CAcert System Admins discussion list

[Jan Dittberner <jandd AT cacert.org>]

On Thu, Jun 30, 2016 at 05:18:22PM +0200, Christian Elmerot wrote:
> On 2016-06-30 15:34, Yuri Nazarov wrote:
> >Hi Jan,
> >
> >thanks for posting this series of articles.
> >
> >Have you considered docker for deployment?
> 
> Docker would not be ideal for this IMO. There are several reasons but
> reproducability and control are my main issues as I've worked extensively
> with both docker and LXC. Docker is fine for testing but for production
> deployment I'd take LXC any day over docker for almost anything.

Hello Yuri,

yes, I have considered docker and decided against it. Docker is a nightmare
when it comes to security patching. It is really great for getting fast
development setups or throwaway containers for short living payloads but our
systems are more long living and need proper security patching. This might
be possible to achieve with docker and data volumes but I don't see
advantages over our LXC setup when we will have some proper automation in
place.

Thanks for your thougths and feedback


Kind regards
Jan

-- 
Jan Dittberner - CAcert Infrastructure Team Lead
Software Architect, Debian Developer
GPG-key: 4096R/0xA73E0055558FB8DD 2009-05-10
         B2FF 1D95 CE8F 7A22 DF4C  F09B A73E 0055 558F B8DD
https://jan.dittberner.info/

Attachment: smime.p7s
Description: S/MIME cryptographic signature