Hi,

That is indeed a good starting point for a discussion. While I'd opt for having things like 'ping', 'nslookup', etc. in Docker images, I don't much see a real need for having editors, like 'vim'(configuration files shouldn't be used in containerized services and all logs should go to 'stdout' anyway so that Docker daemon can gather them).


In general, during our work on ONAP @ Nokia we have struggled with slow deployment which seems to be caused (at least partially) by not standardized containers. It would be very beneficial to create ONAP base images with runtime environments/tools included on which all services would base on. This way, many image layers would be deduplicated/reused, effectively reducing images size and therefore deployment time :)


Best Regards / Pozdrawiam
Piotr Bocheński
-------------------------
Software Development Engineer
MN MANO SOAM 1 R&D WRO 7 (ONAP)
West Gate (Lotnicza 12, 54-155 Wrocław, Poland)
mobile: +48 734 103 812

On 02/23/2018 03:35 PM, FREEMAN, BRIAN D wrote:

Just to mix up the pot a little. The tools being discussed are ones we would use for troubleshooting in production as well.

Brian

*From:*SULLIVAN, BRYAN L
*Sent:* Friday, February 23, 2018 9:08 AM
*To:* Bochenski, Piotr (Nokia - PL/Wroclaw) <piotr.bochen...@nokia.com>; Yunxia Chen <helen.c...@huawei.com>; Kang Xi <kang...@huawei.com>; PLATANIA, MARCO <plata...@research.att.com>; FREEMAN, BRIAN D <bf1...@att.com>
*Cc:* onap-discuss <onap-discuss@lists.onap.org>
*Subject:* RE: [onap-discuss] [integration] INT-261: Add standard utilities to all dockers (vim, ping, nslookup)

Piotr’s suggestion is the correct approach. Where possible, base containers should be used that are then used to build other more specific containers, with common tools as needed. Nothing should need to be installed at deployment time, only configured (via environment) through the process of container launch.

For production use, you should restrict the pre-installed tools to those that have an essential purpose in a production system. That’s why having two base container flavors is  good idea.

Thanks,

Bryan Sullivan | AT&T

*From:*onap-discuss-boun...@lists.onap.org <mailto:onap-discuss-boun...@lists.onap.org> [mailto:onap-discuss-boun...@lists.onap.org] *On Behalf Of *Bochenski, Piotr (Nokia - PL/Wroclaw)
*Sent:* Friday, February 23, 2018 2:32 AM
*To:* Yunxia Chen <helen.c...@huawei.com <mailto:helen.c...@huawei.com>>; Kang Xi <kang...@huawei.com <mailto:kang...@huawei.com>>; PLATANIA, MARCO (MARCO) <plata...@research.att.com <mailto:plata...@research.att.com>>; FREEMAN, BRIAN D <bf1...@att.com <mailto:bf1...@att.com>> *Cc:* onap-discuss <onap-discuss@lists.onap.org <mailto:onap-discuss@lists.onap.org>> *Subject:* Re: [onap-discuss] [integration] INT-261: Add standard utilities to all dockers (vim, ping, nslookup)

Hi,

I absolutely agree that those tools are a must for development and testing, but they should be included in Docker/VM images before the actual deployment. That is the point of environments where there is no access to the internet - you provide only artifacts that are needed to get the system installed and the whole procedure takes place offline.

The concept that I've provided below assumes that we decide in the build time whether we are building 'testing' (with debugging tools) or 'production' artifacts.


Best Regards / Pozdrawiam
Piotr Bocheński
-------------------------
Software Development Engineer
MN MANO SOAM 1 R&D WRO 7 (ONAP)
West Gate (Lotnicza 12, 54-155 Wrocław, Poland)
mobile: +48 734 103 812

On 02/23/2018 12:26 AM, Yunxia Chen wrote:

    Hi, Piotr,

    Why will this create issue if it has issue when no internet or
    behind corporate firewall? Please help to clarify it. Those tools
    are used for debugging, especially if you don’t have internet to
    outside, you cannot get them using “apt-get” to install them when
    you need them.

    Regards,

    Helen Chen

    *From: *<onap-discuss-boun...@lists.onap.org>
    <mailto:onap-discuss-boun...@lists.onap.org> on behalf of
    "Bochenski, Piotr (Nokia - PL/Wroclaw)"
    <piotr.bochen...@nokia.com> <mailto:piotr.bochen...@nokia.com>
    *Organization: *Nokia - PL/Wroclaw
    *Date: *Wednesday, February 21, 2018 at 3:49 AM
    *To: *Kang Xi <kang...@huawei.com> <mailto:kang...@huawei.com>,
    "PLATANIA, MARCO (MARCO)" <plata...@research.att.com>
    <mailto:plata...@research.att.com>, "FREEMAN, BRIAN D"
    <bf1...@att.com> <mailto:bf1...@att.com>
    *Cc: *onap-discuss <onap-discuss@lists.onap.org>
    <mailto:onap-discuss@lists.onap.org>
    *Subject: *Re: [onap-discuss] [integration] INT-261: Add standard
    utilities to all dockers (vim, ping, nslookup)

    Hi,

    In my opinion it's not a good idea to install anything at runtime
    - for example, this causes troubles on environments that are cut
    off the internet or behind massive corporate firewalls (like the
    one that my team uses).

    For proper solution I would recommend something like this:
    * We create 2 ONAP "base" images - one for production and another
    one for development and testing (with mentioned tools included)
    * We switch the base image during the build

    This would require additional work, but will result in much
    "cleaner" solution :)

    What do you think?



    Best Regards / Pozdrawiam

    Piotr Bocheński

    -------------------------

    Software Development Engineer

    MN MANO SOAM 1 R&D WRO 7 (ONAP)

    West Gate (Lotnicza 12, 54-155 Wrocław, Poland)

    mobile: +48 734 103 812

    On 02/20/2018 05:13 PM, Kang Xi wrote:

        Thanks. Then we pretty much have solved this problem. I’ll
        update the jira ticket accordingly.

        Regards,

        Kang

        *From:*PLATANIA, MARCO (MARCO) [mailto:plata...@research.att.com]
        *Sent:* Tuesday, February 20, 2018 11:11
        *To:* Kang Xi <kang...@huawei.com>
        <mailto:kang...@huawei.com>; FREEMAN, BRIAN D <bf1...@att.com>
        <mailto:bf1...@att.com>
        *Cc:* onap-discuss <onap-discuss@lists.onap.org>
        <mailto:onap-discuss@lists.onap.org>
        *Subject:* Re: [onap-discuss] [integration] INT-261: Add
        standard utilities to all dockers (vim, ping, nslookup)

        All the components in Heat already have ping-utils, vim and
        nslookup. Not sure about the Centos VMs for DCAE, need to
        check with Lusheng.

        Marco

        *From: *Kang Xi <kang...@huawei.com <mailto:kang...@huawei.com>>
        *Date: *Tuesday, February 20, 2018 at 11:02 AM
        *To: *"PLATANIA, MARCO (MARCO)" <plata...@research.att.com
        <mailto:plata...@research.att.com>>, BRIAN FREEMAN
        <bf1...@att.com <mailto:bf1...@att.com>>
        *Cc: *onap-discuss <onap-discuss@lists.onap.org
        <mailto:onap-discuss@lists.onap.org>>
        *Subject: *RE: [onap-discuss] [integration] INT-261: Add
        standard utilities to all dockers (vim, ping, nslookup)

        Hi Marco,

        I agree with you. Actually I did check the size and found the
        total is less than 5MB. Is there also an easy solution for heat?

        Regards,

        Kang

        *From:*PLATANIA, MARCO (MARCO) [mailto:plata...@research.att.com]
        *Sent:* Tuesday, February 20, 2018 10:58
        *To:* Kang Xi <kang...@huawei.com
        <mailto:kang...@huawei.com>>; FREEMAN, BRIAN D <bf1...@att.com
        <mailto:bf1...@att.com>>
        *Cc:* onap-discuss <onap-discuss@lists.onap.org
        <mailto:onap-discuss@lists.onap.org>>
        *Subject:* Re: [onap-discuss] [integration] INT-261: Add
        standard utilities to all dockers (vim, ping, nslookup)

        Hi Kang,

        Those tools don’t really require too much space in a docker
        image, so size shouldn’t be a problem. I don’t think we need
        to modify the docker images, we could create init containers
        in kubernetes that install those tools for the ONAP components
        that need them.

        Marco

        *From: *<onap-discuss-boun...@lists.onap.org
        <mailto:onap-discuss-boun...@lists.onap.org>> on behalf of
        Kang Xi <kang...@huawei.com <mailto:kang...@huawei.com>>
        *Date: *Tuesday, February 20, 2018 at 10:38 AM
        *To: *BRIAN FREEMAN <bf1...@att.com <mailto:bf1...@att.com>>
        *Cc: *onap-discuss <onap-discuss@lists.onap.org
        <mailto:onap-discuss@lists.onap.org>>
        *Subject: *[onap-discuss] [integration] INT-261: Add standard
        utilities to all dockers (vim, ping, nslookup)

        Hi Brian, All,

        We have a backlog jira ticket asking to install standard
        utilities to all dockers.

        https://jira.onap.org/browse/INT-261
        
<https://urldefense.proofpoint.com/v2/url?u=https-3A__jira.onap.org_browse_INT-2D261&d=DwMFAg&c=LFYZ-o9_HUMeMTSQicvjIg&r=KgFIQiUJzSC0gUhJaQxg8eC3w16GC3sKgWIcs4iIee0&m=SIDtjRhzdznWsLmsHqy4fafBi8RZUWe4XJlUYPMbWbI&s=tRBXDFUKW30iWCNKP3P9x_6jg-HN8_AH4Pdspuq8FOo&e=>

        This issue was discussed at today’s Integration weekly
        meeting. Some concerns were raised that it would inflate the
        size and increate maintenance work for the production version
        as how to turn on/off installing those packages. Another
        question is that it might not be needed for all the dockers.

        There is no doubt that having those tools will make debug and
        test more productive. Do you think it is possible to add the
        tools to a few most demanding dockers? If yes, please specify
        a list and I’ll follow up on this. Immediately I have the
        controller dockers in SDNC/APPC and mso docker in SO.

        Regards,

        Kang




        _______________________________________________

        onap-discuss mailing list

        onap-discuss@lists.onap.org <mailto:onap-discuss@lists.onap.org>

        https://lists.onap.org/mailman/listinfo/onap-discuss
        
<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.onap.org_mailman_listinfo_onap-2Ddiscuss&d=DwMDaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=ML-JPRZQOfToJjMwlJLPlcWimAEwMA5DZGNIrk-cgy0&m=o5dtOFAs0gnnKaTl94MGVVUAinv5qzl2_ybGlliou20&s=ZU0Enplq-etqZuMQKNKmNeXQK-Kl6QNAwDspjOtEkno&e=>




_______________________________________________
onap-discuss mailing list
onap-discuss@lists.onap.org
https://lists.onap.org/mailman/listinfo/onap-discuss

Reply via email to