hey mers! yes, last week a few of our Docker auto-builds on Quay failed. the remote images should still be up-to-date via direct `docker push` but we still have yet to fix the build (and thereby, the badge)
mers
does quay actually show why something fails?
fancyremarker
it does for us. let me check logged out
ah, no
only we can see the cause of the build failures
mers
ah, ok. was curious more than anything
re: docker and base images, is using the ubuntu base image required for HIPAA compliance?
fancyremarker
definitely not
we just chose Ubuntu because it's most familiar. we're actually moving some of our images over to busybox for simplicity
also, it's not necessary to use an Aptible base image. we provide them for convenience and for purposes of consistent documentation
mers
ok. i'm trying to base our containers on the Java images in the registry for familiarity
sounds like that won't get in the way
are you already on Docker 1.3 btw? specifically, exec support
not that i know how to trigger that if the container's running via Aptible :)
fancyremarker
we are not on Docker 1.3 since we keep our Docker version consistent across all stacks, and Docker upgrades historically have caused service disruptions. that said, we are planning to upgrade to latest (1.3 or 1.4) by late November
we probably wouldn't expose `docker exec` directly since it would be very hard to securely wrap that
mers
not quite grasping how we'd get access to the running containers ... logs seem to be getting pushed to papertrail. how about manual DB work? remote access? a container running a shell?
fancyremarker
we have "aptible ssh", which takes the current image for your app, and combines it with the current environment of your app, in a new container
it's isolated from your production containers (for security) but allows you to do manual database work, test things in a production environment, etc
much like Heroku, there's no way to access the actual containers running production services
mers
since it's a new container and layer, wouldn't that make the production container read-only?
or am i missing something?
fancyremarker
the container is read-write, but it is ephemeral, meaning that any changes you make inside the container itself won't persist because the container is cleaned up after use. that said, when you access a database, it's by running a client utility inside the `aptible ssh` session and connecting by URL