Automatic Consul raft discovery and formation #1
Conversation
I removed the check-* items because I have a better plan to replace them
misterbisson
force-pushed
the
auto-raft
branch
from
d000658
to
619da24
Compare
| curl \ | ||
| bash \ | ||
| ca-certificates && \ | ||
| curl -Ls https://circle-artifacts.com/gh/andyshinn/alpine-pkg-glibc/6/artifacts/0/home/ubuntu/alpine-pkg-glibc/packages/x86_64/glibc-2.21-r2.apk > /tmp/glibc-2.21-r2.apk && \ |
There was a problem hiding this comment.
why do we need glibc? this feels like something we should be documenting if we need it.
There was a problem hiding this comment.
Fair question. Honestly, that detail is copied in whole from https://github.com/gliderlabs/docker-consul/blob/legacy/Dockerfile#L6
There was a problem hiding this comment.
@dekobon this might be a detail of interest to you, given your efforts in this space as well.
There was a problem hiding this comment.
I see it -- we're not building consul ourselves and instead we're using a build we're getting from "mitchelh", which was built against libc:
# ldd consul
linux-vdso.so.1 (0x00007fffffd9c000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f535d222000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f535ce79000)
/lib64/ld-linux-x86-64.so.2 (0x00007f535d43f000)
(Go binaries aren't always entirely statically linked)
There was a problem hiding this comment.
Interesting. You curl in glibc. Wouldn't it be better to build Consul using Musl?
# Download and install Consul
# We are building it ourselves, because Alpine Linux doesn't use glibc
RUN export GOPATH=/go && \
apk add --update go git gcc musl-dev make bash && \
go get github.com/hashicorp/consul && \
cd $GOPATH/src/github.com/hashicorp/consul && \
git checkout -q --detach "v$CONSUL_VERSION" && \
make && \
mv bin/consul /bin && \
rm -rf $GOPATH && \
apk del go git gcc musl-dev make bash && \
rm -rf /var/cache/apk/* && \
addgroup consul && \
adduser -D -G consul consul && \
mkdir -p /data/consul && \
chown -R consul:consul /data/consul
Putting aside @tgross 's hate for go get. This would give you a version of Consul that was compiled for the platform. For some reason, I trust a tagged Hashicorp release from github more than I do an entire glibc that I've curled into my environment. In fact, we should probably just create an APK for it and submit it to Alpine.
There was a problem hiding this comment.
Wouldn't it be better to build Consul using Musl?
we should split the build container out from the container we ship though
Those sound like great ideas for a future version ;-)
There was a problem hiding this comment.
It occurs to me that a musl build for something running DNS is something we'd want to test out quite a bit. One of the big behavioral differences between musl and libc is the DNS client library. Not sure if that'll turn out to be relevant for a Go program, but worth checking.
There was a problem hiding this comment.
@tgross This line apk del go git gcc musl-dev make bash && \ mitigates the size of the container because we remove all of the dependencies within the same build step.
@misterbisson Yes, those are great ideas for a future version. Carry on with the good work. 👍
There was a problem hiding this comment.
Please put all further discussion of an Alpine build in #2
|
I've pushed the image to Docker Hub, so you can test this out with the |
| - 8400 | ||
| - 8500 | ||
| dns: | ||
| - 127.0.0.1 |
There was a problem hiding this comment.
What's this bit for? edit, nevermind. Consul is acting as a recursive server
misterbisson
force-pushed
the
auto-raft
branch
from
c9d0e16
to
be8df5c
Compare
|
LGTM |
Automatic Consul raft discovery and formation
No description provided.