Open Stack

On 16.8.2018 07:39, Cédric Jeanneret wrote:
> 
> 
> On 08/16/2018 12:10 AM, Jason E. Rist wrote:
>> On 08/15/2018 03:32 AM, Cédric Jeanneret wrote:
>>> Dear Community,
>>>
>>> As you may know, a move toward Podman as replacement of Docker is starting.
>>>
>>> One of the issues with podman is the lack of daemon, precisely the lack
>>> of a socket allowing to send commands and get a "computer formatted
>>> output" (like JSON or YAML or...).
>>>
>>> In order to work that out, Podman has added support for varlink¹, using
>>> the "socket activation" feature in Systemd.
>>>
>>> On my side, I would like to push forward the integration of varlink in
>>> TripleO deployed containers, especially since it will allow the following:
>>> # proper interface with Paunch (via python link)
>>>
>>> # a way to manage containers from within specific containers (think
>>> "healthcheck", "monitoring") by mounting the socket as a shared volume
>>>
>>> # a way to get container statistics (think "metrics")
>>>
>>> # a way, if needed, to get an ansible module being able to talk to
>>> podman (JSON is always better than plain text)
>>>
>>> # a way to secure the accesses to Podman management (we have to define
>>> how varlink talks to Podman, maybe providing dedicated socket with
>>> dedicated rights so that we can have dedicated users for specific tasks)
>>>
>>> That said, I have some questions:
>>> ° Does any of you have some experience with varlink and podman interface?
>>> ° What do you think about that integration wish?
>>> ° Does any of you have concern with this possible addition?
>>>
>>> Thank you for your feedback and ideas.
>>>
>>> Have a great day (or evening, or whatever suits the time you're reading
>>> this ;))!
>>>
>>> C.
>>>
>>>
>>> ¹ https://www.projectatomic.io/blog/2018/05/podman-varlink/
>>>
>>>
>>>
>>>
>>> __________________________________________________________________________
>>> OpenStack Development Mailing List (not for usage questions)
>>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>
>> How might this effect upgrades?
> 
> What exactly? addition of varlink, or the whole podman thingy? The
> question was more about "varlink" than "podman" in fact - I should maybe
> have worded things otherwise... ?

Varlink shouldn't be a problem as it's just an additive interface. 
Switching container runtime might be a bit difficult though :)

When running any upgrade, we stop any containers that need updating, and 
replace them with new ones. In theory we could just as well start the 
new ones using a different runtime, all we need is to keep the same bind 
mounts etc. What would need to be investigated is whether support for 
this (stopping on one runtime, starting on another) needs to be 
implemented directly into tools like Paunch and Pacemaker, or if we can 
handle this one-time scenario just with additional code in 
upgrade_tasks. It might be a combination of both.

Problem might come with sidecar containers for Neutron, which generally 
don't like being restarted (it can induce data plane downtime). Advanced 
hackery might be needed on this front... :)

Either way i think we'd have to do some PoC of such migration before 
fully committing to it.

Jirka

> 
>>
>> -J
>>
> 
> 
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>