#cubox irc log of Mon 02 Oct 2017

IRC log of #cubox of Mon 02 Oct 2017. All times are in CEST < Back to index

14:29 jnettlet[m]> Ke: they started shipping out yesterday. You are on the list, so expect yours soon.

14:33 Ke> yay, thanks

14:33 Ke> there is apparently some value in having actual real name

14:37 topi`> do you guys know if there's any chance of running stuff under Docker containers on the ClearFog?

14:38 topi`> since the A38x chips are based on the cortex-a9 cores and they do NOT support virtualization extensions, I guess this isn't possible?

14:38 topi`> there's a customer who wants to run their own linux SW on our machines, and we'd like to containerize those for reasons of hygiene

14:39 Ke> perhaps containers?

14:40 Ke> lxc or something

14:42 topi`> is that something like paravirtualization? where you don't even need a hypervisor mode

14:42 topi`> this is totally outside of my expertise

14:42 suihkulokki> topi`: docker doesn't require virtualization, not even para. It's just kernel namespaces.

14:42 Ke> it's like chroot, but you get more limitations

14:42 suihkulokki> so yes docker will run on them just fine

14:42 topi`> so docker is not anything like VirtualBox on x86?

14:43 suihkulokki> it's a sandbox, more tighter than chroot

14:43 suihkulokki> just make sure you have all the container related kernel options enabled

14:43 Ke> there's also systemd-nspawn

14:45 suihkulokki> that works too - you need debian stretch or a recent ubuntu base - systemd-nspawn in jessie is too deficient

14:47 Ke> anyway all three use same kernel functionalities basically

14:47 Ke> lxc, docker and nspawn

14:48 Ke> if your software is well-written to be sandboxed, you can run it inside systemd set bpf-seccomp -jail

14:48 Ke> most software not written with sandboxing in mind would gain very little with this

14:52 jnettlet[m]> topi`: docker works fine on the armhf chips

14:52 jnettlet[m]> I am working a lot running with running containers on our hardware.

15:26 Ke> do I get the tracking number for the mcbin btw.

15:46 jnettlet[m]> Ke: once it is shipped you will get an email with the tracking information.

15:46 Ke> thanks

15:46 Ke> especially it's nice, because I am ordering bunch of other stuff as well and customs are not going to tell you which one they are holding

16:39 topi`> customs is a bitch

16:39 topi`> I just despite the bureaucracy. That's the main reason I always try to order from inside the EU

16:39 topi`> s/despite/despise/

16:43 vpeter> topi`: it is choice between bureaucracy or higher price.

14:29	jnettlet[m]>	Ke: they started shipping out yesterday. You are on the list, so expect yours soon.
14:33	Ke>	yay, thanks
14:33	Ke>	there is apparently some value in having actual real name
14:37	topi`>	do you guys know if there's any chance of running stuff under Docker containers on the ClearFog?
14:38	topi`>	since the A38x chips are based on the cortex-a9 cores and they do NOT support virtualization extensions, I guess this isn't possible?
14:38	topi`>	there's a customer who wants to run their own linux SW on our machines, and we'd like to containerize those for reasons of hygiene
14:39	Ke>	perhaps containers?
14:40	Ke>	lxc or something
14:42	topi`>	is that something like paravirtualization? where you don't even need a hypervisor mode
14:42	topi`>	this is totally outside of my expertise
14:42	suihkulokki>	topi`: docker doesn't require virtualization, not even para. It's just kernel namespaces.
14:42	Ke>	it's like chroot, but you get more limitations
14:42	suihkulokki>	so yes docker will run on them just fine
14:42	topi`>	so docker is not anything like VirtualBox on x86?
14:43	suihkulokki>	it's a sandbox, more tighter than chroot
14:43	suihkulokki>	just make sure you have all the container related kernel options enabled
14:43	Ke>	there's also systemd-nspawn
14:45	suihkulokki>	that works too - you need debian stretch or a recent ubuntu base - systemd-nspawn in jessie is too deficient
14:47	Ke>	anyway all three use same kernel functionalities basically
14:47	Ke>	lxc, docker and nspawn
14:48	Ke>	if your software is well-written to be sandboxed, you can run it inside systemd set bpf-seccomp -jail
14:48	Ke>	most software not written with sandboxing in mind would gain very little with this
14:52	jnettlet[m]>	topi`: docker works fine on the armhf chips
14:52	jnettlet[m]>	I am working a lot running with running containers on our hardware.
15:26	Ke>	do I get the tracking number for the mcbin btw.
15:46	jnettlet[m]>	Ke: once it is shipped you will get an email with the tracking information.
15:46	Ke>	thanks
15:46	Ke>	especially it's nice, because I am ordering bunch of other stuff as well and customs are not going to tell you which one they are holding
16:39	topi`>	customs is a bitch
16:39	topi`>	I just despite the bureaucracy. That's the main reason I always try to order from inside the EU
16:39	topi`>	s/despite/despise/
16:43	vpeter>	topi`: it is choice between bureaucracy or higher price.