Open amercader opened 6 months ago
I support Ubuntu or Debian slim, and dropping Alpine completely
I'd choose debian slim because ubuntu sometimes breaks things that work fine in debian. @EricSoroos did you have a more compelling reason to prefer debian over ubuntu?
Really I like either -- Debian is pure open source which is probably an advantage. I wouldn't expect large differences between the two images though.
I'm happy to try building seperate CKAN test images using Debian (slim) and Ubuntu...just to see what issues appear for both, if any...and then report back here to vote
Another thing to consider is do we pin base image versions down to specific builds?
Keitaroinc uses specific builds for it's Ubuntu CKAN images, however if we did this we would miss out on any security patch updates if we used a more generic tag base image approach. We have discussed this before. I'm thinking we go with generic (to capture new security updates) however if we experience breakages outside our comfort zone we pin to a specific build
Definitely go with distribution pins -- e.g. debian-bookworm or ubuntu-focal. I'd even push for a dist-upgrade in the initial phases of the build, possibly as a base image because of the general stability of the update process* is enough that we're likely to see more problems from security issues than upgrades.
The other issue to think about is the lifetime of the base image that we're using for the major release, because of the version of python that's packaged there. Focal (20.04) is 3.8, Jaunty (22.04) is 3.10, 24.04 is going to be 3.12.
A further wrinkle is that we could use the python3.x-bookworm images -- pinning a specific major python release using the underlying bookworm issue, and then get the python updates from the python core instead of debian's packaging.
(* I've been doing dist-upgrade on live servers for 20 years or so, and can't remember the last time debian stable or ubuntu LTS badly broke something in that time. (dist-upgrade is the upgrade but install new dependent packages that might not already be installed, it's not major stable -> stable+1). Docker on the other hand...)
Addressing the size issue -- I think the overall image size advantage for alpine goes away when you install gcc & g++.
Following on from @EricSoroos on a few points:
I have a preliminary Ubuntu 22.04 base image working locally with minimal testing
apt-get
rather than pip3
python3
as the python
plugin isn’t includedUPDATE: I also have a preliminary Debian 12 base image working locally with minimal testing
/srv/app/src/ckan
with /srv/app/
being a virtual environment in Debian
Alpine's own peculiarities (particularly its use of musl instead of glibc) sometimes causes problems that are hard to track down (see eg https://github.com/amercader/ckanext-embeddings/issues/4). Alpine was used as a base image originally to reduce the image size, but given that CKAN itself is not a micro-service where this might be important when deploying, I think most users would prefer the predictability and convenience of working in a Debian/Ubuntu based image.
alpine:3.19
debian:12-slim
debian:12
ubuntu:22.04
My personal preference is to use the Ubuntu one as this aligns with what we support in the Deb packages and the source installs, but happy to hear other thoughts.
We should tag these images differently, ev
ckan:2.10-ubuntu
Note that the Keitaro folks have been maintaining Ubuntu based images for a while: https://github.com/keitaroinc/docker-ckan