On Fri, Nov 13, 2015 at 05:34:21PM -0600, Adam Miller wrote:
On Fri, Nov 13, 2015 at 5:14 PM, Brian C. Lane <bcl(a)redhat.com>
> On Tue, Nov 10, 2015 at 12:08:25PM -0600, Adam Miller wrote:
>> Hello all,
>> In the Fedora 24 timeframe the Fedora Release Engineering group is
>> aiming to deliver the Layered Image Build Service to allow Fedora
>> contributors to build containers images. In the first iteration of
>> this we're targeting Docker layered image support. Part of this will
>> be to allow Fedora contributors to maintain Dockerfiles much like we
>> maintain rpm spec files via DistGit.
> So you're talking about one docker file per package, right? Or are these
> going to pull from multiple packages and have the docker container be a
> different level of object? Or both?
Both, it's mostly at the discretion of the person attempting to
deliver something in a container. Some may be simple "I added httpd on
top of the base Fedora Docker image" and others might be "I put all of
ownCloud into a container so you can just run the whole thing with
this one command"
That being said, I'm not married to the concept. It was just the idea
going into it. If the general consensus among the community is "one
Dockerfile to one package" we could go that route.
> If you're talking about a 1:1 package:docker mapping then the only thing
> that makes sense to me is to have them live in the current system next
> to the .spec files. Anything else will easily introduce divergence from
> the rpm packages.
Absolutely, so far there has been the expectation that there will be
divergence because of the more "dynamic" nature of what containers
bring to the table.
Ok, that makes sense. So some packages may also have docker images but
most of this will be more along the lines of a spin for a specific
collections of packages built from our existing rpms.
> I also see that 'container packager' and 'rpm
packager' are used in the
> build service page. I don't think these should be separate roles,
> everyone should be a packager. If you have one role working on container
> building for a package and another who only does rpm packaging we're
> going to, again, end up with things diverging.
I believe they will diverge naturally as time goes on. Also, I don' t
think everyone who has rpm packaging expertise is well versed in the
ways of Docker and vice versa.
I think packagers should be familiar with both if we're going to be
producing both. Current rpm maintainers have a body of knowledge
surrounding their packages and upstreams that should not be lost or
ignored when using them for Docker images.
> Some things I'd suggest (given I don't know the answers
to the above
> 1. All bits have to come from koji built rpms. No rebuilding of bits
> for docker, it just installs existing bits.
That is the plan, but configuration can take place inside the context
of the container image build process to allow for single-command
Sure, that's the big benefit of Docker, reasonable configuration of
existing packages makes sense. As long as that's where it stops and the
binaries are the same as what we produce with the rpms. I don't want to
see us rebuilding things for the Docker container and using different
binaries or pulling in external dependencies that aren't already
packaged as an rpm.
> 2. docker files for packages live in dist-git next to the
We can, pending the agreement that's all we as a community/project use
Dockerfiles for. The original idea going in to this though is that we
could extend this to provide a more full featured solution for
services that would need more than one package. Even simple things
like httpd modules (mod_wsgi, mod_php, etc) would technically ship
more rpms than they produce in the docker image.
Also in the distant future (out of scope for the original offering),
we'd like to look at delivering multi-container apps via Nulecule
> 3. Any meta-containers collecting using packages are also an rpm
> package, following whatever naming convention gets decided on.
> fedora-docker-foo would make sense to me.
I'm not sure I follow what you mean here, why would something that
only comes as a Dockerfile also be a rpm?
What I'm thinking is that dist-git doesn't have to always produce an
rpm. If the package has both, then a fedpkg build produces both, and we
can add fedpkg build --rpm and fedpkg build --docker. If a package only
has a docker file then it only produces a docker image. This reuses the
tooling we are all familiar with, and keeps everything in the same
place. Use a container specific naming convention and it can be expanded
to support other containers as they become popular.
> 4. package level docker files are maintained by the same people
> the package.
This certainly makes sense if we end up going the package:container
I think it makes sense either way. Much of the packaging guidelines
should still apply to creating containers.
Brian C. Lane | Anaconda Team | IRC: bcl #anaconda | Port Orchard, WA (PST8PDT)