on a VM that is running Docker Server).
I have been able to find very little about this though, I have found a guide on it, the process of which is outlined below.
VM under XCP-ng
- Install a VM on XCP-ng
- instal docker.io and ncat
- Get the UUID of the VM
- Within the VM (ssh or gui) install portainer - to help administer any containers that are running here
Dom0 of XCP-ng
- yum install xscontainer
- xe-toolstack-restart
- xscontainer-prepare-vm -v <UUID of VM> -u USER on VM and Server
Has anyone else done this, and can provide benefits or faults in doing so, besides the obvious that this isn't officially supported?
-
Then of course there is Snaps that can be installed in a Linux VM, and removes the need entirely to customize a host.
Any developers out there that have an opinion on this?
-
First option is the right approach
Modifying the Dom0 is a no go. -
@olivierlambert said in Imbedded Docker:
First option is the right approach
Modifying the Dom0 is a no go.Sorry those are collectively 1 step, to being able to see and administer docker on XCP-ng (from a Ubuntu Guest running on Dom0).
I agree that modifying Dom0 seems like an insane way to do this, especially for the use case that my team is asking for (which is more than described above).
Using a templated VM would be way better for the use case they are describing.
-
Yes, you can use a template and even some automation with Terraform (and Packer to build your template).
-
Is there a documented process for installing Terraform and Packer into a pool that I can review? Those could be options.
-
@DustinB Curious about the reasoning behind your plan for going with Docker.
I'm currently running a Docker VM being managed by Portainer but I'm working on migrating things to Swarm to allow for easier distribution of resources across my hosts.
I've been looking at using Ansible to handle the configuration, etc of the VMs. I looked briefly at the templating but wasn't sure how well it would handle my needs.
I was using the various DevOps posts on the blog to look at the path forward. https://xen-orchestra.com/blog/virtops3-ansible-with-xen-orchestra/
-
@CJ No particular reason, it was more of a fishing expedition to see how others are using docker with XCP-ng.
Generally speaking, I don't see a great reason to customize XCP-ng (dom0) to be able to see a docker environment, but I had to do some fishing to see what is out there and how others are doing it.
I would imagine that most people are just installing docker server within a Guest of XCP-ng, and then using whatever management tools are provided within (like portainer) installed within the VM.
-
@DustinB I generally avoid mucking about with the internals of any appliance that I install but it's pretty surprising how many people want to do so.
Part of what I was wondering in your case was why Docker instead of k8s, etc. That's why I wanted to know more details about the need you were trying to solve.
-
@CJ said in Imbedded Docker:
Part of what I was wondering in your case was why Docker instead of k8s, etc. That's why I wanted to know more details about the need you were trying to solve.
Oh, just a developer found it and thought it was a new shiny toy to be used.
-
@DustinB Typical developer. I'll spare you my rant on the topic.
-
@DustinB said in Imbedded Docker:
Has anyone else done this, and can provide benefits or faults in doing so, besides the obvious that this isn't officially supported?
I am actually going through the process of trying this right now, and am having significant difficulties with the xscontainer-prepare-vm piece - it doesn't work.
So far, I have built a Docker VM, made sure all prerequisites are in there, and then run this script. It does insert an ssh-rsa key into my user's authorized_keys file, but the public key it inserts doesn't actually work. The host is not able to ssh into the VM due to the certificate not matching and requires a password, which does not work because it can't pass the VM check.
Has anyone else seen this behaviour before?
