[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] Super Privileged Containers and host configs



----- Original Message -----
> From: "Steven Dake (stdake)" <stdake cisco com>
> To: "Michael P. McGrath" <mmcgrath redhat com>, atomic-devel projectatomic io
> Sent: Monday, March 9, 2015 12:11:20 PM
> Subject: Re: [atomic-devel] Super Privileged Containers and host configs
> 
> 
> 
> On 3/9/15, 8:44 AM, "Michael P. McGrath" <mmcgrath redhat com> wrote:
> 
> >SPC allows users to put 'system' level process into a container and run
> >them.  A question
> >has come up as to how to do configuration and storage with an SPC
> >container.  An easy
> >example is rsyslog.  Using a super privleged container we have storage
> >needs (the logs)
> >as well as config needs (/etc/rsyslog.conf).
> >
> >We could store all of this in a container and store the system logs
> >inside, but most ops
> >guys expect a hosts logs to be in on the host.  A bindmount makes that
> >possible.
> >
> >Similarly for system tools configs are expected to be in /etc/ on the
> >host and their
> >configuration management could update it to what it needs to be.
> >
> >So question, as a rule, do we want these containers to behave like
> >traditional processes
> >where the host system is used, or do we want them to behave more like
> >traditional
> >containers and have everything inside the container?  There's pros and
> >cons to each.
> >
> >--
> >Mike McGrath | mmcgrath redhat com | (312) 660-3547
> >Atomic | Red Hat Chicago | http://projectatomic.io/
> >
> 
> Mike,
> 
> I have done a lot of personal development on SPC [1] and my opinion is
> persistent data should use bind mounts (e.g. /var/lib/nova), and
> configuration data should use environmental variables that crudini or
> similar the /etc directory files.
> 
> In the case of libvirt, libvirt places things that should be shared
> between libvirt and nova-compute in /etc/nwfilter, and these type of
> directories are less configuration and more persistent data.  I¹m not
> quite sure why the nwfilter rules are stored in /etc, but I didn¹t do the
> packaging.
> 
> Regards
> -steve
> 

So take rsyslogd.conf, would you expect that to live on the host and be
bind mounted in or only available in the container?  If just the container,
how would you expect to alter it to match your local environment?

   -Mike

> 
> [1] https://github.com/stackforge/kolla/tree/master/docker/nova-compute
> >
> 
> 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]