[openstack-dev] [TripleO][Edge] Reduce base layer of containers for security and size of images (maintenance) sakes

Chris Dent cdent+os at anticdent.org
Wed Nov 28 18:42:45 UTC 2018


On Wed, 28 Nov 2018, James Slagle wrote:

> Why would we even run the exact same puppet binary + manifest
> individually 40,000 times so that we can produce the exact same set of
> configuration files that differ only by things such as IP address,
> hostnames, and passwords?

This has been my confusion and question throughout this entire
thread. It sounds like containers are being built (and configured) at
something akin to runtime, instead of built once and then configured
(only) at runtime. Isn't it more the "norm" to, when there's a security
fix, build again, once, and cause the stuff at edge (keeping its config)
to re-instantiate fetching newly built stuff?

Throughout the discussion I've been assuming I must be missing some
critical detail because isn't the whole point to have immutable
stuff? Maybe it is immutable and you all are talking about it in
ways that make it seem otherwise. I dunno. I suspect I am missing
some bit of operational experience.

In any case, the "differ only by things..." situation is exactly why
I added the get-config-from-environment support to oslo.config, so
that the different bits can be in the orchestrator, not the
containers themselves. More on that at:

http://lists.openstack.org/pipermail/openstack-discuss/2018-November/000173.html

-- 
Chris Dent                       ٩◔̯◔۶           https://anticdent.org/
freenode: cdent                                         tw: @anticdent


More information about the openstack-discuss mailing list