Fedora Atomic and Docker Host Image [was Re: Docker Host Image: Requirements?]

Sandro "red" Mathys red at fedoraproject.org
Thu Mar 6 06:39:01 UTC 2014

On Thu, Mar 6, 2014 at 2:53 AM, Matthew Miller <mattdm at fedoraproject.org> wrote:
> On Wed, Mar 05, 2014 at 03:18:44PM +0900, Sandro red Mathys wrote:
>> What else would you expect from the Docker Host Image? This is way too
>> easy, so kindly tell me what obvious things I'm clearly missing. Apart
>> from "you need to actually make sure an image is built and working"...
> It _could_ be as simple as just shipping with docker and maybe etcd, but we
> could make some other changes too. For example, we could drop cloud-init and
> just have a minimal metadata service.

Not sure we want to use different metadata client services for
different cloud images, though. Happy to hear more opinions on it,
though. It sure is a promising new tool.

> Also, in order for this to really be promoted, the SELinux stuff has to
> land, so there are some coordination responsibilities around that.

Oh, certainly. I just didn't mention it because it's not really a
change but merely a package upgrade AFAIK. Don't quite have the latest
status yet, though.

> *But*, I'm also interested in exploring Colin Walter's Fedora Atomic
> Initative here. That's because:
>   1) It actually _would_ let us get python out of the image, significantly
>      reducing image size.

Yes, it would. If we're also sure we don't want firewalld, nfs-utils, ...

>   2) It's a response to CoreOS's A/B updates model, but actually goes one
>      better. (Or, in fact, N better!)

I agree it's a nice model but wouldn't set N to a very high value.
Also, I worry a bit about the QA and tracking down bugs (most devs
will always point at ostree). But happy to explore the possibility.

>   3) Fedora Atomic Initiative is the kind of leading-edge tech we _should_
>      be exploring in Fedora.

Oh, totally. Still, I would rather have a statement from Colin Walters
that states it's in a good enough state for our use case. Leading-edge
is good, broken edges aren't :)

>   4) the Fedora Docker Host image is the right place to explore it because:
>      - The atomic model has some flexibility issues, and really assumes
>        another container layer on top for actually using it for anything,
>        and right now, Docker is really the only one of those we have.

I don't really see serious flexibility issues when used properly and I
do think it can be really helpful without another container layer. But
we don't need to agree on this as we agree on the point you're making:
Docker fits well on top.

>      - It is a reasonably-scopable target with a single purpose. Doing this
>        for something like big data tools would be much harder, because
>        each instance of that will probably get further configuration.

Are you saying Docker doesn't need further configuration? It does need
to know what container to get, where from, what to do with them, etc,
doesn't it? But Docker being an otherwise simple and small image/tool
should make it the prime candidate for leading the effort. So, agreed.

>      - It's small, so it gives us a more manageable point to work on issues
>        like mirroring.

"it" referring to what? the Docker Host image? The ostree? Docker? ...?

>      - Upstream docker still says "Please note Docker is currently under
>        heavy development. It should not be used in production (yet).",
>        which gives us some space to also put it on a bleeding edge
>        base technology. :)

Which we do, and that technology is called Fedora! ;) But sure, why
not do Fedora < ostree < Docker. Can't hurt to staple the
blood-smeared edges, right? :)

> I know some other people are interested in helping this work, and I'll try
> to get them to chime in instead of just lurking. :)

Nice, thanks.

One last question: even with ostree, we'd still create the image using
ImageFactory/Anaconda, right?

-- Sandro

More information about the cloud mailing list