• 1 Post
  • 48 Comments
Joined 1 year ago
cake
Cake day: June 12th, 2023

help-circle

  • The answer to your overarching question is not “common maintenance procedures”, but “change management processes”

    When things change, things can break. Immutable OSes and declarative configuration notwithstanding.

    OS and Configuration drift only actually matter if you’ve got a documented baseline. That’s what your declaratives can solve. However they don’t help when you’re tinkering in a home server and drifting your declaratives.

    I’m pretty certain every service I want to run has a docker image already, so does it matter?

    This right here is the attitude that’s going to undermine everything you’re asking. There’s nothing about containers that is inherently “safer” than running native OS packages or even building your own. Containerization is about scalability and repeatability, not availability or reliability. It’s still up to you to monitor changelogs and determine exactly what is going to break when you pull the latest docker image. That’s no different than a native package.


  • nottelling@lemmy.worldtoSelfhosted@lemmy.worldConfused about Podman
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    2
    ·
    3 months ago

    Just cause you’ve never seen them doesn’t make it not true.

    Try using quadlet and a .container file on current Debian stable. It doesn’t work. Architecture changed, quadlet is now recommended.

    Try setting device permissions in the container after updating to Debian testing. Also doesn’t work the same way. Architecture changed.

    Redhat hasn’t ruined it yet, but Ansible should provide a pretty good idea of the potential trajectory.



  • Every complaint here is PEBKAC.

    It’s a legit argument that Docker has a stable architecture while podman is still evolving, but that’s how software do. I haven’t seen anything that isn’t backward compatible, or very strongly deprecated with notice.

    Complaining about selinux in 2024? Setenforce 0, audit2allow, and get on with it.

    Docker doing that while selinux is enforcing is an actual bad thing that you don’t want.








  • You’re going to want to look up things like symlinks, hard links, fuse filesystems, and bind mounts among other concepts. Your “whole directory” and other duplicates are artifacts of how the filesystem and process management works, and simply running fsearch or find over them is going to be confusing if you don’t know what you’re looking at.

    One Unix concept that carries over to Linux is that everything is a file. Your shared memory space, process data, device driver interfaces, etc, all of it is accessible somewhere in the same virtual filesystem tree as the actual files.

    Because of this, there’s very little reason to have the whole filesystem indexed from root. If you’re worried about space usage, you want to work with packages through the package manager. If you’re worried about system integrity, you’ll want package validators.