Speaking about the idea of running everything inside containers... First, this idea is no the new one and have been around for a very long time. People were running their services inside a simple chroot, then OpenVZ and now LXC containers with variable success. Usually the ideas behind this are following:
- Isolation. Misbehaving or hacked service will not impact other services. - Granular maintenance. Services can be updated without accidentally messing other ones. - Personal environments. Each service can have it's own libraries, dependencies and environment if it's required. - Modular architecture. Each service can be thinked of as an "application" this application can be installed, upgraded, stopped, started and shared separately. Sometimes, such approach is used even without any form of containers: - Mac OS's Applications when programs are packed in special folders with everything they needs to run except basic system libraries and latest versions try to add sandbox as well. - Windows' Program Files has very close functions if used correctly. - Such linuces as http://nixos.org/ and http://crux.nu/ implement various ways to use filesystem as a package manger and make updates easy, reliable and able to be rolled back - something we desire too. - PC-BSD, pbi packages are also an example of containers without actual containerization. - Popular Python's and Ruby's virtualenv and rvm can be added to the end of this list too. There are some OSes that make running every application in it's own container the core of their design: - The CoreOS https://coreos.com/ is well-known to be a very good host for docker containers. It has minimal footprint and very convenient REST interface. We should really consider using it as a host system for a Fuel master node. - OSv http://osv.io/ goes much farther down the road of minimalisation of the containers by developing thei rown specialized kernel. Each instance can be thinked of as a wrapper around the application and the application should work without ability to fork and extensive file system. This containers can be deployed in a cloud in masse very fast. - There are also projects to use this approach on desktop with full-scale virtualization insead of containers as well http://qubes-os.org/ On the contrary traditional BSD and Linux approach is based upon having a single “tree” of software. All programs should use the same libraries as others, have no conflicts and work in a single filesystem namespace and can depend on each other. This approach have been around for a lot of years and has some advantages like saving disk space and ram by using same libraries or making a distribution to be consistent. Linux community have been mercilessly smiting everyone who ever said that this approach has it downsides like problems with adding and maintaining custom software and maintaining different library versions as well as dependency on upstream repository. Using containers can actually solve a lot of problems we have been having for a long time if done right especially for a complex system like OpenStack. We can have every service packaged as a pre-built container that can be just downloaded, extracted and started on a target node. Updates can just replace this container with newer version keeping the old one stored. We have already moved Fuel Master node to this architecture, but we have not done it the right way. Master system should be very thin and contain as little services and things to configure as possible to the point of only entering the IP address. And containers should be also very thin focused only on their job with small amount of configuration up to being stateless if possible. Such configuration would require very little configuration making configuration management tools like Puppet redundant. Everything should be already configured inside the container. By all means, we should go for a container based architecture for every OpenStack node, but we should not make it look like having many operating systems to administer on a single node instead of the only one. Containers are not like cheap VPS hosting where you can order you instance of CentOS inside an OpenVZ container and they should be thinked of as the applications not as the operating systems like instances that are started in the OpenStack cloud. Yes, it's a large paradigm shift but it's definitly worth it.
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev