Tag Archives: Open Source

Run Docker in an LXD container

I’m a fan of Canonical’s LXD containers—which essentially copy the same approach to lightweight virtualisation enjoyed by Solaris Zones users (and by extension, any illumos-based distros such as SmartOS) for over ten years. One area however where Canoncial is playing catch-up compared to commercial UNIX is in incomplete documentation spread out absolutely everywhere—blog posts, articles, wikis, and so on. Trying to find consistent information on the level of support for Docker running in an LXD container is a perfect example of this. It’s a real mess.

At the time of writing, running Docker as installed from the official Docker repository will fail in an LXD container. This is noted in the following two bug reports:

The advice provided in both reports is to use Ubuntu’s Docker packages:

“Only Docker coming from Ubuntu (docker.io package) works inside LXD containers.

“The Docker coming from upstream is missing a number of patches to make it work, leading to the problem you describe above. We’ve been pushing for those changes to be merged upstream and some were, but we’re not yet at a point where the upstream packages work.”

Otherwise, the prerequisite for running Docker in LXD is that the container is launched with the docker profile applied, and is configured as a privileged container (by default, LXC containers are unprivileged). In the following example, the nextcloud-dev-1 container is created with the default and docker profiles applied, and its configuration is set to be privileged:

$ sudo lxc launch ubuntu:16.04 nextcloud-dev-1 -p default -p docker -c security.privileged=true

Post installation, log into the container and install the Ubuntu Docker package:

$ sudo apt install docker.io

From there, Docker should work as expected.

More on privileged containers is here:

 

Advertisements

Watermarks template for LibreOffice Writer

For folks wanting a LibreOffice Writer template with a default set of high-quality, vector-based watermarks good to go, head on over to www.apertura.co.nz/libreofficewatermarks and download/share away. Any feedback or suggestions, let me know.

Let’s *not* let them (NZ government workers) use Chromebooks

Technology journalist Bill Bennett muses in a post from a year ago titled “Let them (NZ government workers) use Chromebooks” about the potential cost savings and productivity gains to theoretically be had from deploying the Google office productivity stack for NZ government workers. Some excerpts:

“Put aside for a moment the security risks and the NZ$2 million paid to Microsoft for extra [Windows XP] support… One solution would be to write off all the existing computers and replace them with Chromebooks… There would be immediate savings. Chromebooks can’t run Microsoft Office. Government departments can shift to Google Apps… Getting all government employees and applications into the cloud means there will never again be a situation like 40,000 computers using out of date software.”

The security risks and $2 million dollar figure can be viewed as part of the exit cost of adopting the Microsoft platform to begin with. 13 years ago there may have been a reasonable case for Windows XP being an adequate desktop solution, which is clearly no longer the case in 2015. However, suggesting that NZ government trades one proprietary ecosystem (Microsoft) for one even more closed is not an advance at all. From a technology perspective, Google Apps for instance is completely welded shut – with a non-standard and entirely Google-secret document format at its core.

Yes, there’s a strong case to be made for the combined benefits of moving computing services off the Microsoft desktop platform and onto a Linux-based OS (Chrome OS is but one example, Ubuntu is another), replacing full desktop computers with thin clients, and adopting cloud-hosted applications. However, I would seriously question the wisdom of government migrating to a platform so tightly controlled by a single vendor – not to mention one that derives ~90 percent of its total global revenue from advertising, or that has a long track record of startlingly short product lifespans. It would drastically curtail competitive supplier choice, and in the case of Google Apps (and to an extent Chrome OS), eliminate the freedom to self-host the technology in-house or via a third party as and when the situation or requirement arises.

The $2 million dollar figure for Microsoft’s extended Windows XP support might well pale in comparison to migrating off a proprietary, cloud-only solution 13 years from now. The point being, any serious discussion must take into account exit costs, and not simply the superficial low cost of entry, be it Office 365, Chrome OS, Chromebooks, and so forth. This is an aspect Bill Bennett’s article omits, much like most other opinion pieces on the matter.

Apropos of this, in the time since the source article was written, the reasons for the UK government mandating ODF for document interchange (to the detriment of both Microsoft and Google) makes for worthwhile reading.

On Microsoft killing the Internet Explorer brand

The problem is, Internet Explorer – while a simply awful piece of technology – will forever be associated with being tied to an equally mediocre OS (Microsoft Windows). Open source it already, and kill off its dependency on Windows. Not rocket science.

Microsoft is killing off the Internet Explorer brand (The Verge)

Endpoint-encrypted email with Thunderbird and Enigmail

Thanks to Thunderbird and Enigmail, anyone wanting to securely contact me over email can now do so.

Regarding Enigmail, setup is reasonably quick and easy (thanks to Enigmail’s wizard), but it’s definitely something most folks would need help with from someone with technical know-how. Anyone local who would like to claw back a little of their privacy in the post-Snowden era is welcome to drop me a line for assistance.

Forking GlassFish Redux: Payara Server

In the time since I last wrote about the need for a fork of Oracle’s GlassFish Server, Oracle have effectively removed the viability of GlassFish as a production system by killing off professional support in favour of their megabucks closed-source WebLogic product. This was a completely unsurprising move, and simply added to the mountain of orphaned and abandoned techhnology inherited from Oracle’s Sun acquisition (to which we can add some more recent additions).

Fortunately, and largely due to the wisdom of Sun to originally open source the product, a new player in the Java app server scene has appeared with what is to all intents and purposes the GlassFish fork we’ve been waiting for: Payara Server.

You can check out their website at: http://www.payara.co.uk/home. As mentioned on their site: “We take GlassFish upstream. We support it, fix it, enhance it. We release it as open source Payara Server.”

Do I have funds or a current use case to pay for professional support for an app server yet? No. Do I want to use the same product I’ll eventually be using in production while I’m in the startup/setup phase, easily and without restriction? Yes. Will I pay for support if the use case requires it, and if it guarantees a healthy product/project down the line in the best spirit of open source? Happily, and especially if it’s from the same vendor offering the product to begin with. Not rocket science, and when a vendor throws too many obstacles in my path I’ll simply switch to an alternative which does afford me these freedoms.

Looking forward to trying this out.

Android’s better browser?

Folks using Android aren’t in much doubt about which is the better browser:

Firefox for Android vs Google Chrome Play Store ratings

Custom Firefox Sync servers now supported again for Firefox for Android

Around the Firefox v29 timeline, Mozilla changed the authentication mechanism for Firefox Sync to use Firefox Accounts. Consequently, the setup method for custom self-hosted Firefox Sync servers changed (note that my guide has yet to be updated), and for a few releases Firefox for Android did not support the new model.

Fortunately, custom Sync server connectivity has been restored as of Firefox for Android version 33. The full guide (including an add-on which enables custom sync server addresses) can be found on Nick Alexander’s blog.

Note that if you’re using a “non-standard” port for either your custom Sync or Firefox Account servers, you’ll run into the bug described at https://bugzilla.mozilla.org/show_bug.cgi?id=1046020, which as Nick says manifests itself as an authentication error. The workaround suggested is to use Firefox Beta, which works for me.

It’s terrific that Mozilla continues to offer its users the choice of self-hosting their solutions.

Firefox Sync on Android

RSS feed reader improvements in Thunderbird

Short and sweet: a cute improvement made to the RSS feed reader capability in later Thunderbird releases – feeds now display with the favicon of the source feed:

Favicon in Thunderbird RSS feeds

Apache OpenOffice for OpenIndiana (Hipster)

It’s been a long while since I’ve blogged anything on the OpenIndiana front – just a quick update regarding the recent announcement of an Apache OpenOffice package for the OpenIndiana rapid development branch, a.k.a. Hipster.

Installation from the current Hipster repository is straightforward, and aside from a rather long launch time (in the order of tens of seconds, something which definitely needs to be looked at), it opens an existing LibreOffice Writer document with absolutely no problems, retaining the customised footers, background images, and the proprietary PostScript fonts (once installed):

OpenOffice running on OpenIndiana

OpenOffice running on OpenIndiana

Great work from the various contributing developers to make this happen, and an important component of building a Nuxeo DM server based on illumos.

(EDIT: It appears there are issues with being able to save newly-created ODT-format files, whereas editing and saving existing files appears to be okay. Stay tuned.)