How can you write a docker daemon that can kick off other docker containers as needed? -

-

i've seen several options how docker container can communicate directly host system seem kind of sneaky. instance, appears 1 can start container , bind (using -v) in-container docker executable host's docker executable. 1 can send messages host using networking protocol. appears --privilege flag might well.

each of these methods appears have drawbacks , security concerns. bigger question if architecture best approach.

our goal have docker daemon process running, polling database being used queue. (i know frowned upon in ways our traffic low , internal. performance sort of queue not issue.) when docker daemon detects there work done, kicks off docker container handle work. container dies when finished. each container belongs "system" , run load on system. each system can have 1 container running load on it.

is paradigm makes sense? daemon better off host-level process? python script, instance, instead of docker container? docker meant used way? missing where, in docker documentation, tells me how this? "sneaky" ideas above not sneaky, after all?

i understand there opportunity opinion here. looking concise best practices.

thanks, in advance!

the preferred solution i've seen install docker binaries in container, , mount /var/run/docker.sock container. dockerfile have similar looks like:

from upsteam:latest arg docker_gid=999 user root # install docker run curl -ssl https://get.docker.com/ | sh # app setup goes here # configure user access docker run groupmod -g ${docker_gid} docker && \     usermod -ag docker appuser user appuser

and it's run with:

docker run -d --name myapp -v /var/run/docker.sock:/var/run/docker.sock myapp

this efficient solution since remove network bandwidth. , removes network vulnerabilities, either open port, or including tls cert inside container accidentally leak lost backup.


Comments

Post a Comment

Popular posts from this blog

Sass watch command compiles .scss files before full sftp upload -

-
i use winscp download , edit .scss files , sass on linux (on server) compile them .css . after saving file, use: sass scss/style.scss css/style.css , replaces css file compiled sccs. the problem i want skip part return command line after editing scss file, sake of automation , saving time. but, if use watch command: sass --watch scss/style.scss:css/style.css synchronize 2 files, alerts nonexistent css errors pop up: change detected to: scss/style.scss error scss/style.scss (line 232: invalid css after "...ht: bold; line-": expected "{", "") note that when file uploads quicker usual (sometimes happens) watch command job, no errors. this because, when file upload takes time, sass compiles scss file (on server) before uploaded remote folder. thus, compiles part of file, resulting in css errors. is there way set timer watch command waits few seconds after detects changes , before compiling? any other way overcome is, of course, ...
Read more

filehandler - java open files not cleaned, even when the process is killed -

-
there java program read files folder, processing , write output files in folder. ran 4 hours , produced few files failed after throwing following error: "too many files" then modified program close (bufferreader , bufferwriter) , started process again. time process failed after starting throwing following error: java.io.filenotfoundexception: <file> (too many open files) then tried running lsof , searched process having no of open files. realized networkmanager. not sure whether should kill process or not. restarted machine. after when ran java program, still got same error. in worst case might possible code still having leaks in terms of not closing everything, still failing after starting process. have feeling lying in system previous run. if start same process in other machine, runs hours before failing. you cannot retain resource between runs of program, if wanted to. leave system without enough resources in theory, though unlikely, restarting...
Read more

gridview - Yii2 DataPorivider $totalSum for a column -

-
i have order , ordersearch models. in order list (actionindex) gridview there filtering , sorting. on of columns in order order_total (sum of products in order). i need implement sum of order_total in gridview. if manually counting activedataprovider->getmodels() array_map spend 3 seconds 3000 orders (localhost). don't want miss time. i see 2 ways make faster: create cache every filter , update lifetime (horrible) the interesting can right in ordersearch->search() method $query method. don't understand how can pass in controller. example of code 2nd way: class ordersearch extends order { public $totalsum; public function search($params) { $query = order::find(); $dataprovider = new activedataprovider([ 'query' => $query, ]); $this->load($params); $this->totalsum = $query->sum('order_total'); // works fast return $dataprovider; } } after i...
Read more