[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] docs-first RFE for stripping containers



On Thu, Feb 5, 2015 at 9:40 PM, Clayton Coleman <ccoleman redhat com> wrote:
> We definitely want to be able to expose non traditional ways of building containers - like Colin's "ostree style package spec" or stripping things from the container pre publish.
>
>
>> On Feb 5, 2015, at 9:56 PM, M. Edward (Ed) Borasky <znmeb znmeb net> wrote:
>>
>> Thanks!!
>>
>>> On Thu, Feb 5, 2015 at 6:47 PM, Subhendu Ghosh <sghosh redhat com> wrote:
>>> Take a look at the  Openshift build system in Origin. It's implementing that
>>> workflow for a local registry.
>>>
>>>
>>>
>>>
>>> -------- Original message --------
>>> From: "M. Edward (Ed) Borasky" <znmeb znmeb net>
>>> Date:02/06/2015 02:42 (GMT+01:00)
>>> To: atomic-devel projectatomic io
>>> Cc:
>>> Subject: Re: [atomic-devel] docs-first RFE for stripping containers
>>>
>>> I need / want something like this very badly. My workflow is basically:
>>>
>>> 1. Build a development image with all the source, build-time dependencies,
>>> etc.
>>> 2. Do the builds and export tarballs to my workstation host filesystem
>>> or "someplace on the internet".
>>> 3. Build an image with the run-time dependencies and tarballs and
>>> 'docker push' it to Docker Hub.
>>>
>>> *However* - this needs to be *100%* automated / continuously
>>> integrated / reproducible from upstream source code to finished Docker
>>> Hub image. I'm not there yet. Docker Hub's not there yet. And I have a
>>> half-dozen other itches I want to scratch. ;-)
>>>
>>> If I had that, the runtime image wouldn't need 'yum' or 'dnf' -
>>> run-time Fedora dependencies would be updated and a new image made
>>> automagically. I don't know the Docker Hub infrastructure well enough
>>> to build this - I'd have to build a host somewhere and hook into a few
>>> APIs and do a 'docker push' at the end.
>>>
>>>> On Thu, Feb 5, 2015 at 12:49 PM, Jim Perrin <jperrin centos org> wrote:
>>>>
>>>>
>>>>> On 02/05/2015 01:56 PM, SGhosh wrote:
>>>>>
>>>>>
>>>>> I don't think you want to go as far as you are suggesting.
>>>>> Having the concept of RPMs and dependecy is useful mechanism for being
>>>>> able to install apps on top of an existing image, and it is useful if
>>>>> you need to apply an emergency fix before rebuilt image can be deployed.
>>>>
>>>> I'm viewing this more as a a final optional step in the workflow for
>>>> production and deployment, not necessarily for base images.
>>>>
>>>>
>>>>> Cutting down in size is a useful requirement - and getting some upstream
>>>>> help for that is needed as well. The latest RPM changes about to hit
>>>>> Fedora will include strong/weak dependencies - that can be used to
>>>>> remove some deps based on full rms nots being installed. But this is not
>>>>> a CentOS 7 item.
>>>>
>>>> That sounds interesting. I wouldn't suggest this strictly as a CentOS
>>>> thing, but more as an acceptance of containers as a packaging method
>>>> itself.
>>>>
>>>>> yum does have the excludedocs feature - and utilizing that can reduce
>>>>> some of the content - but not all.
>>>>
>>>> We do this already, as well as some limited file abuse in the case of
>>>> glibc locales. This still leaves a fairly minimal OS container weighing
>>>> in at around 150-250MB before the actual applications get installed.
>>>> Once everything is built to satisfaction, the admin/dev could simply
>>>> strip it and deploy as a final step if needed/desired.


For whatever it's worth I threw together a rough prototype. It's
really dumb right now in that there's little attempt to be intelligent
behind just running `ldd` to find out what's necessary, then throwing
those bits in a tarball and importing them as an image into docker.

That being said, it works at least for /bin/bash:

https://github.com/maxamillion/docker-image-strip

If this is something that we wanted to iterate on, I'd suggest we add
metadata information and everything else previously mentioned and some
amount of smarts for determining dependencies beyond my very hack and
slash `ldd` PoC.

Thought I'd throw it out there, comments and snide remarks welcome. :)

-AdamM


>>>>
>>>>
>>>> --
>>>> Jim Perrin
>>>> The CentOS Project | http://www.centos.org
>>
>>
>>
>> --
>> OSJourno: Robust Power Tools for Digital Journalists
>> http://www.znmeb.mobi/stories/osjourno-robust-power-tools-for-digital-journalists
>>
>> Remember, if you're traveling to Bactria, Hump Day is Tuesday and Thursday.
>>
>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]