<p>Let's just start with some examples:</p>
<pre><code>$ docker start haproxy
ERROR: for haproxy open /var/lib/docker/containers/929fd864e914066286874c784813fc61d91fc4e65657a94603a2f9555d7d6b75/.tmp-config.v2.json411024355: no such file or directory
$ docker rm haproxy
Error response from daemon: Driver devicemapper failed to remove root filesystem 929fd864e914066286874c784813fc61d91fc4e65657a94603a2f9555d7d6b75: failed to remove device 8c10a733b23ad84c91fa72feaecdc544a5ba1708623e3e73e4b7a03ea67325bf: Device is Busy
</code></pre>
<p>huh ... Apparently this is a <a href="https://github.com/moby/moby/issues/29942#issuecomment-271315184" rel="nofollow">known issue</a>; after spending 30 minutes trying to fix this I wimped out and rebooted ... again. This is just one particular error I had this morning, there have been a bunch of others over the last few weeks. I think I've rebooted my computer more in the last three weeks than I did all of last year.</p>
<p>Don't get me wrong, Docker is great ... when it's working. But it's when it stops working that you're left scratching your head, and things seem to get very difficult to debug, much less solve.
It reminds me a lot of systemd; which is also a great system ... when it works. And then you run <code>systemctl enable rpcbind</code> your headphone's volume gets reset. <a href="https://unix.stackexchange.com/q/185495/33645" rel="nofollow">Yes, really</a>.</p>
<p>I used a lot of FreeBSD in the past, and Docker doesn't seem all that different to FreeBSD jails with a slightly fancier UI? I also used OpenSolaris for a while (before Oracle Oracled it), and Solaris Containers seemed to be more or less similar. Even on Linux you've had stuff like OpenVZ for quite a few years.</p>
<p>All of this doesn't mean Docker is <em>terrible</em>, per se. But I see a lot of people raving fanatically over it, and I don't really see where that's coming from to be honest.</p>
<p>Am I missing something about Docker, or is it just a fad? Or something in between?</p>
<hr/>**评论:**<br/><br/>Redundancy_: <pre><p>I'm not sure that this is the right place for it, but yes, I think you're missing something about docker.</p>
<p>It's true that Docker isn't really a new thing - it's mostly a wrapper on functionality that existed before, to make it more standardized and easy to use. What's not as obvious is that the standardization, the distribution of layered file systems etc takes a massive amount of work out of something you could potentially have done yourself. This has created an ecosystem where there are standardized installs of all sorts of applications, databases and technology stacks that you don't have to rebuild.</p>
<p>Once you get past that, you get into the region of coordination (like docker-compose), networking and clustering that you probably wouldn't have solved yourself. I say this, because I know of companies that looked at something like this and gave up on those points.
I have compose files with 3 databases that self-provision, metrics servers, caches, nginx, config services, load balancing proxies with circuit breakers and more, all of which can be provisioned and talk to each other ... by magic. I can test a full stack right on my machine without the strangeness that would be the traditional VM with everything installed and mixed together. All that, deployed from versioned code, using immutable, testable and duplicatable images, where previously you'd probably be using Vagrant or Packer (and potentially different things in different places).</p>
<p>From that ecosystem you suddenly get the larger ecosystem of cloud services where you can deploy in a standardized way. You've got Kubernetes and others as large-scale solutions to allow you to do dynamic scaling that's almost the same between your datacenter and cloud providers, and these are things that you either do very very badly yourself, or not at all. </p>
<p>The hype about Docker is not about setting up and running the one thing once on your one machine.</p>
<p>$0.02</p></pre>arp242: <pre><p>Thanks. I do get that these <em>concepts</em> are really good ones, it's just that it seems to me – in my admittedly limited and somewhat frustrated experience – that Docker is not a particularly great implementation of these concepts.</p>
<p>I've had a lot of strange errors such as those mentioned in this post, a great deal of which could only be cleared by a reboot. Some commands seem to take ridiculously long. Sometimes commands just "hang" and need to be <code>kill -9</code>-ed, etc.</p></pre>tmornini: <pre><p>I agree 100%.</p>
<p>Standardized deployment and interfacing, completely controlled cryptographically validated single-artifact environments, standard logging interface, etc. have all been good ideas for a long time, but Docker wraps them all up into a single system.</p>
<p>I think it's absolutely brilliant.</p>
<p>And it works fantastically with Go's statically linked binaries.</p></pre>theGeekPirate: <pre><p>This <em>really</em> doesn't seem like the correct subreddit for your post.</p></pre>arp242: <pre><p>Apologies; I had seen some other mentions/discussions about Docker, so it seemed appropriate (golang is also one of the few subs that I actually read, so perhaps my outlook on reddit isn't wide enough...).</p></pre>theGeekPirate: <pre><blockquote>
<p>golang is also one of the few subs that I actually read, so perhaps my outlook on reddit isn't wide enough...</p>
</blockquote>
<p>Definitely not wide enough, but that's easily solved by hunting around for whatever you're interested in, as there's very few subjects I could think of which don't have a subreddit dedicated to the topic already =b</p>
<p><a href="https://www.reddit.com/r/docker" rel="nofollow">https://www.reddit.com/r/docker</a> would be your destination for anything Docker-related.</p></pre>rv77ax: <pre><p>My experience with docker cause my laptop bricked, twice. No one would believe me, until someone post a bug report that UEFI ROM can be overwritten (This was happened about two years ago).</p>
<p>From my opinion, docker make something simple become not simple; and that's a big no for my philosophy: simple, small, stable, and secure.</p></pre>Thaxll: <pre><p>sudo docker system prune -a is the fix to everything :></p></pre>mwholt: <pre><p>I don't use Docker... and from my personal perspective FWIW: many, many of the troubles people report with using Caddy are actually problems with using Docker.</p>
<p>Also, my understanding with Docker & security is that if you break out of a container, you're root, whereas if you break out of a chroot/jail somehow, you're still the same user ID.</p>
<p><em>Maybe</em> I understand using Docker if you have a crazy mess of dependencies like with a PHP or Python or Java application... but Go? It doesn't make sense to put static binaries in a container. At least, from my experience, it doesn't. And from what I've seen with Caddy users, at least, it just makes things more complicated than it has to be.</p>
<p>(Tangent, but you also mentioned it: I have similar experiences with systemd. Many problems reported with using the web server are actually problems with administering the system with systemd, not the web server software itself.)</p></pre>Ingaz: <pre><p>my 2 cents:</p>
<ol>
<li><p>Your understanding is correct, but your assumption that every docker must be run as root - outdated.</p></li>
<li><p>Static binaries are great - you can make small images from scratch. Small images are great for swarms. </p></li>
</ol></pre>darkmagician2: <pre><p>This is why you should use rkt instead of Docker</p></pre>darkmagician2: <pre><p>Docker has been replaced with rkt</p></pre>
