labca icon indicating copy to clipboard operation
labca copied to clipboard
verified publisher icon hakwerk

Pre-build docker images

Open hakwerk opened this issue 3 years ago • 3 comments

Now that everything is running in docker containers, the image(s) should be standard for everyone so we should build them and put them on DockerHub / Github Container Registry. Probably still need to do some config prep from the control container / commander script when the install script is no longer used.

hakwerk avatar Apr 19 '22 17:04 hakwerk

I understand your decision to "dockerize" everything. It makes sense since Boulder itself is distributed as a dockerfile. But there are problems with docker on some platforms.

I have Proxmox on ZFS filesystem. I use CT (LXC containers) for all my Linux servers.

  • It is easy to install Docker directly on the host, but I did not go this way (I want to keep the host clean)
  • It is easy to install Docker inside VM, but VMs are resource hungry. Not very efficient.
  • I want to have LabCA in CT, but it is quite difficult to install Docker inside (unpriviledged) LXC on ZFS. I had to use some workaround: https://du.nkel.dev/blog/2021-03-25_proxmox_docker/

So I ended up with a "nested" virtualization (docker inside LXC) which is quite difficut to manage and debug.

BTW, why did you choose Boulder as an ACME server? Why not step-ca ?

budulinek avatar Aug 07 '22 01:08 budulinek

I have Proxmox on ZFS filesystem. I use CT (LXC containers) for all my Linux servers.

I have the exact same setup.

  • It is easy to install Docker inside VM, but VMs are resource hungry. Not very efficient.

That's an exaggeration. I do now have 1 VM with docker next to all my LXC containers (a dozen or so). That is where I am installing any new stuff now, I personally like managing docker containers way better than all the LXC containers! The CPU usage of VM versus CT is barely different. Only the memory is pre-allocated with a VM but when having only 1 VM (or maybe a few) that is not a problem.

Docker is huge out there and still gaining momentum so it is a good skill to have 😄.

  • I want to have LabCA in CT, but it is quite difficult to install Docker inside (unpriviledged) LXC on ZFS. I had to use some workaround: https://du.nkel.dev/blog/2021-03-25_proxmox_docker/

I never had any issues with docker inside the LXC for LabCA. It's also an unprivileged container but I don't recall if I had to do anything special, maybe things have changed there.

hakwerk avatar Aug 20 '22 10:08 hakwerk

Docker is huge out there and still gaining momentum so it is a good skill to have 😄.

I know Docker is "IN". But I am just a hobbyist with a home server. I do not work in IT so there is no pressure on me to learn new stuff... Proxmox and LXC is doing the job for me.

With unpriviledged LXC on ZFS I had problem with docker taking more and more disk space. I chose one of two possible solutions described here.

Thanks for your replies!

budulinek avatar Aug 21 '22 21:08 budulinek

Included in release v23.05

hakwerk avatar May 04 '23 18:05 hakwerk