Packer
Moby
Our great sponsors
Packer | Moby | |
---|---|---|
65 | 209 | |
14,837 | 67,540 | |
0.5% | 0.4% | |
9.4 | 10.0 | |
7 days ago | 7 days ago | |
Go | Go | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Packer
-
The 2024 Web Hosting Report
To manage a VM, you can use something as simple as just manual actions over SSH, or can use tools like Ansible, Hashicorp's Packer and Terraform or other automations. For an app where there is minimal load and security/reliability concern, VMs are still a great option that provide a lot of value for the buck
-
Avoiding DevOps tool hell
Server templating: Using Packer has never been easier to create reusable server configurations in a platform-independent and documented manner.
-
DevOps Tooling Landscape
HashiCorp Packer is a tool for creating machine images for a variety of platforms, including AWS, Azure, and VMware. It allows you to define machine images as code and supports a wide range of configuration options.
-
auto-provisioning multiple raspberry pi's
Packer is a tool that can be used to build machine images. Basically, it takes a base image, runs a series of steps to provision that image, and then burns a new image. In my workplace we use it heavily to build AWS AMIs. But it has an ARM plugin that looks to be very very suitable for building customised Raspberry Pi images (my quick read of the doco there says it can go ahead and write the final image to an SD card for you too).
- How do hosting companies immediately create vm right after purchasing one?
-
Virtualbox 7.0.4 kickstart issue
However, I was unable to build the boxes with packer for some reason. It turned out that this wasn't an easy to fix or obvious issue. In fact, I had to search quite hard to find an answer. I am pretty sure my friend Tim Hall (oracle-base) ran into this issue too. Finally, I found a description of the issue on packer GitHub: Packer 1.8.4 not working with Virtualbox 7.0.4+ #12118.
I was building a new version of YugabyteDB vagrant box with packer and virtual box. Because we (Yugabyte) have a new preview release out.
-
Is "development environment as code" a thing?
Packer. https://github.com/hashicorp/packer
-
Dinamic Infrastructure
For an AMI build pipeline, have a look at Hashicorp Packer and Ansible if a host is long lived
- A practical approach to structuring Golang applications
Moby
-
Exploring Podman: A More Secure Docker Alternative
> Podman is designed to help with this by providing stronger default security settings compared to Docker. Features like rootless containers, user namespaces, and seccomp profiles, while available in Docker, aren't enabled by default and often require extra setup.
Seccomp has been enabled by default since 2015: https://github.com/moby/moby/pull/18780
It is true that Rootless isn't enabled by default but its "extra setup" can be done with a single command (`dockerd-rootless-setuptool.sh install`)
-
OpenZFS 2.2: Block Cloning, Linux Containers, BLAKE3
Perhaps.
Thing is, https://github.com/moby/moby/blob/670bc0a46c4ca03b75f1e72f73... is using https://github.com/mistifyio/go-zfs which features code like `out, err := zfsOutput("get", "-H", key, d.Name)` (Source: https://github.com/mistifyio/go-zfs/blob/master/zfs.go#L315) to get a single zfs property.
Somebody chose to use a library as abstraction that looks good but is implemented as a MVP (nothing wrong with that). "In the future, we hope to work directly with libzfs" should have raised an alarm somewhere, though.
-
The Twelve-Factor App
AppArmor can restrict /proc and this is even used by docker: https://github.com/moby/moby/blob/master/contrib/apparmor/te...
- macOS Containers v0.0.1
-
Build Your Own Docker with Linux Namespaces, Cgroups, and Chroot
Docker by default also applies a seccomp system call whitelist per [1] and restricts capabilities per [2], amongst numerous other default hardening practices that are applied. If a Docker container really had a need to call the "reboot" system call, this permission could be explicitly added.
More complex sandboxing techniques include opening handles for sockets, pipes, files, etc and then hardening seccomp filters on top to prevent any new handles being opened. In this way, some containers can read/write defined files on a volume without having any ability to otherwise interact with file systems such as opening new files (all file system related system calls could be disabled).
[1] https://github.com/moby/moby/blob/master/profiles/seccomp/de...
[2] https://docs.docker.com/engine/security/#linux-kernel-capabi...
-
Jails on FreeBSD
Docker has to run as root, or use otherwise insecure methods ("rootless" is a sham, it requires suid binaries and CVE ridden unprivileged user namespaces).
I agree with ports, working[0][1][2] on it.
-
Pigz: Parallel gzip for modern multi-processor, multi-core machines
Useful with Docker, see https://github.com/moby/moby/pull/35697
I’ve integrated pigz into different build and CI pipelines a few times. Don’t expect wonders since some steps still need to run serially, but a few seconds here and there might still add up to a few minutes on a large build.
-
Docker developers discuss changes in how ports are to be forwarded into containers
Link to the GitHub discussion: https://github.com/moby/moby/discussions/45524
-
New Docker Goodies: Init and Watch
With 4.19.0 release, the Docker engine and CLI are updated to Moby 23.0. That brings a lot of new stuff. One of the things that can be confusing on start is that docker build is now an alias for docker buildx build. The reason is that Buildx and BuildKit are default builders on Linux and OSX. You will notice differences when building images. You'll see switching blue and white lines in the short demos above. White lines are tasks in progress, while blue ones are completed tasks. As well you'll see that Buildx is trying to run tasks in parallel.
-
What are some recent or significant updates and changes you did to your initial Arch install?
Added btrfs subvol for var lib docker and changed dockers storage driver to overlay2, ugh. https://github.com/moby/moby/issues/39815
What are some alternatives?
podman - Podman: A tool for managing OCI containers and pods.
containerd - An open and reliable container runtime
Vagrant - Vagrant is a tool for building and distributing development environments.
helm - The Kubernetes Package Manager
nerdctl - contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...
oVirt - oVirt website
cloud-init-vmware-guestinfo - A cloud-init datasource for VMware vSphere's GuestInfo interface
docker-openwrt - OpenWrt running in Docker
kubernetes - Production-Grade Container Scheduling and Management
ofelia - A docker job scheduler (aka. crontab for docker)
QEMU - Official QEMU mirror. Please see https://www.qemu.org/contribute/ for how to submit changes to QEMU. Pull Requests are ignored. Please only use release tarballs from the QEMU website.
k3d - Little helper to run CNCF's k3s in Docker