#opencontainers log

21:03:27 <wking> #startmeeting 2016-07-20 discussion
21:03:27 <collabot> Meeting started Wed Jul 20 21:03:27 2016 UTC.  The chair is wking. Information about MeetBot at http://wiki.debian.org/MeetBot.
21:03:27 <collabot> Useful Commands: #action #agreed #help #info #idea #link #topic.
21:03:27 <collabot> The meeting name has been set to '2016_07_20_discussion'
21:03:35 <wking> #topic image-spec 0.4.0
21:03:57 <wking> stevvooe: I've moved the whiteout docs onto the 0.4.0 milestone, let me know if anyone has problems with that
21:04:23 <wking> stevvooe: There is an open PR about limiting integers to int64, but I'm not sure what the current status of that is
21:04:43 <wking> stevvooe: there hasn't been more discussion about naming or signing.  Are we punting those?
21:05:06 <wking> vbatts: I'm not sure what the int64 hangup was
21:05:29 <wking> vbatts: I thought naming/signing was getting pushed into an optional layer.  We wanted the ability to add it later without breaking things
21:05:57 <wking> stevvooe: do we need an action item to sketch naming/signing in broad strokes so we can talk about forward compat?
21:06:20 <stevvooe> i said "do we need to define the shape of naming/signing?"
21:06:26 <wking> vbatts: scopio (wking: maybe a typo?) has some of this in place, we should look at that to frame the discussion
21:06:26 <stevvooe> :)
21:06:32 <mrunalp> skopeo
21:07:37 <wking> stevvooe: do we tackle this after we have an image layout in Docker?
21:08:22 <wking> vbatts: I don't know.  You could parallelize them with blob/refs with signature information...
21:09:00 <wking> stevvooe: the spec is missing parts, but we probably want Docker save/load to the image layout in a branch somewhere
21:09:25 <wking> vbatts: Docker save/load mock up sounds good
21:09:36 <wking> stevvooe: there's a containers/image that has some work in progress?
21:09:45 <cyphar> url: https://github.com/containers/image
21:10:03 <wking> vbatts: that's part of skopeo a tool that can pull from Docker / OCI / etc. and lay things out for runC
21:10:21 <wking> vbatts: if there is support for that in Docker as well, that would be good for compatability
21:10:25 <mrunalp> It is a library that was pulled out of skopeo
21:10:37 <wking> stevvooe: should we take this offline?
21:10:40 <mrunalp> skopeo is a utility built on top of that library
21:11:06 <wking> thanks mrunalp / stevvooe for correcting me when I get things wrong ;)
21:11:24 <wking> mrunalp: other image-spec topics?
21:12:41 <wking> vbatts: I'd like to get type-export landed, but there's some pushback there
21:13:13 <wking> vbatts: if anyone has spare cycles, ping us with things you want in 0.4.0
21:13:24 <wking> vbatts: otherwise stevvooe and I will assign as we see fit
21:13:32 <wking> vbatts: I arbitrarily put it on the 27th
21:13:58 <RobDolinMS> Appreciate all of the work you're doing vbatts for managing release mechanics
21:13:59 <wking> vbatts: comment on an issue you want in 0.4.0 if you don't have permissions to assign it yourself
21:14:02 <mrunalp> https://github.com/opencontainers/runtime-spec/pull/513/files
21:14:09 <wking> #topic runtime-spec command line API
21:14:23 <wking> https://github.com/opencontainers/runtime-spec/pull/511
21:14:29 <wking> https://github.com/opencontainers/runtime-spec/pull/513
21:15:06 <wking> cyphar: --console in runC works by having the runtime-caller creating a virtual terminal, and --console is for passing the slave end into runC
21:15:18 <wking> cyphar: but that has some namespace issues, so we might change that at some point
21:15:31 <wking> cyphar: but we need an ability for the caller to tell runC which console to use
21:17:50 <wking> why do you need --console instead of duping the slave over the standard streams before launching runC
21:18:10 <wking> cyphar: I'm not sure.  We do dup over the slave bits, but we don't do it the way you describe
21:18:49 <wking> I was talking about ccon's handling, and didn't transcribe myself, but it's written up here: https://github.com/wking/ccon/tree/v0.4.0#terminal
21:19:06 <wking> mrunalp: the pair could be created inside the container
21:19:40 <wking> mrunalp: this is why tty's don't work in runC exec
21:20:10 <wking> crosbymichael: so when we create this, we setns on the mount namespace, open the terminal, and then..?
21:20:21 <duglin> did anyone get  a chance to review my PR:  https://github.com/opencontainers/runtime-spec/pull/511  ?
21:21:32 <mikebrow> runc run -d --console /dev/pts/ptmx test_busybox
21:21:37 <mikebrow> ^ works
21:21:52 <wking> mrunalp: it could potentially be done by the caller
21:22:09 <wking> cyphar: we need an API for the caller to get the master
21:22:30 <cyphar> (both libcontainer and the runC runner)
21:23:06 <wking> Daniel Dao: We don't want the container to interrupt the I/O
21:23:38 <wking> cyphar: the '--console UNIX_SOCKET' approach might work (with runC pushing the master into that socket)
21:24:03 <wking> mrunalp: where do we have this discussion?
21:24:17 <wking> mrunalp: we'll need this specified for compliance testing in ocitools
21:24:33 <wking> cyphar: the spec is pretty sparse around process.terminal anyway
21:24:46 <mrunalp> https://github.com/opencontainers/runtime-spec/pull/518
21:24:58 <wking> cyphar: lets get something working in runC and then come back and figure out how to put it into the command-line spec
21:26:29 <wking> I think we should focus on the container view in config.md, and just say "standard streams will be a terminal if you set process.terminal".  We can talk about the command line API later
21:26:48 <wking> cyphar: we'll need clarity around the command-line API soon
21:27:34 <wking> duglin: how much longer do we think this should take?
21:28:22 <wking> mrunalp: what's the harm with supporting both approaches now?
21:28:35 <wking> cyphar: runtime-callers and testers won't know which is ok if we don't specify one
21:29:30 <wking> cyphar: what about --pid-file vs. state?
21:29:51 <wking> https://github.com/opencontainers/runtime-spec/pull/513#issuecomment-232857404
21:29:58 <wking> ^ my "why do we have a --pid-file?"
21:30:22 <wking> crosbymichael: it's a standard way for interfacing with systemd, etc.
21:31:21 <wking> #action wking will reroll #513 to add --pid-file
21:32:02 <wking> cyphar: how do we test without 'run' in the spec?  Who holds the streams open?
21:32:19 <wking> mrunalp: the caller handles that and exit-code collection.  I'll add support to ocitools
21:32:38 <wking> #action cyphar to look at --console vs. the command line spec in the next week or so
21:34:58 <wking> what about 'version'?  Do we drop it?
21:35:07 <wking> duglin: I don't think we need it for interop
21:36:00 <wking> duglin: any runtime is going to have some way to do that.  Do we need to agree on the API?
21:40:42 <wking> duglin: -b is probably going to be popular, so we may want to require it be portable
21:41:13 <wking> we can always add it later; it's hard to pull it out later (and I don't expect many folks will be typing this out by hand)
21:41:18 <wking> duglin: agrees to punt on -b
21:41:22 <cyphar> >> ^ works
21:41:37 <cyphar> the command: runc run -d --console /dev/pts/ptmx test_busybox
21:41:40 <wking> mrunalp: other topics?
21:41:50 <wking> mrunalp: any other blockers for 1.0?
21:42:00 <wking> crosbymichael: nothing off the top of my head
21:42:28 <wking> mrunalp: figuring out the console will help ocitools tie up some loose ends
21:42:38 <wking> #endmeeting