On 23 October 2015 at 11:25, Antonio Murdaca <email@example.com> wrote:
> Great. Thanks for the answers.
> Few points. Just a suggestion, as a Docker core maintainer myself (being in charge of reviews), I don't understand why you made the latest PR against Docker 1.8.3 given we're almost releasing 1.9 (I'm not sure it will be merged in Docker 1.8.3, unless you already talked to someone at Docker), so I think it would be better to adapt the code to 1.9 and be ready for 1.10. The Pull Request itself looks good though and I'm happy to continue reviewing it and give suggestions.
> I've already experimented with clr exec-driver on other hosts and I can confirm it's working great with the opensuse repo you provided. I've also made some PRs to better improve Docker integration(you can cherry-pick this if you are interested https://github.com/runcom/docker/commit/bd967bd3c542559b1c985eeca6e33e8845633e39) and clearcontainer/kvmtool (https://github.com/clearlinux/kvmtool/pull/2).
Looks good, I've asked James Hunt to review and merge/cherry-pick these things.
> More questions I'd like to ask are:
> 1. (Already asked but I'm copying it over here) Will Clear Containers support Docker exec? The question was answered saying no for security implications. Could you explain which ones are we talking about?
At the moment we don't have exec support. When brainstorming about it,
I was envisioning opening/maintaining a second serial console to the
VM for the exec case. However, kvmtool doesn't currently support
having dynamic serial consoles added/removed from the VM or mean to
connect to them as far as I can tell. A second alternative is to add
openssh-server to the container base image, and keep ssh open with
injected/pre-generated per-container ssh keys to allow `docker exec`
via ssh protocol. The VMs are running systemd-networkd and are
discoverable via LLMNR, so I was also pondering how to start linking
journals for the VMs and/or registering with machined - to gain
ability to control systemd inside the VM from the host over serial/ssh
connections. But all of these are just ideas at this stage. How would
you go about implementing exec? If there are better ideas, we might be
able to implement that quickly.
> 2. I've seen the demo you provided on your site to run a plain container with kvmtool is pretty outdated and I'm having troubles making it work correctly with newer ClearContianers images (4300, 4340). Could you update it with more instructions maybe?
To run a plain VM, do you mean demo from
https://download.clearlinux.org/demos/containers/ ? I'll look into
> 3. does the original kvmtool (lkvm) from the kernel work with ClearContainers or it needs your patched version? (is it https://github.com/clearlinux/kvmtool right?)
The version in github.com/clearlinux/kvmtool is experimental
development work which has OCI support developed. We do need patched
lkvm for now, as not everything has been contributed upstream yet.
There are quite a few feature patches that the docker exec-driver
> 4. Where is the source code for vmlinux.container? I'd like to build it myself but I can't find it anywhere
We are not currently publishing git trees with packaging, and all
patches for all packages. However, we do publish .src.rpm
You should be able to find:
> 5. doc at https://clearlinux.org/documentation/running-clear-linux-os-intel%C2%AE-architecture-virtualized-environment isn't working as well, it displays a firmware menu and it hangs there. Is it possible to enhance the doc?
I'm not sure about who owner of this documentation is. William, would
you be able to help out with this request?
> Many thanks for the answers and sorry in advance for all of this questions!
> ----- Messaggio originale -----
> Da: "Dimitri John Ledkov" <firstname.lastname@example.org>
> A: "Antonio Murdaca" <email@example.com>
> Cc: Dev@ml01.clearlinux.org
> Inviato: Venerdì, 23 ottobre 2015 11:57:56
> Oggetto: Re: [Dev] Clear Linux containers with Docker
> On 21 October 2015 at 18:40, Antonio Murdaca <firstname.lastname@example.org> wrote:
>> Hello and nice to meet you all (and great work on Clear Linux!),
>> I was reviewing the Pull Request you made against docker/docker on github (https://github.com/docker/docker/pull/17244, I'm "runcom").
>> I have a few questions I'd like to ask you, (I prefer the ML instead of leaving qa on github, I'll report some from github also):
>> 1. Is this PR meant for testing purpose as the old one you made some time ago?
> We are in progress to merge this work upstream. There are pull
> requests mostly for docker, and smaller things for libnetwork.
>> 2. Is the clr execdriver you implemented available for non Clean Linux hosts as well? (I guess not, because I get `fork/exec lkvm: no such file or directory` while testing your PR on my machine which is Fedora)
> In addition to the docker-execdriver, one needs patched kvmtool,
> compatible kernel, and clear linux container image.
> The whole lot is packaged for clearlinux, but also for
> Ubuntu/Debian/Fedora/Centos/Suse at:
> I have validated for the whole lot to work correctly on Fedora 22.
> You may also refer to getting started docs we are starting to publish at:
>> 3. Are there any plan to make Docker with the clr execdriver available on non Clear Linux hosts? If yes, is there anything I can look at or help out with in some way?
> Yes and already done on the OBS. If support for more OSes and/or e.g.
> Rawhide do let us know. The .src.rpms for Clearlinux should be
> directly re-buildable on e.g. Fedora. The bits one must have on the
> host for now are: clear-containers-docker, kvmtool, linux-container.
>> 4. Also, are there any plans to move the clr execdriver to opencontainers/runc|specs?
> Yes. We have a working OCI compatible executor (essentially making
> lkvm binary parse the OCI configs and launch things), however there is
> no OCI capable docker available publicly yet, hence we are limited in
> testing/validating said work. There is also hyper.sh & runv, which has
> some additional integration - OCI capable and has `pull' from
> dockerhub ability.
>> Thanks a lot in advance, I hope my questions make sense.
> Hope this helps. The questions are very sensible =) and we should make
> more information available to make Clear Containers work more
> 63 sleeps till Christmas, or less
> Open Source Technology Center
> Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ.
73 sleeps till Christmas, or less
Open Source Technology Center
Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ.