[openstack-dev] [kolla] on Dockerfile patterns

Lars Kellogg-Stedman lars at redhat.com
Tue Oct 14 14:49:36 UTC 2014


On Tue, Oct 14, 2014 at 02:51:15PM +1100, Angus Lees wrote:
> 1. It would be good if the "interesting" code came from python sdist/bdists 
> rather than rpms.

I agree in principal, although starting from packages right now lets
us ignore a whole host of issues.  Possibly we'll hit that change down
the road.

> 2. I think we should separate out "run the server" from "do once-off setup".
> 
> Currently the containers run a start.sh that typically sets up the database, 
> runs the servers, creates keystone users and sets up the keystone catalog.  In 
> something like k8s, the container will almost certainly be run multiple times 
> in parallel and restarted numerous times, so all those other steps go against 
> the service-oriented k8s ideal and are at-best wasted.

All the existing containers [*] are designed to be idempotent, which I
think is not a bad model.  Even if we move initial configuration out
of the service containers I think that is a goal we want to preserve.

I pursued exactly the model you suggest on my own when working on an
ansible-driven workflow for setting things up:

  https://github.com/larsks/openstack-containers

Ansible made it easy to support one-off "batch" containers which, as
you say, aren't exactly supported in Kubernetes.  I like your
(ab?)use of restartPolicy; I think that's worth pursuing.

[*] That work, which includes rabbitmq, mariadb, keystone, and glance.

> I'm open to whether we want to make these as lightweight/independent as 
> possible (every daemon in an individual container), or limit it to one per 
> project (eg: run nova-api, nova-conductor, nova-scheduler, etc all in one 
> container).

My goal is one-service-per-container, because that generally makes the
question of process supervision and log collection a *host* problem
rather than a *container* problem. It also makes it easier to scale an
individual service, if that becomes necessary.

-- 
Lars Kellogg-Stedman <lars at redhat.com> | larsks @ {freenode,twitter,github}
Cloud Engineering / OpenStack          | http://blog.oddbit.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141014/d926e675/attachment.pgp>


More information about the OpenStack-dev mailing list