-
Notifications
You must be signed in to change notification settings - Fork 669
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
manifest: Explicitly make 'layers' optional #407
manifest: Explicitly make 'layers' optional #407
Conversation
Most folks will distribute images containing layers, but the specified behavior applies cleanly to the layer-less case too. The unpacked rootfs will just be an empty directory with unspecified attributes. Folks might want to use that sort of thing for namespace pinning [1], distributing configs [2], setting up containers that mount the meat from the host [2], etc. [1]: opencontainers/runtime-spec#395 (comment) [2]: opencontainers#313 (comment) Signed-off-by: W. Trevor King <wking@tremily.us>
+1 from me. I realise there were other issues/PRs trying to make layers list optional that are now closed. What is the main argument against this change? |
On Fri, Oct 21, 2016 at 03:45:12AM -0700, George Lestaris wrote:
As far as I can tell, just uncertainty about the usefulness. I agree that there aren't extremely convincing use cases, but there are a few (referenced in the topic post here). And in the absence of a good reason to impose the current restriction, I think we should lift it. On Fri, Oct 21, 2016 at 03:54:58AM -0700, Jonathan Boulle wrote:
I can do that if you like. But I imagine folks who want to make images without layers will already have a use case in mind, and folks who want to make images with layers won't care about layer-less use cases, so I'm also fine leaving it as it stands (with some use cases in the commit message to motivate the change, but none in the diff itself). |
On Fri, Oct 21, 2016 at 03:54:58AM -0700, Jonathan Boulle wrote:
I can do that if you like. But I imagine folks who want to make |
@wking the reason I asked that is because given the countner-argument is On 21 October 2016 at 16:47, W. Trevor King notifications@github.com
|
@wking Could you sum those up into a cohesive argument, rather than linking us to 30 scattered comments? |
On Tue, Oct 25, 2016 at 11:32:59AM -0700, Stephen Day wrote:
My cohesive argument is in the topic post here. |
On Tue, Oct 25, 2016 at 11:25:31AM -0700, Jonathan Boulle wrote:
I agree that it is good to justify the usefulness in this PR and If we're going to add it, we probably have to go into more details |
@wking Ok, so you ship a container without a filesystem. In docker parlance, we run the following:
What could this actually do? Following from that, let's assume you convinced me the above is not silly:
What did we gain versus an empty tar file that makes the empty layers explicit? |
On Thu, Oct 27, 2016 at 02:33:59PM -0700, Stephen Day wrote:
Probably nothing, although there are currently gaping holes in the Or maybe the scratch config sets up networking and a volume mount to And if/when the image spec starts distributing runtime-spec configs
I can create a manifest that contains no layers using jq. I'd need to |
If |
On Wed, Nov 16, 2016 at 02:54:10PM -0800, Stephen Day wrote:
I am in favor of an optional ‘rootfs’ 1, but I see that as an What the runtime does with that root.path is not an image-spec
|
From your response, it looks like you have no clue what field I'm talking about. Apologies for not being more precise. I'm referring to the |
On Wed, Nov 16, 2016 at 06:19:15PM -0800, Stephen Day wrote:
Ah, thanks for clarifying. I see a few possible approaches. In order a. Land #451. Freeze application/vnd.oci.image.config.v1+json (which b. Drop rootfs.type (#224). Make rootfs and rootfs.diff_ids optional, c. Keep rootfs and rootfs.type required (the current spec). Make d. Keep rootfs, rootfs.type, and rootfs.diff_ids required (the current (d) is pretty much where this PR stands now, although I can add Personally I don't have a strong opinion on the future of |
Rejected. Since this clearly hasn't been thought through, I propose that we close this PR. @wking How can you possibly propose that runtime config could be a viable replacement for image config? Runtime config is for runtime. |
On Thu, Nov 17, 2016 at 02:26:50PM -0800, Stephen Day wrote:
What is the missing piece? If it is config rootfs handling, are none
This is #451. I think that's a solid proposal, but for the purpose of |
We doesn't define a `base image`, use `base layer` is correct. This issue first being addressed in pr opencontainers#312, and then being addressed in pr opencontainers#318, and then in pr opencontainers#407, but landing opencontainers#407 has a long way to go. We could addressed this first to avoid confusing. Signed-off-by: Lei Jitang <leijitang@huawei.com>
@wking Do you even have an analysis of doing nothing? That seems like the option with the smallest impact. It seems that you've only suggested options which you possibly agree with. If (c) or (d) are an option, we may be under-specified. The spec should read towards (d), but requires due diligence before doing so.
#451 continues to propagate the fallacy that image config and runtime config are equivalent entities and that having them be so tightly related leads to solid design. I have left a rejection message on the issue outlining the main problems with the proposal. |
On Mon, Nov 21, 2016 at 12:24:14PM -0800, Stephen Day wrote:
As in “closing this PR”? That just means folks who want an empty
I think the current spec is clear enough on this point, requiring both If the manifest's But that's mostly to help orient people. I think the spec would be |
@wking What can you exec in the container if there is no rootfs? |
On Wed, Jan 18, 2017 at 04:16:06PM -0800, Stephen Day wrote:
@wking What can you exec in the container if there is no rootfs?
You could exec in that container with execveat(2), although there's
not a convenient runtime-spec syntax to invoke that (ccon supports it
[1]).
However, I expect a more common use-case will be for a wrapping
container that has a nested container launched inside it [2] (although
#492 currently has nothing to say about which namespaces get setup in
the generated runtime-spec config). In this case, you are unlikely to
ever call ‘start’ on the wrapper container.
Or the meat of the filesystem might be provided by a volume mount [2],
in which case you can exec anything you mounted in.
[1]: https://github.com/wking/ccon/tree/v0.4.0#host
[2]: #407 (comment)
|
@wking I don't see the value in rehashing this pre-1.0. Let's revisit this after a release. |
On Fri, Jan 20, 2017 at 03:48:55PM -0800, Stephen Day wrote:
@wking I don't see the value in rehashing this pre-1.0.
Let's revisit this after a release.
Then maybe leave this PR open, milestone it post-v1.0.0, and tag it
priority/Pmaybe?
|
I feel that this should not be explicitly called out. If a use-case is binding mounting root from the host, then they can use a 512byte+1024byte empty tar archive (header + nil bytes). |
Closing per discussion on OCI meeting, 3/8. |
On Wed, Mar 08, 2017 at 03:00:58PM -0800, Vincent Batts wrote:
I feel that this should _not_ be explicitly called out.
Explicitly called out by using OPTIONAL [1]? That's not shining a
particularly large spotlight. And there's no way to allow layer-less
images without making that change, although…
If a use-case is binding mounting root from the host, then they can
use a 512byte+1024byte empty tar archive (header + nil bytes).
You don't even need the record, you can just use 1024 zero bytes (‘dd’
invocation for creating that in [2]). I just think that's a pretty
silly hoop to make folks jump through, and @glestaris [3], @jonboulle
[4], @runcom (#308), and @coolljt0725 (#313) all at one point seemed
in favor of dropping the hoop. @runcom seems to have made the change
in favor of consistency [5], and I expect doesn't really care whether
‘layers’ is optional as long as everyone's consistent.
But whatever, if that's a hoop you want to make layer-less folks jump
through, it's not a huge hoop.
[1]: https://github.com/opencontainers/image-spec/pull/407/files#diff-bf8d9e5146f89ef0a8b9bf8cd1026901R44
[2]: #593 (comment)
[3]: #407 (comment)
[4]: #407 (comment)
[5]: #313 (comment)
|
@vbatts workaround seems viable TBH. It's a bit of an ugly workaround but I don't have a real use case that opposes it right now. |
@glestaris good to hear |
Most folks will distribute images containing layers, but the specified behavior applies cleanly to the layer-less case too. The unpacked rootfs will just be an empty directory with unspecified attributes.
Folks might want to use that sort of thing for namespace pinning, distributing configs, setting up containers that mount the meat from the host, etc.
Spun off from #318 to focus on a single point.