[SAC] Virtualbox on Osgeo6

Sat Oct 21 15:20:01 PDT 2017

Not part of sac so this is just opinion but I would containerize the db as
well (the db files themselves would be outside of the container). It makes
upgrading of the database trivial and isolates all the components of the
db and its dependencies together.

Just my 2cents.

Mike

Michael Smith
OSGeo Foundation Treasurer
Treasurer at osgeo.org

-----Original Message-----
From: Sac <sac-bounces at lists.osgeo.org> on behalf of Martin Spott
<Martin.Spott at mgras.net>
Organization: home
Reply-To: System Administration Committee Discussion/OSGeo
<sac at lists.osgeo.org>
Date: Saturday, October 21, 2017 at 6:12 PM
To: <sac at lists.osgeo.org>
Subject: Re: [SAC] Virtualbox on Osgeo6

>Markus Neteler and I had a little chat this morning.
>
>We were talking about how to isolate CMS'es like Wordpress in order to
>reduce the potential risk that evolves from running your own.  This still
>doesn't reduce the risk of potential break-in's into the CMS itself, but
>at
>least the rest of your environment remains unaffected.
>
>As always, there are several options:
>
>1.) Virtualize the entire host containing web server, CMS and database.
>2.) Containerize the entire host containing web server, CMS and database.
>3.) Containerize the web server and CMS into one instance and the database
>    into a second.
>4.) Containerize the web server and CMS and run the database on the host.
>5.) Choose your favourite not listed here.
>
>Now, there's a neat virtualization technique which could have saved us
>from
>the hassle we're facing wrt.  upgrading old VM's on both of our hosts (and
>more), but it's not very popular in OSGeo land.  Moreover, virtualization
>always bears more overhead than containerization, so let's keep this can
>of
>worms closed.
>
>Second, let's look at the containerization techniques available today,
>with
>rkt and Docker being among the most popular ones.  They allow
>containerization of just a small application environment, just to fit the
>needs of a webserver, a database, whatever you like.  As far as I can
>tell,
>rkt and Docker could even co-exist on the same host.
>Moreover there's LXC, a tool I like a lot because it has so little
>overhead
>and which I consider perfect for running even a full system at much less
>overhead than in full virtualization.  They all rely on Linux Control
>Groups.
>
>Nowadays Docker is pretty bloated - but apparently "everybody" (TM) loves
>it.  Therefore, hoping that it will avoid heated discussions, I'm herewith
>suggesting to containerize certain services into Docker.  Note: I do *not*
>suggest to let everybody containerize their garbage on OSGeo hosts in a
>"fire and let others deal with the trouble they cause"-manner just because
>there's a platform that would be able to run it.  Careful selection should
>still remain a core principle.  I'm suggesting to dockerize the web server
>and CMS parts only and keep the database instance(s) on the host, simply
>to
>ease the database backup procedure and because I see little net benefit in
>containerizing the DB as well.
>
>A reverse proxy on the host would serve as a web gateway from outside, it
>would even be able to terminate SSL encryption, if needed/wanted.
>
>If we manage to reach consensus, then we'd start by dockerizing a new
>GRASS
>web server instance on Osgeo6 to act as a guinea pig for the entire
>procedure.
>
>And while we're at it, I'd ask for permission to remove the remains of
>VirtualBox from Osgeo6.
>
>Cheers,
>	Martin.
>-- 
> Unix _IS_ user friendly - it's just selective about who its friends are !
>--------------------------------------------------------------------------
>_______________________________________________
>Sac mailing list
>Sac at lists.osgeo.org
>https://lists.osgeo.org/mailman/listinfo/sac