Docker Bday #6

Chrooted media server made easy

Who are you?


Daniel Caballero

Sr SRE Engineer @ Fastly

Part time (Devops) lecturer @ La Salle University

Previously working for Schibsted, NTT, Oracle...

Maintainer of tcpgoon

But I just came to speak about a personal setup...

So my media server

But...

Forget about transcoding in ARM

And the problem

With remote access enabled, you need to trust the software and Plex Inc...

Isolating everything (tm)

  • While changing default umask and dir permissions should prevent unauthorized accesses from PMS to other filesystem files if the worst happens...
  • You may want to isolate your media service software still more
    • For instance, I also store personal data living in the same home server
    • Quite easy to end up with files in your filesystem with o+r

Isolating processes in Linux

  • Chroot
  • SELinux
  • VMs
  • VPS
    • Linux VServer
    • OpenVZ
  • namespaces
  • LXC
  • docker → libcontainer

Isolating processes in Linux

  • Chroot
  • SELinux
  • VMs
  • VPS
    • Linux VServer
    • OpenVZ
  • namespaces
  • LXC
  • docker → libcontainer

See more

Why docker?

Easy way to consume cgroups/namespaces

LXC, from codekoala/docker-plex

lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.name = eth0
lxc.network.hwaddr = 00:11:22:33:44:55

lxc.rootfs = /var/lib/lxc/[NAME]/rootfs
lxc.utsname = [NAME]
lxc.arch = x86_64
lxc.include = /usr/share/lxc/config/archlinux.common.conf

## systemd within the lxc
lxc.autodev = 1
lxc.pts = 1024
lxc.kmsg = 0

## mounts
lxc.mount.entry = /mnt/video /var/lib/lxc/[NAME]/rootfs/video none bind,create=dir 0 0

Docker (thanks to jaymoulin/docker-plex):

$ docker run -d --restart=always --name plex --net=host -v /var/lib/plexmediaserver/:/media \
    -v /media/usbDisk/FamilyData/KidsPelis:/root/Library/KidsPelis \
    ...
    -v /media/usbDisk/FamilyData/Series:/root/Library/Series \
    jaymoulin/plex

And we get a systemd replacement for free

Given dockerd starting at boot time, containers persistence is guaranteed

It works in RPI!

Actually docker && ARMs is an interesting marriage for IoT

Is there more ways of running plex?

  • Plex Cloud is no longer an option...
  • You can run plex in a VPS
  • Or an actual PCs/Mac(mini?)
  • Or buy a NAS/box with support
    • Some DO support transcoding

And other media servers?

Qs

Other Qs or feedback?

dani . caba at gmail (dot)com

Happy plex'ing!