| *** e0ne has joined #openstack-loci | 06:29 | |
| *** pbourke has joined #openstack-loci | 08:35 | |
| *** pbourke has quit IRC | 10:30 | |
| *** openstackgerrit has joined #openstack-loci | 11:29 | |
| openstackgerrit | Virgil Chereches proposed openstack/loci master: Fixed fetch_wheels.py to handle any docker-compliant registry. https://review.openstack.org/557666 | 11:29 |
|---|---|---|
| *** openstackgerrit has quit IRC | 12:04 | |
| *** pbourke has joined #openstack-loci | 13:20 | |
| *** pbourke has quit IRC | 13:21 | |
| *** pbourke has joined #openstack-loci | 13:21 | |
| *** portdirect has quit IRC | 14:19 | |
| *** portdirect has joined #openstack-loci | 14:19 | |
| *** tommylikehu has quit IRC | 14:26 | |
| *** tommylikehu has joined #openstack-loci | 14:26 | |
| *** alanmeadows has quit IRC | 14:26 | |
| *** alanmeadows has joined #openstack-loci | 14:27 | |
| *** cristicalin has joined #openstack-loci | 14:28 | |
| *** lamt has quit IRC | 14:29 | |
| *** lamt has joined #openstack-loci | 14:29 | |
| *** lamt is now known as Guest29810 | 14:29 | |
| cristicalin | SamYaple, are you around ? | 14:30 |
| cristicalin | any strong feelings aginst doing multi-stage builds in loci ? | 14:30 |
| SamYaple | cristicalin: a few. what do you have in mind | 14:30 |
| cristicalin | continue the current approach but add a last build phase where staring from ${FROM} you copy /var/lib/openstack and just do a bindep install for the rest | 14:31 |
| SamYaple | cristicalin: thats basically what we have... | 14:32 |
| SamYaple | the pip wheels are built first | 14:33 |
| cristicalin | well, yes and no because you still have some leftovers in the build image which are needed to pull down the wheels archive | 14:34 |
| SamYaple | cristicalin: where? | 14:34 |
| cristicalin | in my case I'd like not to use the ${FROM} if possible and use a slimmer version | 14:34 |
| SamYaple | oh you mean like the fetch_wheels stuff | 14:34 |
| cristicalin | yes | 14:34 |
| SamYaple | listen, if you can show a slimmer version, be my guest | 14:35 |
| cristicalin | ok, I'll do my best | 14:35 |
| SamYaple | the most youll ever be able to save is 1-2mb, uncompressed | 14:35 |
| SamYaple | but we love new ideas and things! | 14:35 |
| SamYaple | the size part, however, is pretty well optimized | 14:35 |
| portdirect | On another note | 14:35 |
| SamYaple | and do remember, multistage builds make it take significatnly longer to build | 14:36 |
| portdirect | ive got some devs crying non-stop at me, how much do we hate the idea of a 'debug' profile that gives you ping/curl/nmap etc | 14:36 |
| SamYaple | if its in bindep.txt, i dont care | 14:37 |
| cristicalin | we provide an install-debug.sh in our own containers | 14:37 |
| cristicalin | that assumes the environment has some sort of access to repos | 14:37 |
| cristicalin | maybe that can be enough | 14:38 |
| portdirect | we dont have that luxury unfortunately | 14:38 |
| portdirect | I was asking them to just add what they needed to the dist_packages args | 14:39 |
| SamYaple | that works too | 14:39 |
| portdirect | the appetite for that was surprisingly low. | 14:40 |
| SamYaple | why? thats literally what its designed for | 14:41 |
| SamYaple | so you dont need a patch to loci to installyour packages... | 14:41 |
| portdirect | ¯\_(ツ)_/¯ | 14:41 |
| portdirect | it also means they could install what they want/need | 14:42 |
| portdirect | but le sigh. | 14:42 |
| *** Guest29810 is now known as lamt | 14:42 | |
| cristicalin | SamYaple, http://paste.openstack.org/show/718832/ for image sizes (fist one is loci, next is the multistage) | 14:42 |
| cristicalin | both keystone newton-eol | 14:42 |
| cristicalin | no apache just uwsgi in both | 14:42 |
| portdirect | what base images are they built from? | 14:43 |
| cristicalin | ubuntu:xenial | 14:43 |
| portdirect | the same in both? | 14:43 |
| SamYaple | portdirect: cant be. look at the dates | 14:43 |
| cristicalin | my base is a bit more slimmed down but I cannot use it for the build with loci | 14:44 |
| cristicalin | that's the reason I need the multi-stage | 14:44 |
| portdirect | so not the same | 14:44 |
| SamYaple | right | 14:44 |
| portdirect | can you build with the same base at all stages? | 14:44 |
| cristicalin | no but it makes the point why multi-stage is useful | 14:44 |
| SamYaple | cristicalin: why cant you use your base with loci. thats the first step | 14:44 |
| cristicalin | because I take out non essential things and some essentials out of it :) | 14:45 |
| cristicalin | so not suitable for build just runtime | 14:45 |
| cristicalin | basically libc and some other needed things + dash instead of bash | 14:45 |
| portdirect | can you publish this image, or the source so we can discuss properly? | 14:45 |
| cristicalin | and that's it | 14:45 |
| cristicalin | yes | 14:45 |
| SamYaple | so it doesnt sound like multistage build is getting us anything, the size difference is from removing things like bash | 14:45 |
| portdirect | cristicalin: this is what our newton images look like: | 14:46 |
| portdirect | openstackhelm/keystone newton 9553a0a8b8b8 7 weeks ago 284 MB | 14:46 |
| portdirect | built with loci as is | 14:46 |
| cristicalin | http://paste.openstack.org/show/718833/ | 14:47 |
| cristicalin | that's the runtime image | 14:47 |
| portdirect | if you left bash in there, would it not be able to build loci? | 14:48 |
| cristicalin | not sure, though I can do a test | 14:49 |
| SamYaple | cristicalin: so you are purging files that were already in your base image.... you arent saving any space that way | 14:56 |
| SamYaple | they still exist in the base layer | 14:56 |
| SamYaple | also, in case you didnt know the docker daemon has a build in dumb-init now, you dont have to include it in the images | 14:57 |
| SamYaple | using tini i belive | 14:57 |
| cristicalin | SamYaple, Makefile calls the docker build with squash | 14:57 |
| cristicalin | so it squishes the layers of that image | 14:57 |
| cristicalin | tini only works for regular docker afaik | 14:58 |
| cristicalin | if you run in k8s you don't get that | 14:58 |
| SamYaple | if k8s chooses not to use it, then thats correct | 14:59 |
| SamYaple | i dont know how it wants to do child reaping then | 14:59 |
| cristicalin | portdirect, so I need to keep both bash and login | 15:02 |
| cristicalin | and with keeping that my image is 284M, same as yours | 15:02 |
| portdirect | SamYaple: child reaping is here properly in 1.10 k8s | 15:26 |
| portdirect | where the approach they are taking is to start moving the containers in pods to share pid namespace | 15:26 |
| portdirect | and the "pause" container will reap | 15:26 |
| portdirect | they brought this in previously 1.8.3? and then wound it back out | 15:27 |
| portdirect | as then it was a forced change, which made for a lot of sad people | 15:27 |
| portdirect | with 1.10 its a param on each pod | 15:27 |
| portdirect | off by default | 15:27 |
| portdirect | and i think this will change to on by default with 1.11 | 15:28 |
| *** e0ne has quit IRC | 15:37 | |
| cristicalin | that also needs a current day docker | 15:43 |
| cristicalin | I think RH finally switched to 1.13 | 15:44 |
| cristicalin | so you get the shared PID space between containers in the same pod | 15:44 |
| cristicalin | but good stuff, thanks for the info portdirect | 15:44 |
| *** cristicalin has quit IRC | 15:52 | |
| *** e0ne has joined #openstack-loci | 16:06 | |
| *** e0ne has quit IRC | 16:35 | |
| *** e0ne has joined #openstack-loci | 16:36 | |
| *** cristicalin has joined #openstack-loci | 16:49 | |
| *** pbourke has quit IRC | 17:05 | |
| *** cristicalin has quit IRC | 17:21 | |
| *** e0ne has quit IRC | 17:54 | |
| *** pbourke has joined #openstack-loci | 18:18 | |
| *** e0ne has joined #openstack-loci | 18:59 | |
| *** pbourke has quit IRC | 19:50 | |
| *** e0ne has quit IRC | 20:30 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!