Open Stack

On 15.8.2018 11:32, Cédric Jeanneret wrote:
> Dear Community,
> 
> As you may know, a move toward Podman as replacement of Docker is starting.
> 
> One of the issues with podman is the lack of daemon, precisely the lack
> of a socket allowing to send commands and get a "computer formatted
> output" (like JSON or YAML or...).
> 
> In order to work that out, Podman has added support for varlink¹, using
> the "socket activation" feature in Systemd.
> 
> On my side, I would like to push forward the integration of varlink in
> TripleO deployed containers, especially since it will allow the following:
> # proper interface with Paunch (via python link)

"integration of varlink in TripleO deployed containers" sounds like we'd 
need to make some changes to the containers themselves, but is that the 
case? As i read the docs, it seems like a management API wrapper for 
Podman, so just an alternative interface to Podman CLI. I'd expect we'd 
use varlink from Paunch, but probably not from the containers 
themselves? (Perhaps that's what you meant, just making sure we're on 
the same page.)

> 
> # a way to manage containers from within specific containers (think
> "healthcheck", "monitoring") by mounting the socket as a shared volume

I think healthchecks are currently quite Docker-specific, so we could 
have a Podman-specific alternative here. We should be careful about how 
much container runtime specificity we introduce and keep though, and 
we'll probably have to amend our tools (e.g. pre-upgrade validations 
[2]) to work with both, at least until we decide whether to really make 
a full transition to Podman or not.

> 
> # a way to get container statistics (think "metrics")
> 
> # a way, if needed, to get an ansible module being able to talk to
> podman (JSON is always better than plain text)
> 
> # a way to secure the accesses to Podman management (we have to define
> how varlink talks to Podman, maybe providing dedicated socket with
> dedicated rights so that we can have dedicated users for specific tasks)
> 
> That said, I have some questions:
> ° Does any of you have some experience with varlink and podman interface?
> ° What do you think about that integration wish?
> ° Does any of you have concern with this possible addition?

I like it, but we should probably sync up with Podman community if they 
consider varlink a "supported" interface for controlling Podman, and 
it's not just an experiment which will vanish. To me it certainly looks 
like a much better programmable interface than composing CLI calls and 
parsing their output, but we should make sure Podman folks think so too :)

Thanks for looking into this

Jirka

[2] https://review.openstack.org/#/c/582502/

> 
> Thank you for your feedback and ideas.
> 
> Have a great day (or evening, or whatever suits the time you're reading
> this ;))!
> 
> C.
> 
> 
> ¹ https://www.projectatomic.io/blog/2018/05/podman-varlink/
> 
> 
> 
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>