Open Stack

On Fri, May 1, 2020 at 5:06 PM Sean Mooney <smooney at redhat.com> wrote:

> On Fri, 2020-05-01 at 15:18 -0500, Kevin Carter wrote:
> > Hello Stackers,
> >
> > As you may have seen, the TripleO project has been testing the idea of
> > building container images using a simplified toolchain [0]. The idea is
> to
> > build smaller, more easily maintained images to simplify the lives of
> > TripleO consumers. Since TripleO's move to containers, the project has
> been
> > leveraging Kolla to provide Dockerfiles, and while this has worked,
> TripleO
> > has created considerable tooling to bend Kolla images to its needs. Sadly
> > this has resulted in an image size explosion and the proliferation of
> > difficult to maintain tools, with low bus factors, which are essential to
> > the success of the project. To address the risk centered around the
> TripleO
> > containerization story, we've drafted a spec [0], which we believe
> outlines
> > a more sustainable future. In this specification, we've designed a new,
> > much more straightforward, approach to building container images for the
> > TripleO project. The "simple container generation," specification does
> not
> > intend to be a general-purpose tool used to create images for the greater
> > OpenStack community, both Loci and Kolla do that already. This effort is
> to
> > build containers only for TripleO using distro provided repositories,
> with
> > distro maintained tooling. By focusing only on what we need, we're able
> to
> > remove all general-purpose assumptions and create a vertically integrated
> > stack resulting in a much smaller surface area.
> >
> > To highlight how all this works, we've put together several POC changes:
> > * Role and playbook to implement the Containerfile specification [1].
> > * Tripleoclient review to interface with the new role and playbook [2].
> > * Directory structure for variable file layout [3].
> > * To see how this works using the POC code, building images we've tested
> in
> > real deployments, please watch the ASCII-cast [4].
> > * Example configuration file examples are here [5][6][7].
> >
> > A few examples of size comparisons between our proposed tooling versus
> > current Kolla based images [8]:
> >   - base:
> >       + Kolla: 588 MB
> >       - new: 211 MB  # based on ubi8, smaller than centos8
> kolla could also use the ubi8 image as a base you could select centos as
> the base image type and then pass the url to
> the ubi image and that should would work.
> >   - nova-base:
> >       + Kolla: 1.09 GB
> >       - new: 720 MB
> unless you are using layers fo rthe new iamge keep in mind you have to
> subtract the size of the base imag form the nova
> base image to caluate how big it actully is so its acully only usein about
> 500MB
>
> if you are using layser for the ubi nova-base then these iamge are actully
> the same size the diffenrec is entirly coming
> for the reduction in the base image
> >   - nova-libvirt:
> >       + Kolla: 2.14 GB
> >       - new: 1.9 GB
> again here you have to do the same arithmatich  so 2.14-1.09 so this image
> is adding 1.05 GB of layers in the kolla case
> and the ubi version is adding 1.2GB so the ubi image is acully using more
> space assumign tis using layer if tis not then
> its 1.05GB vs 1.9GB and the kolla image still comes out better by an even
> larger margin
> >   - keystone:
> >       + Kolla: 973 MB
> >       - new: 532 MB
>
> again here this si all in the deleta of the base image
> >   - memcached:
> >       + Kolla: 633 MB
> >       - new: 379 MB
>
> as is this
>

You are correct that the size of each application is smaller due to the
layers at play, this holds true for both Kolla and the new image build
process we're using for comparison. The figures here are the total size as
reported by something like a `(podman || docker) image list`. While the
benefits of a COW'ing file system are not represented in these figures,
rest assured we've made good use of layering techniques to ensure optimal
image sizes.


> so over all i think the ubi based iamges are using more or the same space
> then the kolla ones.
> they just have a smaller base image. so rather then doing this i think it
> makes more sense to just use the ubi iamge
> with the kolla build system unless you expect be be able to signicicalty
> reduce the size of the images more.
>
> based on size alone i tone se anny really benifit so far
> >
> > While the links shown are many, the actual volume of the proposed change
> is
> > small, although the impact is massive:
>
> > * With more straightforward to understand tools, we'll be able to get
> > broader participation from the TripleO community to maintain our
> > containerization efforts and extend our service capabilities.
> given customer likely have built up ther own template override files
> unless you also have a way to support that this is
> a breaking change to there workflow.
> > * With smaller images, the TripleO community will serve OpenStack
> deployers
> > and operators better; less bandwidth consumption and faster install
> times.
> again when you take into the account that kolla uses layers the image dont
> appear to be smaller and the nova-libvert
> image is actully bigger kolla gets large space saving buy using the copy
> on write layers that make up docker images
> to share common code so you can just look a the size fo indivigual iamages
> you have look at the size of the total set
> and compare those.
>

So far we've not encountered a single image using Kolla that is smaller and
we've tested both CentOS8 and UBI8 as a starting point. In all cases we've
been able to produce smaller containers to the tune of hundreds of
megabytes saved per-application without feature gaps (as it pertains to
TripleO), granted, the testing has not been exhaustive. The noted UBI8
starting point was chosen because it produced the greatest savings.


>
> >
> > We're looking to chart a more reliable path forward, and making the
> TripleO
> > user experience a great one. While the POC changes are feature-complete
> and
> > functional, more work is needed to create the required variable files;
> > however, should the proposed specification be ratified, we expect to make
> > quick work of what's left. As such, if you would like to be involved or
> > have any feedback on anything presented here, please don't hesitate to
> > reach out.
> >
> > We aim to provide regular updates regarding our progress on the "Simple
> > container generation" initiative, so stay tuned.
> honestly im not sure this is a benifty or something that should be done
> but it seam like ye have already decieded on a
> path. not the kolla image can also be made smaller then they currently are
> using multi state builds to remove and deps
> installed for buidl requirement or reducing the optional depencies.
>
> many for the deps currently installed are to supprot the different vender
> backedns.
> if we improve the bindep files in each project too group those depencies
> by the optional backedn kolla could easily be
> updated to use bindep for package installation. and the image would get
> even smaller.
> >
> > Thanks,
> >
> > Kevin and Emilien
> >
> > [0] https://review.opendev.org/#/c/723665/
> > [1] https://review.opendev.org/#/c/722557/
> > [2] https://review.opendev.org/#/c/724147/
> > [3] https://review.opendev.org/#/c/722486/
> > [4] https://files.macchi.pro:8443/demo-container-images/
> > [5] http://paste.openstack.org/show/792995/
> > [6] http://paste.openstack.org/show/792994/
> > [7] http://paste.openstack.org/show/792993/
> > [8]
> >
>
> https://4ce3fa2efa42bb6b3a69-771991cd07d409aaec3e4ca5eafdd7e0.ssl.cf2.rackcdn.com/724436/2/check/tripleo-build-containers-centos-8/78eefc3/logs/containers-successfully-built.log
> >
> > Kevin Carter
> > IRC: kecarter
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20200501/4f7d07be/attachment-0001.html>