Re: [atomic-devel] Super Privileged Containers and host configs

["Steven Dake (stdake)" <stdake cisco com>]

On 3/9/15, 8:44 AM, "Michael P. McGrath" <mmcgrath redhat com> wrote:

>SPC allows users to put 'system' level process into a container and run
>them.  A question
>has come up as to how to do configuration and storage with an SPC
>container.  An easy
>example is rsyslog.  Using a super privleged container we have storage
>needs (the logs)
>as well as config needs (/etc/rsyslog.conf).
>
>We could store all of this in a container and store the system logs
>inside, but most ops
>guys expect a hosts logs to be in on the host.  A bindmount makes that
>possible.
>
>Similarly for system tools configs are expected to be in /etc/ on the
>host and their
>configuration management could update it to what it needs to be.
>
>So question, as a rule, do we want these containers to behave like
>traditional processes
>where the host system is used, or do we want them to behave more like
>traditional
>containers and have everything inside the container?  There's pros and
>cons to each.
>
>--
>Mike McGrath | mmcgrath redhat com | (312) 660-3547
>Atomic | Red Hat Chicago | http://projectatomic.io/
>

Mike,

I have done a lot of personal development on SPC [1] and my opinion is
persistent data should use bind mounts (e.g. /var/lib/nova), and
configuration data should use environmental variables that crudini or
similar the /etc directory files.

In the case of libvirt, libvirt places things that should be shared
between libvirt and nova-compute in /etc/nwfilter, and these type of
directories are less configuration and more persistent data.  I¹m not
quite sure why the nwfilter rules are stored in /etc, but I didn¹t do the
packaging.

Regards
-steve


[1] https://github.com/stackforge/kolla/tree/master/docker/nova-compute
>