I am neither a Docker expert nor evangelist, and I have my own gripes and frustrations with it, but this article is full of misinformation and FUD. To wit:
> CoreOS is an operating [system] that can only run Docker and is exclusively intended to run Docker.
No, it isn't. (Maybe if you substitute "Docker" with "containers.")
> First, the main benefit of Docker is to unify dev and production. Having a separate OS in production only for containers totally ruins this point.
No, it doesn't. Completely the opposite, in fact: Docker makes it possible to not care about OS differences between dev, test, and prod.
> Docker on Debian is major no-go
> Docker is 100% guaranteed suicide on Debian 8 and it’s been since the inception of Docker a few years ago
> Debian froze the kernel to a version that doesn’t support anything Docker needs and the few components that are present are rigged with bugs.
rubs temples It's Linux. It's Debian. You can run any kernel you want. There are plenty of repositories out there with binary kernels, including Debian's own back-ported 4.9 kernel, or you can build one from source. Because, you know, open source. I've run many instances of Jessie on Linode with their 4.8 and 4.9 kernels and it's no problem. Hundreds of companies are running Docker in production on Debian and Debian-derived systems.
> I am not aware of any serious companies than run on Ubuntu.
Just because you are not aware does not mean they do not exist. How about Netflix, Snapchat, Dropbox, Uber, and Tesla for starters?
> I cannot comment on the LTS 16 as I do not use it.
It's been out since last April. If you're serious about this survey, this is a no-brainer.
> I received quite a few comments and unfriendly emails of people saying to “just” use the latest Ubuntu beta
What? No. Just use the latest LTS.
> I am moderately confident that there is no-one on the planet using Docker seriously AND successfully AND without major hassle.
I have tried to use Docker on very busy processing systems with short to medium running tasks. My efforts were on Ubuntu 16.04... because any non-LTS is almost a non-starter.
There were two major obstacles; the file system driver and the Docker daemon. I ended up settling on 1.11.{i forget}, because virtually every other version was unusable. As sad as it may sounds, I was tracking two metrics; probability the container will start and time until the docker daemon reaches a state of irrecoverable dead-lock.
Personally I found containers (on a highly contentious system) launched at ~98% success rate with a time-to-dead-lock somewhere around 6500 container start/stop (it was a pretty fat tailed distribution). For a busy system... those numbers equate to an administrative headache.
And on Ubuntu/Debian the defaults (the thing the majority of non-specialists are probably using) were far worse. The only filesystem driver which seemed to work at all was devicemapper direct-lvm.
-
If you have developers on your team who can spend their time figuring out the one magic incantation that makes Docker work most of the time, you're fine. Everybody else should follow his advice for using service providers.
Were you using Device Mapper purposefully, or just because you couldn't get a more typical storage driver to work? The general setup instructions recommend either 1. installing linux-image-extra and using AUFS (for kernel versions < 4) or 2. modifying the dockerd invocation to specify the OverlayFS storage driver with `-s overlay` (for kernel versions >= 4).
Admittedly, the latter strategy is a bit frustrating and counterintuitive on 16.04. When you install Docker it will start automatically and hang because it can't find the AUFS driver and Device Mapper isn't set up. The solution is to either 1. modify policy-rc.d to prevent services from automatically starting or 2. set up Device Mapper (install dmsetup and run `dmsetup mknodes`) before installing Docker and changing the storage driver. Unfortunately, these workarounds are not particularly well-documented.
I would be interested to see how Docker 1.12 or 1.13 with a modern kernel and OverlayFS would be able to handle your described workload.
So you are saying that all default settings are unusable in production, to the point docker might not start at all, and the only cure is series of 5 obscure advanced system setup/configuration that are almost impossible to figure out by oneself and not documented, yet they should be totally obvious to anyone using Docker, right?
FYI: It's because of this sort of bullshit that there are articles called "Docker in Production: An history of failure".
No, that's not what I'm saying. I'm saying that Ubuntu Server 16.04 LTS comes out of the box without AUFS and Device Mapper, and that you either need to enable one or the other before installing Docker or prevent Docker from starting automatically at install time. It sucks, yes, but your description of the problem and its solution is beyond hyperbolic. Googling "docker ubuntu install hang" takes you right to the GitHub issue with the solution at the bottom. And I think it's fixed in Docker 1.13 (it will prefer OverlayFS if AUFS and Device Mapper are not available), although I have not tested it.
I mean to say, device mapper was the only solution which worked in a production setting for me.
I no longer work with that company and so I can't tell how those improvements would change the reliability. Presently I am using docker with btrfs on a low-throughput workload and it seems to work just fine.
Tangentially related - I have been using OverlayFS without Docker for about a year now. It's pretty great. My read-layers can be on an NFS drive and the penalty for writes is relatively small. It basically gives me 90% of what I wanted from Docker in the first place.
It's Linux. It's Debian. You can run any kernel you want.
The guy works in finance, not an area where you can typically say "oh, no worries, we'll just push out this distro with a non-standard kernel." Enterprise IT, and specifically finance (and healthcare) have different requirements. Currently working with a client where not only the full technology stack has to be certified by accountable vendors, but all the internal documentation and customer facing content has to pass strict legal reviews.
"Here is Debian with a custom kernel" won't fly. Nether will "Here is Debian" - Ubuntu LTS will barely pass the line, and that will be after a whole lot of timewasting and ass-covering from many people involved.
I have (or had, I guess) an 11 year career in Fortune ~100 finance and healthcare. Agreed on all points. However, they're already experimenting with Debian, Ubuntu LTS (just not 16.04), kernels, custom AMIs, and different Docker versions. It's not a stretch to imagine they have the ability to deploy a back-ported kernel, or build and/or use an AMI that includes one. Also, HFT practices (or lack thereof) are far from the staid enterprise practices you may be thinking of.
Currently using docker with a Norwegian government organisation. We are very happy with it. Been running production since December. And yes, they run on Ubuntu.
Yes, it's new, and it changes regularly. This is why you do what you do with any other piece of software in an enterprise environment: Pick a stable release (e.g. 1.7), deploy it, then upgrade your development environment to the next stable release (e.g. 1.11) and work through the breaking changes. Regressions are frustrating, I'll agree, but it's free software: report the regressions and help the community fix them.
> Docker Issue: Can’t clean old images
A built-in feature to do so was added in 1.13 (a few months after this article was published).
> The only way to clean space is to run this hack, preferably in cron every day: docker images -q -a | xargs --no-run-if-empty docker rmi
That's not a hack, that's how you do things in Unix.
> As a long-standing goal, the AUFS filesystem was finally dropped in kernel version 4.
> There is no unofficial patch to support it, there is no optional module, there is no backport whatsoever, nothing. AUFS is entirely gone.
While the first point is technically true (actually, based on some light googling, I'm not sure it was ever merged in the first place), many distributions provide it as an optional kernel module. For example, Ubuntu provides it in linux-image-extra. Yes, Virginia, you can build kernel modules from source.
> How does docker work without AUFS then? Well, it doesn’t.
It does: Btrfs, Device Mapper, ZFS...
> So, the docker guys wrote a new filesystem, called overlay. [..] Note that it’s not backported to existing distributions. Docker never cared about [backward] compatibility.
Docker supports multiple storage drivers, one benefit of which is to be able to support older systems: AUFS on older distributions, OverlayFS on newer. The container abstraction allows you to not care about the underlying storage subsystem.
> Right now. We don’t know of ANY combination that is stable
You don't need a custom kernel to run Docker on Linode. Just change the storage driver to overlay (as you do in this stack script) and you're good to go. Otherwise this is a very nice script. I typically install the vim-nox package (instead of vim) but I'm not sure it makes a difference.
> CoreOS is an operating [system] that can only run Docker and is exclusively intended to run Docker.
No, it isn't. (Maybe if you substitute "Docker" with "containers.")
> First, the main benefit of Docker is to unify dev and production. Having a separate OS in production only for containers totally ruins this point.
No, it doesn't. Completely the opposite, in fact: Docker makes it possible to not care about OS differences between dev, test, and prod.
> Docker on Debian is major no-go
> Docker is 100% guaranteed suicide on Debian 8 and it’s been since the inception of Docker a few years ago
> Debian froze the kernel to a version that doesn’t support anything Docker needs and the few components that are present are rigged with bugs.
rubs temples It's Linux. It's Debian. You can run any kernel you want. There are plenty of repositories out there with binary kernels, including Debian's own back-ported 4.9 kernel, or you can build one from source. Because, you know, open source. I've run many instances of Jessie on Linode with their 4.8 and 4.9 kernels and it's no problem. Hundreds of companies are running Docker in production on Debian and Debian-derived systems.
> I am not aware of any serious companies than run on Ubuntu.
Just because you are not aware does not mean they do not exist. How about Netflix, Snapchat, Dropbox, Uber, and Tesla for starters?
> I cannot comment on the LTS 16 as I do not use it.
It's been out since last April. If you're serious about this survey, this is a no-brainer.
> I received quite a few comments and unfriendly emails of people saying to “just” use the latest Ubuntu beta
What? No. Just use the latest LTS.
> I am moderately confident that there is no-one on the planet using Docker seriously AND successfully AND without major hassle.
LOL