Arch Linux Container and Boxes

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Arch Linux Container and Boxes

Christian Rebischke-2
Hello everybody,
I am pleased to announce that pierre and me founded the 'Archlinux'
Organisation on hub.docker.com and pierre pushed his awesome docker
container to this repository. (Big thanks to pierre!). [1][2]

His docker container is a huge improvement to the other docker
containers in the hub. Most of them are insecure, ship private keys
within the container or ship more applications as needed.

Moreover I can announce that I did the same for vagrant images and I
would like to invite you for contribution. [3]
There is a 'archlinux' organisation on atlas.hashicorp.com now that
offers vagrant images for libvirt and virtualbox. My goal is at least
support for vmare and maybe parallel or Amazon AMI, depends on if I can
find somebody with these hypervisors for testing, because I can
currently only test virtualbox and libvirt on my machine. [4]

So my question to you is now:

Can we make this project official? Or do we even want to make this
official? I would like to start a discussion with this questions.

In case of yes, I would like to have pierre and my project on
projects.archlinux.org and would like to found the channel
#archlinux-boxes on freenode.

Best regards,

Chris

[1] https://hub.docker.com/r/archlinux/
[2] https://github.com/pierres/archlinux-docker
[3] https://atlas.hashicorp.com/archlinux/boxes/archlinux
[4] https://github.com/shibumi/arch-boxes

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Arch Linux Container and Boxes

Jelle van der Waa-2
On 05/31/17 at 01:05am, Christian Rebischke wrote:
> Hello everybody,
> I am pleased to announce that pierre and me founded the 'Archlinux'
> Organisation on hub.docker.com and pierre pushed his awesome docker
> container to this repository. (Big thanks to pierre!). [1][2]
>
> His docker container is a huge improvement to the other docker
> containers in the hub. Most of them are insecure, ship private keys
> within the container or ship more applications as needed.
>

Awesome! How often is the container updated?
>
> So my question to you is now:
>
> Can we make this project official? Or do we even want to make this
> official? I would like to start a discussion with this questions.

What would be needed to make it official? And which part, as I see the
docker container as being official (tm).


Thanks for all the effort btw!

--
Jelle van der Waa

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Arch Linux Container and Boxes

Bartłomiej Piotrowski-3
In reply to this post by Christian Rebischke-2
On 2017-05-31 01:05, Christian Rebischke wrote:
> Hello everybody,
> I am pleased to announce that pierre and me founded the 'Archlinux'
> Organisation on hub.docker.com and pierre pushed his awesome docker
> container to this repository. (Big thanks to pierre!). [1][2]

Can we give more people from the devops team admin access there? We
already have too many places that only 1 or 2 of us can access.

> His docker container is a huge improvement to the other docker
> containers in the hub. Most of them are insecure, ship private keys
> within the container or ship more applications as needed.

Any reason systemd is there? Recursive removal cuts off 30MB. The fact
that libldap depends on e2fsprogs also seems wrong. I know, "patches
welcome".

> Can we make this project official? Or do we even want to make this
> official? I would like to start a discussion with this questions.

Given yours and Pierre's involvement, it can already be considered official.

> In case of yes, I would like to have pierre and my project on
> projects.archlinux.org and would like to found the channel
> #archlinux-boxes on freenode.

Does it really needs a separate channel? Don't we have
#archlinux-projects for that?

Bartłomiej
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Arch Linux Container and Boxes

Christian Rebischke-2
In reply to this post by Jelle van der Waa-2
On Wed, May 31, 2017 at 11:36:43AM +0200, Jelle van der Waa wrote:

> On 05/31/17 at 01:05am, Christian Rebischke wrote:
> > Hello everybody,
> > I am pleased to announce that pierre and me founded the 'Archlinux'
> > Organisation on hub.docker.com and pierre pushed his awesome docker
> > container to this repository. (Big thanks to pierre!). [1][2]
> >
> > His docker container is a huge improvement to the other docker
> > containers in the hub. Most of them are insecure, ship private keys
> > within the container or ship more applications as needed.
> >
>
> Awesome! How often is the container updated?
The vagrant images will be updated every month. Currently I update them
manually. So I build them via packer and push them manually into atlas.
It is possible to even automate this.

I can't talk about the docker release cycle. This is still something
that I need to discuss with pierre.

> >
> > So my question to you is now:
> >
> > Can we make this project official? Or do we even want to make this
> > official? I would like to start a discussion with this questions.
>
> What would be needed to make it official? And which part, as I see the
> docker container as being official (tm).

I would ask docker for becoming an 'official' account[1][2]
and I would like to mention the container and boxes on our
'Download'-Page.




[1] https://hub.docker.com/explore/
[2] For example 'nginx' https://hub.docker.com/_/nginx/

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Arch Linux Container and Boxes

Christian Rebischke-2
In reply to this post by Bartłomiej Piotrowski-3
On Wed, May 31, 2017 at 12:41:15PM +0200, Bartłomiej Piotrowski wrote:
> Can we give more people from the devops team admin access there? We
> already have too many places that only 1 or 2 of us can access.
>

Sure. They just need to register an account on hub.docker.com and
atlas.hashicorp.com and I can add them to the 'archlinux'[!sic]
organisation on atlas (vagrant images) and hub.docker.com (docker
container).

> > His docker container is a huge improvement to the other docker
> > containers in the hub. Most of them are insecure, ship private keys
> > within the container or ship more applications as needed.
>
> Any reason systemd is there? Recursive removal cuts off 30MB. The fact
> that libldap depends on e2fsprogs also seems wrong. I know, "patches
> welcome".

There is a dependency cycle, thats why systemd got pulled in.
I got already some feedback to the container and the image and I am
pretty sure we can reduce the size of the container a little bit more.
Currently the docker container is 152mb big in compressed state and
around 425mb or something uncompressed.

I would also like to have a second container repository with a container
that has base and base-devel, for stuff like jenkins etc.

> Given yours and Pierre's involvement, it can already be considered official.

Ok I didn't know it's that easy.

> Does it really needs a separate channel? Don't we have
> #archlinux-projects for that?

Sorry, I didn't know that #archlinux-projects exists. The channel is a
good idea.


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Arch Linux Container and Boxes

Bartłomiej Piotrowski-3
On 2017-05-31 16:08, Christian Rebischke wrote:
> There is a dependency cycle, thats why systemd got pulled in.
> I got already some feedback to the container and the image and I am
> pretty sure we can reduce the size of the container a little bit more.
> Currently the docker container is 152mb big in compressed state and
> around 425mb or something uncompressed.

I don't see a cycle here…

> I would also like to have a second container repository with a container
> that has base and base-devel, for stuff like jenkins etc.
>
>> Given yours and Pierre's involvement, it can already be considered official.
>
> Ok I didn't know it's that easy

Just make sure to move the repo to git.archlinux.org and our GitHub
organization.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Arch Linux Container and Boxes

Christian Rebischke-2
On Wed, May 31, 2017 at 07:48:58PM +0200, Bartłomiej Piotrowski wrote:
> On 2017-05-31 16:08, Christian Rebischke wrote:
> > There is a dependency cycle, thats why systemd got pulled in.
> > I got already some feedback to the container and the image and I am
> > pretty sure we can reduce the size of the container a little bit more.
> > Currently the docker container is 152mb big in compressed state and
> > around 425mb or something uncompressed.
>
> I don't see a cycle here…
>

Here is the cycle that I mean:

This are the first lines of output of `make docker-push`:

pacstrap -C /usr/share/devtools/pacman-extra.conf -c -d -G -M /tmp/tmp.eKptMyKU0t diffutils gettext grep inetutils iproute2 iputils pacman procps-ng psmisc sed tar util-linux which gzip
==> Creating install root at /tmp/tmp.eKptMyKU0t
==> Installing packages to /tmp/tmp.eKptMyKU0t
:: Synchronizing package databases...
---> snip <---
resolving dependencies...
looking for conflicting packages...
warning: dependency cycle detected:
warning: systemd will be installed before its iptables dependency

This dependency cycle is pulling in 96 more packages including systemd.



signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Arch Linux Container and Boxes

Bartłomiej Piotrowski-3
On 2017-06-01 18:12, Christian Rebischke wrote:

> On Wed, May 31, 2017 at 07:48:58PM +0200, Bartłomiej Piotrowski wrote:
>> On 2017-05-31 16:08, Christian Rebischke wrote:
>>> There is a dependency cycle, thats why systemd got pulled in.
>>> I got already some feedback to the container and the image and I am
>>> pretty sure we can reduce the size of the container a little bit more.
>>> Currently the docker container is 152mb big in compressed state and
>>> around 425mb or something uncompressed.
>>
>> I don't see a cycle here…
>>
>
> Here is the cycle that I mean:
>
> This are the first lines of output of `make docker-push`:
>
> pacstrap -C /usr/share/devtools/pacman-extra.conf -c -d -G -M /tmp/tmp.eKptMyKU0t diffutils gettext grep inetutils iproute2 iputils pacman procps-ng psmisc sed tar util-linux which gzip
> ==> Creating install root at /tmp/tmp.eKptMyKU0t
> ==> Installing packages to /tmp/tmp.eKptMyKU0t
> :: Synchronizing package databases...
> ---> snip <---
> resolving dependencies...
> looking for conflicting packages...
> warning: dependency cycle detected:
> warning: systemd will be installed before its iptables dependency
>
> This dependency cycle is pulling in 96 more packages including systemd.
>
>

Except removing it or not doesn't have much to do with this. Systemd is
completely pointless in a container, especially for Docker. As pactree
-r shows:

  iptables
  ├─iproute2
  └─systemd
    └─libusb
      └─libpcap
        └─iptables

So the problem is that iproute2 requires iptables. Personally I don't
see a use case for any of them in single-process containers, but I guess
it would be just faster to disable iptables support in iproute2.

Bartłomiej
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Arch Linux Container and Boxes

Christian Rebischke-2
On Thu, Jun 01, 2017 at 10:09:17PM +0200, Bartłomiej Piotrowski wrote:

> Except removing it or not doesn't have much to do with this. Systemd is
> completely pointless in a container, especially for Docker. As pactree
> -r shows:
>
>   iptables
>   ├─iproute2
>   └─systemd
>     └─libusb
>       └─libpcap
>         └─iptables
>
> So the problem is that iproute2 requires iptables. Personally I don't
> see a use case for any of them in single-process containers, but I guess
> it would be just faster to disable iptables support in iproute2.
>
> Bartłomiej
We have discussed this in #archlinux-projects. Even the whole `iptables`
package is without sense, because all network is managed via docker.

signature.asc (849 bytes) Download Attachment
Loading...