[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [atomic-devel] RFC: use early-docker to support additional software on atomic host
- From: Colin Walters <walters verbum org>
- To: atomic-devel projectatomic io
- Subject: Re: [atomic-devel] RFC: use early-docker to support additional software on atomic host
- Date: Fri, 10 Jul 2015 10:27:01 -0400
On Wed, Jul 8, 2015, at 04:30 AM, Tobias Florek wrote:
> Hi,
>
> tldr: add early-docker daemon (a la coreos) to support running
I think a two-level approach would indeed allow implementing a
number of nontrivial deployment types. Probably not *all* of them
though (at least at the current time).
This is possible today without modifying the host by simply
cp /usr/lib/systemd/system/docker.service /etc/systemd/system/early-docker.service
and making modifications such as pointing storage to /var/lib/early-docker etc., right?
I haven't tried it though.
My current feeling is to keep this discussion open, and to document
implementations that can be made outside of host modifications right now.
> I need to connect bare-metal atomic hosts via ipsec. That works (with
> minor quirks) using the privileged ibotty/ipsec-libreswan container.
> Unfortunately, because it is using docker, it starts pretty late in the
> boot process. Fortunately I drop sensitive traffic before ipsec is up.
But you're not fetching the images over ipsec? Just securing container-generated
traffic?
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]