Hi all,
Just wanted to show off some minor progress I've made in containerizing Iris if anyone's in the mood of playing with it.
I've prepared automated trusted builds through the Docker registry for the previous two releases of Iris (v0.3.1 and v0.3.2). The images are based on debian 7, as these were the smallest I could find. The download size is around 50-60MB with the final image being at 109MB. You can pull via:
docker pull iris/iris-v0.3.2
Additionally, I've prepared a rolling development image that follows the master branch of the Iris repository. Whenever a new commit is made, the build service is notified and a new docker container is prepared for it. This is at:
docker pull iris/iris-dev
Since Iris requires free access to all kinds of random ports, as well as makes quite a lot of outbound connections, best best setup is not to firewall it and try and figure out how to route the connections, but rather to permit Iris to access the hosts network stack and use that directly. Hence run the containers with:
run --net="host" iris/iris-v0.3.2 -dev
A few ideas I'm looking forward to implement are:
- Have an(optional) auto-restart mechanism if Iris crashes so that it won't require fancy docker configs to achieve.
- Introduce a snake-oil key so that containers can be tested without RSA key configs.
Note, I haven't done almost any testing, just thought I'd share the progress as it's developing.
Cheers,
Peter
PPS: Just realized that currently there is no simple way to inject an RSA key into the container. I'll try and figure something out, but in the meanwhile if anyone has any suggestions/ideas, I'm all ears.