On Fri, Dec 11, 2015 at 12:33 PM, Joe Brockmeier jzb@redhat.com wrote:
On 12/11/2015 02:23 PM, Chris Murphy wrote:
These I have running in a fedora container. lspci mostly works, but getting full -vvnn detail requires --privileged=true. And the other three require it. iotop additionally needs --net=host. I'd be OK with them just being available in a container, but it might make more sense to just include them in the atomic ISO installation, maybe even borrowing a list from the Server product?
We want, as much as possible, to keep the image small and run all the things in containers where possible.
If there's something where that just won't work, or is ludicrously difficult, we should discuss including it.
I think these may be needed in the ISO:
cryptsetup - needed to boot encrypted devices rng-tools - this includes rngd, seems useful for all containers esp in a cloud context. Even with --privileged=true I get:
# systemctl start rngd Failed to get D-Bus connection: Operation not permitted # systemctl status rngd Failed to get D-Bus connection: Operation not permitted
Also, a way to separate kernels from the rest of the current tree. Right now I'm on atomic 23.29, the previous tree I have installed is way back to 23 (because it's an ISO installation), but I'm encountering a kernel regression. It's very suboptimal to have to rollback everything to 23, rather than just the kernel. Stepping the kernel forward independently from the cloud atomic host tree is maybe even better in some instances than rolling back.