Is the following a reasonable solution from both a usability and legal perspective? - Write a Dockerfile that has everything except the GPL jar on it (including the Druid code that talks to the jar if configured to use MySQL) - Automatically publish that Docker image to the ASF account on DockerHub - Also include a short Dockerfile in the repo that starts `FROM` our auto-built account and has a line or two of wget to download the jar (similar to the wget currently in the Dockerfile) - Tell users who want to use MySQL that they must publish that extra layered image themselves
--dave On Tue, Mar 5, 2019 at 9:59 AM Charles Allen <charles.al...@snap.com.invalid> wrote: > Honestly we're at a very strange impasse. On one hand I don't think the ASF > project can adopt an official docker image unless ASF legal says its ok. > "Official" releases are source code anyways (as my understanding goes), and > binary artifacts are convenience things. Unfortunately I do not see a path > forward unless some entity is willing to take on a stance similar as > outlined in https://issues.apache.org/jira/browse/LEGAL-437 . This is > pretty new territory from a legal perspective (the fact that docker images > are layers makes it even more interesting). > > At this point I think the safest thing to do is something that is "no more > GPL dependent than other containers in the apache repo", which would mean > not adding in GPL binaries. Which means switching to postgres. I don't > foresee an aggressive legal stance on this issue, meaning it might take a > while as people watch where the industry is going. > > > > On Tue, Mar 5, 2019 at 8:20 AM Don Bowman <d...@agilicus.com> wrote: > > > where do we stand on this? > > the PR is in and accepted, but i feel we need to have this built as part > of > > the release artifacts and on dockerhub to foster adoption. > > if the only issue is the mysql connector i can remove it in favour of the > > postgres connector. > > > > > > On Mon, 18 Feb 2019 at 13:58, Don Bowman <d...@agilicus.com> wrote: > > > > > i can just remove the mysql, the postgres works, i was just assuming > > folks > > > wanted it. > > > > > > > > > On Mon, 18 Feb 2019 at 16:58, Gian Merlino <g...@apache.org> wrote: > > > > > >> A discussion is progressing on > > >> > > > https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.apache.org_jira_browse_LEGAL-2D437&d=DwIFaQ&c=ncDTmphkJTvjIDPh0hpF_w&r=HrLGT1qWNhseJBMYABL0GFSZESht5gBoLejor3SqMSo&m=SDcL2cv8y5vfiK64aTakmAF8xiMVateJ6QQ3JTsegRI&s=uXRQeP8EnjcHXQmG5oJoTQN2ztfu7N0YCNLpS_aj93g&e= > . > > It doesn't seem to have > > >> got anywhere firm yet. > > >> > > >> On Fri, Feb 8, 2019 at 12:23 PM Gian Merlino <g...@apache.org> wrote: > > >> > > >> > I don't think anything is strictly needed from you at this point, > but > > >> > things happen when people drive them, and participation in that > effort > > >> > would help make sure it gets done. I think at this point the tasks > on > > >> our > > >> > end are watching LEGAL-437 for advice (or making it moot by removing > > the > > >> > MySQL jar), asking Infra to set up automated builds once that is > > sorted > > >> > out, and building some kind of consensus around how we'll label and > > >> promote > > >> > the Docker images. > > >> > > > >> > On Fri, Feb 8, 2019 at 12:13 PM Don Bowman <d...@agilicus.com> > wrote: > > >> > > > >> >> i'd be fine w/ removing the mysql, i'm using postgresql for the > > >> metadata. > > >> >> if this is the case we should consider relfecting postgres as the > > >> default > > >> >> metadata in the docs. > > >> >> however, i think this is mere aggregation under the gpl license, > and > > >> the > > >> >> docker image tends to have other (e.g. bash) gpl code. druid's > start > > >> >> scripts are all bash-specific as an example. > > >> >> > > >> >> I'm not clear if anything further is needed of me, i'm hoping to > get > > an > > >> >> automated build going into dockerhub, and tagged w/ each release. i > > >> think > > >> >> this will help adoption. > > >> >> > > >> >> > > >> >> > > >> >> On Fri, 8 Feb 2019 at 14:22, Gian Merlino <g...@apache.org> wrote: > > >> >> > > >> >> > First off thanks a lot for your work here Don!! > > >> >> > > > >> >> > I really do think, though, that we need to be careful about the > > >> >> inclusion > > >> >> > of the MySQL connector jar. ASF legal has been clear in the past > > that > > >> >> ASF > > >> >> > projects should not distribute it as part of binary convenience > > >> >> releases: > > >> >> > > > > https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.apache.org_jira_browse_LEGAL-2D200&d=DwIFaQ&c=ncDTmphkJTvjIDPh0hpF_w&r=HrLGT1qWNhseJBMYABL0GFSZESht5gBoLejor3SqMSo&m=SDcL2cv8y5vfiK64aTakmAF8xiMVateJ6QQ3JTsegRI&s=tzsmBm2IIaa5BS9lQrTc9e0GDt09RmMiI4gfn9CoHT4&e= > . > > I think having the > > >> >> > Dockerfile in the repo is probably fine: in that case we are not > > >> >> > distributing the jar itself, just, essentially, a pointer to how > to > > >> >> > download it. But if we start offering a prebuilt Docker image, it > > is > > >> >> less > > >> >> > clear to me if that is fine or not. In the interests of resolving > > >> this > > >> >> > question one way or the other, I opened a question asking about > > this > > >> >> > specific situation: > > > https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.apache.org_jira_browse_LEGAL-2D437&d=DwIFaQ&c=ncDTmphkJTvjIDPh0hpF_w&r=HrLGT1qWNhseJBMYABL0GFSZESht5gBoLejor3SqMSo&m=SDcL2cv8y5vfiK64aTakmAF8xiMVateJ6QQ3JTsegRI&s=uXRQeP8EnjcHXQmG5oJoTQN2ztfu7N0YCNLpS_aj93g&e= > > . > > >> >> > > > >> >> > About Dylan's questions: my feeling is that we should go ahead > and > > >> >> enable > > >> >> > automated pushes to Docker Hub, and provide some appropriate > > language > > >> >> > around what people should expect out of it. I don't think > > >> >> 'experimental' is > > >> >> > the right word, but we should be clear around exactly what > contract > > >> we > > >> >> are > > >> >> > adhering to. Is it something people can expect to be published > with > > >> each > > >> >> > release? Is it something that we are going to build and test as > > part > > >> of > > >> >> the > > >> >> > release process, or are we going to publish it via automation > > without > > >> >> any > > >> >> > testing? Is it something we expect people to use in production, > or > > >> >> > something we only expect people to use for evaluation? If it is > > >> >> something > > >> >> > we expect people to use in production, do we expect them to use > it > > in > > >> >> any > > >> >> > particular way? Will we be guaranteeing certain things (file > > layout, > > >> >> etc) > > >> >> > that provide a stable interface for people to build derived > images > > >> from? > > >> >> > > > >> >> > The path of least resistance to answering these questions is to > say > > >> that > > >> >> > the Docker image is provided in the hopes that it is useful, but > > that > > >> >> it is > > >> >> > done via an automated build, without any pre-release testing, and > > >> >> without > > >> >> > any particular guarantees about the 'interface' it provides. If > > this > > >> is > > >> >> the > > >> >> > case then I would suggest putting it up on Docker Hub with an > > >> >> appropriate > > >> >> > disclaimer and not promoting it too much. (We might very well end > > up > > >> >> > pushing images every once in a while that don't work right, and > it > > >> would > > >> >> > reflect poorly on the project to have those be prominently > > >> linked-to.) > > >> >> It > > >> >> > becomes easier to strengthen these guarantees if we add an > > automated > > >> >> test > > >> >> > suite that we can run before releases which verifies > functionality > > >> and > > >> >> > interface adherence. > > >> >> > > > >> >> > On Fri, Feb 8, 2019 at 7:14 AM Rajiv Mordani > > >> >> <rmord...@vmware.com.invalid> > > >> >> > wrote: > > >> >> > > > >> >> > > This is purely a packaging exercise. I don't see a reason to > mark > > >> >> this as > > >> >> > > experimental. > > >> >> > > > > >> >> > > Rajiv. > > >> >> > > ________________________________ > > >> >> > > From: Dylan Wylie <dylanwy...@apache.org> > > >> >> > > Sent: Friday, February 8, 2019 6:08:47 AM > > >> >> > > To: dev@druid.apache.org > > >> >> > > Subject: Re: docker build > > >> >> > > > > >> >> > > I believe all we have to do is submit a ticket to Apache's > > >> >> Infrastructure > > >> >> > > team and then we'll have some automatic process that'll > > >> automatically > > >> >> > > update docker-hub with images relating to each release. > > >> >> > > > > >> >> > > I guess there's two open questions I think we should reach a > > >> >> consensus on > > >> >> > > (others feel free to add more!). > > >> >> > > > > >> >> > > - Are we as a community happy to "support" an additional > release > > >> >> > artefact? > > >> >> > > I'm happy to try to incorporate this into my employer's testing > > >> >> > > infrastructure to help catch any regressions on future releases > > but > > >> >> > that's > > >> >> > > just one data point on each release. > > >> >> > > > > >> >> > > - Along the same vein, do we follow the same process as we do > > with > > >> new > > >> >> > > features and mark this as experimental for some time? > > >> >> > > > > >> >> > > On Fri, 8 Feb 2019 at 13:25, Don Bowman <d...@agilicus.com> > > wrote: > > >> >> > > > > >> >> > > > Now that > > >> >> > > > > >> >> > > > >> >> > > >> > > > https://urldefense.proofpoint.com/v2/url?u=https-3A__na01.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252Fapache-252Fincubator-2Ddruid-252Fpull-252F6896-26amp-3Bdata-3D02-257C01-257Crmordani-2540vmware.com-257C942b2af1dfb740fcbed308d68dcef937-257Cb39138ca3cee4b4aa4d6cd83d9dd62f0-257C0-257C1-257C636852317419449405-26amp-3Bsdata-3DEXigZIBkKiatM0rEgyQRoxA9ER8u8amiAfPN0MghzjE-253D-26amp-3Breserved-3D0&d=DwIFaQ&c=ncDTmphkJTvjIDPh0hpF_w&r=HrLGT1qWNhseJBMYABL0GFSZESht5gBoLejor3SqMSo&m=SDcL2cv8y5vfiK64aTakmAF8xiMVateJ6QQ3JTsegRI&s=I0Jmt-SqSpozqPWg-3MxWry3mQC_oFP2v9FhGUTL5Ls&e= > > >> >> > > is merged > > >> >> > > > (thank you!) > > >> >> > > > > > >> >> > > > who can get this set to build into Dockerhub? Presumably > > >> >> automatically > > >> >> > > on a > > >> >> > > > 'tag' of the repo. > > >> >> > > > > > >> >> > > > Once that is done it is much more convenient for folks to use > > >> this > > >> >> > tool. > > >> >> > > > > > >> >> > > > --don > > >> >> > > > > > >> >> > > > > >> >> > > > >> >> > > >> > > > >> > > > > > >
