[RHEL8-OSP15] Container Runtimes integration - Status report #7

Emilien Macchi emilien at redhat.com
Fri Jan 11 16:32:21 UTC 2019


I didn't mean to send that on that list, but whatever. Nothing is
confidential in that email. Except a few links that nobody cares.

What I realized though is that I think it's time to communicate this effort
in the public, which was impossible for me until now because RHEL8.

For the next edition, I will send it to this list so anyone interested by
podman can take a look.

Also I'm available for any questions if needed.
Thanks & sorry for noise.

Emilien

On Fri, Jan 11, 2019 at 11:20 AM Emilien Macchi <emilien at redhat.com> wrote:

> Welcome to the seventh status report about the progress we make to
> Container Runtimes into Red Hat OpenStack Platform, version 15.
> You can read the previous report here:
>
> http://post-office.corp.redhat.com/archives/container-teams/2018-December/msg00090.html
> Our efforts are tracked here: https://trello.com/b/S8TmOU0u/tripleo-podman
>
>
> TL;DR
> ===========================================
> - Some OSP folks will meet in Brno next week, to work together on
> RHEL8/OSP15. See [1].
> - We have replaced the Docker Healthchecks by SystemD timers when Podman
> is deployed. Now figuring out the next steps [2].
> - Slow progress on the Python-based uploader (using tar-split + buildah),
> slowed by bugs.
> - We are waiting for podman 1.0 so we can build / test / ship it in
> TripleO CI.
>
> Context reminder
> ===========================================
> The OpenStack team is preparing the 15th version of Red Hat OpenStack
> Platform that will work on RHEL8.
> We are working together to support the future Container Runtimes which
> replace Docker.
>
> Done
> ===========================================
> - Implemented Podman healthchecks with SystemD timers:
> https://review.openstack.org/#/c/620372/
> - Renamed SystemD services controlling Podman containers to not conflict
> with baremetal services https://review.openstack.org/#/c/623241/
> - podman issues (reported by us) closed:
>   - pull: error setting new rlimits: operation not permitted
> https://github.com/containers/libpod/issues/2123
>   - New podman version introduce new issue with selinux and relabelling:
> relabel failed "/run/netns": operation not supported
> https://github.com/containers/libpod/issues/2034
>   - container create failed: container_linux.go:336: starting container
> process caused "setup user: permission denied"
> https://github.com/containers/libpod/issues/1980
>   - "podman inspect --type image --format exists <image>" reports a
> not-friendly error when image doesn't exist in local storage
> https://github.com/containers/libpod/issues/1845
>   - container create failed: container_linux.go:336: starting container
> process caused "process_linux.go:293: applying cgroup configuration for
> process caused open /sys/fs/cgroup/cpuset/machine.slice/cpuset.cpus: no
> such file or directory" https://github.com/containers/libpod/issues/1841
> - paunch/runner: test if image exists before running inspect
> https://review.openstack.org/#/c/619313/
> - Fixing a bunch of issues with docker-puppet.py to reduce chances of race
> conditions.
> - A lot of SElinux work, to make everything working in Enforced mode.
> - tar-split packaging is done, and will be consumed in TripleO for the
> python image uplaoded
>
> In progress
> ===========================================
> - Still investigating standard_init_linux.go:203: exec user process caused
> \"no such file or directory\" [5]. This one is nasty and painful. It
> involves concurrency and we are evaluating solutions, but we'll probably
> end up reduce the default multi-processing of podman commands from 6 to 3
> by default.
> - Investigating ways to gate new versions of Podman + dependencies:
> https://review.rdoproject.org/r/#/c/17960/
> - Investigating how to consume systemd timers in sensu (healtchecks) [2]
> - Investigating and prototyping a pattern to safely spawn a container from
> a container with systemd https://review.openstack.org/#/c/620062
> - Investigating how we can prune Docker data when upgrading from Docker to
> Podman https://review.openstack.org/#/c/620405/
> - Using the new "podman image exist" in Paunch
> https://review.openstack.org/#/c/619313/
> - Still implementing a Python-based container uploader (using tar-split
> and buildah) - this method will be the default later:
> https://review.openstack.org/#/c/616018/
> - Testing future Podman 1.0 in TripleO [3]
> - Help the Skydive team to migrate to Podman [4]
>
> Blocked
> ===========================================
> Podman 1.0 contains a lot of fixes that we need (from libpod and vendored
> as well).
>
> Any comment or feedback is welcome, thanks for reading!
>
> [1]
> https://docs.google.com/document/d/18-1M1eSnlls6j2Op2TxyvyuqoOksxmwHOhqaD6B8FQY/edit
> [2] https://trello.com/c/g6bi5DQF/4-healthchecks
> [3] https://trello.com/c/2tXNLJUN/58-test-podman-10
> [4] https://trello.com/c/tW935FGe/56-migrate-ansible-skydive-to-podman
> [5] https://github.com/containers/libpod/issues/1844
> --
> Emilien Macchi
>


-- 
Emilien Macchi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190111/59d8252c/attachment-0001.html>


More information about the openstack-discuss mailing list