Re: [atomic-devel] Concerns about pushing Docker 1.10 into Fedora23

[Daniel J Walsh]

A couple of things. 

I like the current plan on not pushing docker-1.10 directly into Fedora
23 until it gets plenty of testing.
I do not believe it is a one way street.   My understanding is that the
both labels of content get left in the image
so if you roll back to docker-1.9 it will continue to work.  But any
content that is created with the docker-1.9 will
need to be migrated.

We are planning on setting up the migrator to run during the rpm
transaction as a trigger on < docker-1.10 versions
of the system.  This would allow your installed docker and more
importantly your installed containers to continue to
run while the migration is taking place.  After the rpm transaction, you
would be able to choose when to restart the
docker daemon (Or the docker daemon gets restarted in post, not sure if
we implement that).  Then the containers will
shut down and restart if you have them configured that way.  If any new
content was created with docker-1.9 then
when docker daemon starts it will update that content.

There is a fairly big bug in docker-1.9 (And Dockers version of
docker-1.10) that allows leakage of the hosts /dev/mqueue
into the container.  This is fixed in our version of docker-1.10.

Docker-1.10 brings in a whole bunch of really nice new features and
fixes some major performance regressions in docker-1.9

New Features include:
      * Seccomp support
      * User Namespace Support (ALthough somewhat limited)
      * Authorization Plugins support
      * --tmpfs support

Here is the page from docker

https://github.com/docker/docker/blob/master/CHANGELOG.md


      Runtime

  * New |docker update| command that allows updating resource
    constraints on running containers #15078
    <https://github.com/docker/docker/pull/15078>
  * Add |--tmpfs| flag to |docker run| to create a tmpfs mount in a
    container #13587 <https://github.com/docker/docker/pull/13587>
  * Add |--format| flag to |docker images| command #17692
    <https://github.com/docker/docker/pull/17692>
  * Allow to set daemon configuration in a file and hot-reload it with
    the |SIGHUP| signal #18587 <https://github.com/docker/docker/pull/18587>
  * Updated docker events to include more meta-data and event types
    #18888 <https://github.com/docker/docker/pull/18888>
    This change is backward compatible in the API, but not on the CLI.
  * Add |--blkio-weight-device| flag to |docker run| #13959
    <https://github.com/docker/docker/pull/13959>
  * Add |--device-read-bps| and |--device-write-bps| flags to |docker
    run| #14466 <https://github.com/docker/docker/pull/14466>
  * Add |--device-read-iops| and |--device-write-iops| flags to |docker
    run| #15879 <https://github.com/docker/docker/pull/15879>
  * Add |--oom-score-adj| flag to |docker run| #16277
    <https://github.com/docker/docker/pull/16277>
  * Add |--detach-keys| flag to |attach|, |run|, |start| and |exec|
    commands to override the default key sequence that detaches from a
    container #15666 <https://github.com/docker/docker/pull/15666>
  * Add |--shm-size| flag to |run|, |create| and |build| to set the size
    of |/dev/shm| #16168 <https://github.com/docker/docker/pull/16168>
  * Show the number of running, stopped, and paused containers in
    |docker info| #19249 <https://github.com/docker/docker/pull/19249>
  * Show the |OSType| and |Architecture| in |docker info| #17478
    <https://github.com/docker/docker/pull/17478>
  * Add |--cgroup-parent| flag on |daemon| to set cgroup parent for all
    containers #19062 <https://github.com/docker/docker/pull/19062>
  * Add |-L| flag to docker cp to follow symlinks #16613
    <https://github.com/docker/docker/pull/16613>
  * New |status=dead| filter for |docker ps| #17908
    <https://github.com/docker/docker/pull/17908>
  * Change |docker run| exit codes to distinguish between runtime and
    application errors #14012 <https://github.com/docker/docker/pull/14012>
  * Enhance |docker events --since| and |--until| to support nanoseconds
    and timezones #17495 <https://github.com/docker/docker/pull/17495>
  * Add |--all|/|-a| flag to |stats| to include both running and stopped
    containers #16742 <https://github.com/docker/docker/pull/16742>
  * Change the default cgroup-driver to |cgroupfs| #17704
    <https://github.com/docker/docker/pull/17704>
  * Emit a "tag" event when tagging an image with |build -t| #17115
    <https://github.com/docker/docker/pull/17115>
  * Best effort for linked containers' start order when starting the
    daemon #18208 <https://github.com/docker/docker/pull/18208>
  * Add ability to add multiple tags on |build| #15780
    <https://github.com/docker/docker/pull/15780>
  * Permit |OPTIONS| request against any url, thus fixing issue with
    CORS #19569 <https://github.com/docker/docker/pull/19569>
  * Fix the |--quiet| flag on |docker build| to actually be quiet #17428
    <https://github.com/docker/docker/pull/17428>
  * Fix |docker images --filter dangling=false| to now show all
    non-dangling images #19326 <https://github.com/docker/docker/pull/19326>
  * Fix race condition causing autorestart turning off on restart #17629
    <https://github.com/docker/docker/pull/17629>
  * Recognize GPFS filesystems #19216
    <https://github.com/docker/docker/pull/19216>
  * Fix obscure bug preventing to start containers #19751
    <https://github.com/docker/docker/pull/19751>
  * Forbid |exec| during container restart #19722
    <https://github.com/docker/docker/pull/19722>
  * devicemapper: Increasing |--storage-opt dm.basesize| will now
    increase the base device size on daemon restart #19123
    <https://github.com/docker/docker/pull/19123>


I am not a big fan of docker-1.9 release, and feel that the docker-1.10
release is a huge improvement.  But I do believe their is the potential
for regressions, since so much has changed.

On 02/09/2016 08:43 AM, Antonio Murdaca wrote:
> Correct, we're still figuring out the roll-back phase which is critical for 
> atomic.
> More information here also 
> https://github.com/docker/docker/wiki/Engine-v1.10.0-content-addressability-migration
>
> ----- Messaggio originale -----
> | Da: "Joe Brockmeier" <j...@redhat.com>
> | A: atomic-devel@projectatomic.io
> | Inviato: Martedì, 9 febbraio 2016 14:24:32
> | Oggetto: Re: [atomic-devel] Concerns about pushing Docker 1.10 into Fedora23
> | 
> | On 02/09/2016 02:12 PM, Antonio Murdaca wrote:
> | > we've packaged docker-1.10 spec to run the migrator before the update
> | > so, hopefully users won't have to wait for so long. I know it's somehow
> | > risky tough.
> | > Right now docker-1.10 with the migrator is in F24 for ppl to test also.
> | > The build is here:
> | > http://koji.fedoraproject.org/koji/taskinfo?taskID=12897448
> | > Thoght it's already available in dnf.
> | 
> | Am I wrong, or is it a one-way migration? (e.g. if an atomic user tries
> | to roll back an update between 1.9 -> 1.10, they won't be able to use
> | containers with 1.9 after migration).
> | 
> | Best,
> | 
> | jzb
> | --
> | Joe Brockmeier | Community Team, OSAS
> | j...@redhat.com | http://community.redhat.com/
> | Twitter: @jzb  | http://dissociatedpress.net/
> | 
> |
>