[openstack-dev] [TripleO] Installing from packages in tripleo-image-elements

James Slagle james.slagle at gmail.com
Tue Jan 7 20:53:57 UTC 2014

On Tue, Jan 7, 2014 at 3:23 PM, Clint Byrum <clint at fewbar.com> wrote:
> What would be the benefit of using packages?

We're building images on top of different distributions of Linux.
Those distributions themselves offer packaged and supported OpenStack
components.  So, one benefit is that you'd be using what's "blessed"
by your distro if you chose to.  I think that's a farily common way
people are going to be used to installing components. The OpenStack
Installation guide says to install from packages, fwiw.

> We've specifically avoided packages because they complect[1] configuration
> and system state management with software delivery. The recent friction
> we've seen with MySQL is an example where the packages are not actually
> helping us, they're hurting us because they encode too much configuration
> instead of just delivering binaries.

We're trying to do something fairly specific with the read only /
partition.  You're right, most packages aren't going to handle that
well.  So, yes you have a point from that perspective.

However, there are many examples of when packages help you.
Dependency resolution, version compatibility, methods of verification,
knowing what's installed, etc.  I don't think that's really an
argument or discussion worth having, because you either want to use
packages or you want to build it all from source.  There are
advantages/disadvantages to both methods, and what I'm proposing is
that we support both methods, and not require everyone to only be able
to install from source.

> Perhaps those of us who have been involved a bit longer haven't done
> a good job of communicating our reasons. I for one believe in the idea
> that image based updates eliminate a lot of the entropy that comes along
> with a package based updating system. For that reason alone I tend to
> look at any packages that deliver configurable software as potentially
> dangerous (note that I think they're wonderful for libraries, utilities,
> and kernels. :)

Using packages wouldn't prevent you from using the image based update
mechanism.  Anecdotally, I think image based updates could be a bit
heavy handed for something like picking up a quick security or bug fix
or the like.  That would be a scenario where a package update could
really be handy.  Especially if someone else (e.g., your distro) is
maintaining the package for you.

For this proposal though, I was only talking about installation of the
components at image build time.

-- James Slagle

More information about the OpenStack-dev mailing list