Why Cloudron's Docker only? How about VM containers with generic Docker Compose scripts?s?

marcusquinn

As we all know - there's work involved in packaging apps for Cloudron's specific Docker implementation.

And there's many more apps on the Wishlist than there seems to be manpower to package and maintain.

How about an alternative generic method of installing apps using KVM/LXC/LXD containers and the standard Docker Compose scripts being offered by almost all apps on the wishlist?

It might give us a much faster way to have apps installed to text, perhaps without some of the nice-to-have features

Sorry, I'm looking at things like Portainer (Demo user: admin pass: tryportainer), Proxmox, DockStation, Rancher, D2C, Cockpit and wondering if we're making things too difficult to try now apps with all or nothing for CLoudron App packaging that we get stuck on when there's anything unexpected like needing multiple containers, add-on apps included etc.

robi

@marcusquinn Remember Sysbox from Nestybox?

A Former User

It might move faster than sysbox.

girish

@marcusquinn said in Why Cloudron's Docker only? How about KVM containers with generic Docker Compose scripts?:

How about an alternative generic method of installing apps using KVM containers and the standard Docker Compose scripts being offered by almost all apps on the wishlist?

Are you suggesting deploying composer files inside the same server as Cloudron or in external virtual machines? We can discuss further depending on your answer to this.

It might give us a much faster way to have apps installed to text, perhaps without some of the nice-to-have features

Would be good to understand the end goal here. Is the goal to just test an app to see if you like it/solves your use case or to actually use it for production?

Sorry, I'm looking at things like Portainer (Demo user: admin pass: tryportainer), Proxmox, DockStation, Rancher, D2C

The way I see it, each of these products solves entirely different use cases (including Cloudron). They are more into devops, PaaS and CI/CD.

marcusquinn

@girish Yes, they certainly are all different, and Cloudron certain is my favoured tool for production instances management.

However, there seems to be a universally acknowledged issue in the bar for entry for apps being packaged is so high, that the wish list grows faster than apps are packaged. So what do we do?

Some more confident system admins can fire up new small VPS/VM instances and try installing those unpackaged apps using their official Docker Compose scripts, and anyone else just has to wait or find an alternative.

I'm trying to find a way to reduce the barrier to entry for that next-best alternative.

Maybe I can ask the question a different way...

How do you suggest a Cloudron subscriber gets to use any apps on the wish list that aren't packaged or don't have any available packagers in the immediate future?

My whole technology career is based on figuring out how to get out of technology traps, so what's the next-best alternative here?

Would having Cloudron able to fire up and manage KVM containers solve this? Kinda like a multi-cloudron but on a single Cloudron server? Kinda like Cockpit offers.

girish

@marcusquinn said in Why Cloudron's Docker only? How about KVM containers with generic Docker Compose scripts?:

Some more confident system admins can fire up new small VPS/VM instances and try installing those unpackaged apps using their official Docker Compose scripts, and anyone else just has to wait or find an alternative.

To explore this a bit more... Generally, those docker compose files are "one liners" which you run and "hope for the best". They also make best sense to run in a separate VPS and not part of Cloudron itself since nothing there is shared with Cloudron anyway (the compose files bring their own database containers etc). Given that, why try to force fit Cloudron into all this?

Backups - it's best to take VM backups for such deployments. Cloudron's backup mechanism is only possible because apps are packaged in a specific way.

Restore - has to be done using the VM snapshot above.

Certs/Domain - this has to be done manually. I think some of those containers even support certbot integration etc.

User management - it won't integrate and we have to teach people about LDAP.

Email - it won't integrate and we have to teach people how to configure email sending inside the app.

Updates - it's not possible to provide a generic update strategy given that backup/restore itself doesn't work within Cloudron.

Cron jobs, services, nginx configuration, security configuration etc - Hopefully, they are part of the compose (?) Who should look into all this - we take this responsibility right now.

Support - if an app doesn't install or update, I am not sure what we (cloudron team) can do.

If you look at it, the above is exactly what Cloudron tries to solve. Atleast, I cannot see how this can be solved by deploying generic compose scripts.

marcusquinn

@girish Sorry, I think with Ubuntu it might be LXD, but the same concept:

• https://ubuntu.com/lxd
• https://multipass.run/
• https://maas.io/

That's kinda why I'm thinking VM containers. Effectively separate VMs but without the duplication of core files, resources and OS setup time. Cockpit is perhaps the best example to compare the idea, followed by Proxmox.

If I want to trial 15 apps that offer a Docker Compose one-liner, maybe 10 of them I might get lucky with working on a VM, but why would I want 15 VPSs to trial that, when I could just have one versatile parent Cloudron giving me the economies of scale for management time in that I only have one master OS to oversee maintenance of.

Email - I accept that it means no automated email management, it's no big deal doing that manually in most apps.

LDAP - I think may be accessible with manual setups, in the same way we're already doing with apps hosted on separate VPSs, Cloudron as an LDAP master for multiple servers is a big plus for us, even if we have to do the work on the other apps not fully packaged as Cloudron apps yet.

Updates - I expect re-running the Docker Compose setup script usually takes care of that.

Really I guess I'm asking for a VM container App. So you're supporting that, but not what is done with it, in exactly the same way you're supporting any other app but not what we do with them.

I don't know enough about SysBox that Rob is a champion of, maybe that's an option, maybe not depending on how standard or not it might be to Ubuntu.

I'm just trying to take advantage from existing resources, and how else are we going to get more apps without dedicated app packaging and custom feature requests being approved for multi-container apps?

marcusquinn

If you consider QNAP a prosumer self-hosting device, and Cloudron relatively similar in mission and accessibility, then perhaps their Container Station app helps demonstrate an equivalent offering:

• https://www.qnap.com/en/software/container-station
• https://www.qnap.com/en/how-to/tutorial/article/how-to-run-lxd-container-instances-in-container-station

marcusquinn

Interesting read on the subject: https://www.reddit.com/r/linux/comments/7pxa1s/does_anyone_use_lxd_canonicals_linux_container/

timconsidine

@marcusquinn I totally get the sentiment behind the topic headline.
Personally I am torn :

• Cloudron is such a fantastic platform with many benefits, the 2 main ones being ease of use and stability.
  So of course any passionate user will want to do more on the platform.
• The moment Cloudron 'loosens' its strict platform boundaries, there is almost inevitable risk to both ease of use and stability.

On balance (although it's a fine 60:40 balance) I tend to support keeping Cloudron's platform boundaries strict.

But how then to address the natural desire of passionate users to do more?
That's the conundrum.

• a non-answer is to do all the "other stuff" on another VPS.
  I and many others have 2nd, 3rd and 4th VPS (MyDocker, MyCaprover, MyScratchBox).
  It may be the best solution, but I understand it's not an answer really to the question.
• a better answer might be to encourage and facilitate custom apps
  (more tutorials, maybe more hand-holding through the forum).
  That removes the burden on Cloudron support. It's custom --> it's not supported beyond general advice.
  I think broadening the use of custom apps built within Cloudron's guidelines might be the partial solution.
  Although clearly not a full one.
  [ASIDE : I was initially terrified about tackling custom apps. It sure can be complex for complex apps. But there is a lot that can be done on simple apps with basic skills.]

Also the maintenance burden becomes bigger quite quickly.
I have approx 100 deployed apps on my Cloudron and about 10 each on a Docker VPS and a Caprover VPS.
The ratio of my maintenance time is of the order of 10:50:40 (Cloudron:MyDocker:MyCapRover).
That is ridiculous really when the apps are 100:10:10.
There is a big warning there!

A side consideration of supporting docker run xxx and docker-compose up -d type of apps is something like Portainer quickly becomes essential.

I think I might spin up a 2-app throwaway Cloudron and experiment with LXD/LXC for docker run and docker-compose up. But other more competent people will have more valid opinions on the wisdom of this.

Hope that's not a useless ramble.

MooCloud_Matt

Maybe I join too late on this discussion, but from what I understand the bid issue is flexibility vs cloudron ideals of Easy, Safe(backup) and it just works.

Probably expanding the Manifest specification and openly allowing the file format to be also used externally from cloudron can help its spread, and increasing the 3* party apps.

So these 2 changes could help:

• If CloudronManifest is an open standard, like Docker Compose based on the https://compose-spec.io/. Other dev could build a CLI tool to install the app based on it. And provide the community the ability to trust this format to be in the future use outside cloudron if cloudron changes its idea on supporting its community or gets sold.

• Improving the Manifest with the introduction of more than 3 directories now available, allowing the dev to set if a directory is writable and if the directory needs to be backup.
  with the list of directories, that need to be backup available on the manifest file, backups can be standardized and at the same time is easy and more convenient to containerize apps for cloudron.

marcusquinn

The main issues we have are:

1. We can get an app running same-day with all we need on a separate VPS, but it could be a week of trial & error and blockers with Cloudron limitations. After losing so much time already, the time and will to then try and negotiate through the blockers is diminished.
2. Many apps are multiple Docker-containers or need services that Cloudron monopolises or would just work with a VM container.
3. Why not? What really is the harm in adding this generic feature that's already there in the required Ubuntu core OS layer anyway?
4. I believe that without scaling the number of staff, packagers and developers of Cloudron, it's only a matter of time that a competitive alternative will take on these things and make Cloudron a stale relic in comparison. The app packaging bottleneck is a real bandwidth problem that seems to have slowed more over time as the developer time is split with feature priorities and maintenance. Even if the negotiation weren't extra work for convincing the gatekeepers for features or allowances, we're very, very centralised in dependancies right now, that does mean a wish list of more and more apps that have ample demand but no sign of ever being packaged at the current rate. This at-least eases that quagmire somewhat.

fbartels

LXC is certainly a nice tool, I am using wherever possible. But instead of starting lxc containers on a Cloudron host, I would rather do it the other way around and have one of my LXCs a Cloudron container (at some point I have to try how well Cloundron runs on ZFS).

Plus I do see challenges on the networking side, like what if you want to run an app on e.g. port 25, 110, 143, 443, 993, 995, ... Ideally you will want to have a dedicated ip per vm.

But I do agree that some sort of integration of external servers into Cloudron would be neat. Maybe a little agent sitting on external servers and establishing a private network with the Cloudron server. This agent could then expose the Cloudron usermanagement to the external server and allow easy use of Cloudron as the mail relay. Bonus points for direct integration into the Cloudron Dashboard for running webapplications. Maybe a simplified healthcheck and monitoring could be possible from the Cloudron host as well.

MooCloud_Matt

@marcusquinn
Partially is solvable using the additional docker container feature in Cloudron, that one to have a specific database.
I really think that most feature would be solve if we add a more open and robust manifest, like multiple volume support (in the manifest).
Maybe a script that is executed before a backup snapshot is taken, so you have the option to stop the app and dump your db.
Managing VM is difficult and to do it reliable it's better to use specific kernels modules, so i think that for that we can still use other software.
But LXC is born to be different from Docker:
LXC is 1 container == 1 OS
Docker container (still Linux container) == 1 Service/app.

girish

@marcusquinn said in Why Cloudron's Docker only? How about VM containers with generic Docker Compose scripts?s?:

We can get an app running same-day with all we need on a separate VPS, but it could be a week of trial & error and blockers with Cloudron limitations. After losing so much time already, the time and will to then try and negotiate through the blockers is diminished.

Just to be on the same page. So we have an external app which user somehow installed and willing to manage. The question is how we can integrate this with Cloudron?

So, to expand on https://forum.cloudron.io/topic/7076/shortcut-app what we really need is: user creates 'External app' and can choose user management as always. The icon appears but also LDAP and Email connectivity instructions that user can plug in to the external app. Maybe it can also act as a reverse proxy so that it can do healthcheck as well as manage certs. The external app only needs to have some firewall rule to allow connections from Cloudron itself.

marcusquinn

@girish That's all up to the user to do manually if they wish. It's just a VM Container, what happens within it is no different to what would happen on a separate VPS, we just don't want dozens of VPSs for the time and cost when we can have just one meaty server sharing resources.

Referencing https://forum.cloudron.io/topic/7076/shortcut-app might just be confusing matters.

This post is about Cloudron offering what Cockpit and Container Station offers. Kinda like Surfer - it's just a generic app for static sites and files, this VM App would be the same concept, just a blank canvas app for making VM containers.

marcusquinn

@MooCloud_Matt Yup, 1 OS, within which would be its own Docker instance and all other services. Run a Docker Compose script for a new app, and see what happens. Or we could just sit here hoping that some arbitrary app might get packaged before 2032 or death by too many VPSs to manage, whichever comes first.

girish

@marcusquinn said in Why Cloudron's Docker only? How about VM containers with generic Docker Compose scripts?s?:

It's just a VM Container, what happens within it is no different to what would happen on a separate VPS

The VM containers concept (like kata containers) works only in hypervisors/bare metal servers (which QNAP/Synology are since you purchase hardware). You cannot create VM containers in Cloud VMs.

I think this is what sysbox solves, but I don't have much experience with that.

For Cloud VMs, we are stuck with creating additional VMs for proper isolation.

marcusquinn

@girish My understanding is that limitation is only nesting KVM containers, which is what the cloud VPSs mostly seem to be anyway. Anecdotally, we have Proxmox running on a Hetzner Dedicated VPS and can create container VMs within that, I'm not sure why, but it's one way of cracking things, albeit without any Cloudron maintenance benefits.

timconsidine

@girish as I understand the thread's initial post suggestion, it is not about external apps hosted elsewhere and accessible from Cloudron dashboard.
It's about having an additional "environment" where users can more easily deploy their apps without them being in the Cloudron App Store and meeting the requirements for that.

That sounds to me like having a Portainer-like capability as a top-level app, or a Caprover-like ability to facilitate deployment of apps which are bog-standard docker run xxx or docker-compose.

As regards the latter, I've looked at self-deploying in Caprover and Dokku (self-hosted Heroku), and it's far from as simple as it seems.
Maybe it's a comfort thing but I prefer the Cloudron self-build/self-deploy approach.
So please nobody take these comments as supportive of a Caprover/Dokku facility in Cloudron.
I think it's a swamp which will suck precious resource.

A Portainer-like facility seems to me more stable and robust.

Maybe it's a question of being able to have Cloudron and Portainer running on the same (big) VPS without them affecting each other.
I'm not technical to know if that's viable.
But I think that is what is being asked for, or a way of delivering what is being asked for.

I should probably shut up now