Re: [atomic-devel] Concerns about pushing Docker 1.10 into Fedora23

[Daniel J Walsh <dwalsh redhat com>]

A couple of things. 

I like the current plan on not pushing docker-1.10 directly into Fedora 23 until it gets plenty of testing.
I do not believe it is a one way street.   My understanding is that the both labels of content get left in the image
so if you roll back to docker-1.9 it will continue to work.  But any content that is created with the docker-1.9 will
need to be migrated.

We are planning on setting up the migrator to run during the rpm transaction as a trigger on < docker-1.10 versions
of the system.  This would allow your installed docker and more importantly your installed containers to continue to
run while the migration is taking place.  After the rpm transaction, you would be able to choose when to restart the
docker daemon (Or the docker daemon gets restarted in post, not sure if we implement that).  Then the containers will
shut down and restart if you have them configured that way.  If any new content was created with docker-1.9 then
when docker daemon starts it will update that content.

There is a fairly big bug in docker-1.9 (And Dockers version of docker-1.10) that allows leakage of the hosts /dev/mqueue
into the container.  This is fixed in our version of docker-1.10.

Docker-1.10 brings in a whole bunch of really nice new features and fixes some major performance regressions in docker-1.9

New Features include:
      * Seccomp support
      * User Namespace Support (ALthough somewhat limited)
      * Authorization Plugins support
      * --tmpfs support

Here is the page from docker

https://github.com/docker/docker/blob/master/CHANGELOG.md

Runtime

• New docker update command that allows updating resource constraints on running containers #15078
• Add --tmpfs flag to docker run to create a tmpfs mount in a container #13587
• Add --format flag to docker images command #17692
• Allow to set daemon configuration in a file and hot-reload it with the SIGHUP signal #18587
• Updated docker events to include more meta-data and event types #18888
  This change is backward compatible in the API, but not on the CLI.
• Add --blkio-weight-device flag to docker run #13959
• Add --device-read-bps and --device-write-bps flags to docker run #14466
• Add --device-read-iops and --device-write-iops flags to docker run #15879
• Add --oom-score-adj flag to docker run #16277
• Add --detach-keys flag to attach, run, start and exec commands to override the default key sequence that detaches from a container #15666
• Add --shm-size flag to run, create and build to set the size of /dev/shm #16168
• Show the number of running, stopped, and paused containers in docker info #19249
• Show the OSType and Architecture in docker info #17478
• Add --cgroup-parent flag on daemon to set cgroup parent for all containers #19062
• Add -L flag to docker cp to follow symlinks #16613
• New status=dead filter for docker ps #17908
• Change docker run exit codes to distinguish between runtime and application errors #14012
• Enhance docker events --since and --until to support nanoseconds and timezones #17495
• Add --all/-a flag to stats to include both running and stopped containers #16742
• Change the default cgroup-driver to cgroupfs #17704
• Emit a "tag" event when tagging an image with build -t #17115
• Best effort for linked containers' start order when starting the daemon #18208
• Add ability to add multiple tags on build #15780
• Permit OPTIONS request against any url, thus fixing issue with CORS #19569
• Fix the --quiet flag on docker build to actually be quiet #17428
• Fix docker images --filter dangling=false to now show all non-dangling images #19326
• Fix race condition causing autorestart turning off on restart #17629
• Recognize GPFS filesystems #19216
• Fix obscure bug preventing to start containers #19751
• Forbid exec during container restart #19722
• devicemapper: Increasing --storage-opt dm.basesize will now increase the base device size on daemon restart #19123

I am not a big fan of docker-1.9 release, and feel that the docker-1.10 release is a huge improvement.  But I do believe their is the potential
for regressions, since so much has changed.

On 02/09/2016 08:43 AM, Antonio Murdaca wrote:

Correct, we're still figuring out the roll-back phase which is critical for atomic.
More information here also https://github.com/docker/docker/wiki/Engine-v1.10.0-content-addressability-migration

----- Messaggio originale -----
| Da: "Joe Brockmeier" <jzb redhat com>
| A: atomic-devel projectatomic io
| Inviato: Martedì, 9 febbraio 2016 14:24:32
| Oggetto: Re: [atomic-devel] Concerns about pushing Docker 1.10 into Fedora23
| 
| On 02/09/2016 02:12 PM, Antonio Murdaca wrote:
| > we've packaged docker-1.10 spec to run the migrator before the update
| > so, hopefully users won't have to wait for so long. I know it's somehow
| > risky tough.
| > Right now docker-1.10 with the migrator is in F24 for ppl to test also.
| > The build is here:
| > http://koji.fedoraproject.org/koji/taskinfo?taskID=12897448
| > Thoght it's already available in dnf.
| 
| Am I wrong, or is it a one-way migration? (e.g. if an atomic user tries
| to roll back an update between 1.9 -> 1.10, they won't be able to use
| containers with 1.9 after migration).
| 
| Best,
| 
| jzb
| --
| Joe Brockmeier | Community Team, OSAS
| jzb redhat com | http://community.redhat.com/
| Twitter: @jzb  | http://dissociatedpress.net/
| 
|