New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker installation: how to customise and add extensions? #3649
Comments
@mattfullerton what do you think about the state of docker installation. Is it polished enough to include in the install docs? |
Yes, I think it is. And we should recommend and possibly only document (at this stage) install with docker-compose as people are almost always going to need the other services (solr/redis/postgres) and docker-compose is quite mature by now (even if we only are using a very early version of the config file format). Documenting other situations (manual creation of containers and setting links, or having an external Postgres for example) I would hold off on but should also be documented. |
@mattfullerton I've updated my working steps in the original issue above. Happy to contribute to docs if you could help me figure out the remaining steps. |
@mattfullerton @wardi I'm experimenting in my fork at https://github.com/parksandwildlife/ckan/tree/3649-docker-upgrade (this includes PR #3651) but as I'm documenting above, docker-compose is a world of pain in a desert of confusing docs. |
Update: I'm drafting docs for docker-compose here. Any feedback highly appreciated. |
@florianm
so virtualenv isn't needed.
|
@Vanuan thanks for the detailed feedback! I've pushed an update to the docs integrating your feedback. re named volumes: As I'm already mounting /var/lib/docker to a backed up network drive, are there any other advantages of mounting local folders over using named volumes? re secrets vs. .env: is an .env file insecure? would it work with docker swarm or are docker secrets the only way? Since docker compose supports sensitive settings via .env I assumed it was not too un-idiomatic to use .env. I might be wrong? "Ready-to use and fully customized" sounds very good to me, but I'm cautious of hard-coding too many assumptions, like which extensions to add, into the build. |
@florianm Thanks for forging ahead with this, if there's anything you need from me, just ask (doesn't look like it though!) |
@mattfullerton thanks! There are a few points I still need to get my head around - pointers welcome:
the rest as mentioned above:
|
The rationale is the following:
The rationale is that you can include all the settings into the image except external secrets (as image is usually considered a public resource). The question is how container will access these secrets. As I described above, you can mount settings (.env) file from a network storage. That's fine. But in that case you must not forget that you shouldn't mount that file or a folder containing that file to other services. Otherwise those services can access those secrets. So secrets is a feature which enables you to store secrets in more secure and explicit way than in a plain-text file sitting on a network storage. The complexity might not be worth it, it's just a suggestion.
I see. Yeah, I was impressed how simple it is to setup udata: https://github.com/opendatateam/docker-udata
I use this rule of the thumb: if it's production, use docker swarm, if it's development, use docker compose. For development you'd want to mount source directory so that you can change it without rebuilding. There's also a third use case like "QA instance" when you don't want to change source code, but only want to test it. In that case docker compose is fine too.
No, of course it is not necessary, was just a suggestion.
That explains the choices you made. Unfortunately, production environment is still quite different than development. Named volumes were invented long before docker swarm, and it looks like they've abandoned that idea. The idea was that you can easily move named volumes from one host to another. I.e. there's no documentation on what happens when a service with a named volume is moved to another host. It might be that in the future versions volumes would be automatically moved to where they're needed. But I can't imagine how can that be done quickly for gigabytes of data. |
@Vanuan thanks for the detailed explanations, that makes a lot of sense to me. Let me digest those and see what I can factor in. |
I've created this somewhat simplified production-oriented instruction and dockerfile: https://github.com/Vanuan/ckan-base That is a level of simplicity I think would be great for production-like environments. |
CKAN Version if known (or site URL)
My fork of master (2.8.0a) built with docker-compose, incorporates #3651
Please describe the expected behaviour
Please describe the actual behaviour
Solution
I've got a working docker-compose setup with docs/maintaing/install-from-docker.rst using my fork:
git clone git@github.com:parksandwlidlife/ckan.git
git checkout 3649-docker-upgrade
The text was updated successfully, but these errors were encountered: