Re: [openstack-dev] [nova-docker] [magnum] [nova] Returning nova-docker to Nova Tree
Honestly, I think the real question around the docker driver is the maintenance question. The upstream CI jobs for it kept getting turned off because no one was bothering to look at failures. That concerns me because it's a signal that there is a vend diagram of "people that care about Nova docker support", "people that look at Nova patches and test results", and "people that keep tests working" that don't intersect very much. If we can can get 2 - 3 folks signed up as keeping an eye on the driver in tree, I'm all for bringing it back in. But given the history of the driver going into a fail state and no one digging it out, I don't want to do that unless we've got those champions. -Sean On 05/12/2015 06:53 AM, Davanum Srinivas wrote: > Thanks for this response Daniel!. > > On Tue, May 12, 2015 at 4:59 AM, Daniel P. Berrange > wrote: >> On Mon, May 11, 2015 at 03:58:59PM -0400, Russell Bryant wrote: >>> On 05/11/2015 03:51 PM, Adrian Otto wrote: I invite Nova and nova-docker team members to join us to discuss this topic, and give us your input. >>> >>> If the Magnum team is interested in helping to maintain it, why not just >>> keep it as a separate repo? What's the real value in bringing it into >>> the Nova tree? >> >> Well if that's the question you have to really ask why any of the current >> drivers are in tree. I don't really think it makes sense to single out >> Docker for special treatment, requiring them to justify why they want to >> be in tree. IMHO if we want drivers to live out of tree we should push them >> all out, if we want drivers to live in tree then we should actively welcome >> in any driver that has a team of people willing to maintain it, not require >> justification for wanting to be in tree. >> >> Regards, >> Daniel >> -- >> |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| >> |: http://libvirt.org -o- http://virt-manager.org :| >> |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| >> |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| >> >> __ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > -- Sean Dague http://dague.net __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [nova-docker] [magnum] [nova] Returning nova-docker to Nova Tree
Thanks for this response Daniel!. On Tue, May 12, 2015 at 4:59 AM, Daniel P. Berrange wrote: > On Mon, May 11, 2015 at 03:58:59PM -0400, Russell Bryant wrote: >> On 05/11/2015 03:51 PM, Adrian Otto wrote: >> > I invite Nova and nova-docker team members to join us to discuss >> > this topic, and give us your input. >> >> If the Magnum team is interested in helping to maintain it, why not just >> keep it as a separate repo? What's the real value in bringing it into >> the Nova tree? > > Well if that's the question you have to really ask why any of the current > drivers are in tree. I don't really think it makes sense to single out > Docker for special treatment, requiring them to justify why they want to > be in tree. IMHO if we want drivers to live out of tree we should push them > all out, if we want drivers to live in tree then we should actively welcome > in any driver that has a team of people willing to maintain it, not require > justification for wanting to be in tree. > > Regards, > Daniel > -- > |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| > |: http://libvirt.org -o- http://virt-manager.org :| > |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| > |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Davanum Srinivas :: https://twitter.com/dims __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [nova-docker] [magnum] [nova] Returning nova-docker to Nova Tree
On Mon, May 11, 2015 at 03:58:59PM -0400, Russell Bryant wrote: > On 05/11/2015 03:51 PM, Adrian Otto wrote: > > I invite Nova and nova-docker team members to join us to discuss > > this topic, and give us your input. > > If the Magnum team is interested in helping to maintain it, why not just > keep it as a separate repo? What's the real value in bringing it into > the Nova tree? Well if that's the question you have to really ask why any of the current drivers are in tree. I don't really think it makes sense to single out Docker for special treatment, requiring them to justify why they want to be in tree. IMHO if we want drivers to live out of tree we should push them all out, if we want drivers to live in tree then we should actively welcome in any driver that has a team of people willing to maintain it, not require justification for wanting to be in tree. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [nova-docker] [magnum] [nova] Returning nova-docker to Nova Tree
Andreas,
On May 11, 2015, at 2:04 PM, Andreas Jaeger wrote:
> On 05/11/2015 09:58 PM, Russell Bryant wrote:
> > [...]
>> If the Magnum team is interested in helping to maintain it, why not just
>> keep it as a separate repo? What's the real value in bringing it into
>> the Nova tree?
>>
>> It could serve as a good example of how an optional nova component can
>> continue be maintained in a separate repo.
>
> Indeed.
>
> So, what do you (=original poster) want to achieve? Have it part of the nova
> project - or part of the nova repository?
>
> You could have it as separate repository but part of nova - and then move it
> from stackforge to openstack namespace.
Good point. This is probably a good balance. Ideally the driver would be
available whenever nova is installed, so regardless of how we develop the
driver that it be available for OpenStack cloud operators to use without
downloading something separately in order to use it. I’d argue the same for all
virt drivers, not just this one. There is probably no value in coupling
nova-docker with Magnum from a software distribution perspective. We probably
could share Gerrit groups. I’ll let you know what input the Magnum team offers
tomorrow.
Adrian
>
> Andreas
> --
> Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi
> SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
> GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu, Graham Norton,
> HRB 21284 (AG Nürnberg)
>GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
>
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [nova-docker] [magnum] [nova] Returning nova-docker to Nova Tree
On 05/11/2015 09:58 PM, Russell Bryant wrote:
> [...]
If the Magnum team is interested in helping to maintain it, why not just
keep it as a separate repo? What's the real value in bringing it into
the Nova tree?
It could serve as a good example of how an optional nova component can
continue be maintained in a separate repo.
Indeed.
So, what do you (=original poster) want to achieve? Have it part of the
nova project - or part of the nova repository?
You could have it as separate repository but part of nova - and then
move it from stackforge to openstack namespace.
Andreas
--
Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu, Graham Norton,
HRB 21284 (AG Nürnberg)
GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [nova-docker] [magnum] [nova] Returning nova-docker to Nova Tree
On 05/11/2015 03:51 PM, Adrian Otto wrote: > Dan and John, > > On May 11, 2015, at 7:06 AM, Dan Smith wrote: > >>> +1 Agreed nested containers are a thing. Its a great reason to keep >>> our LXC driver. >> >> I don't think that's a reason we should keep our LXC driver, because you >> can still run containers in containers with other things. If anything, >> using a nova vm-like container to run application-like containers inside >> them is going to beg the need to tweak more detailed things on the >> vm-like container to avoid restricting the application one, I think. >> >> IMHO, the reason to keep the seldom-used, not-that-useful LXC driver in >> nova is because it's nearly free. It is the libvirt driver with a few >> conditionals to handle different things when necessary for LXC. The >> docker driver is a whole other nova driver to maintain, with even less >> applicability to being a system container (IMHO). >> >>> I am keen we set the right expectations here. If you want to treat >>> docker containers like VMs, thats OK. >>> >>> I guess a remaining concern is the driver dropping into diss-repair >>> if most folks end up using Magnum when they want to use docker. >> >> I think this is likely the case and I'd like to avoid getting into this >> situation again. IMHO, this is not our target audience, it's very much >> not free to just put it into the tree because "meh, some people might >> like it instead of the libvirt-lxc driver”. > > This is a valid point. I do expect that the combined use of Nova + > (nova-docker | libvirt-lxc) + Magnum will be popular in situations > where workload consolidation is a key goal, and security isolation is > a non-goal. For this reason, I’m very interested in making sure that > we have some choice for decent Nova virt drivers that produce Nova > instances that are containers. This matters, because Magnum currently > expects to get all its instances from Nova. > > I do recognize that nova-docker has stabilized to the point where it > would be practical to maintain it within the Nova tree. As Eric > Windisch mentioned, the reasons for having this as a separate code > repo have vanished. It’s feature complete, has and passes the > necessary tests, and has a low commit velocity now. > > Perhaps our Nova team would feel more comfortable about ongoing > maintenance if the Magnum team were willing to bring nova-docker into > its own scope of support so we don’t suffer from orphaned code. If we > can agree to adopt this from a maintenance perspective, then we > should be able to agree to have it in tree again, right? > > I have added this to the Containers Team IRC meeting agenda for > tomorrow. Let’s see what the team thinks about this. > > https://wiki.openstack.org/wiki/Meetings/Containers#Agenda_for_2015-05-12_1600_UTC > > I invite Nova and nova-docker team members to join us to discuss > this topic, and give us your input. If the Magnum team is interested in helping to maintain it, why not just keep it as a separate repo? What's the real value in bringing it into the Nova tree? It could serve as a good example of how an optional nova component can continue be maintained in a separate repo. -- Russell Bryant __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [nova-docker] [magnum] [nova] Returning nova-docker to Nova Tree
Dan and John, On May 11, 2015, at 7:06 AM, Dan Smith wrote: >> +1 Agreed nested containers are a thing. Its a great reason to keep >> our LXC driver. > > I don't think that's a reason we should keep our LXC driver, because you > can still run containers in containers with other things. If anything, > using a nova vm-like container to run application-like containers inside > them is going to beg the need to tweak more detailed things on the > vm-like container to avoid restricting the application one, I think. > > IMHO, the reason to keep the seldom-used, not-that-useful LXC driver in > nova is because it's nearly free. It is the libvirt driver with a few > conditionals to handle different things when necessary for LXC. The > docker driver is a whole other nova driver to maintain, with even less > applicability to being a system container (IMHO). > >> I am keen we set the right expectations here. If you want to treat >> docker containers like VMs, thats OK. >> >> I guess a remaining concern is the driver dropping into diss-repair >> if most folks end up using Magnum when they want to use docker. > > I think this is likely the case and I'd like to avoid getting into this > situation again. IMHO, this is not our target audience, it's very much > not free to just put it into the tree because "meh, some people might > like it instead of the libvirt-lxc driver”. This is a valid point. I do expect that the combined use of Nova + (nova-docker | libvirt-lxc) + Magnum will be popular in situations where workload consolidation is a key goal, and security isolation is a non-goal. For this reason, I’m very interested in making sure that we have some choice for decent Nova virt drivers that produce Nova instances that are containers. This matters, because Magnum currently expects to get all its instances from Nova. I do recognize that nova-docker has stabilized to the point where it would be practical to maintain it within the Nova tree. As Eric Windisch mentioned, the reasons for having this as a separate code repo have vanished. It’s feature complete, has and passes the necessary tests, and has a low commit velocity now. Perhaps our Nova team would feel more comfortable about ongoing maintenance if the Magnum team were willing to bring nova-docker into its own scope of support so we don’t suffer from orphaned code. If we can agree to adopt this from a maintenance perspective, then we should be able to agree to have it in tree again, right? I have added this to the Containers Team IRC meeting agenda for tomorrow. Let’s see what the team thinks about this. https://wiki.openstack.org/wiki/Meetings/Containers#Agenda_for_2015-05-12_1600_UTC I invite Nova and nova-docker team members to join us to discuss this topic, and give us your input. Thanks, Adrian > > --Dan > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
