Docker vs. PrivateTmp

Sun 18 January 2015 by Lars Kellogg-Stedman Tags docker systemd namespaces

While working with Docker the other day, I ran into an undesirable interaction between Docker and systemd services that utilize the PrivateTmp directive.

The PrivateTmp directive, if true, "sets up a new file system namespace for the executed processes and mounts private /tmp and /var/tmp directories inside it that …

read more

Running nova-libvirt and nova-docker on the same host

Sat 17 January 2015 by Lars Kellogg-Stedman Tags openstack docker

I regularly use OpenStack on my laptop with libvirt as my hypervisor. I was interested in experimenting with recent versions of the nova-docker driver, but I didn't have a spare system available on which to run the driver, and I use my regular nova-compute service often enough that I didn't …

read more

Building a minimal web server for testing Kubernetes

Sun 04 January 2015 by Lars Kellogg-Stedman Tags docker kubernetes

I have recently been doing some work with Kubernetes, and wanted to put together a minimal image with which I could test service and pod deployment. Size in this case was critical: I wanted something that would download quickly when initially deployed, because I am often setting up and tearing …

read more

Building Docker images with Puppet

Wed 22 October 2014 by Lars Kellogg-Stedman Tags puppet docker

I like Docker, but I'm not a huge fan of using shell scripts for complex system configuration...and Dockerfiles are basically giant shell scripts.

I was curious whether or not it would be possible to use Puppet during the docker build process. As a test case, I used the ssh …

read more

Docker networking with dedicated network containers

Mon 06 October 2014 by Lars Kellogg-Stedman Tags docker networking kubernetes

The current version of Docker has a very limited set of networking options:

  • bridge -- connect a container to the Docker bridge
  • host -- run the container in the global network namespace
  • container:xxx -- connect a container to the network namespace of another container
  • none -- do not configure any networking

If you …

read more