[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [atomic-devel] RFC: use early-docker to support additional software on atomic host
- From: Daniel J Walsh <dwalsh redhat com>
- To: Tobias Florek <atomic ibotty net>, atomic-devel projectatomic io
- Subject: Re: [atomic-devel] RFC: use early-docker to support additional software on atomic host
- Date: Wed, 8 Jul 2015 09:10:32 -0400
On 07/08/2015 04:30 AM, Tobias Florek wrote:
> Hi,
>
> tldr: add early-docker daemon (a la coreos) to support running
>
> I need to connect bare-metal atomic hosts via ipsec. That works (with
> minor quirks) using the privileged ibotty/ipsec-libreswan container.
> Unfortunately, because it is using docker, it starts pretty late in the
> boot process. Fortunately I drop sensitive traffic before ipsec is up.
>
> But: I can't use firewalld to do that, because any firewalld container
> would start as late as ipsec.
>
> I understand, that in order to keep the image minimal, not every
> software can and should be installed. Running an early docker without
> network (all containers use host-net) would enable that.
>
> What do you think?
>
> Cheers,
> Tobias Florek
>
I think we should investigate using runc rather then docker form
something like this. The idea would be to create a docker container
image, but run it outside of the docker framework.
I am not sure if this is possible but I think this is something we
should examine with the changes going on at Docker.
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]