this post was submitted on 20 Sep 2023
64 points (97.1% liked)

Linux

48624 readers
1551 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
top 25 comments
sorted by: hot top controversial new old
[–] WoahWoah 17 points 1 year ago (1 children)

As someone that doesn't use Linux, this title was very confusing. Coffins. They're called coffins.

[–] joel_feila 4 points 1 year ago

Or womb if your still compiling

[–] [email protected] 15 points 1 year ago* (last edited 1 year ago) (1 children)

Good summary.. had a quick read and I use containers the same way (mostly proxmox these days because it makes them so easy, but it's just lxc under the hood).

I share your dislike of docker-only apps. Lemmy is a good example.. the 'from scratch' install didn't work at all for me and the ansible script just creates docker images..

I work around it by nesting docker in an lxc container for such apps. Keeps them contained in one place.. easier to manage. I have a proxmox template with docker installed (& my base network setup) so it only takes a couple of minutes to spin up.

[–] [email protected] 8 points 1 year ago (3 children)

I'm new to the container world, but everything I've seen and read about so far makes me dislike Docker. I really don't get why it's so popular - except for the cross-platform compatibility I guess?

[–] [email protected] 14 points 1 year ago* (last edited 1 year ago) (1 children)

In a word: convenience.

It was in the right place at the right time with easy UX. A big audience were developers not so familiar with sysadmin in the commercial software world. It provided an easy way to get a kind of executable package. Devs could throw in all their Python/Ruby/JS dependencies and not worry about it. "works on my machine" was basically good enough because you just ship the whole damn thing over.

Docker then supervised the process for you, too. The whole Docker package took care of a lot of things

PS: for those really interested in containers, I always recommend looking into Plan 9: the OS from the original UNIX team intended as a successor to UNIX. Every process has its own namespace and the whole OS is built around that concept (plus a few other core things.. too much to go into here). see also https://pdos.csail.mit.edu/~rsc/plan9.html

[–] [email protected] 7 points 1 year ago

Don't forget configuration. A properly built Docker image can be configured purely via environment variables, which are all in one place. That's much more transparent than having 20 locations with tiny changes to the defaults.

There are obviously edge cases where this doesn't work, but even then you still have a just a bundle of config files in one place.

[–] [email protected] 12 points 1 year ago* (last edited 1 year ago)

The benefit of docker is portability. You can run software anywhere. Rather than going through all this pain of installing and managing systemd services, you can just run a docker container, often in only one command. Docker also handles things like setting environment variables, which are sometimes used by apps as a an alternative for, or even replacement for settings filed, like in the lemmy docker example: https://github.com/LemmyNet/lemmy/blob/main/docker/docker-compose.yml

Docker succeeds where java failed, but in a language agnostic way.

And I disagree with the author's point about disliking docker-only apps, for two main reasons. One, it isn't the developers responsibility to package things for every system, and two, docker containers are mostly self documenting, being very close to simply a shell script. I almost always look at dockerfiles, and I have only seen one or two that are not simple to extract to make them run outside docker.

For example, the lemmy docker image: https://github.com/LemmyNet/lemmy/blob/main/docker/Dockerfile

The author acts like it's some advanced witchcraft or something, but it's just using rust to compile stuff on an debian based system. Every command used to build lemmy is right there. Then, you can look at the environment variables set in the docker compose, and set them in a systemd service or something.

How do I tag people on lemmy?

u/tony

[–] SuddenlyBlowGreen 6 points 1 year ago (1 children)

What makes you dislike docker?

At least from a development perspecrive, it's really convenient, especially when paired with a CICD system and container registry.

[–] [email protected] 2 points 1 year ago (3 children)

I tried it once and it rewrote all my firewall rules without telling me

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

Yeah that's a gripe of mine. Thankfully podman doesn't do that.

Docker also sometimes breaks lxd and libvirt networking by changing the default forward policy from accept to drop.

[–] [email protected] 1 points 1 year ago (1 children)

I think podman by default does do that, but it's easy to disable almost all of it, at least.

[–] [email protected] 1 points 1 year ago

Nope, I just tested and the rootful podman service doesn't touch any iptables/firewall rules.

It uses what is called a "CNI", container network interface, to manage container networking rather than just overwriting all the iptables rules like docker does.

[–] [email protected] 2 points 1 year ago (1 children)

Sounds like you were using Docker Desktop on Windows maybe? It's... pretty meh. But Docker on Linux is phenomenal. Docker on Windows is mostly just a way to make it accessible to developers stuck on Windows.

[–] [email protected] 1 points 1 year ago

Nope. Debian

[–] SuddenlyBlowGreen 1 points 1 year ago

Damn.

Yeah, that would make me dislike it too.

[–] [email protected] 8 points 1 year ago (1 children)

I suggest anyone considering LXD also give nspawn a look. May or may not suit your needs better.

[–] [email protected] 2 points 1 year ago (1 children)

LXD can manage VMs and can manage clusters with live migration for both containers and VMs. I don't know if nspawn can.

[–] [email protected] 2 points 1 year ago (1 children)

No software is capable of doing live migration/high availability for pet type containers and virtual machines except lxd.

But nspawn isn't really a management software like lxd is, it's more of a container runtime like lxc is.

Ninja edit: Did some googling and I'm technically wrong. Hashicorp's nomad supports lxc as a driver, but according to the doc it only supports host networking...

https://developer.hashicorp.com/nomad/plugins/drivers/community/lxc#networking

But nomad also supports managing nspawn containers which is interesting.

[–] piexil 2 points 1 year ago (1 children)

Afaik Lxd doesn't do live migration of lxc, only vms

Same as proxmox

[–] [email protected] 1 points 1 year ago

Damn you're right:

https://documentation.ubuntu.com/lxd/en/latest/howto/move_instances/#live-migration-containers

It can live migrate cattle type containers if you enable some options, but not pet type (systemd) containers.

[–] [email protected] 2 points 1 year ago

Using NixOS, I've come to really like nspawn containers.

[–] [email protected] -3 points 1 year ago (2 children)

They are not immutable. Might as well use a chroot at that point

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

Neither are Docker(-like) containers, at least by default. They are just not intended to keep their filesystem state outside of volumes or mounts

[–] [email protected] 2 points 1 year ago

True but you can just blow away everything and start from scratch when something goes wrong. It also makes updates way easier

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

[This comment has been deleted by an automated system]