docs: [#10] add ADR-002 documenting Docker for all services decision

- Create comprehensive ADR documenting the decision to use Docker for all
  services including UDP tracker despite potential performance overhead
- Document technical challenges with host networking and connection tracking
- Reference related GitHub issues #27 and torrust#72 from torrust-demo repo
- Update application README with Docker design decision section
- Update twelve-factor refactor docs to reference new ADR
- Update main README to list both ADRs with descriptions
- Update cloud-init comments to clarify dependency installation purpose
- Prioritize demo simplicity and consistency over peak performance

Author: josecelano

README.md

@@ -108,6 +108,10 @@ make destroy                                 # Clean up
 
 - [Documentation Structure](docs/README.md) - Cross-cutting documentation
 - [Architecture Decisions](docs/adr/) - Design decisions and rationale
+  - [ADR-001: Makefile Location](docs/adr/001-makefile-location.md) - Why the
+    main Makefile is at repository root
+  - [ADR-002: Docker for All Services](docs/adr/002-docker-for-all-services.md) -
+    Why we use Docker for all services including UDP tracker
 
 ## 🛠️ Development
 

application/README.md

@@ -204,3 +204,45 @@ Application documentation should cover:
 - Application-specific troubleshooting
 
 See [`../infrastructure/`](../infrastructure/) for infrastructure-specific documentation.
+
+## 🐳 Docker Design Decision
+
+This demo repository uses **Docker containers for all services**, including the
+Torrust Tracker UDP component, even though this may not provide optimal
+performance for high-throughput UDP tracking operations.
+
+### Why Docker for Everything?
+
+The decision to use Docker for all services, including the performance-critical
+UDP tracker, prioritizes:
+
+1. **Simplicity**: Single orchestration method (Docker Compose) for all services
+2. **Consistency**: Identical deployment process across environments
+3. **Maintainability**: Easier updates and dependency management
+4. **Documentation**: Clear, reusable examples for users
+5. **Demo Focus**: Emphasizes functionality demonstration over peak performance
+
+### Performance Considerations
+
+While Docker networking may introduce some overhead for UDP operations compared
+to running the tracker binary directly on the host, this trade-off aligns with
+the repository's primary goals:
+
+- **Demo Environment**: Showcasing Torrust Tracker functionality
+- **Frequent Updates**: Easy deployment of new tracker versions
+- **User-Friendly**: Simple setup process for evaluation and testing
+
+### Production Performance Optimization
+
+For production deployments requiring maximum UDP performance, consider:
+
+- Running the tracker binary directly on the host
+- Using host networking mode for containers
+- Implementing kernel-level network optimizations
+- Disabling connection tracking for UDP traffic
+
+These optimizations will be covered in dedicated performance documentation
+outside this demo repository.
+
+> **Reference**: See [ADR-002](../docs/adr/002-docker-for-all-services.md) for
+> the complete rationale behind this design decision.

docs/adr/002-docker-for-all-services.md

@@ -0,0 +1,218 @@
+# ADR-002: Use Docker for All Services Including UDP Tracker
+
+## Status
+
+Accepted
+
+## Date
+
+2025-01-07
+
+## Context
+
+The Torrust Tracker Demo repository provides a complete deployment environment for
+the Torrust Tracker, including the UDP tracker component, HTTP tracker, REST API,
+and supporting services (Prometheus, Grafana, MySQL/SQLite).
+
+### Performance Considerations
+
+UDP tracker performance is critical for BitTorrent operations, and several
+performance optimization approaches were considered:
+
+1. **Host Network Mode**: Running UDP tracker containers with `--network=host`
+   to avoid Docker networking overhead
+2. **Connection Tracking Disable**: Disabling `nf_conntrack` to reduce kernel
+   overhead for UDP packet processing
+3. **Source Compilation**: Running the tracker binary directly on the host
+   instead of using Docker containers
+
+### Technical Challenges Identified
+
+During investigation of performance optimizations, several issues were encountered:
+
+1. **Connection Tracking vs Docker**: Docker networking appears to rely on
+   connection tracking (`nf_conntrack`) for proper packet routing. Disabling
+   connection tracking while using Docker containers resulted in networking
+   issues.
+
+2. **Host Mode Limitations**: While host networking mode worked, it created
+   complications with service orchestration and port management in the demo
+   environment.
+
+3. **Complexity vs Benefit**: Performance optimizations added significant
+   complexity to the deployment process and infrastructure management.
+
+### Related Issues
+
+This decision addresses problems documented in previous GitHub issues:
+
+- [torrust/torrust-demo#27](https://github.com/torrust/torrust-demo/issues/27):
+  Improve tracker performance by adjusting docker network configuration
+- [torrust/torrust-demo#72](https://github.com/torrust/torrust-demo/issues/72):
+  Fix nf_conntrack table overflow causing UDP packet drops
+
+## Decision
+
+**Use Docker containers for all services in the Torrust Tracker Demo, including
+the UDP tracker, without host networking mode or connection tracking modifications.**
+
+## Rationale
+
+### Primary Goals Alignment
+
+The Torrust Tracker Demo repository has specific primary objectives:
+
+1. **Demo Environment Setup**: Provide a complete, working demonstration of
+   Torrust Tracker functionality
+2. **Frequent Updates**: Update the demo environment regularly, ideally with
+   every tracker release
+3. **Declarative Infrastructure**: Maintain Infrastructure as Code approach
+   for reproducible deployments
+4. **Documentation Generation**: Serve as a reference implementation for
+   deployment procedures
+
+### Performance vs Simplicity Trade-off
+
+While Docker networking may introduce some performance overhead compared to
+native host networking, the benefits outweigh the costs for this use case:
+
+**Benefits of Docker Approach:**
+
+- **Consistency**: All services use the same orchestration method
+- **Simplicity**: Single Docker Compose configuration manages all services
+- **Reproducibility**: Identical behavior across different environments
+- **Maintenance**: Easier updates and dependency management
+- **Documentation**: Clearer examples for users to follow
+- **Testing**: Simplified CI/CD and local testing procedures
+
+**Performance Considerations:**
+
+- The demo environment prioritizes functionality demonstration over peak performance
+- Users requiring maximum performance can reference this implementation and
+  optimize for their specific production needs
+- Performance optimizations can be documented separately without complicating
+  the base demo
+
+### Future Performance Documentation
+
+Performance optimization will be addressed through:
+
+1. **Dedicated Documentation**: Separate guides for production performance tuning
+2. **Configuration Examples**: Performance-focused configuration templates
+3. **Best Practices**: Documentation of optimization techniques and trade-offs
+4. **Potential Repositories**: Specialized repositories focused on high-performance
+   deployments
+
+## Consequences
+
+### Positive Consequences
+
+- **Simplified Deployment**: Single orchestration method for all services
+- **Better Documentation**: Clear, consistent examples for users
+- **Easier Maintenance**: Streamlined update procedures
+- **Improved Testing**: Consistent test environments
+- **Faster Development**: Reduced complexity in infrastructure management
+
+### Negative Consequences
+
+- **Performance Overhead**: Some UDP tracker performance impact from Docker networking
+- **Resource Usage**: Additional container overhead compared to native binaries
+- **Networking Complexity**: Docker networking abstractions may obscure network issues
+
+### Mitigation Strategies
+
+1. **Clear Documentation**: Document the performance trade-offs explicitly
+2. **Performance Guidelines**: Provide separate documentation for production
+   performance optimization
+3. **Configuration Examples**: Include performance-tuned configuration examples
+4. **Monitoring**: Include comprehensive monitoring to identify performance issues
+
+### Future Considerations
+
+- Monitor for significant performance issues in demo environment
+- Re-evaluate if Docker networking becomes a major limitation
+- Consider hybrid approaches for specific production use cases
+- Provide migration guides for users who need maximum performance
+
+## Alternatives Considered
+
+### Alternative 1: Host Network Mode
+
+**Description**: Run UDP tracker with `--network=host`
+
+**Pros**:
+
+- Better network performance
+- Reduced networking overhead
+- Direct access to host network interfaces
+
+**Cons**:
+
+- Port conflicts with host services
+- Reduced container isolation
+- Complications with service discovery
+- More complex firewall configuration
+
+**Decision**: Rejected due to increased complexity and orchestration challenges
+
+### Alternative 2: Native Binary Deployment
+
+**Description**: Compile and run tracker binary directly on host
+
+**Pros**:
+
+- Maximum performance
+- No container overhead
+- Direct kernel network access
+
+**Cons**:
+
+- Complex dependency management
+- Platform-specific build requirements
+- Reduced deployment consistency
+- More complex update procedures
+- Breaking changes to current infrastructure
+
+**Decision**: Rejected due to complexity and maintenance burden
+
+### Alternative 3: Hybrid Approach
+
+**Description**: Use Docker for supporting services, native binary for tracker
+
+**Pros**:
+
+- Performance optimization for critical component
+- Maintained orchestration for supporting services
+
+**Cons**:
+
+- Increased complexity
+- Mixed deployment methods
+- More complex CI/CD pipelines
+- Inconsistent documentation examples
+
+**Decision**: Rejected due to increased complexity and mixed approaches
+
+### Alternative 4: Conditional Deployment
+
+**Description**: Support both Docker and native deployment modes
+
+**Pros**:
+
+- User choice for performance vs simplicity
+- Flexibility for different use cases
+
+**Cons**:
+
+- Significant maintenance burden
+- Complex documentation
+- Multiple testing matrices
+- Potential for configuration drift
+
+**Decision**: Rejected due to maintenance complexity
+
+## References
+
+- [Torrust Tracker Documentation](https://docs.rs/torrust-tracker/)
+- [GitHub Issue #27: Docker Network Configuration](https://github.com/torrust/torrust-demo/issues/27)
+- [GitHub Issue #72: nf_conntrack Overflow](https://github.com/torrust/torrust-demo/issues/72)

infrastructure/cloud-init/user-data.yaml.tpl

@@ -52,8 +52,9 @@ packages:
   - ufw
   - fail2ban
   - unattended-upgrades
-  # Torrust Tracker dependencies for future source compilation
+  # Torrust Tracker dependencies for potential source compilation
   # Currently using Docker, but planning to compile from source for better performance
+  # in production environments (see ADR-002)
   - pkg-config
   - libssl-dev
   - make
@@ -202,7 +203,7 @@ final_message: |
   - Firewall: UFW enabled with proper SSH rules
   - Security: Automatic updates enabled
   - Torrust Tracker dependencies: pkg-config, libssl-dev, make, build-essential, libsqlite3-dev, sqlite3
-    (for future source compilation)
+    (for potential source compilation in production environments)
 
   SSH Access:
   - SSH Key: ssh torrust@VM_IP

infrastructure/docs/refactoring/twelve-factor-refactor/README.md

@@ -40,8 +40,11 @@ From the official Torrust Tracker documentation, we need to account for:
 #### Docker vs Source Compilation
 
 - **Current**: Using Docker images (torrust/tracker:develop)
-- **Future**: Plans to compile from source for better performance
+- **Future Plans**: Considering source compilation for production performance optimization
 - **Dependencies**: pkg-config, libssl-dev, make, build-essential, libsqlite3-dev
+- **Demo Repository Decision**: Uses Docker for all services to prioritize simplicity,
+  consistency, and frequent updates over peak performance
+  (see [ADR-002](../../../docs/adr/002-docker-for-all-services.md))
 
 ### Twelve-Factor Violations Identified
 

project-words.txt

@@ -7,6 +7,7 @@ cdrom
 certbot
 cloudinit
 commoninit
+conntrack
 containerd
 CPUS
 dialout