#opencontainers log

17:03:02 <wking> #startmeeting 2016-05-11 discussion
17:03:02 <collabot`> Meeting started Wed May 11 17:03:02 2016 UTC.  The chair is wking. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:03:02 <collabot`> Useful Commands: #action #agreed #help #info #idea #link #topic.
17:03:02 <collabot`> The meeting name has been set to '2016_05_11_discussion'
17:03:23 <wking> #chair mrunalp
17:03:23 <collabot`> Current chairs: mrunalp wking
17:03:35 <mrunalp> https://github.com/opencontainers/runtime-spec/pull/384
17:03:38 <wking> #topic create/start split
17:03:46 <wking> duglin: this just needs reviews
17:04:14 <wking> mrunalp: autoremove might make more sense as a runtime option, because it might not apply to other implementations
17:04:42 <wking> duglin: maybe the runtime should be responsible for populating part of the config.json?
17:04:54 <wking> mrunalp: I was thinking of not putting it in the spec and making it a runC option
17:05:35 <wking> duglin: for example, you would say: runc create --autoremove PATH ID
17:05:44 <wking> mrunalp: yeah, I'm just putting that up for discussion
17:06:00 <wking> duglin: I don't really care, but I'm not sure where you draw the line once you open that door
17:06:14 <wking> crosbymichael: it shouldn't be in the config
17:07:23 <JakeWarner> Why not part of the config?
17:07:37 <wking> duglin: I can see this if you consider the config a portable thing.  But I see the config as "what you need to run the container", whether or not it's portable
17:08:01 <wking> julz_: I think hooks also fall under this runtime-option, not-in-the-config position
17:08:10 <JakeWarner> (sorry, don't have a mic)
17:08:38 <wking> mrunalp: do you mean that different Linux implementations can handle the idling container process in different ways?
17:08:51 <wking> duglin: you have to implement it, but the mechanism is optional
17:09:17 <wking> mrunalp: but we need to make sure hooks can be written in a portable manner, so some of the implementation has to be standardized
17:09:32 <wking> duglin: agreed, but I don't want the wording to be too perscriptive
17:09:57 <JakeWarner> ty wking
17:10:14 <wking> duglin: config.json is supposed to be portable
17:10:58 <JakeWarner> It scares me for the sake of the future to not have an atomic config for runtime
17:11:16 <wking> mrunalp: the other argument is that this is a lifecycle option, and the same config can have different lifecycles
17:11:33 <JakeWarner> Like, wouldn't some containers by nature ask to be autoremove?
17:11:59 <JakeWarner> If we introduce —autoremove as a flag, what other flags will there be in the future?
17:12:21 <wking> duglin: what's the rationale for whether something is in config.json vs. a command-line option?
17:12:36 <wking> mrunalp: good question.  In this case, it feels like it doesn't belong in the config
17:13:30 <wking> duglin: we were moving down the "everything the runtime needs goes into the config" path, and the runtime option isn't following that approach
17:13:59 <wking> julz_: as an orchestrator, autoremove is important from a cleanup perspective.  I'd rather not have to inspect the container to figure out whether I need to clean it up
17:14:27 <wking> duglin: I think someone *does* have to look at the config, e.g. "are they asking for too much memory".  Why is autoremove different from that?
17:15:28 <JakeWarner> maybe we do need a runtime.json again. I like the idea of being able to pull down a config.json and never have to take a look at it but then also have the runtime.json that allows me as an orchestrator to specify what needs to happen
17:15:48 <wking> vishh: do we have to worry about this now?  Can we punt and talk about autoremove later?
17:16:15 <wking> mrunalp: can we go with a runtime option now, and then talk about it again later if we have portability issue
17:16:42 <wking> duglin: I'm ok with it this time, but I don't want to set a precedent to have a portable vs. non-portable discussion all over again
17:16:58 <wking> duglin: I don't want an annoying overlay process
17:17:07 <JakeWarner> i'd agree with duglin there
17:17:14 <wking> me too
17:17:46 <wking> duglin: how would portability-time changes work with extensions?
17:18:06 <wking> julz_: analogy: I think --autoremove is an operation
17:18:31 <wking> julz_: create-with-pinning vs. create-without-pinning
17:18:39 <wking> julz_: but I don't want the user to be able to make that call
17:18:46 <wking> duglin: but what about memory options?
17:19:22 <wking> julz_: changing memory limits changes the container.  This is the exact same container, just started with/without pinning.  The container doesn't care whether those namespaces are pinned
17:19:39 <JakeWarner> I think the config.json would be treated as immutable — it'd come with the container and you wouldn't need to tweak it. It's specific to the container. The runtime.json would be things you'd like to customize about actually running the container
17:20:05 <wking> JakeWarner: problem with that^ is if a user has a malicious hook or some such
17:20:22 <JakeWarner> wking: but if hook is part of orchestration
17:20:26 <JakeWarner> wouldn't that be in runtime.json?
17:20:38 <wking> but removing hooks and such is a job for the runtime-caller, not a job for the runtime itself
17:20:46 <mrunalp> https://github.com/opencontainers/runtime-spec/pull/412/files
17:20:53 <wking> defining which bits are part of "orchestration" is a slippery slope ;)
17:21:05 <JakeWarner> lol true true.
17:21:11 <wking> #topic Explicit container namespace for uid, gid
17:21:18 <wking> #url https://github.com/opencontainers/runtime-spec/pull/412
17:24:23 <wking> mrunalp: the glossary docs don't seem super clear to me.  I don't have suggestions now, but will take another look after the call
17:24:41 <wking> #topic post-stop hooks
17:24:45 <mrunalp> https://github.com/opencontainers/runtime-spec/pull/395
17:24:50 <wking> url https://github.com/opencontainers/runtime-spec/pull/395
17:24:53 <wking> #url https://github.com/opencontainers/runtime-spec/pull/395
17:25:02 <wking> mrunalp: duglin, is this getting rolled into #384?
17:25:09 <JakeWarner> I was under the belief that hooks would go away with 384
17:25:12 <JakeWarner> as well
17:25:20 <wking> duglin: I think post-stop hooks are gone after #384
17:25:37 <wking> I thought so too, which is why we were adding autoremove^
17:26:02 <wking> but the all-in-one operation will still need hooks
17:26:06 <wking> mrunalp: ^
17:26:23 <wking> duglin: I was under the impression that folks who need hooks would not use 'run'
17:26:42 <wking> mrunalp: there are users of hooks today that will not need the split
17:26:56 <JakeWarner> I'm not sure I agree with that
17:27:02 <JakeWarner> if we haven't hit 1.0 yet
17:27:04 <wking> mrunalp: we don't want to change the all-in-one command because of this split
17:27:22 <wking> vishh: if the new model supports all the hook use cases, why keep them as a first-class items?
17:27:33 <wking> mrunalp: why force people to change?
17:27:51 <wking> vishh: we can have ocitools map the 'run' workflow into the new workflow
17:29:36 <wking> duglin: it's not so much "the usecase isn't valid" as "there's a simpler bottom layer"
17:29:50 <wking> vbatts|work: runc could support this on top of create/start/stop/delete
17:30:03 <JakeWarner> Maybe the hooks only come into play if someone specifies 'run' vs 'create/start' ?
17:30:13 <wking> mrunalp: but the previous approach was to keep the old 'run', and now folks want to delete it
17:30:24 <wking> julz_: not "delete it", maybe "not specify it"
17:30:49 <wking> mrunalp: the old approach was "we'll add the new approach", not "we'll also remove the proven-today workflow"
17:31:01 <JakeWarner> I'd agree with julz_
17:31:04 <wking> julz_: I'm not suggesting removing it from runC, but I don't think we need it in the spec
17:31:23 <wking> julz_: if we put it in 1.0 and it turns out that it's not necessary, we're stuck supporting it forever
17:31:37 <wking> duglin: I don't like having multiple ways to do the same thing in the spec
17:31:44 <JakeWarner> Maybe we support hooks up until RunC 1.0? Deprecate it
17:32:15 <wking> vishh: create/start/stop/delete is a clean base layer.  Combining that to build in hooks sounds like a layer on top
17:32:28 <wking> vishh: as julz_ said, runtimes are free to support this
17:32:54 <wking> mrunalp: but you can do everything you do now with hooks?  Why not drop create/start?
17:33:09 <wking> vishh: because with create/start you don't need binary hooks, although they are still possible
17:33:27 <wking> mrunalp: I acknowledge that, but don't like throwing out workflows that are used in production
17:33:49 <JakeWarner> I had attached a usecase to the PR regarding how removing the hooks benefits the CaaS I'm working on: https://github.com/opencontainers/runtime-spec/pull/384#issuecomment-218347771
17:33:51 <wking> vishh: It's ok to say "until this is proven, we won't make the switch"
17:34:32 <wking> mrunalp: if you want access to your host mount namespace, there's a problem with create/start.
17:34:44 <wking> #action mrunalp to comment on #384 about host mount namespace access
17:34:54 <wking> vishh: so punt until we understand all the use cases
17:35:18 <wking> mrunalp: yeah.  And I don't like dropping the current all-in-one approach.  But that can be visited later
17:36:59 <wking> mrunalp: implementers have a choice between all-in-one (like it is now), or to use create/start/...
17:37:09 <wking> duglin: I want to understand use-cases that aren't supported by the split
17:37:38 <wking> mrunalp: mount namespace issue: before a pivot, you have access to the host mount namespace until the pivot
17:38:16 <wking> crosbymichael: there's a time in the lifecycle where we're in the container mount namespace before the pivot
17:38:28 <wking> that's when you bind mount from the host into the container
17:38:43 <wking> crosbymichael: then you pivot and it locks the mount namespace into the new root
17:39:07 <wking> mrunalp: the current hooks get called before the pivot happens
17:39:33 <wking> vishh: why not handle the bind mounts through the config?
17:39:56 <wking> vishh: if the config doesn't require mount ordering, we should fix that
17:40:17 <wking> I think the current spec already requires config-specified mounts happen in order
17:40:32 <wking> mrunalp: previously we had to make the container privileged, but with hooks we don't need to
17:40:43 <wking> vishh: but you can achieve this by modifying the config...
17:41:01 <wking> mrunalp: but it's a good feature for the runtime-caller to modify the mount namespace
17:41:13 <wking> vishh: but you can inspect the command via the config.  Why do you need hooks?
17:41:31 <wking> mrunalp: this is something that you don't want users to specify every time that should happen automatically
17:41:44 <wking> mrunalp: you can see "the user is trying to run systemd, so I want to setup these mounts..."
17:41:53 <mikebrow> what's the difference between a custom edit of the config vs a custom tool on a hook?
17:41:56 <wking> vishh: that sounds like a runtime-caller concern
17:42:16 <wking> mrunalp: yeah, we could do that with some command line options, but now we get it easily with a hook
17:42:37 <wking> vishh: I don't see why we need spec support for this, when you could put in a higher wrapper that does this
17:42:52 <JakeWarner> I agree with vishh
17:42:55 <wking> vishh: there are use cases that we don't want to support in the spec, and you need hook-like things for that
17:43:32 <wking> crosbymichael: hooks aren't for specific use-cases anyway.  They're lifecycle-extention points where you can do anything
17:43:57 <wking> crosbymichael: we've been talking about the same 1% use cases for two months, and aren't getting anything done
17:44:20 <wking> crosbymichael: the config is the I/O for a container.  If you want to do more stuff, make your own runtime that does create/start today
17:44:47 <wking> crosbymichael: there's no reason to put that in the spec.
17:47:07 <JakeWarner> (relevant again: https://github.com/opencontainers/runtime-spec/pull/384#issuecomment-218347771)
17:47:16 <wking> crosbymichael: if networking is not in the spec, then it's a higher-level decision to set that up
17:47:39 <wking> crosbymichael: orchestrators will have their own runtimes, so they can call their network-setup script however they want
17:47:47 <wking> crosbymichael: it's not something that needs to be exposed to the users
17:48:19 <wking> ^ in response to me asking "when to I call my network-setup code if we don't specify either hooks or create/start?"
17:48:51 <wking> duglin: to me it comes down to interop.  If we go with crosbymichael's really low level, then that really limits interop between runtimes
17:49:26 <wking> crosbymichael: there's not interop anyway with the create/start split, because there's too much flexibility (whether you pin namespaces or not, etc.)
17:49:51 <wking> julz_: I think this is the exact reason that we want create/start *or* an all-in-one, and not "the runtime can do whatever it wants"
17:50:12 <wking> crosbymichael: right now the contract is, "I give you the config and the root filesystem, please make a container"
17:50:43 <mikebrow> ^ pick one...
17:51:04 <wking> julz_: I still think we need to pick one basic layer which covers everyone, and folks can put 99% solutions on top of that
17:51:26 <wking> dqminh_: we can achieve the same things by having the upper layer create namespaces ahead of time
17:52:53 <wking> crosbymichael: for all these use cases, you can setup the namespaces ahead of time.  But people don't want to write all that
17:53:08 <JakeWarner> The thing I like about the create/start split is that I don't have to call another binary to make changes
17:53:18 <wking> julz_: what's the point of a spec if I have to rewrite the runtime?
17:54:05 <wking> julz_: if we can make everyone happy, why not do that?
17:55:19 <wking> crosbymichael: create/start is a 1% use case that is the orchestrator's problem
17:55:43 <JakeWarner> I disagree with that :\
17:56:03 <wking> julz_: if you buy that argument, why have hooks?  Just fork the runtime
17:56:16 <wking> crosbymichael: because hooks are a small change that adds the most flexibility
17:57:30 <wking> crosbymichael: even if it does pause during create, the runtime is still jumping in and out of container namespaces
17:57:46 <JakeWarner> Completely agree with julz_
17:57:55 <JakeWarner> (though super applicable to my use case)
17:57:57 <wking> julz_: but the orchestrator can keep the hook-like-things in memory and doesn't have to write hooks to disk
17:57:57 <JakeWarner> …so biased.
17:58:18 <wking> crosbymichael: hooks live on tmpfs, and can talk to the orchestrator as they run
17:58:39 <wking> this does not sound appealing to me^ ;)
17:58:50 <JakeWarner> wking: which?
17:59:12 <wking> hooks in a tmpfs talking to the orchestrator over sockets ;)
17:59:19 <JakeWarner> yeah
17:59:25 <wking> crosbymichael: hooks are a minimal change to the current orchestrators
18:00:13 <wking> julz_: there's a danger to doing the expedient thing in a spec, because once we cut 1.0 we're stuck with it
18:00:44 <wking> RobDolinMS: we're at 11
18:00:54 <wking> RobDolinMS: can julz_ write up his approach?
18:01:15 <wking> julz_: it's just duglin's #384.  We still need an implementation PR in runC, but the spec side is there and waiting for comments
18:01:34 <JakeWarner> I'd agree with that action (384)
18:01:40 <wking> RobDolinMS: so the action is "everyone review #384 so we can make an up/down decision on this next week"?
18:01:43 <wking> julz_: yeah
18:02:11 <wking> RobDolinMS: I don't know that we need to wait for a quorum, but it would be good to move forward on this
18:02:35 <wking> #topic dockercon meetup
18:02:41 <RobDolinMS> Actually, I think we SHOULD wait for quorum as we have a few folks missing
18:02:44 <wking> duglin: we're meeting Wednesday from 9 to 12.  Not sure where yet
18:02:49 <JakeWarner> I'll meet you all there! :D
18:02:59 <RobDolinMS> Thanks Doug!
18:03:00 <wking> RoDolinMS, ah, sorry.  Quorum sounds good to me too ;)
18:03:13 <wking> #endmeeting