1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I am confused: Can someone summarize what linux docker is ?

Discussion in 'Docker and Containers' started by DrStein99, Feb 11, 2018.

  1. DrStein99

    DrStein99 Member

    Joined:
    Feb 3, 2018
    Messages:
    32
    Likes Received:
    0
    I never knew what docker is or what it did, until I followed a confusing tutorial that explained to me how to setup xmr-stak in docker using linux. Unfortunately it confused me for the first time. I thought I had to actually run docker in order to run xmr-stak. I could not fully understand what docker was doing, if it was impacting any of my performance testing. I just resorted back to my usual linux experience, and now run xmr-stak as a system service (for the last month).

    Can someone explain, summarize in just a few lines what the docker is generally used for, how / if it would make my tasks easier for miner or any other software ? I tried to figure this out on my own, but I was overwhelmed and confused by what I read so far with my google searches.
     
    #1
  2. Blinky 42

    Blinky 42 Active Member

    Joined:
    Aug 6, 2015
    Messages:
    379
    Likes Received:
    117
    The $0.02 summary is:
    Docker lets you package up an application with all the bits n bobs it needs to run.

    Why would you care? Lets you avoid installing wonky compilers or support libraries just to run one application, and then deploy that application and all the supporting items much easier. I can take Patrick's xmr-stack miner for example and run it on any of my linux boxes from the past 4 or 5 years - from Centos 6, 7 Ubuntu 14 and 16 - nothing special is needed to adapt to the various old versions of libraries on each platform to get it working just docker pull and run it.

    From a practical standpoint it is more helpful for more complex applications than a simple program like most miners, but it is still super easy to build and share docker (or other container technologies) to a wide audience with less work than trying to maintain packages for dozens of distributions and versions of each.
     
    #2
    DrStein99 and Patrick like this.
  3. Patrick

    Patrick Administrator
    Staff Member

    Joined:
    Dec 21, 2010
    Messages:
    10,582
    Likes Received:
    3,650
    That is a good summary.

    Think of Docker as a great way to package an application with dependencies. Our new universal cryptonight container can do Monero, ETN, Turtle, Sumo and Aeon.
    https://forums.servethehome.com/index.php?threads/docker-xmrig-cryptonight-universal.18579/
    You do not have to worry about compiler versions, libraries that have different names over time and etc. You can run them on any Linux server and still use gcc 7.x even without having to install that version on the system.

    Docker also allows you to deploy and manage on clusters easily. It has logging and other tools built-in. When you want to remove the application you can remove the container and not have to worry about remnants in the system. You can upgrade the base OS and not have to worry about breaking the miner.
     
    #3
    DrStein99 likes this.
  4. DrStein99

    DrStein99 Member

    Joined:
    Feb 3, 2018
    Messages:
    32
    Likes Received:
    0
    Ok. Sounds good. I will start learning how to use that thank you.
     
    #4
  5. EffrafaxOfWug

    EffrafaxOfWug Radioactive Member

    Joined:
    Feb 12, 2015
    Messages:
    438
    Likes Received:
    151
    Docker is a container system, Containerisation's a pretty age-old concept, one that's existed on x86 long before virtualisation was popular. If you've ever set up software within a chroot jail on a UNIX system, you've used a simple form of containers.

    chroot jails's were initially a good way of adding some extra security to services exposed to the network, such as DNS and mail servers. You would have a directory tree containing only the files that were needed to get the service to run, and then even if the service was hacked, all they would have access to was the chrooted directory tree.

    Docker took the same concept and ran with it, and thank to advances in the linux kernel allowing wholly separated userspace contexts, called namespaces. Essentially, you can take a bundle of files needed to run one of these services, and run them under a kernel as a wholly separated user with no access to any other files or running processes (although of course a privilege escalation attack against the kernel is still a concern).

    Practically, this means you can provide relatively complex applications (esp. those that might require bleeding-edge or outdated files to run) in a single bundle along with completely ringfenced runtime dependencies that will be unaffected by upgrades to the OS. For example, application foo might require a library of libbar.so.4 but your OS might have upgraded to libbar.so.9 a long time ago, and the newer version is not backwards compatible. In this case, you'd package libbar.so.4 into your container and configure foo to use that instead of the OS version.

    On the plus side, this means that containerised applications are very unlikely to be broken by OS upgrades (since their files remain untouched within the container), on the downside it means you need to maintain a separate patching methodology for your containers - and there's a high likelihood of bits of certain software used for backwards compatibility reasons to never receive an update... anyone who's worked in an enterprise environment will be all too aware of the ancient versions of apache, tomcat, weblogic, oracle that are "bundled" with applications and can't be upgraded separately without voiding your $upport contract.
     
    #5

Share This Page