[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] RFC: use early-docker to support additional software on atomic host



On Wed, Jul 8, 2015, at 04:30 AM, Tobias Florek wrote:
> Hi,
> 
> tldr: add early-docker daemon (a la coreos) to support running

I think a two-level approach would indeed allow implementing a
number of nontrivial deployment types.  Probably not *all* of them
though (at least at the current time).  

This is possible today without modifying the host by simply
cp /usr/lib/systemd/system/docker.service /etc/systemd/system/early-docker.service
and making modifications such as pointing storage to /var/lib/early-docker etc., right?
I haven't tried it though.

My current feeling is to keep this discussion open, and to document
implementations that can be made outside of host modifications right now.

> I need to connect bare-metal atomic hosts via ipsec. That works (with
> minor quirks) using the privileged ibotty/ipsec-libreswan container.
> Unfortunately, because it is using docker, it starts pretty late in the
> boot process. Fortunately I drop sensitive traffic before ipsec is up.

But you're not fetching the images over ipsec?  Just securing container-generated
traffic?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]