Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
History of file www/containers.md at check-in c1aefb00c351f7b9
|
2024-02-10
| ||
| 12:26 | Removed a bunch of manual indents in pre blocks, MD fenced code blocks, etc. The skin does that for us now. ... (file: [e38fa1b6da] check-in: [2a7b1de356] user: wyoung branch: inskinerator-modern-backport, size: 44048) | |
|
2023-09-18
| ||
| 22:27 | Whitespace fix in previous ... (file: [0bc9ed93ba] check-in: [f8bec8f74c] user: wyoung branch: trunk, size: 44010) | |
| 22:26 | Removal of the Tcl example in §5.5 of the containers doc left hanging references in the Python example in a few places. ... (file: [2c5e856e9a] check-in: [40e537e94d] user: wyoung branch: trunk, size: 44009) | |
| 22:10 | Added §5.6 to the containers doc, "Email Alerts," explaining how to get email alerts out by use of the included tools/email-sender.tcl script and the "write mail to DB" feature since the default option (sendmail -ti) won't work by default and it wouldn't be appropriate to make it work besides. This then obviated the earlier half-baked advice on injecting a Tcl environment into the container; the essential point is adequately made by the Python example, so there is no point trying to rescue this plan. ... (file: [c6ba0d7209] check-in: [616a37f4f7] user: wyoung branch: trunk, size: 43906) | |
|
2023-04-19
| ||
| 11:55 | A few more small tweaks to the containers doc ... (file: [c23b326ff0] check-in: [117cf4ffe8] user: wyoung branch: trunk, size: 42449) | |
| 11:39 | Reordered a few sections in the container customization section to flow better and reduce redundancy. ... (file: [515ce31b49] check-in: [bb189d17f2] user: wyoung branch: trunk, size: 42475) | |
| 11:29 | Moved the sectio about elaborating the container runtime layer down into the section of the doc where we talk about other customizations. Its prior location was because it was a tangent off a prior point, but it's just as easy to jump down via hyperlink. Assorted other small improvements while in there. ... (file: [032b8dae68] check-in: [301d4f21bc] user: wyoung branch: trunk, size: 43032) | |
|
2023-04-01
| ||
| 16:49 | Added the CENGINE abstraction between `docker` and `podman` in the Makefile's container convenience targets. ... (file: [8a4d2dec0a] check-in: [72d8240457] user: wyoung branch: trunk, size: 43330) | |
| 16:41 | Removed all the "BBXVER" stuff in the containers doc now that we aren't fetching the BusyBox sources and building a custom version to install outside the jail. ... (file: [055ad022f0] check-in: [b14165549c] user: wyoung branch: trunk, size: 42889) | |
|
2023-03-31
| ||
| 18:49 | Updated the Podman docs to no longer talk about all the "sudo" stuff we used to have to do to get it to build and run. There are no more mknod calls to fail in that rootless environment. ... (file: [9c0201b852] check-in: [779cb8fd9d] user: wyoung branch: trunk, size: 43554) | |
|
2023-03-30
| ||
| 14:51 | Commit [cda5d6a7] invalidated the BusyBox steps in the Tcl and Python examples in §3.2 of the containers doc. ... (file: [e1885e1d7d] check-in: [ddcdc6f30b] user: wyoung branch: trunk, size: 44765) | |
|
2023-03-28
| ||
| 00:02 | Post-sleep edit pass on the new material in §3.2 of the containers doc. ... (file: [39ccf94a41] check-in: [d21fb2678a] user: wyoung branch: trunk, size: 45178) | |
|
2023-03-27
| ||
| 07:24 | Refined the Tcl and Python examples in the new §3.2 of the container doc. ... (file: [3e52625c82] check-in: [9baa4423f6] user: wyoung branch: trunk, size: 45378) | |
| 04:59 | The container now uses BusyBox only in the build and setup stages, leaving just the static Fossil binary in the final stage, plus absolute necessities like a /tmp directory. This removes the justification for the custom BusyBox configuration, which then means we can use Alpine's busybox-static package in the second stage, saving a bunch of network I/O and build time. That in turn means we no longer have any justification for jailing the Fossil binary, since there's nothing extra left inside the container for it to play with. Doing this required bumping the Dockerfile syntax back up from 1.0 to 1.3 to get the "COPY --chmod" feature; tested it in Podman, which has had it [https://github.com/containers/buildah/issues/2961 | for two years now]. Doing all of this simplifies the Dockerfile and its documentation considerably. As a bonus, it builds quicker, and it's nearly a meg lighter in compressed image form. Especially for the case of using the container as a static "fossil" binary builder, this is nothing but win. ... (file: [130f7243b0] check-in: [79ac06a540] user: wyoung branch: trunk, size: 43063) | |
|
2023-03-24
| ||
| 08:07 | Dropped our canned /etc/os-release file entirely, recommending instead that those who need a VM-like container image switch the second stage from "scratch" to one of Google's "distroless" images, which provide that and more. That in turn gets rid of the need for the dummied up /usr/bin and /run, which simplifies the mainstream case. ... (file: [901a4a2dfb] check-in: [d778a02392] user: wyoung branch: trunk, size: 44813) | |
| 05:17 | Added the interactive debugging shell command to the Quick Start section of the containers doc for easy cut-and-paste. ... (file: [0bd3fa413a] check-in: [2f0144071a] user: wyoung branch: trunk, size: 44651) | |
|
2023-03-23
| ||
| 18:03 | URL and whitespace fixes to previous. ... (file: [a795d24b48] check-in: [9e73519c01] user: wyoung branch: trunk, size: 44511) | |
| 16:40 | The /etc/os-release workaround for nspawn's pickiness has caused the feature to go into negative ROI territory. Ripped it out of the mainstream process and made it a manual step for those who need it, in the hopes that this will cause fewer ongoing problems than leaving it as it is. ... (file: [e1565c2761] check-in: [4cb5c03ea1] user: wyoung branch: trunk, size: 44513) | |
| 15:42 | Linked to the Dockerfile from the top of the containers doc. ... (file: [ffc80437d2] check-in: [2210c15d13] user: wyoung branch: trunk, size: 44362) | |
|
2023-03-02
| ||
| 17:24 | The recommendation to configure Fossil with the --static flag is semi-obsolete, and the following advice to look further down in the same document for the Docker workaround was wholly obsolete since moving all of this into the dedicated containers.md doc. Fixed all this up, and linked to the "why" answers on Stack Overflow about all of this in a few more places. ... (file: [403eab9dfb] check-in: [d282e42cd2] user: wyoung branch: trunk, size: 44335) | |
|
2023-01-17
| ||
| 20:32 | Fixed a copy-paste error in the Podman sections of the container doc: was using "docker" commands instead of "podman" in a few places. That'll work for people who aliased them, but it's confusing. ... (file: [7f5ce75970] check-in: [6eefa9b0d7] user: wyoung branch: trunk, size: 44247) | |
| 06:29 | Removed use of UPX in the container build process. It complicates the build for a tiny gain while breaking ARM builds. We worked around the ARM-on-ARM case earlier, but it also breaks x86 cross-compilation on ARM. Images are already compressed, and while `upx -9` is stronger compression than whatever Docker Engine is using, it's a small advantage. This does mean the static executable isn't compressed any more on x86, but if you want that, you can UPX it afterward. ... (file: [e4d70e3876] check-in: [da545c9e79] user: wyoung branch: trunk, size: 44247) | |
|
2022-12-06
| ||
| 06:13 | Grammar and spelling fix pass on the new nspawn material in the containers doc. ... (file: [7185d58b52] check-in: [5405aa5738] user: wyoung branch: trunk, size: 44300) | |
|
2022-12-03
| ||
| 13:17 | Typo fixes ... (file: [10b21bbc36] check-in: [00e4d91e28] user: wyoung branch: trunk, size: 44314) | |
| 11:55 | Assorted prose polishing in the new systemd-container section at the end of the containers doc. ... (file: [b19ba453d1] check-in: [120a207631] user: wyoung branch: trunk, size: 44317) | |
| 11:37 | Added a few more "container-*" targets to the main makefile to simplify the examples in the containers doc and make the resulting images and containers easier to manage. ... (file: [1bf37feaab] check-in: [b7edb5f1c5] user: wyoung branch: trunk, size: 43871) | |
|
2022-12-02
| ||
| 23:14 | Merged two redundant discussions of the consequences of disabling private network virtualization under systemd-container infrastructure, then added better reasons why the reader might care. ... (file: [cddad8db1b] check-in: [7055433695] user: wyoung branch: trunk, size: 43964) | |
|
2022-11-30
| ||
| 23:09 | Worked out how to get systemd-container (a.k.a. nspawn + machinectl) working with the stock Fossil container. Following the above commits, it's pure documentation. Removed the runc and crun docs at the same time since this is as small as crun while being more functional; there's zero reaon to push through all the additional complexity of those even lower-level tools now that this method is debugged and documented. ... (file: [f4ee196e44] check-in: [930a655a14] user: wyoung branch: trunk, size: 43509) | |
| 12:59 | Tried to get "--with-tcl=1" working in the containerized build, but failed, so I documented the reason why it isn't going to work given our current design goals and pointed at an alternative with different tradeoffs. ... (file: [491c8810e9] check-in: [fb1bfce16d] user: wyoung branch: trunk, size: 40527) | |
| 12:32 | Added the FSLCFG Dockerfile build arg and showed how to use it in the containers doc, plus other improvements to the doc while in there. ... (file: [6dae355488] check-in: [e2277aad16] user: wyoung branch: trunk, size: 39870) | |
| 11:44 | Reverted the build hack to strip out all but the default and darkmode skins in the stock Dockerfile. That was done to cater to a wish for extremely small ARM builds, for fun, not for any practical reason. It conflicts with a key philosophy behind this container project, to create stock Fossil builds by default. "make container-image" should get you a functionally identical binary inside the container as "./configure && make" does outside it. ... (file: [6242fcb54e] check-in: [3e95d94583] user: wyoung branch: trunk, size: 39345) | |
|
2022-10-06
| ||
| 02:44 | Closing off the containers project: added the doc to the permuted index, noted the changes in the changelog, and removed all the hedging about WAL mode in the doc, having failed to make WAL fail in this scenario. ... (file: [b5fc583689] check-in: [92982dc4e2] user: wyoung branch: trunk, size: 39429) | |
|
2022-09-26
| ||
| 22:29 | Replaced most of the speculation in the walmode section of the containers doc with a link to the walbanger project, where we'll be answering this question. ... (file: [c4f2b6c4ae] check-in: [96633067d5] user: wyoung branch: trunk, size: 40475) | |
|
2022-09-07
| ||
| 09:11 | Mentioned containerd+nerdctl in place of runc in the containers doc. A tightened-up version of the prior runc and crun sections are now collected below the Podman section. This gives a better flow: each successive option is smaller than the last, excepting only nspawn, which is a bit bigger than crun. (We leave nspawn last because we can't get it to work!) ... (file: [e3ef13f6a1] check-in: [457c14a490] user: wyoung branch: trunk, size: 41248) | |
| 07:35 | Updated the "nojail" patch for our Dockerfile to track the recent changes: rename back from Dockerfile.in and the layer refactoring. It does essentially the same thing as before. ... (file: [ad952bd8e2] check-in: [19abf0ac13] user: wyoung branch: trunk, size: 42017) | |
|
2022-09-05
| ||
| 01:42 | Expanded the paragraph on WAL mode interactions in the container doc into a full section, placed higher up, immediately after the first use of Docker's "--volume" flag, to explain why we don't map just the repo DB file, but the whole directory it sits in. Even if we later convince ourselves WAL is safe under this scenario, it'll be conditional at best, so some remnant of this section must remain, no matter which way the experiments go. ... (file: [79fdcb551f] check-in: [698587d41d] user: wyoung branch: trunk, size: 42091) | |
|
2022-09-04
| ||
| 12:55 | Restricted the container listeners to localhost in section 6 of the containers doc, and mentioned a few other items related to reverse proxying with nginx. ... (file: [0b3f461727] check-in: [c9ab736f78] user: wyoung branch: trunk, size: 39386) | |
| 12:14 | Folded info from an exchange with the Podman devs into the container doc. ... (file: [fe06e35888] check-in: [80f4a1dd49] user: wyoung branch: trunk, size: 38920) | |
| 11:36 | Added section numbers to the containers doc (it was getting confusing) and added a few internal fragment IDs. ... (file: [976829281b] check-in: [4d51d52417] user: wyoung branch: trunk, size: 38726) | |
| 11:26 | Finished all the new topics planned for the new containers doc, adding sections on rootful Podman containers and on building via Docker but running via Podman, using Docker Hub as an intermediary to avoid building on the remote host. ... (file: [d0f431441d] check-in: [9c96e49995] user: wyoung branch: trunk, size: 38608) | |
| 09:27 | Sanitized a local port number out of previous ... (file: [276d3a454b] check-in: [3dfa458167] user: wyoung branch: trunk, size: 34957) | |
| 09:25 | Added my sad tale of failure and woe with systemd-nspawn to the container docs, both as a warning to those who follow, and as a cry for help to someone who can make this work. I can't be bothered to spend more time on it, but there's no point throwing the work away. ... (file: [00163ddd95] check-in: [1e8c665528] user: wyoung branch: trunk, size: 34958) | |
| 09:15 | Documented another cause to modify the "m" variable in the runc examples in the container docs. ... (file: [3741acaab2] check-in: [bf5030883a] user: wyoung branch: trunk, size: 33462) | |
| 08:09 | Added more jq filters to the runc examples to remove further problematic things left in the automatic conversion from the Docker container configuration file to the one we provide to runc. ... (file: [dd127e0a4c] check-in: [4e8c74797f] user: wyoung branch: trunk, size: 33343) | |
| 07:15 | Worked through some difficulties here in applying the runc method on remote systems, then documented what I learned in the containers doc. ... (file: [3ab584aafa] check-in: [56f4e2ce2f] user: wyoung branch: trunk, size: 31983) | |
| 06:28 | Small fix to previous ... (file: [9ff2c78d5e] check-in: [d5695c8ef1] user: wyoung branch: trunk, size: 30638) | |
| 06:02 | Expanded the runc section of the container doc to cover "bundle" terminology and to show a method for rsyncing the bundle across to a remote host. Also explained why this is a bad idea unless you've got a rather constrained use case, lest people avoid using podman/docker in places where they could provide real value. ... (file: [240714daac] check-in: [f9f13ce7a9] user: wyoung branch: trunk, size: 30638) | |
| 04:32 | Documented the runc and crun options for running a container, including the cryptic method for exporting an OCI bundle from Docker, allowing you to use both together: Docker Desktop on your big dev box in the office, then one of the two lightweight runtimes out in the cloud. ... (file: [d9411cc572] check-in: [c9431ef4a3] user: wyoung branch: trunk, size: 28193) | |
| 02:35 | Added explicit instructions for patching the Dockerfile for the nojail/podman method and for mapping a single Fossil repo into the container rather than a directory. Also included my best current advice on using WAL mode in these contexts. ... (file: [6b76117631] check-in: [87a23d2a7c] user: wyoung branch: trunk, size: 23595) | |
| 02:15 | Removed a TODO-based section of the new containers doc that wasn't meant to be checked in yet. Made a few improvements to the new Podman material as well. ... (file: [bc1e8d1355] check-in: [5adf6c40d9] user: wyoung branch: trunk, size: 22833) | |
| 02:01 | Added the "Lightweight Alternatives to Docker" section to the new containers doc, currently limited to a tutorial on converting the stock Dockerfile to work under Podman in its default mode, creating a rootless container. This brings in the second container-related file at the root of the repo, the patch file for this, so we don't have to maintain two nearly-parallel Dockerfiles. As a bonus, it allows us to point to the patch from the prose, making explicit what we had to change. ... (file: [f84fc7a14f] check-in: [f0399ea9ca] user: wyoung branch: trunk, size: 23053) | |
|
2022-09-03
| ||
| 23:34 | Extracted the Docker containers material from www/build.wiki and moved it into a new document dedicated to the topic, containers.md. It was already pushing the bounds of how much info we want to provide in a single section of that doc, and it's about to get bigger. As part of the conversion from wiki format to Markdown, did another edit pass on the doc, improving a few things along the way. Dropped the "docker-" prefix from all internal IDs, as we no longer need them to disambiguate references to other parts of the build doc. ... (file: [86f5dc3228] check-in: [7129dc9868] user: wyoung branch: trunk, size: 18232) | |