Containerize dovecot?

Wed Aug 25 13:49:42 EEST 2021

> 
> I've had a few discussions with clients who are dead-set on running a
> docker this, or a snap that, or whatever container they just read about.
> But they want to run it on a VM in the cloud. To me it seems weird.

To anyone with a brain this is weird ;) If you have remote cloud, they are already arranged the failover. Maybe they just have multiple software developers that only give docker images???

> your cloud VM you already have an environment which you can configure
> exactly how you like it. You can resize it, clone it, snapshot it.
> Running a docker container inside this VM just seems to be adding an
> extra level of complexity to things, probably resulting in worse
> performance.

Not really worse performance. Bad thing is, that all your processes are killed if dockerd crashes, this is still not fixed. That would be my main argument never to use dockerd.

> I can see docker containers have their uses, especially for development
> environments, but I don't think it makes sense in a lot of cases. Feel
> free to persuade me otherwise! I'm keen to hear counter arguments!
> 

I think it makes sense in most simple cases. Now I have multiple vm's for handling incoming mail. These all have a copy of the ldap,spamd,clamd,sendmail. Converting this to separate containers. I could scale up/down (automatically) the individual processes like clamd when necessary. If I want to start using a newer clamd because the lts distribution does not update it. I can just replace/run concurrently/revert this at any time. Having the orchestrator set your resource limits and monitoring your processes is also nice out of the box. I am not really checking in the vm if clamd hangs on 100% or OM's (ssshhhhhh ;)). In my container environment I do not need to. 

Furthermore you can make a difference between stateless and stateful tasks. The ldap server can be stateless, because it syncs it's updates anyway, same as spamd and clamd. Which means if a hosts fails, I can just start these automatically on different hosts not needing to worry about fs problems.
In my environment clamd / spamd are not even on a public facing environment these are now isolated, so by decreasing my remote attack surface my security goes up.

What I have also noticed, is that having such environment you are more like to quickly test with new applications. I also think that, now redhat is letting go of centos, the time of lts distributions is coming to an end.

However most applications are not really designed to be used as containers (micro services). But if when they are, all these tasks are communicating with each other on dynamic ip addresses and dynamic ports on dynamic hosts.
I would recommend start playing with the containers, and I guarantee you will discover their use and beauty.