[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

[atomic-devel] RFC: use early-docker to support additional software on atomic host

From: Tobias Florek <atomic ibotty net>
To: atomic-devel projectatomic io
Subject: [atomic-devel] RFC: use early-docker to support additional software on atomic host
Date: Wed, 8 Jul 2015 10:30:42 +0200

Hi,

tldr: add early-docker daemon (a la coreos) to support running

I need to connect bare-metal atomic hosts via ipsec. That works (with
minor quirks) using the privileged ibotty/ipsec-libreswan container.
Unfortunately, because it is using docker, it starts pretty late in the
boot process. Fortunately I drop sensitive traffic before ipsec is up.

But: I can't use firewalld to do that, because any firewalld container
would start as late as ipsec.

I understand, that in order to keep the image minimal, not every
software can and should be installed. Running an early docker without
network (all containers use host-net) would enable that.

What do you think?

Cheers,
 Tobias Florek

Follow-Ups:
- Re: [atomic-devel] RFC: use early-docker to support additional software on atomic host
  - From: Daniel J Walsh
- Re: [atomic-devel] RFC: use early-docker to support additional software on atomic host
  - From: Colin Walters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]