Stand-alone container for a BigchainDB node#2424
Stand-alone container for a BigchainDB node#2424ldmberman merged 5 commits intobigchaindb:masterfrom
Conversation
Codecov Report
@@ Coverage Diff @@
## master #2424 +/- ##
=========================================
+ Coverage 88.43% 89.64% +1.2%
=========================================
Files 39 40 +1
Lines 2275 2589 +314
=========================================
+ Hits 2012 2321 +309
- Misses 263 268 +5 |
| @@ -0,0 +1,84 @@ | |||
| # Run BigchainDB with all-in-one Docker | |||
|
|
|||
| **NOT for Production Use** | |||
There was a problem hiding this comment.
What are the production use criteria? We do not have such warnings in the docs of other setups.
There was a problem hiding this comment.
For starters, a single container for multiple stateful services is not a good sign. This is a very opinionated image. For production use cases someone might need more than a single Docker image.
There was a problem hiding this comment.
I think we all acknowledge that having all services running in a single container is an anti-pattern. This all-in-one container is just a convenience and we should have that warning here if not anywhere else.
There was a problem hiding this comment.
anti-pattern is not really an explanation.
Moreover, any setup we have might be labeled "not for production use" at least for a reason that we do not have a stable release yet.
Therefore, to avoid disorienting the users I would refrain from such labels. Instead, we can add a recommendation to use a multi-image setup with a brief explanation of how it is better.
There was a problem hiding this comment.
anti-patternis not really an explanation.
Why?
There was a problem hiding this comment.
anti-patternis just a label.. Does such a setup perform worse? If yes, why? Is it more difficult to maintain such a setup?
I have no experience regarding this. There are some sources which suggest this is an anti-pattern but the docker documentation has no mention of it.
I am not really sure if we can say anything about the production readiness of either of these approaches until we try them ourselves?
There was a problem hiding this comment.
If someone wants to use just a single node in production then maybe yes, because in terms of performance or maintenance it is not a big overhead. If you want to have a network it will be more complex.
Maybe if we have dynamically adding validators implemented, i.e. you deploy one node with this and dynamically add using upsert, there are some questions yet to be answered. That is why I suggested not to be used in production.
There was a problem hiding this comment.
Nodes are supposed to be managed by different operators. Operators may choose different ways of deploying them. What are the particular implications of one operator deciding to deploy a single image? I do not see any so far.
There was a problem hiding this comment.
This image does a tendermint init, which implies all the nodes spawn different chains. So operators will have to change that behavior or come up with a new workflow.
There was a problem hiding this comment.
Ah, makes sense!
In other words, a single-node cluster configuration is hardcoded in the image. It is not currently well suited for deploying a network. Could you, perhaps, add such a clarification?
| - MongoDB | ||
| - Tendermint | ||
|
|
||
| *We understand that it is an anti-pattern to run multiple services inside a docker.* |
There was a problem hiding this comment.
It makes sense to recommend a multi-image alternative, add a link to its description, and briefly mention its benefits. it is an anti-pattern is not really an explanation so I would omit it.
Dockerfile-all-in-one
Outdated
|
|
||
| # When developing with Python in a docker container, we are using PYTHONBUFFERED | ||
| # to force stdin, stdout and stderr to be totally unbuffered and to capture logs/outputs | ||
| ENV PYTHONUNBUFFERED 0 |
There was a problem hiding this comment.
Where is this env variable used?
There was a problem hiding this comment.
Actually this should be removed, since I will be removing:
pip install --no-cache-dir --process-dependency-links -e .[dev]
But this parameter is mostly required for dev use cases and since monit is maintaining the services, it does not make sense.
|
executed Running setup.py install for pycparser: started
Running setup.py install for pycparser: finished with status 'done'
Running setup.py install for cffi: started
Running setup.py install for cffi: finished with status 'done'
Successfully installed cffi-1.11.5 pip-18.0 pycparser-2.18
Directory '.' is not installable. File 'setup.py' not found.
The command '/bin/sh -c apk --update add sudo bash && apk --update add python3 openssl ca-certificates git && apk --update add --virtual build-dependencies python3-dev libffi-dev openssl-dev build-base jq && apk add --no-cache libstdc++ dpkg gnupg && pip3 install --upgrade pip cffi && pip install --no-cache-dir --process-dependency-links -e .[dev] && apk del build-dependencies && rm -f /var/cache/apk/*' returned a non-zero code: 1 |
Dockerfile-all-in-one
Outdated
| @@ -0,0 +1,58 @@ | |||
| FROM alpine:latest | |||
There was a problem hiding this comment.
Nitpick: Indentation is not right here.
Dockerfile-all-in-one
Outdated
| libffi-dev openssl-dev build-base jq \ | ||
| && apk add --no-cache libstdc++ dpkg gnupg \ | ||
| && pip3 install --upgrade pip cffi \ | ||
| && pip install --no-cache-dir --process-dependency-links -e .[dev] \ |
There was a problem hiding this comment.
Is there a need to have dev level dependencies too?
There was a problem hiding this comment.
Probably not, I wrote it with another use case in mind but you are right, it is not needed anymore, atleast for this file.
Dockerfile-all-in-one
Outdated
| ENV TMHOME=/tendermint | ||
|
|
||
| RUN addgroup tmuser \ | ||
| && adduser -S -G tmuser tmuser -h "$TMHOME" |
There was a problem hiding this comment.
Is there a reason to have a separate user/group for Tendermint?
There was a problem hiding this comment.
This is migrated from the official Tendermint docker image. Let me see if we can work without it.
|
|
||
| pushd \$4 | ||
| nohup bigchaindb start >> \$3/bigchaindb.out.log 2>> \$3/bigchaindb.err.log & | ||
| nohup bigchaindb -l DEBUG start >> \$3/bigchaindb.out.log 2>> \$3/bigchaindb.err.log & |
There was a problem hiding this comment.
Should the log level be a variable? if bigchaindb-monit-config is intended to run and monitor production system then user should be able to select the necessary/required log level.
There was a problem hiding this comment.
This is just a step towards that, not the production template. The user can still change it using the BigchainDB configuration file. I can remove it but without Debug we have very little logs.
- Fix nitpicks - Remove -e flag while installing because it is not needed - Remove unwanted env variables - Update some docs
- Clarify that this image is not well suited for a network deployment
|
Created #2434, restarted the build. |
4 participants
Background
Solution
TODOs
Issues this Resolves
Resolves #2238 (or at least I think it does. -Troy)