[openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?
Doug Hellmann
doug at doughellmann.com
Tue May 16 13:44:10 UTC 2017
This is one of those areas that was shared understanding for a long
time, and seems less "shared" now that we've grown and added new
projects to the community. I intended to prepare a governance
resolution *after* having some public discussion, so that we can
restore that common understanding through documentation. I didn't
prepare the resolution as a first step, because if the consensus
is that we've changed our collective minds about whether publishing
binary artifacts is a good idea then the wording of the resolution
needs to reflect that.
Doug
Excerpts from Davanum Srinivas (dims)'s message of 2017-05-16 09:25:56 -0400:
> Steve,
>
> We should not always ask "if this is a ruling from the TC", the
> default is that it's a discussion/exploration. If it is a "ruling", it
> won't be on a ML thread.
>
> Thanks,
> Dims
>
> On Tue, May 16, 2017 at 9:22 AM, Steven Dake (stdake) <stdake at cisco.com> wrote:
> > Dims,
> >
> > The [tc] was in the subject tag, and the message was represented as indicating some TC directive and has had several tc members comment on the thread. I did nothing wrong.
> >
> > Regards
> > -steve
> >
> >
> > -----Original Message-----
> > From: Davanum Srinivas <davanum at gmail.com>
> > Reply-To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org>
> > Date: Tuesday, May 16, 2017 at 4:34 AM
> > To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org>
> > Subject: Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?
> >
> > Why drag TC into this discussion Steven? If the TC has something to
> > say, it will be in the form of a resolution with topic "formal-vote".
> > So please Stop!
> >
> > Thanks,
> > Dims
> >
> > On Tue, May 16, 2017 at 12:22 AM, Steven Dake (stdake) <stdake at cisco.com> wrote:
> > > Flavio,
> > >
> > > Forgive the top post – outlook ftw.
> > >
> > > I understand the concerns raised in this thread. It is unclear if this thread is the feeling of two TC members or enough TC members care deeply about this issue to permanently limit OpenStack big tent projects’ ability to generate container images in various external artifact storage systems. The point of discussion I see effectively raised in this thread is “OpenStack infra will not push images to dockerhub”.
> > >
> > > I’d like clarification if this is a ruling from the TC, or simply an exploratory discussion.
> > >
> > > If it is exploratory, it is prudent that OpenStack projects not be blocked by debate on this issue until the TC has made such ruling as to banning the creation of container images via OpenStack infrastructure.
> > >
> > > Regards
> > > -steve
> > >
> > > -----Original Message-----
> > > From: Flavio Percoco <flavio at redhat.com>
> > > Reply-To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org>
> > > Date: Monday, May 15, 2017 at 7:00 PM
> > > To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org>
> > > Subject: Re: [openstack-dev] [tc][infra][release][security][stable][kolla][loci][tripleo][docker][kubernetes] do we want to be publishing binary container images?
> > >
> > > On 15/05/17 12:32 -0700, Michał Jastrzębski wrote:
> > > >On 15 May 2017 at 12:12, Doug Hellmann <doug at doughellmann.com> wrote:
> > >
> > > [huge snip]
> > >
> > > >>> > I'm raising the issue here to get some more input into how to
> > > >>> > proceed. Do other people think this concern is overblown? Can we
> > > >>> > mitigate the risk by communicating through metadata for the images?
> > > >>> > Should we stick to publishing build instructions (Dockerfiles, or
> > > >>> > whatever) instead of binary images? Are there other options I haven't
> > > >>> > mentioned?
> > > >>>
> > > >>> Today we do publish build instructions, that's what Kolla is. We also
> > > >>> publish built containers already, just we do it manually on release
> > > >>> today. If we decide to block it, I assume we should stop doing that
> > > >>> too? That will hurt users who uses this piece of Kolla, and I'd hate
> > > >>> to hurt our users:(
> > > >>
> > > >> Well, that's the question. Today we have teams publishing those
> > > >> images themselves, right? And the proposal is to have infra do it?
> > > >> That change could be construed to imply that there is more of a
> > > >> relationship with the images and the rest of the community (remember,
> > > >> folks outside of the main community activities do not always make
> > > >> the same distinctions we do about teams). So, before we go ahead
> > > >> with that, I want to make sure that we all have a chance to discuss
> > > >> the policy change and its implications.
> > > >
> > > >Infra as vm running with infra, but team to publish it can be Kolla
> > > >team. I assume we'll be responsible to keep these images healthy...
> > >
> > > I think this is the gist of the concern and I'd like us to focus on it.
> > >
> > > As someone that used to consume these images from kolla's dockerhub account
> > > directly, I can confirm they are useful. However, I do share Doug's concern and
> > > the impact this may have on the community.
> > >
> > > From a release perspective, as Doug mentioned, we've avoided releasing projects
> > > in any kind of built form. This was also one of the concerns I raised when
> > > working on the proposal to support other programming languages. The problem of
> > > releasing built images goes beyond the infrastructure requirements. It's the
> > > message and the guarantees implied with the built product itself that are the
> > > concern here. And I tend to agree with Doug that this might be a problem for us
> > > as a community. Unfortunately, putting your name, Michal, as contact point is
> > > not enough. Kolla is not the only project producing container images and we need
> > > to be consistent in the way we release these images.
> > >
> > > Nothing prevents people for building their own images and uploading them to
> > > dockerhub. Having this as part of the OpenStack's pipeline is a problem.
> > >
> > > Flavio
> > >
> > > P.S: note this goes against my container(ish) interests but it's a
> > > community-wide problem.
> > >
> > > --
> > > @flaper87
> > > Flavio Percoco
> > >
> > >
> > > __________________________________________________________________________
> > > OpenStack Development Mailing List (not for usage questions)
> > > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
> >
> >
> > --
> > Davanum Srinivas :: https://twitter.com/dims
> >
> > __________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
> >
> > __________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
More information about the OpenStack-dev
mailing list