On Thu, Mar 6, 2014 at 2:53 AM, Matthew Miller <mattdm(a)fedoraproject.org> wrote:
On Wed, Mar 05, 2014 at 03:18:44PM +0900, Sandro red Mathys wrote:
> What else would you expect from the Docker Host Image? This is way too
> easy, so kindly tell me what obvious things I'm clearly missing. Apart
> from "you need to actually make sure an image is built and working"...
It _could_ be as simple as just shipping with docker and maybe etcd, but we
could make some other changes too. For example, we could drop cloud-init and
just have a minimal metadata service.
Not sure we want to use different metadata client services for
different cloud images, though. Happy to hear more opinions on it,
though. It sure is a promising new tool.
Also, in order for this to really be promoted, the SELinux stuff has
land, so there are some coordination responsibilities around that.
Oh, certainly. I just didn't mention it because it's not really a
change but merely a package upgrade AFAIK. Don't quite have the latest
status yet, though.
*But*, I'm also interested in exploring Colin Walter's Fedora
Initative here. That's because:
1) It actually _would_ let us get python out of the image, significantly
reducing image size.
Yes, it would. If we're also sure we don't want firewalld, nfs-utils, ...
2) It's a response to CoreOS's A/B updates model, but
actually goes one
better. (Or, in fact, N better!)
I agree it's a nice model but wouldn't set N to a very high value.
Also, I worry a bit about the QA and tracking down bugs (most devs
will always point at ostree). But happy to explore the possibility.
3) Fedora Atomic Initiative is the kind of leading-edge tech we
be exploring in Fedora.
Oh, totally. Still, I would rather have a statement from Colin Walters
that states it's in a good enough state for our use case. Leading-edge
is good, broken edges aren't :)
4) the Fedora Docker Host image is the right place to explore it
- The atomic model has some flexibility issues, and really assumes
another container layer on top for actually using it for anything,
and right now, Docker is really the only one of those we have.
I don't really see serious flexibility issues when used properly and I
do think it can be really helpful without another container layer. But
we don't need to agree on this as we agree on the point you're making:
Docker fits well on top.
- It is a reasonably-scopable target with a single purpose.
for something like big data tools would be much harder, because
each instance of that will probably get further configuration.
Are you saying Docker doesn't need further configuration? It does need
to know what container to get, where from, what to do with them, etc,
doesn't it? But Docker being an otherwise simple and small image/tool
should make it the prime candidate for leading the effort. So, agreed.
- It's small, so it gives us a more manageable point to work
"it" referring to what? the Docker Host image? The ostree? Docker? ...?
- Upstream docker still says "Please note Docker is
heavy development. It should not be used in production (yet).",
which gives us some space to also put it on a bleeding edge
base technology. :)
Which we do, and that technology is called Fedora! ;) But sure, why
not do Fedora < ostree < Docker. Can't hurt to staple the
blood-smeared edges, right? :)
I know some other people are interested in helping this work, and
to get them to chime in instead of just lurking. :)
One last question: even with ostree, we'd still create the image using