[arch-dev-public] Arch Linux Container and Boxes
Hello everybody, I am pleased to announce that pierre and me founded the 'Archlinux' Organisation on hub.docker.com and pierre pushed his awesome docker container to this repository. (Big thanks to pierre!). [1][2] His docker container is a huge improvement to the other docker containers in the hub. Most of them are insecure, ship private keys within the container or ship more applications as needed. Moreover I can announce that I did the same for vagrant images and I would like to invite you for contribution. [3] There is a 'archlinux' organisation on atlas.hashicorp.com now that offers vagrant images for libvirt and virtualbox. My goal is at least support for vmare and maybe parallel or Amazon AMI, depends on if I can find somebody with these hypervisors for testing, because I can currently only test virtualbox and libvirt on my machine. [4] So my question to you is now: Can we make this project official? Or do we even want to make this official? I would like to start a discussion with this questions. In case of yes, I would like to have pierre and my project on projects.archlinux.org and would like to found the channel #archlinux-boxes on freenode. Best regards, Chris [1] https://hub.docker.com/r/archlinux/ [2] https://github.com/pierres/archlinux-docker [3] https://atlas.hashicorp.com/archlinux/boxes/archlinux [4] https://github.com/shibumi/arch-boxes
On 05/31/17 at 01:05am, Christian Rebischke wrote:
Hello everybody, I am pleased to announce that pierre and me founded the 'Archlinux' Organisation on hub.docker.com and pierre pushed his awesome docker container to this repository. (Big thanks to pierre!). [1][2]
His docker container is a huge improvement to the other docker containers in the hub. Most of them are insecure, ship private keys within the container or ship more applications as needed.
Awesome! How often is the container updated?
So my question to you is now:
Can we make this project official? Or do we even want to make this official? I would like to start a discussion with this questions.
What would be needed to make it official? And which part, as I see the docker container as being official (tm). Thanks for all the effort btw! -- Jelle van der Waa
On Wed, May 31, 2017 at 11:36:43AM +0200, Jelle van der Waa wrote:
On 05/31/17 at 01:05am, Christian Rebischke wrote:
Hello everybody, I am pleased to announce that pierre and me founded the 'Archlinux' Organisation on hub.docker.com and pierre pushed his awesome docker container to this repository. (Big thanks to pierre!). [1][2]
His docker container is a huge improvement to the other docker containers in the hub. Most of them are insecure, ship private keys within the container or ship more applications as needed.
Awesome! How often is the container updated?
The vagrant images will be updated every month. Currently I update them manually. So I build them via packer and push them manually into atlas. It is possible to even automate this. I can't talk about the docker release cycle. This is still something that I need to discuss with pierre.
So my question to you is now:
Can we make this project official? Or do we even want to make this official? I would like to start a discussion with this questions.
What would be needed to make it official? And which part, as I see the docker container as being official (tm).
I would ask docker for becoming an 'official' account[1][2] and I would like to mention the container and boxes on our 'Download'-Page. [1] https://hub.docker.com/explore/ [2] For example 'nginx' https://hub.docker.com/_/nginx/
On 2017-05-31 01:05, Christian Rebischke wrote:
Hello everybody, I am pleased to announce that pierre and me founded the 'Archlinux' Organisation on hub.docker.com and pierre pushed his awesome docker container to this repository. (Big thanks to pierre!). [1][2]
Can we give more people from the devops team admin access there? We already have too many places that only 1 or 2 of us can access.
His docker container is a huge improvement to the other docker containers in the hub. Most of them are insecure, ship private keys within the container or ship more applications as needed.
Any reason systemd is there? Recursive removal cuts off 30MB. The fact that libldap depends on e2fsprogs also seems wrong. I know, "patches welcome".
Can we make this project official? Or do we even want to make this official? I would like to start a discussion with this questions.
Given yours and Pierre's involvement, it can already be considered official.
In case of yes, I would like to have pierre and my project on projects.archlinux.org and would like to found the channel #archlinux-boxes on freenode.
Does it really needs a separate channel? Don't we have #archlinux-projects for that? Bartłomiej
On Wed, May 31, 2017 at 12:41:15PM +0200, Bartłomiej Piotrowski wrote:
Can we give more people from the devops team admin access there? We already have too many places that only 1 or 2 of us can access.
Sure. They just need to register an account on hub.docker.com and atlas.hashicorp.com and I can add them to the 'archlinux'[!sic] organisation on atlas (vagrant images) and hub.docker.com (docker container).
His docker container is a huge improvement to the other docker containers in the hub. Most of them are insecure, ship private keys within the container or ship more applications as needed.
Any reason systemd is there? Recursive removal cuts off 30MB. The fact that libldap depends on e2fsprogs also seems wrong. I know, "patches welcome".
There is a dependency cycle, thats why systemd got pulled in. I got already some feedback to the container and the image and I am pretty sure we can reduce the size of the container a little bit more. Currently the docker container is 152mb big in compressed state and around 425mb or something uncompressed. I would also like to have a second container repository with a container that has base and base-devel, for stuff like jenkins etc.
Given yours and Pierre's involvement, it can already be considered official.
Ok I didn't know it's that easy.
Does it really needs a separate channel? Don't we have #archlinux-projects for that?
Sorry, I didn't know that #archlinux-projects exists. The channel is a good idea.
On 2017-05-31 16:08, Christian Rebischke wrote:
There is a dependency cycle, thats why systemd got pulled in. I got already some feedback to the container and the image and I am pretty sure we can reduce the size of the container a little bit more. Currently the docker container is 152mb big in compressed state and around 425mb or something uncompressed.
I don't see a cycle here…
I would also like to have a second container repository with a container that has base and base-devel, for stuff like jenkins etc.
Given yours and Pierre's involvement, it can already be considered official.
Ok I didn't know it's that easy
Just make sure to move the repo to git.archlinux.org and our GitHub organization.
On Wed, May 31, 2017 at 07:48:58PM +0200, Bartłomiej Piotrowski wrote:
On 2017-05-31 16:08, Christian Rebischke wrote:
There is a dependency cycle, thats why systemd got pulled in. I got already some feedback to the container and the image and I am pretty sure we can reduce the size of the container a little bit more. Currently the docker container is 152mb big in compressed state and around 425mb or something uncompressed.
I don't see a cycle here…
Here is the cycle that I mean: This are the first lines of output of `make docker-push`: pacstrap -C /usr/share/devtools/pacman-extra.conf -c -d -G -M /tmp/tmp.eKptMyKU0t diffutils gettext grep inetutils iproute2 iputils pacman procps-ng psmisc sed tar util-linux which gzip ==> Creating install root at /tmp/tmp.eKptMyKU0t ==> Installing packages to /tmp/tmp.eKptMyKU0t :: Synchronizing package databases... ---> snip <--- resolving dependencies... looking for conflicting packages... warning: dependency cycle detected: warning: systemd will be installed before its iptables dependency This dependency cycle is pulling in 96 more packages including systemd.
On 2017-06-01 18:12, Christian Rebischke wrote:
On Wed, May 31, 2017 at 07:48:58PM +0200, Bartłomiej Piotrowski wrote:
On 2017-05-31 16:08, Christian Rebischke wrote:
There is a dependency cycle, thats why systemd got pulled in. I got already some feedback to the container and the image and I am pretty sure we can reduce the size of the container a little bit more. Currently the docker container is 152mb big in compressed state and around 425mb or something uncompressed.
I don't see a cycle here…
Here is the cycle that I mean:
This are the first lines of output of `make docker-push`:
pacstrap -C /usr/share/devtools/pacman-extra.conf -c -d -G -M /tmp/tmp.eKptMyKU0t diffutils gettext grep inetutils iproute2 iputils pacman procps-ng psmisc sed tar util-linux which gzip ==> Creating install root at /tmp/tmp.eKptMyKU0t ==> Installing packages to /tmp/tmp.eKptMyKU0t :: Synchronizing package databases... ---> snip <--- resolving dependencies... looking for conflicting packages... warning: dependency cycle detected: warning: systemd will be installed before its iptables dependency
This dependency cycle is pulling in 96 more packages including systemd.
Except removing it or not doesn't have much to do with this. Systemd is completely pointless in a container, especially for Docker. As pactree -r shows: iptables ├─iproute2 └─systemd └─libusb └─libpcap └─iptables So the problem is that iproute2 requires iptables. Personally I don't see a use case for any of them in single-process containers, but I guess it would be just faster to disable iptables support in iproute2. Bartłomiej
On Thu, Jun 01, 2017 at 10:09:17PM +0200, Bartłomiej Piotrowski wrote:
Except removing it or not doesn't have much to do with this. Systemd is completely pointless in a container, especially for Docker. As pactree -r shows:
iptables ├─iproute2 └─systemd └─libusb └─libpcap └─iptables
So the problem is that iproute2 requires iptables. Personally I don't see a use case for any of them in single-process containers, but I guess it would be just faster to disable iptables support in iproute2.
Bartłomiej
We have discussed this in #archlinux-projects. Even the whole `iptables` package is without sense, because all network is managed via docker.
participants (3)
-
Bartłomiej Piotrowski
-
Christian Rebischke
-
Jelle van der Waa