Docker Images To Be Based On Alpine Linux

New submitter Tenebrousedge writes: Docker container sizes continue a race to the bottom with a couple of environments weighing in at less than 10MB. Following on the heels of this week's story regarding small images based on Alpine Linux, it appears that the official Docker images will be moving from Debian/Ubuntu to Alpine Linux in the near future. How low will they go?

Jails

You could run in a Jail on BSD, and ship pretty much no OS at all. Thats the future of containers (and 20 year old tech too...)

Re:Newbie question

Systemd is a new init system whose primary advantage is that it promises to unify the behavior of services running on different linux distros. The problem that a lot of people (including myself) have with it is that since it unifies behavior, you lose choice in how you configure that behavior. In my organisation we've been using Debian for _years_ and upgrading our servers to the latest version has only ever involved minor tweaks to our config scripts. With Debian 8's systemd, we pretty much have to rewrite it all from scratch, which is going to be a huge, dangerous project. Of course, the trend of history is toward automation and standardization, but I think that systemd is too ambitious and too early. Only time will tell though.

I hadn't heard of Alpine Linux before today, being an old Debian guy. Besides the whole systemd thing, I've had the sense that Debian was loosing its way for a while and have been looking around for something to replace it when Debian7 reaches EOL. As a grey beard I want something light-weight and without systemd, but as a practical grey beard I want something stable, that I'll be able to run for another decade. So far, CentOS seemed to be the way of the future for my organization, although it makes me vomit in the back of my throat a little to go closer to the root of the systemd tree.

Make no mistake, though, Docker is the way of the future and will put a lot of people in this forum out of a job. If Alpine has the backing of Docker, it might be the linux distro of the future. It has some really interesting features, like the ability to save all of your system configuration into a package that you can install on other systems via the package manager. That's really cool, and a neat alternative to puppet. I'm not very happy that it isn't binary compatible with stuff built using glibc (which means that commercial software will be limited), and AFAICT it doesn't have some of the dev tools I like to use, but I think this will be a major contender soon.

I'll be watching it. It might

Re:Newbie question

[fpoling]

I suspect docker is the only real contender to the total systemd domination. I liked systemd until I realized how much fragility it brings to the system with all those supposedly nice dependencies between services. The problem is that when one of the dependencies fails, the rest stops starting/shutting down/working when in fact the failure can be very much transient. So I started to like how docker resists supporting full-featured container dependencies. It essentially requires for containers to deal with connection failures when talking to other containers making the whole setup much more robust. As a bonus it becomes much easier to move containers to other machines making the setup scalable.

The move to Alpine is nice in that respect as it it ensures that the packages to build containers on do not have explicit or implicit dependencies on the presence of systemd and so is much more suitable for docker.

Re:Newbie question

[F.Ultra]

The unification with systemd is so that you as a daemon developer only have to write one single unit file that then will work across all different distributions that use systemd, it has nothing to do with limiting your choice in configuration. There should be no less choice in configuration of systemd for you as an administrator than what you already have with SysVInit. You can run what ever scripts from the unit files that you want. I would very much like to hear why you think that systemd lessens your configurability.

Re:Summaries, how do they work?

[Lord+Crc]

There's one guy working on a project called Atom/Atomic/Atome or something, which is basically your app compiled in to an OS container, instead of being built on top of an OS container, but still responding similar to a docker container.

Maybe several people doing the same, but this is one such project: http://www.includeos.org/

Simply add one include in you C++ project and compile it into a VM image.

Re:Summaries, how do they work?

First, docker VMs are incredibly efficient. The overhead is really negligible, even on older hardware. Secondly, apt-get is nice, but it affects everything on the system. What if you're using an application that uses removed features of PHP 5.2 and another that relies on new features of PHP7 and a bunch of others that are on happy on 5.6? This is a royal PITA to set up on one machine; you are better off buying seperate servers. With Docker, you can apt-get the version you need WITHIN THE CONTAINER and the problem is fixed.

By the way, every time you apt-get, you're installing a binary blob. Just so you know.

Re:Summaries, how do they work?

[BLKMGK]

You might also be interested to know that Microsoft is adopting Docker as well. That you haven't heard of it is a little surprising because it's been talked about awhile both here and elsewhere. I too am in the Windows world nearly all of the time and had heard of it although I've yet to use it (one of my Linux based systems supports it though). It looks like pretty interesting concept although when I approach Linux guys about it the first thing they say is that it's a security nightmare

Re:Newbie question

[BitZtream]

Make no mistake, though, Docker is the way of the future and will put a lot of people in this forum out of a job.

Yea, you're not really a grey beard if you make stupid statements like that.

Adding another layer of virtualization to our existing stack with several layers already in it isn't going to magically make things better.

In the last 10 years I've seen the same web server go from running on bare metal to running under 4 layers of hypervisor by the time you get to the docker container ... and you know what ... now that server farm takes 3 times as many people to run because you still need the apache guys ... and you still need the linux guys ... but now you need the docker guys, the vmware guys, and somebody who can coordinate the whole fucking mess.

So lets look at this we went from:

Hardware -> Linux -> AppVM running Apache (1 layer of address translation, the AppVM/Linux kernel boundary)

to

Hardware -> Linux -> KVM -> Linux -> Docker -> Linux -> AppVM running Apache (thats 5 layers of translation ... Yes, thats REALLY what most people using Docker will do)

Yea, thats definitely going to put people out of work ... its easy to understand.

Docker is another example of people doing something because they figured out how to do it, not because they actually should do it. Worse still, Docker is a solution to the fact that Linux is a mess from a file system perspective where everyone just dumps all their bins, system or 3rd party all in the same directories, all together. And then they make fun of Windows like System32 is different than /usr/lib on any given Linux box. System or app config files ... ALL of them are in /etc ... WTF? You know theres this /usr/local idea right? You know that you can put libs in the same directory as the application and then you don't have to run a VM to get the same sort of separation right? I mean seriously, you can't call yourself a grey beard and say Docker is good at the same time, you just admit you have no fucking clue how to be an admin or how docker works.

And you're conflating it with systemd? Do you not have any idea what either one of them are?

Yea, I'm ranting. People who think Docker is good are idiots, typically developers trying to be sys admins, or 'DevOps' as they call it ... and they're clueless and don't understand wtf they are doing. Its not Dockers fault. 'Zones' are something Solaris has had for years, and they weren't new when Solaris did it. Mainframes have had the concept since the 70s. The problem devs who don't know when and where to use them are just throwing them all over the place