Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-18 Thread Jeremy Stanley
On 2017-05-18 18:04:35 -0400 (-0400), Paul Belanger wrote: [...] > if we decide to publish to docker, I don't think we'd push > directly. Maybe push to our docker registry then mirror to docker > hub. That is something we can figure out a little later. [...] Ideally by iterating on

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-18 Thread Paul Belanger
On Thu, May 18, 2017 at 09:34:44AM -0700, Michał Jastrzębski wrote: > >> Issue with that is > >> > >> 1. Apache served is harder to use because we want to follow docker API > >> and we'd have to reimplement it > > > > No, the idea is apache is transparent, for now we have been using proxypass > >

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-18 Thread Michał Jastrzębski
On 18 May 2017 at 08:03, Paul Belanger wrote: > On Tue, May 16, 2017 at 02:11:18PM +, Sam Yaple wrote: >> I would like to bring up a subject that hasn't really been discussed in >> this thread yet, forgive me if I missed an email mentioning this. >> >> What I personally

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-18 Thread Michał Jastrzębski
>> Issue with that is >> >> 1. Apache served is harder to use because we want to follow docker API >> and we'd have to reimplement it > > No, the idea is apache is transparent, for now we have been using proxypass > module in apache. I think what Doug was mentioning was have a primary docker >

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-18 Thread Paul Belanger
On Tue, May 16, 2017 at 02:11:18PM +, Sam Yaple wrote: > I would like to bring up a subject that hasn't really been discussed in > this thread yet, forgive me if I missed an email mentioning this. > > What I personally would like to see is a publishing infrastructure to allow > pushing built

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-18 Thread Paul Belanger
On Tue, May 16, 2017 at 06:57:04AM -0700, Michał Jastrzębski wrote: > On 16 May 2017 at 06:22, Doug Hellmann wrote: > > Excerpts from Thierry Carrez's message of 2017-05-16 14:08:07 +0200: > >> Flavio Percoco wrote: > >> > From a release perspective, as Doug mentioned,

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-18 Thread Bogdan Dobrelya
On 16.05.2017 20:57, Michał Jastrzębski wrote: > On 16 May 2017 at 11:49, Doug Hellmann wrote: >> Excerpts from Michał Jastrzębski's message of 2017-05-16 11:38:19 -0700: >>> On 16 May 2017 at 11:27, Doug Hellmann wrote: Excerpts from Michał

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-17 Thread Doug Hellmann
Excerpts from Michał Jastrzębski's message of 2017-05-17 11:36:40 -0700: > On 17 May 2017 at 11:04, Doug Hellmann wrote: > > > You've presented some positive scenarios. Here's a worst case > > situation that I'm worried about. > > > > Suppose in a few months the top several

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-17 Thread Michał Jastrzębski
On 17 May 2017 at 11:36, Michał Jastrzębski wrote: > On 17 May 2017 at 11:04, Doug Hellmann wrote: >> Excerpts from Michał Jastrzębski's message of 2017-05-17 07:47:31 -0700: >>> On 17 May 2017 at 04:14, Chris Dent wrote: >>> > On

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-17 Thread Michał Jastrzębski
On 17 May 2017 at 11:04, Doug Hellmann wrote: > Excerpts from Michał Jastrzębski's message of 2017-05-17 07:47:31 -0700: >> On 17 May 2017 at 04:14, Chris Dent wrote: >> > On Wed, 17 May 2017, Thierry Carrez wrote: >> > >> >> Back to container image

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-17 Thread Doug Hellmann
Excerpts from Michał Jastrzębski's message of 2017-05-17 07:47:31 -0700: > On 17 May 2017 at 04:14, Chris Dent wrote: > > On Wed, 17 May 2017, Thierry Carrez wrote: > > > >> Back to container image world, if we refresh those images daily and they > >> are not versioned or

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-17 Thread Fox, Kevin M
. From: Doug Hellmann [d...@doughellmann.com] Sent: Wednesday, May 17, 2017 8:55 AM To: openstack-dev Subject: Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images? Excerpts from

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-17 Thread Fox, Kevin M
Dent [cdent...@anticdent.org] Sent: Wednesday, May 17, 2017 4:14 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-17 Thread Steven Dake (stdake)
e questions)" <openstack-dev@lists.openstack.org> Date: Wednesday, May 17, 2017 at 8:55 AM To: openstack-dev <openstack-dev@lists.openstack.org> Subject: Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-17 Thread Michał Jastrzębski
On 17 May 2017 at 08:55, Doug Hellmann wrote: > Excerpts from Chris Dent's message of 2017-05-17 12:14:40 +0100: >> On Wed, 17 May 2017, Thierry Carrez wrote: >> >> > Back to container image world, if we refresh those images daily and they >> > are not versioned or archived

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-17 Thread Doug Hellmann
Excerpts from Thierry Carrez's message of 2017-05-17 12:19:22 +0200: > Sean Dague wrote: > > On 05/16/2017 02:39 PM, Doug Hellmann wrote: > >> Excerpts from Michał Jastrzębski's message of 2017-05-16 09:51:00 -0700: > >>> One thing I struggle with is...well...how does *not having* built > >>>

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-17 Thread Doug Hellmann
Excerpts from Chris Dent's message of 2017-05-17 12:14:40 +0100: > On Wed, 17 May 2017, Thierry Carrez wrote: > > > Back to container image world, if we refresh those images daily and they > > are not versioned or archived (basically you can only use the latest and > > can't really access past

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-17 Thread Steven Dake (stdake)
enStack Development Mailing List (not for usage questions)" <openstack-dev@lists.openstack.org> Subject: Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images? On 17 May 2017 at 04:

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-17 Thread Michał Jastrzębski
On 17 May 2017 at 04:14, Chris Dent wrote: > On Wed, 17 May 2017, Thierry Carrez wrote: > >> Back to container image world, if we refresh those images daily and they >> are not versioned or archived (basically you can only use the latest and >> can't really access past

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-17 Thread Chris Dent
On Wed, 17 May 2017, Thierry Carrez wrote: Back to container image world, if we refresh those images daily and they are not versioned or archived (basically you can only use the latest and can't really access past dailies), I think we'd be in a similar situation ? Yes, this. -- Chris Dent

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-17 Thread Thierry Carrez
Sean Dague wrote: > On 05/16/2017 02:39 PM, Doug Hellmann wrote: >> Excerpts from Michał Jastrzębski's message of 2017-05-16 09:51:00 -0700: >>> One thing I struggle with is...well...how does *not having* built >>> containers help with that? If your company have full time security >>> team, they

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Jeremy Stanley
On 2017-05-16 19:56:31 + (+), Fox, Kevin M wrote: [...] > Lets provide the tools to make it as easy as possible to identify > containers with issues, and allow upgrading the system to newer > ones. > > Which CVE's are on the system is somewhat less important then > being able to get to

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Fox, Kevin M
Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images? On 2017-05-16 11:46:14 -0700 (-0700), Michał Jastrzębski wrote: [...] > So CVE track

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Michał Jastrzębski
On 16 May 2017 at 12:36, Jeremy Stanley wrote: > On 2017-05-16 11:46:14 -0700 (-0700), Michał Jastrzębski wrote: > [...] >> So CVE tracking might not be required by us. Since we still use >> distro packages under the hood, we can just use these. > [...] > > I think the question

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Jeremy Stanley
On 2017-05-16 11:46:14 -0700 (-0700), Michał Jastrzębski wrote: [...] > So CVE tracking might not be required by us. Since we still use > distro packages under the hood, we can just use these. [...] I think the question is how I, as a semi-clueful downstream user of your images, can tell whether

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Fox, Kevin M
][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images? Excerpts from Michał Jastrzębski's message of 2017-05-16 11:38:19 -0700: > On 16 May 2017 at 11:27, Doug Hellmann <d...@doughellmann.com> wrote: > > Excer

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Fox, Kevin M
AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images? On 16 May 2017 at 11:33, Doug Hellmann <d...@doughellmann.

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Michał Jastrzębski
On 16 May 2017 at 11:49, Doug Hellmann wrote: > Excerpts from Michał Jastrzębski's message of 2017-05-16 11:38:19 -0700: >> On 16 May 2017 at 11:27, Doug Hellmann wrote: >> > Excerpts from Michał Jastrzębski's message of 2017-05-16 09:46:19 -0700: >>

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Sean Dague
On 05/16/2017 02:39 PM, Doug Hellmann wrote: > Excerpts from Michał Jastrzębski's message of 2017-05-16 09:51:00 -0700: >> On 16 May 2017 at 09:40, Clint Byrum wrote: >>> >>> What's at stake isn't so much "how do we get the bits to the users" but >>> "how do we only get bits to

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Doug Hellmann
Excerpts from Michał Jastrzębski's message of 2017-05-16 11:38:19 -0700: > On 16 May 2017 at 11:27, Doug Hellmann wrote: > > Excerpts from Michał Jastrzębski's message of 2017-05-16 09:46:19 -0700: > >> So another consideration. Do you think whole rule of "not building > >>

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Michał Jastrzębski
On 16 May 2017 at 11:33, Doug Hellmann wrote: > Excerpts from Michał Jastrzębski's message of 2017-05-16 08:20:17 -0700: >> On 16 May 2017 at 08:12, Doug Hellmann wrote: >> > Excerpts from Michał Jastrzębski's message of 2017-05-16 06:52:12 -0700: >>

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Joshua Harlow
OpenStack a lot in adoption. From: Sean Dague [s...@dague.net] Sent: Tuesday, May 16, 2017 6:28 AM To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Doug Hellmann
Excerpts from Michał Jastrzębski's message of 2017-05-16 09:51:00 -0700: > On 16 May 2017 at 09:40, Clint Byrum wrote: > > > > What's at stake isn't so much "how do we get the bits to the users" but > > "how do we only get bits to users that they need". If you build and push > >

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Fox, Kevin M
From: Sam Yaple [sam...@yaple.net] Sent: Tuesday, May 16, 2017 7:11 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Michał Jastrzębski
On 16 May 2017 at 11:27, Doug Hellmann wrote: > Excerpts from Michał Jastrzębski's message of 2017-05-16 09:46:19 -0700: >> So another consideration. Do you think whole rule of "not building >> binares" should be reconsidered? We are kind of new use case here. We >> aren't

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Doug Hellmann
Excerpts from Michał Jastrzębski's message of 2017-05-16 08:20:17 -0700: > On 16 May 2017 at 08:12, Doug Hellmann wrote: > > Excerpts from Michał Jastrzębski's message of 2017-05-16 06:52:12 -0700: > >> On 16 May 2017 at 06:20, Flavio Percoco wrote: > >>

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Doug Hellmann
Excerpts from Jeremy Stanley's message of 2017-05-16 17:41:28 +: > On 2017-05-16 11:17:31 -0400 (-0400), Doug Hellmann wrote: > > Excerpts from Sam Yaple's message of 2017-05-16 14:11:18 +: > [...] > > > If you build images properly in infra, then you will have an image that is > > > not

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Doug Hellmann
Excerpts from Michał Jastrzębski's message of 2017-05-16 09:46:19 -0700: > So another consideration. Do you think whole rule of "not building > binares" should be reconsidered? We are kind of new use case here. We > aren't distro but we are packagers (kind of). I don't think putting us > on equal

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Fox, Kevin M
: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images? On 05/16/2017 09:24 AM, Doug Hellmann wrote: > Excerpts from Luigi Toscano's message of 2017-05-16 11:50:53 +0200: >> On Monday, 15 May 2

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Fox, Kevin M
OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images? On 16/05/17 14:08 +0200, Thierry Carrez wrote: >Flavio Percoco w

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Michał Jastrzębski
On 16 May 2017 at 10:41, Jeremy Stanley wrote: > On 2017-05-16 11:17:31 -0400 (-0400), Doug Hellmann wrote: >> Excerpts from Sam Yaple's message of 2017-05-16 14:11:18 +: > [...] >> > If you build images properly in infra, then you will have an image that is >> > not

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Jeremy Stanley
On 2017-05-16 11:17:31 -0400 (-0400), Doug Hellmann wrote: > Excerpts from Sam Yaple's message of 2017-05-16 14:11:18 +: [...] > > If you build images properly in infra, then you will have an image that is > > not security checked (no gpg verification of packages) and completely > >

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Michał Jastrzębski
On 16 May 2017 at 09:40, Clint Byrum wrote: > Excerpts from Michał Jastrzębski's message of 2017-05-15 10:52:12 -0700: >> > Container images introduce some extra complexity, over the basic >> > operating system style packages mentioned above. Due to the way >> > they are

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Michał Jastrzębski
So another consideration. Do you think whole rule of "not building binares" should be reconsidered? We are kind of new use case here. We aren't distro but we are packagers (kind of). I don't think putting us on equal footing as Red Hat, Canonical or other companies is correct here. K8s is

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Clint Byrum
Excerpts from Michał Jastrzębski's message of 2017-05-15 10:52:12 -0700: > > Container images introduce some extra complexity, over the basic > > operating system style packages mentioned above. Due to the way > > they are constructed, they are likely to include content we don't > > produce

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Michał Jastrzębski
On 16 May 2017 at 08:30, Emilien Macchi wrote: > On Tue, May 16, 2017 at 11:12 AM, Doug Hellmann wrote: >> Excerpts from Flavio Percoco's message of 2017-05-16 10:07:52 -0400: >>> On 16/05/17 09:45 -0400, Doug Hellmann wrote: >>> >Excerpts from Flavio

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Emilien Macchi
On Tue, May 16, 2017 at 11:12 AM, Doug Hellmann wrote: > Excerpts from Flavio Percoco's message of 2017-05-16 10:07:52 -0400: >> On 16/05/17 09:45 -0400, Doug Hellmann wrote: >> >Excerpts from Flavio Percoco's message of 2017-05-15 21:50:23 -0400: >> >> On 15/05/17 11:49

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Sean McGinnis
On Tue, May 16, 2017 at 02:08:07PM +0200, Thierry Carrez wrote: > > I totally subscribe to the concerns around publishing binaries (under > any form), and the expectations in terms of security maintenance that it > would set on the publisher. At the same time, we need to have images > available,

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Michał Jastrzębski
On 16 May 2017 at 08:12, Doug Hellmann wrote: > Excerpts from Michał Jastrzębski's message of 2017-05-16 06:52:12 -0700: >> On 16 May 2017 at 06:20, Flavio Percoco wrote: >> > On 16/05/17 14:08 +0200, Thierry Carrez wrote: >> >> >> >> Flavio Percoco

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Doug Hellmann
Excerpts from Sam Yaple's message of 2017-05-16 14:11:18 +: > I would like to bring up a subject that hasn't really been discussed in > this thread yet, forgive me if I missed an email mentioning this. > > What I personally would like to see is a publishing infrastructure to allow > pushing

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Doug Hellmann
Excerpts from Michał Jastrzębski's message of 2017-05-16 06:52:12 -0700: > On 16 May 2017 at 06:20, Flavio Percoco wrote: > > On 16/05/17 14:08 +0200, Thierry Carrez wrote: > >> > >> Flavio Percoco wrote: > >>> > >>> From a release perspective, as Doug mentioned, we've avoided

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Doug Hellmann
Excerpts from Flavio Percoco's message of 2017-05-16 10:07:52 -0400: > On 16/05/17 09:45 -0400, Doug Hellmann wrote: > >Excerpts from Flavio Percoco's message of 2017-05-15 21:50:23 -0400: > >> On 15/05/17 11:49 -0700, Michał Jastrzębski wrote: > >> >On 15 May 2017 at 11:19, Davanum Srinivas

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Thierry Carrez
Michał Jastrzębski wrote: > On 16 May 2017 at 06:20, Flavio Percoco wrote: >> I'd prefer for these builds to have a daily cadence because it sets the >> expectations w.r.t maintenance right: "These images are daily builds and not >> certified releases. For stable builds you're

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Thierry Carrez
Flavio Percoco wrote: > On 16/05/17 14:08 +0200, Thierry Carrez wrote: >> 1/ Have third-parties publish images >> It is the current situation. The issue is that the Kolla team (and >> likely others) would rather automate the process and use OpenStack >> infrastructure for it. >> >> 2/ Have

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Michał Jastrzębski
On 16 May 2017 at 07:11, Sam Yaple wrote: > I would like to bring up a subject that hasn't really been discussed in this > thread yet, forgive me if I missed an email mentioning this. > > What I personally would like to see is a publishing infrastructure to allow > pushing built

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Edward Leafe
On May 15, 2017, at 9:00 PM, Flavio Percoco wrote: > [huge snip] Thank you! We don’t need 50K of repeated text in every response. -- Ed Leafe __ OpenStack Development Mailing List (not for usage

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Flavio Percoco
On 16/05/17 09:45 -0400, Doug Hellmann wrote: Excerpts from Flavio Percoco's message of 2017-05-15 21:50:23 -0400: On 15/05/17 11:49 -0700, Michał Jastrzębski wrote: >On 15 May 2017 at 11:19, Davanum Srinivas wrote: >> Sorry for the top post, Michal, Can you please clarify a

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Sam Yaple
I would like to bring up a subject that hasn't really been discussed in this thread yet, forgive me if I missed an email mentioning this. What I personally would like to see is a publishing infrastructure to allow pushing built images to an internal infra mirror/repo/registry for consumption of

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Michał Jastrzębski
On 16 May 2017 at 06:22, Doug Hellmann wrote: > Excerpts from Thierry Carrez's message of 2017-05-16 14:08:07 +0200: >> Flavio Percoco wrote: >> > From a release perspective, as Doug mentioned, we've avoided releasing >> > projects >> > in any kind of built form. This was

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Michał Jastrzębski
On 16 May 2017 at 06:22, Doug Hellmann wrote: > Excerpts from Thierry Carrez's message of 2017-05-16 14:08:07 +0200: >> Flavio Percoco wrote: >> > From a release perspective, as Doug mentioned, we've avoided releasing >> > projects >> > in any kind of built form. This was

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Michał Jastrzębski
On 16 May 2017 at 06:20, Flavio Percoco wrote: > On 16/05/17 14:08 +0200, Thierry Carrez wrote: >> >> Flavio Percoco wrote: >>> >>> From a release perspective, as Doug mentioned, we've avoided releasing >>> projects >>> in any kind of built form. This was also one of the

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Doug Hellmann
Excerpts from Flavio Percoco's message of 2017-05-15 21:50:23 -0400: > On 15/05/17 11:49 -0700, Michał Jastrzębski wrote: > >On 15 May 2017 at 11:19, Davanum Srinivas wrote: > >> Sorry for the top post, Michal, Can you please clarify a couple of things: > >> > >> 1) Can folks

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Doug Hellmann
<openstack-dev@lists.openstack.org> > > Date: Tuesday, May 16, 2017 at 4:34 AM > > To: "OpenStack Development Mailing List (not for usage questions)" > > <openstack-dev@lists.openstack.org> > > Subject: Re: [openstack-dev] > > [tc][infr

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Davanum Srinivas
gt; > > > Regards > > -steve > > > > -Original Message- > > From: Flavio Percoco <fla...@redhat.com> > > Reply-To: "OpenStack Development Mailing List (not for usage > questions)" <openstack-dev@lis

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Sean Dague
On 05/16/2017 09:24 AM, Doug Hellmann wrote: > Excerpts from Luigi Toscano's message of 2017-05-16 11:50:53 +0200: >> On Monday, 15 May 2017 21:12:16 CEST Doug Hellmann wrote: >>> Excerpts from Michał Jastrzębski's message of 2017-05-15 10:52:12 -0700: >>> On 15 May 2017 at 10:34, Doug

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Flavio Percoco
On 16/05/17 14:08 +0200, Thierry Carrez wrote: Flavio Percoco wrote: From a release perspective, as Doug mentioned, we've avoided releasing projects in any kind of built form. This was also one of the concerns I raised when working on the proposal to support other programming languages. The

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Doug Hellmann
Excerpts from Luigi Toscano's message of 2017-05-16 11:50:53 +0200: > On Monday, 15 May 2017 21:12:16 CEST Doug Hellmann wrote: > > Excerpts from Michał Jastrzębski's message of 2017-05-15 10:52:12 -0700: > > > > > On 15 May 2017 at 10:34, Doug Hellmann wrote: > > > > I'm

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Doug Hellmann
Excerpts from Thierry Carrez's message of 2017-05-16 14:08:07 +0200: > Flavio Percoco wrote: > > From a release perspective, as Doug mentioned, we've avoided releasing > > projects > > in any kind of built form. This was also one of the concerns I raised when > > working on the proposal to

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Steven Dake (stdake)
questions)" <openstack-dev@lists.openstack.org> > Date: Monday, May 15, 2017 at 7:00 PM > To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev@lists.openstack.org> > Subject: Re: [openstack-dev] [tc][infra][release][secu

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Flavio Percoco
@lists.openstack.org> Subject: Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images? On 15/05/17 12:32 -0700, Michał Jastrzębski wrote: >On 15 May 2017 at 12:12, Doug Hellmann <d...@

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Thierry Carrez
Flavio Percoco wrote: > From a release perspective, as Doug mentioned, we've avoided releasing > projects > in any kind of built form. This was also one of the concerns I raised when > working on the proposal to support other programming languages. The problem of > releasing built images goes

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Davanum Srinivas
quot; > <openstack-dev@lists.openstack.org> > Subject: Re: [openstack-dev] > [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] > do we want to be publishing binary container images? > > On 15/05/17 12:32 -0700, Michał Jastrzębski wrote: &

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-16 Thread Luigi Toscano
On Monday, 15 May 2017 21:12:16 CEST Doug Hellmann wrote: > Excerpts from Michał Jastrzębski's message of 2017-05-15 10:52:12 -0700: > > > On 15 May 2017 at 10:34, Doug Hellmann wrote: > > > I'm raising the issue here to get some more input into how to > > > proceed. Do

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-15 Thread Steven Dake (stdake)
release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images? On 15/05/17 12:32 -0700, Michał Jastrzębski wrote: >On 15 May 2017 at 12:12, Doug Hellmann <d...@doughellmann.com> wrote: [huge snip] >>

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-15 Thread Flavio Percoco
On 15/05/17 12:32 -0700, Michał Jastrzębski wrote: On 15 May 2017 at 12:12, Doug Hellmann wrote: [huge snip] > I'm raising the issue here to get some more input into how to > proceed. Do other people think this concern is overblown? Can we > mitigate the risk by

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-15 Thread Flavio Percoco
On 15/05/17 11:49 -0700, Michał Jastrzębski wrote: On 15 May 2017 at 11:19, Davanum Srinivas wrote: Sorry for the top post, Michal, Can you please clarify a couple of things: 1) Can folks install just one or two services for their specific scenario? Yes, that's more of a

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-15 Thread Michał Jastrzębski
On 15 May 2017 at 12:12, Doug Hellmann wrote: > Excerpts from Michał Jastrzębski's message of 2017-05-15 10:52:12 -0700: >> For starters, I want to emphasize that fresh set of dockerhub images >> was one of most requested features from Kolla on this summit and few >> other

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-15 Thread Doug Hellmann
Excerpts from Michał Jastrzębski's message of 2017-05-15 10:52:12 -0700: > For starters, I want to emphasize that fresh set of dockerhub images > was one of most requested features from Kolla on this summit and few > other features more or less requires readily-available docker > registry.

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-15 Thread Michał Jastrzębski
On 15 May 2017 at 11:47, Sean Dague wrote: > On 05/15/2017 01:52 PM, Michał Jastrzębski wrote: >> For starters, I want to emphasize that fresh set of dockerhub images >> was one of most requested features from Kolla on this summit and few >> other features more or less requires

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-15 Thread Michał Jastrzębski
On 15 May 2017 at 11:19, Davanum Srinivas wrote: > Sorry for the top post, Michal, Can you please clarify a couple of things: > > 1) Can folks install just one or two services for their specific scenario? Yes, that's more of a kolla-ansible feature and require a little bit of

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-15 Thread Sean Dague
On 05/15/2017 01:52 PM, Michał Jastrzębski wrote: > For starters, I want to emphasize that fresh set of dockerhub images > was one of most requested features from Kolla on this summit and few > other features more or less requires readily-available docker > registry. Features like full release

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-15 Thread Davanum Srinivas
Sorry for the top post, Michal, Can you please clarify a couple of things: 1) Can folks install just one or two services for their specific scenario? 2) Can the container images from kolla be run on bare docker daemon? 3) Can someone take the kolla container images from say dockerhub and use it

Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-15 Thread Michał Jastrzębski
For starters, I want to emphasize that fresh set of dockerhub images was one of most requested features from Kolla on this summit and few other features more or less requires readily-available docker registry. Features like full release upgrade gates. This will have numerous benefits for users

[openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?

2017-05-15 Thread Doug Hellmann
Last week at the Forum we had a couple of discussions about collaboration between the various teams building or consuming container images. One topic that came up was deciding how to publish images from the various teams to docker hub or other container registries. While the technical bits seem