[openstack-dev] [kolla] on Dockerfile patterns

Lars Kellogg-Stedman lars at redhat.com
Tue Oct 14 19:10:23 UTC 2014


On Tue, Oct 14, 2014 at 02:45:30PM -0400, Jay Pipes wrote:
> With Docker, you are limited to the operating system of whatever the image
> uses.

See, that's the part I disagree with.  What I was saying about ansible
and puppet in my email is that I think the right thing to do is take
advantage of those tools:

  FROM ubuntu

  RUN apt-get install ansible
  COPY my_ansible_config.yaml /my_ansible_config.yaml
  RUN ansible /my_ansible_config.yaml

Or:

  FROM Fedora

  RUN yum install ansible
  COPY my_ansible_config.yaml /my_ansible_config.yaml
  RUN ansible /my_ansible_config.yaml

Put the minimal instructions in your dockerfile to bootstrap your
preferred configuration management tool. This is exactly what you
would do when booting, say, a Nova instance into an openstack
environment: you can provide a shell script to cloud-init that would
install whatever packages are required to run your config management
tool, and then run that tool.

Once you have bootstrapped your cm environment you can take advantage
of all those distribution-agnostic cm tools.

In other words, using docker is no more limiting than using a vm or
bare hardware that has been installed with your distribution of
choice.

> [1] Is there an official MySQL docker image? I found 553 Dockerhub
> repositories for MySQL images...

Yes, it's called "mysql".  It is in fact one of the official images
highlighted on https://registry.hub.docker.com/.

> >I have looked into using Puppet as part of both the build and runtime
> >configuration process, but I haven't spent much time on it yet.
> 
> Oh, I don't think Puppet is any better than Ansible for these things.

I think it's pretty clear that I was not suggesting it was better than
ansible.  That is hardly relevant to this discussion.  I was only
saying that is what *I* have looked at, and I was agreeing that *any*
configuration management system is probably better than writing shells
cript.

> How would I go about essentially transferring the ownership of the RPC
> exchanges that the original nova-conductor container managed to the new
> nova-conductor container? Would it be as simple as shutting down the old
> container and starting up the new nova-conductor container using things like
> --link rabbitmq:rabbitmq in the startup docker line?

I think that you would not necessarily rely on --link for this sort of
thing.  Under kubernetes, you would use a "service" definition, in
which kubernetes maintains a proxy that directs traffic to the
appropriate place as containers are created and destroyed.

Outside of kubernetes, you would use some other service discovery
mechanism; there are many available (etcd, consul, serf, etc).

But this isn't particularly a docker problem.  This is the same
problem you would face running the same software on top of a cloud
environment in which you cannot predict things like ip addresses a
priori.

-- 
Lars Kellogg-Stedman <lars at redhat.com> | larsks @ {freenode,twitter,github}
Cloud Engineering / OpenStack          | http://blog.oddbit.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141014/18b8500e/attachment.pgp>


More information about the OpenStack-dev mailing list