Re: When is it better to just use containers?
On Sat, Jan 28, 2023 at 06:50:55PM -0500, Demi Marie Obenour wrote: > On 1/28/23 18:43, Demi Marie Obenour wrote: > > On 1/28/23 18:06, Nico Kadel-Garcia wrote: > >> On Thu, Jan 26, 2023 at 8:31 PM Reon Beon via devel > >> wrote: > >>> > >>> Are there still some outstanding bugs preventing this from happening? > >> > >> Is there any one critical feature that justifies the update? Avoiding > >> the requirement of python is... OK, maybe understandable, but I don't > >> see it as a "must-have" improvement. And better modularity support > >> My observation so far is that modularity simply destabilizes systems, > >> because the authors of the "modularized" tools do not build up the > >> full suites of likely necessary components. I'm running into that > >> right now with python310 back in RHEL 8 for ansible, the results are > >> not pretty. > > > > At this point it might be better to just containerize Ansible. > > Containers may waste resources and require extra effort to keep > > up-to-date, but they *work*, and that is important. They also > > *massively* reduce the test burden. > > To elaborate: if I am an upstream developer for something like Ansible, > my options are either: > > 1. Ship a whole bunch of packages for a whole bunch of distributions >and make sure everything works across all of the various >dependency versions. This also means that I have to restrict >myself to the packages that e.g. RHEL 8 has, which might be >quite old. This isn't so hard. Keep a RHEL 8 VM around for debugging. Set up your CI so that you get early warning if something breaks across all your target systems. Dial back on the neophilia that infects (some) developers. This will greatly help out your users. > 2. Ship a single container that only needs to be QA’d once, works >everywhere, and has no dependencies except for the Linux kernel. >I get to update dependencies when *I* want to, and don’t have >to worry about breaking user’s systems. I can even ship a >shell script wrapper so that the container can be invoked as >a binary. You as a developer are in a very tiny minority compared to all your users. Rich. > 3. Something that I am not aware of (suggestions welcome). > > It’s pretty easy to see why someone would go with option 2. > -- > Sincerely, > Demi Marie Obenour (she/her/hers) > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: When is it better to just use containers?
Dne 30. 01. 23 v 9:21 Roberto Ragusa napsal(a): 2. Ship a single container that only needs to be QA’d once, works everywhere, and has no dependencies except for the Linux kernel. I get to update dependencies when *I* want to, and don’t have to worry about breaking user’s systems. I can even ship a shell script wrapper so that the container can be invoked as a binary. It’s pretty easy to see why someone would go with option 2. Of course this is better for you, as a developer, but it is bad for me as a user. There is a reason why a "distribution" exists, centralized control of everything with rpm, yum, logrotate, ... +1 Such decision force me (as a user) to use that container. And it is a huge a pain to use it on bare metal or in modified container. You basically shift the burden from developers to users. Miroslav ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: When is it better to just use containers?
On 1/29/23 00:50, Demi Marie Obenour wrote: 2. Ship a single container that only needs to be QA’d once, works everywhere, and has no dependencies except for the Linux kernel. I get to update dependencies when *I* want to, and don’t have to worry about breaking user’s systems. I can even ship a shell script wrapper so that the container can be invoked as a binary. It’s pretty easy to see why someone would go with option 2. Of course this is better for you, as a developer, but it is bad for me as a user. There is a reason why a "distribution" exists, centralized control of everything with rpm, yum, logrotate, ... The alternative of having each tool to drag over all its dependencies means that you have to chase every app upgrade by itself, you can't fix a security vulnerability affecting 30 apps by just updating a shared library, and you massively waste resources by having many minimally different versions of the same library in memory at the same time. At the end of the day, you have turned Linux into Windows. You are just missing "update checker" daemons for each app. Bundling libs and (even worse) static linking (golang, I'm accusing you!) is in my opinion just a sign of lazy development, and I always try to avoid applications doing this. Regards. -- Roberto Ragusamail at robertoragusa.it ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
When is it better to just use containers?
On 1/28/23 18:43, Demi Marie Obenour wrote: > On 1/28/23 18:06, Nico Kadel-Garcia wrote: >> On Thu, Jan 26, 2023 at 8:31 PM Reon Beon via devel >> wrote: >>> >>> Are there still some outstanding bugs preventing this from happening? >> >> Is there any one critical feature that justifies the update? Avoiding >> the requirement of python is... OK, maybe understandable, but I don't >> see it as a "must-have" improvement. And better modularity support >> My observation so far is that modularity simply destabilizes systems, >> because the authors of the "modularized" tools do not build up the >> full suites of likely necessary components. I'm running into that >> right now with python310 back in RHEL 8 for ansible, the results are >> not pretty. > > At this point it might be better to just containerize Ansible. > Containers may waste resources and require extra effort to keep > up-to-date, but they *work*, and that is important. They also > *massively* reduce the test burden. To elaborate: if I am an upstream developer for something like Ansible, my options are either: 1. Ship a whole bunch of packages for a whole bunch of distributions and make sure everything works across all of the various dependency versions. This also means that I have to restrict myself to the packages that e.g. RHEL 8 has, which might be quite old. 2. Ship a single container that only needs to be QA’d once, works everywhere, and has no dependencies except for the Linux kernel. I get to update dependencies when *I* want to, and don’t have to worry about breaking user’s systems. I can even ship a shell script wrapper so that the container can be invoked as a binary. 3. Something that I am not aware of (suggestions welcome). It’s pretty easy to see why someone would go with option 2. -- Sincerely, Demi Marie Obenour (she/her/hers) ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue