[openstack-dev] [TripleO] podman: varlink interface for nice API calls

Steve Baker sbaker at redhat.com
Thu Aug 16 22:25:00 UTC 2018



On 15/08/18 21:32, Cédric Jeanneret wrote:
> Dear Community,
>
> As you may know, a move toward Podman as replacement of Docker is starting.
>
> One of the issues with podman is the lack of daemon, precisely the lack
> of a socket allowing to send commands and get a "computer formatted
> output" (like JSON or YAML or...).
>
> In order to work that out, Podman has added support for varlink¹, using
> the "socket activation" feature in Systemd.
>
> On my side, I would like to push forward the integration of varlink in
> TripleO deployed containers, especially since it will allow the following:
> # proper interface with Paunch (via python link)
I'm not sure this would be desirable. If we're going to all container 
management via a socket I think we'd be better supported by using CRI-O. 
One of the advantages I see of podman is being able to manage services 
with systemd again.
> # a way to manage containers from within specific containers (think
> "healthcheck", "monitoring") by mounting the socket as a shared volume
>
> # a way to get container statistics (think "metrics")
>
> # a way, if needed, to get an ansible module being able to talk to
> podman (JSON is always better than plain text)
>
> # a way to secure the accesses to Podman management (we have to define
> how varlink talks to Podman, maybe providing dedicated socket with
> dedicated rights so that we can have dedicated users for specific tasks)
Some of these cases might prove to be useful, but I do wonder if just 
making podman calls would be just as simple without the complexity of 
having another host-level service to manage. We can still do podman 
operations inside containers by bind-mounting in the container state.

> That said, I have some questions:
> ° Does any of you have some experience with varlink and podman interface?
> ° What do you think about that integration wish?
> ° Does any of you have concern with this possible addition?
I do worry a bit that it is advocating for a solution before we really 
understand the problems. The biggest unknown for me is what we do about 
healthchecks. Maybe varlink is part of the solution here, or maybe its a 
systemd timer which executes the healthcheck and restarts the service 
when required.
> Thank you for your feedback and ideas.
>
> Have a great day (or evening, or whatever suits the time you're reading
> this ;))!
>
> C.
>
>
> ¹ https://www.projectatomic.io/blog/2018/05/podman-varlink/
>
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180817/ad17c141/attachment.html>


More information about the OpenStack-dev mailing list