Welcome to the seventh status report about the progress we make to Container Runtimes into Red Hat OpenStack Platform, version 15. You can read the previous report here: http://post-office.corp.redhat.com/archives/container-teams/2018-December/ms... Our efforts are tracked here: https://trello.com/b/S8TmOU0u/tripleo-podman TL;DR =========================================== - Some OSP folks will meet in Brno next week, to work together on RHEL8/OSP15. See [1]. - We have replaced the Docker Healthchecks by SystemD timers when Podman is deployed. Now figuring out the next steps [2]. - Slow progress on the Python-based uploader (using tar-split + buildah), slowed by bugs. - We are waiting for podman 1.0 so we can build / test / ship it in TripleO CI. Context reminder =========================================== The OpenStack team is preparing the 15th version of Red Hat OpenStack Platform that will work on RHEL8. We are working together to support the future Container Runtimes which replace Docker. Done =========================================== - Implemented Podman healthchecks with SystemD timers: https://review.openstack.org/#/c/620372/ - Renamed SystemD services controlling Podman containers to not conflict with baremetal services https://review.openstack.org/#/c/623241/ - podman issues (reported by us) closed: - pull: error setting new rlimits: operation not permitted https://github.com/containers/libpod/issues/2123 - New podman version introduce new issue with selinux and relabelling: relabel failed "/run/netns": operation not supported https://github.com/containers/libpod/issues/2034 - container create failed: container_linux.go:336: starting container process caused "setup user: permission denied" https://github.com/containers/libpod/issues/1980 - "podman inspect --type image --format exists <image>" reports a not-friendly error when image doesn't exist in local storage https://github.com/containers/libpod/issues/1845 - container create failed: container_linux.go:336: starting container process caused "process_linux.go:293: applying cgroup configuration for process caused open /sys/fs/cgroup/cpuset/machine.slice/cpuset.cpus: no such file or directory" https://github.com/containers/libpod/issues/1841 - paunch/runner: test if image exists before running inspect https://review.openstack.org/#/c/619313/ - Fixing a bunch of issues with docker-puppet.py to reduce chances of race conditions. - A lot of SElinux work, to make everything working in Enforced mode. - tar-split packaging is done, and will be consumed in TripleO for the python image uplaoded In progress =========================================== - Still investigating standard_init_linux.go:203: exec user process caused \"no such file or directory\" [5]. This one is nasty and painful. It involves concurrency and we are evaluating solutions, but we'll probably end up reduce the default multi-processing of podman commands from 6 to 3 by default. - Investigating ways to gate new versions of Podman + dependencies: https://review.rdoproject.org/r/#/c/17960/ - Investigating how to consume systemd timers in sensu (healtchecks) [2] - Investigating and prototyping a pattern to safely spawn a container from a container with systemd https://review.openstack.org/#/c/620062 - Investigating how we can prune Docker data when upgrading from Docker to Podman https://review.openstack.org/#/c/620405/ - Using the new "podman image exist" in Paunch https://review.openstack.org/#/c/619313/ - Still implementing a Python-based container uploader (using tar-split and buildah) - this method will be the default later: https://review.openstack.org/#/c/616018/ - Testing future Podman 1.0 in TripleO [3] - Help the Skydive team to migrate to Podman [4] Blocked =========================================== Podman 1.0 contains a lot of fixes that we need (from libpod and vendored as well). Any comment or feedback is welcome, thanks for reading! [1] https://docs.google.com/document/d/18-1M1eSnlls6j2Op2TxyvyuqoOksxmwHOhqaD6B8... [2] https://trello.com/c/g6bi5DQF/4-healthchecks [3] https://trello.com/c/2tXNLJUN/58-test-podman-10 [4] https://trello.com/c/tW935FGe/56-migrate-ansible-skydive-to-podman [5] https://github.com/containers/libpod/issues/1844 -- Emilien Macchi