<p dir="ltr">Hi All,</p>
<p dir="ltr">Sorry about my naivety with the memory limits. I now see how this is an issue :)</p>
<p dir="ltr">I'll look into resource monitoring and alerting systems for docker.</p>
<p dir="ltr">The HN article was pretty interesting. In some respects, many of those issues are not applicable to us (we use simple images and don't need secrets at build time). The article does point out some interesting avenues (OverlayFS) and highlights the momentum of the docker world. The comments were very negative about docker (particularly for HN), but docker does provide us value in being containerization to un-tangle our services and the Dockerfile buid system.</p>
<p dir="ltr">Thanks,<br>
Sam</p>
<br><div class="gmail_quote"><div dir="ltr">On Wed, 29 Jul 2015 4:10 pm Bernie Innocenti <<a href="mailto:bernie@codewiz.org" target="_blank">bernie@codewiz.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">By the way, found this relevant article today on Hacker News:<br>
<br>
<a href="http://sirupsen.com/production-docker/" rel="noreferrer" target="_blank">http://sirupsen.com/production-docker/</a><br>
<br>
The comments are also interesting:<br>
<br>
<a href="https://news.ycombinator.com/item?id=9961537" rel="noreferrer" target="_blank">https://news.ycombinator.com/item?id=9961537</a><br>
<br>
<br>
On 28/07/15 19:48, Bernie Innocenti wrote:<br>
> On 07/28/2015 09:27 AM, Samuel Cantero wrote:<br>
>> Hi All,<br>
>><br>
>> On Tue, Jul 28, 2015 at 6:52 AM, Sam P. <sam@sam.today<br>
>> <mailto:<a href="mailto:sam@sam.today" target="_blank">sam@sam.today</a>>> wrote:<br>
>><br>
>> Hi Bernie,<br>
>><br>
>> On Tue, Jul 28, 2015 at 2:12 PM Bernie Innocenti <<a href="mailto:bernie@codewiz.org" target="_blank">bernie@codewiz.org</a><br>
>> <mailto:<a href="mailto:bernie@codewiz.org" target="_blank">bernie@codewiz.org</a>>> wrote:<br>
>><br>
>> 1. We need monitoring for containers health with notifications when<br>
>> parameters go off thresholds. Similar to what Munin does.<br>
>><br>
>><br>
>> I'm not sure how that would help us. A container running out of<br>
>> resources doesn't crash - parsoid runs almost using all the<br>
>> allocated memory and parsoid+trac+others hit their cpu quotas<br>
>> sometimes and just keep running.<br>
>><br>
>><br>
>> A container running out of memory dies. By default, the memory limit<br>
>> value for the container is set to twice as much as the memory parameter<br>
>> we specify while starting a container. The limit value is the sum of<br>
>> memory and swap.<br>
>><br>
>> We do not have swap accounting enabled yet on freedom, but for sure we<br>
>> are going to have it at the next reboot.<br>
><br>
> In the best Google tradition, freedom doesn't have any swap space at all :-)<br>
><br>
><br>
>> You can test it with the stress image (as we did before for the CPU):<br>
>><br>
>> sudo docker run --rm -m 128m --name testmem scg/stress --vm 1 --vm-bytes<br>
>> 256M<br>
>><br>
>> If you allocate over twice the amount of memory we assign you will get<br>
>> the following error:<br>
>><br>
>> stress: info: [1] dispatching hogs: 0 cpu, 0 io, 1 vm, 0 hdd<br>
>> stress: FAIL: [1] (415) <-- worker 7 got signal 9<br>
>> stress: WARN: [1] (417) now reaping child worker processes<br>
>> stress: FAIL: [1] (421) kill error: No such process<br>
>> stress: FAIL: [1] (451) failed run completed in 3s<br>
>><br>
>> By default, Docker kills processes in a container if an out-of-memory<br>
>> (OOM) error occurs. We can change this behaviour on a container but we<br>
>> are not doing it now.<br>
><br>
> See my response to Sam P.: killing the entire container is almost always<br>
> the right response to an OOM.<br>
><br>
><br>
>> Maybe it would be more useful to monitor client metrics, like can we<br>
>> reach the service over http?<br>
>><br>
>> I guess It would be useful. We can do it with nagios.<br>
><br>
> Cool, does it support Docker? I used Nagios a long time ago at the FSF<br>
> and it was pretty good. The reason I was using munin at SL is that it<br>
> was easier to setup and I didn't know Nagios back then. Moreover, Munin<br>
> seems a bit of a dead project nowadays, so I'd be happy to switch.<br>
><br>
> Can we run the Nagios frontend in a container too?<br>
><br>
><br>
>> That is a feature built into docker. I've enabled it in<br>
>> container.yml (as a global default) and restarted trac with the new<br>
>> parameters.<br>
>><br>
>> Great. Maybe we need to enable historical resource usage in cadvisor.<br>
>> This would help us to understand if a container has crashed because it<br>
>> has run out of resources.<br>
><br>
> Cool, another useful feature I didn't know about. Yes, please, let's<br>
> enable resource graphing. Is there an http frontend to look at the numbers?<br>
><br>
><br>
>> Thanks,<br>
>> Sam<br>
>><br>
>><br>
>><br>
>> 3. Since high-profile services have been deployed using Docker for a<br>
>> while, software for doing (1) and (2) certainly exists already :-)<br>
>><br>
>><br>
>> On 27/07/15 22:32, Samuel Cantero wrote:<br>
>> > I didn't shut it down. The trac container was already off when<br>
>> I checked<br>
>> > it.<br>
>> ><br>
>> > On Mon, Jul 27, 2015 at 9:40 PM, Sam P. <sam@sam.today<br>
>> > <mailto:<a href="mailto:sam@sam.today" target="_blank">sam@sam.today</a> <mailto:<a href="mailto:sam@sam.today" target="_blank">sam@sam.today</a>>>> wrote:<br>
>> ><br>
>> > Did you check the logs before you shut it down?<br>
>> ><br>
>> ><br>
>> > On Tue, 28 Jul 2015 9:38 am Samuel Cantero<br>
>> <<a href="mailto:scg@sugarlabs.org" target="_blank">scg@sugarlabs.org</a> <mailto:<a href="mailto:scg@sugarlabs.org" target="_blank">scg@sugarlabs.org</a>><br>
>> > <mailto:<a href="mailto:scg@sugarlabs.org" target="_blank">scg@sugarlabs.org</a> <mailto:<a href="mailto:scg@sugarlabs.org" target="_blank">scg@sugarlabs.org</a>>>> wrote:<br>
>> ><br>
>> > Hi Gonzalo,<br>
>> ><br>
>> > The trac container was down. I just recently turned it on.<br>
>> ><br>
>> > Somebody turned it off for some reason? If it not the<br>
>> case,<br>
>> > maybe the container has reached its maximum memory or<br>
>> processor<br>
>> > limit. The docker container stops in that case.<br>
>> ><br>
>> > Greetings,<br>
>> ><br>
>> ><br>
>> ><br>
>> > On Mon, Jul 27, 2015 at 5:01 PM, Gonzalo Odiard<br>
>> > <<a href="mailto:godiard@sugarlabs.org" target="_blank">godiard@sugarlabs.org</a> <mailto:<a href="mailto:godiard@sugarlabs.org" target="_blank">godiard@sugarlabs.org</a>><br>
>> <mailto:<a href="mailto:godiard@sugarlabs.org" target="_blank">godiard@sugarlabs.org</a> <mailto:<a href="mailto:godiard@sugarlabs.org" target="_blank">godiard@sugarlabs.org</a>>>><br>
>> wrote:<br>
>> ><br>
>> > Today, I get a error<br>
>> ><br>
>> > 502 Bad Gateway<br>
>> > nginx/1.8.0<br>
>> ><br>
>> > when try access trac.<br>
>> ><br>
>> > Gonzalo<br>
>> ><br>
>> > On Sat, Jul 25, 2015 at 8:40 PM, Gonzalo Odiard<br>
>> > <<a href="mailto:godiard@sugarlabs.org" target="_blank">godiard@sugarlabs.org</a><br>
>> <mailto:<a href="mailto:godiard@sugarlabs.org" target="_blank">godiard@sugarlabs.org</a>> <mailto:<a href="mailto:godiard@sugarlabs.org" target="_blank">godiard@sugarlabs.org</a><br>
>> <mailto:<a href="mailto:godiard@sugarlabs.org" target="_blank">godiard@sugarlabs.org</a>>>> wrote:<br>
>> ><br>
>> > Thanks Sams :)<br>
>> ><br>
>> > On Sat, Jul 25, 2015 at 3:58 PM, Samuel Cantero<br>
>> > <<a href="mailto:scg@sugarlabs.org" target="_blank">scg@sugarlabs.org</a> <mailto:<a href="mailto:scg@sugarlabs.org" target="_blank">scg@sugarlabs.org</a>><br>
>> <mailto:<a href="mailto:scg@sugarlabs.org" target="_blank">scg@sugarlabs.org</a> <mailto:<a href="mailto:scg@sugarlabs.org" target="_blank">scg@sugarlabs.org</a>>>> wrote:<br>
>> ><br>
>> > Hi All,<br>
>> ><br>
>> > I just recently check this email. The good<br>
>> news is<br>
>> > that Sam P already dockerized this service<br>
>> and now<br>
>> > we have the 1.0.7 Trac version.<br>
>> ><br>
>> > Greetings,<br>
>> ><br>
>> > On Fri, Jul 24, 2015 at 11:06 AM, Gonzalo<br>
>> Odiard<br>
>> > <<a href="mailto:godiard@sugarlabs.org" target="_blank">godiard@sugarlabs.org</a><br>
>> <mailto:<a href="mailto:godiard@sugarlabs.org" target="_blank">godiard@sugarlabs.org</a>><br>
>> > <mailto:<a href="mailto:godiard@sugarlabs.org" target="_blank">godiard@sugarlabs.org</a><br>
>> <mailto:<a href="mailto:godiard@sugarlabs.org" target="_blank">godiard@sugarlabs.org</a>>>> wrote:<br>
>> ><br>
>> > I am pretty sure dnarvaez updated the trac<br>
>> > instance a time ago.<br>
>> ><br>
>> > On Fri, Jul 24, 2015 at 12:03 PM, Bernie<br>
>> > Innocenti <<a href="mailto:bernie@codewiz.org" target="_blank">bernie@codewiz.org</a><br>
>> <mailto:<a href="mailto:bernie@codewiz.org" target="_blank">bernie@codewiz.org</a>><br>
>> > <mailto:<a href="mailto:bernie@codewiz.org" target="_blank">bernie@codewiz.org</a><br>
>> <mailto:<a href="mailto:bernie@codewiz.org" target="_blank">bernie@codewiz.org</a>>>> wrote:<br>
>> ><br>
>> > On 07/24/2015 10:34 AM, Gonzalo<br>
>> Odiard wrote:<br>
>> > > When try to read<br>
>> bughttp://<a href="http://bugs.sugarlabs.org/ticket/4863" rel="noreferrer" target="_blank">bugs.sugarlabs.org/ticket/4863</a><br>
>> <<a href="http://bugs.sugarlabs.org/ticket/4863" rel="noreferrer" target="_blank">http://bugs.sugarlabs.org/ticket/4863</a>><br>
>> > > get the following error:"Genshi<br>
>> UnicodeEncodeError error while rendering<br>
>> > > template (unknown template<br>
>> location)"<br>
>> > ><br>
>> > > A quick google search show this<br>
>> bug [1]<br>
>> > ><br>
>> > > The error is originated by<br>
>> simply enter a link like this<br>
>> > > "<<a href="http://trac.edgewall.org/" rel="noreferrer" target="_blank">http://trac.edgewall.org/</a>>"<br>
>> > > to a ticket. According to this<br>
>> [2] the bug is already solved on Trac 1.0.2<br>
>> > ><br>
>> > > Then:<br>
>> > > Developers: Please don't add<br>
>> links between <> until the error is solved.<br>
>> > > Systems: I don't know what<br>
>> version of trac we have running, could be<br>
>> > > possible update?<br>
>> ><br>
>> > Who's maintaining Trac these days?<br>
>> The wiki<br>
>> > points at dnarvaez and me,<br>
>> > but the former is MIA and the<br>
>> latter has<br>
>> > installed it in 2008 and not<br>
>> > touched it ever since:<br>
>> ><br>
>> ><br>
>> <a href="https://wiki.sugarlabs.org/go/Service/bugs" rel="noreferrer" target="_blank">https://wiki.sugarlabs.org/go/Service/bugs</a><br>
>> ><br>
>> > Perhaps one of the two Sams would<br>
>> like to<br>
>> > upgrade Trac in-place or move<br>
>> > it into a docker container?<br>
>> ><br>
>> > --<br>
>> > _ // Bernie Innocenti<br>
>> > \X/ <a href="http://codewiz.org" rel="noreferrer" target="_blank">http://codewiz.org</a><br>
>> ><br>
>> ><br>
>> ><br>
>> ><br>
>> > --<br>
>> > Gonzalo Odiard<br>
>> ><br>
>> > SugarLabs - Software [for | by]<br>
>> children learning<br>
>> ><br>
>> ><br>
>> _______________________________________________<br>
>> > Systems mailing list<br>
>> > <a href="mailto:Systems@lists.sugarlabs.org" target="_blank">Systems@lists.sugarlabs.org</a><br>
>> <mailto:<a href="mailto:Systems@lists.sugarlabs.org" target="_blank">Systems@lists.sugarlabs.org</a>><br>
>> > <mailto:<a href="mailto:Systems@lists.sugarlabs.org" target="_blank">Systems@lists.sugarlabs.org</a><br>
>> <mailto:<a href="mailto:Systems@lists.sugarlabs.org" target="_blank">Systems@lists.sugarlabs.org</a>>><br>
>> ><br>
>> <a href="http://lists.sugarlabs.org/listinfo/systems" rel="noreferrer" target="_blank">http://lists.sugarlabs.org/listinfo/systems</a><br>
>> ><br>
>> ><br>
>> ><br>
>> ><br>
>> ><br>
>> > --<br>
>> > Gonzalo Odiard<br>
>> ><br>
>> > SugarLabs - Software [for | by] children learning<br>
>> ><br>
>> ><br>
>> ><br>
>> ><br>
>> > --<br>
>> > Gonzalo Odiard<br>
>> ><br>
>> > SugarLabs - Software [for | by] children learning<br>
>> ><br>
>> ><br>
>> > _______________________________________________<br>
>> > Systems mailing list<br>
>> > <a href="mailto:Systems@lists.sugarlabs.org" target="_blank">Systems@lists.sugarlabs.org</a><br>
>> <mailto:<a href="mailto:Systems@lists.sugarlabs.org" target="_blank">Systems@lists.sugarlabs.org</a>><br>
>> <mailto:<a href="mailto:Systems@lists.sugarlabs.org" target="_blank">Systems@lists.sugarlabs.org</a><br>
>> <mailto:<a href="mailto:Systems@lists.sugarlabs.org" target="_blank">Systems@lists.sugarlabs.org</a>>><br>
>> > <a href="http://lists.sugarlabs.org/listinfo/systems" rel="noreferrer" target="_blank">http://lists.sugarlabs.org/listinfo/systems</a><br>
>> ><br>
>> ><br>
>> ><br>
>> ><br>
>> > _______________________________________________<br>
>> > Systems mailing list<br>
>> > <a href="mailto:Systems@lists.sugarlabs.org" target="_blank">Systems@lists.sugarlabs.org</a> <mailto:<a href="mailto:Systems@lists.sugarlabs.org" target="_blank">Systems@lists.sugarlabs.org</a>><br>
>> > <a href="http://lists.sugarlabs.org/listinfo/systems" rel="noreferrer" target="_blank">http://lists.sugarlabs.org/listinfo/systems</a><br>
>> ><br>
>><br>
>><br>
>> --<br>
>> _ // Bernie Innocenti<br>
>> \X/ <a href="http://codewiz.org" rel="noreferrer" target="_blank">http://codewiz.org</a><br>
>><br>
>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> Systems mailing list<br>
>> <a href="mailto:Systems@lists.sugarlabs.org" target="_blank">Systems@lists.sugarlabs.org</a><br>
>> <a href="http://lists.sugarlabs.org/listinfo/systems" rel="noreferrer" target="_blank">http://lists.sugarlabs.org/listinfo/systems</a><br>
>><br>
><br>
><br>
<br>
<br>
--<br>
_ // Bernie Innocenti<br>
\X/ <a href="http://codewiz.org" rel="noreferrer" target="_blank">http://codewiz.org</a><br>
</blockquote></div>