I'm also interested.
Regards,
Giuseppe
Jeff Ligon writes:
> I too would like to be a part of this but I’m not sure how much I’d be able
> to help.
>
> On Fri, Jul 27, 2018 at 1:29 PM Owen Taylor wrote:
>
> I'm interested in participating with a special interest in Flatpaks - the
> other t
Muayyad AlSadi writes:
> when using runc
>
> $ mypid=`runc list | tail -n 1 | awk '{print $2}'`
> $ nsenter -a -t $mypid /bin/sh
> nsenter: reassociate to namespace 'ns/cgroup' failed: Operation not permitted
> $ sudo nsenter -a -t $mypid /bin/sh
> # worked fine
>
> but when using bwraps
>
> $ my
Muayyad AlSadi writes:
> it seems there is no bwrap-oci exec and nsenter does not work as regular user.
>
> how to enter an existing user name space just like "runc exec redis /bin/sh"
> using bubble wrap or nsenter?
exec is not implemented yet. The easiest way to workaround this
limitation is
Muayyad AlSadi writes:
> here is my blog post
>
> https://bcksp.blogspot.com/2018/02/diy-docker-using-skopeoostreerunc.html
if you are interested to put this blog post in the perspective of how
the atomic CLI works and explains its internals as you did, I can help
you with the review and we coul
Muayyad AlSadi writes:
>> Please use the original config.json file you get with 'runc spec --rootless'
>> and change only the process/args there.
>
> that did not work,
is this still broken with my PR?
Giuseppe
Muayyad AlSadi writes:
> no, it did not work for me
>
> I've removed the entire mount section
>
> "mounts": [ ],
that won't work, you need to specify the mounts. Have you tried
with bwrap-oci from the PR I've opened?
Please use the original config.json file you get with 'runc spec
--rootless'
Hi Muayyad,
Muayyad AlSadi writes:
> here is my blog post
>
> https://bcksp.blogspot.com/2018/02/diy-docker-using-skopeoostreerunc.html
That is definitely a great blog post! It is a very good explanation of
how the atomic CLI works for a non root user.
> the error in "bwrap-oci run"
> bwrap-
Hi Derek,
it looks like the container is trying to use a terminal.
Do you have "terminal": false in your config.json file?
Regards,
Giuseppe
Derek Carter writes:
> I've created a container for postgres:
> https://github.com/goozbach-atomic/postgres-9.4
> I built it using system-buildah; it
Colin Walters writes:
> On Mon, Nov 6, 2017, at 03:57 AM, Giuseppe Scrivano wrote:
>
>> The goal is to build the images automatically on every PR merged.
>> Occasional builds (maybe daily?) will prevent to miss changes in the
>> base layers or in the installed rpms.
&g
Dusty Mabe writes:
>>> - create a projectatomic-devel organization and put them under there
>>> - put them under projectatomic/ but add devel or upstream in the name of
>>> each image.
>>
>> would a tag be enough?
>
> My personal opinion is no. Not many people inspect tags when using images.
t
Hi Dusty,
Dusty Mabe writes:
> On 11/06/2017 03:57 AM, Giuseppe Scrivano wrote:
>> Hi,
>>
>> I'd like to find a better place where to move the system container[1]
>> images that I am currently building under docker.io/gscrivano.
>>
>> CRI-O and D
Hi,
I'd like to find a better place where to move the system container[1]
images that I am currently building under docker.io/gscrivano.
CRI-O and Docker them are already used by the OpenShift installer to get
the latest version available.
My preference is to move these images under "docker.io/p
Stephen Milner writes:
> I took a quick look at the docs. distgen works in the same way I
> originally was thinking of in terms of generating downstream files
> from upstream. I'll spend some time this afternoon trying it out.
> Thanks again!
for the system containers in principle there might be
Spyros Trigazis writes:
> If we move to system containers, which containers we need to use?
> Is ti recommended to maintain our own container images based on [2]?
It will be better if we get only one version that we can all use. We
don't have the kube images in atomic-system-containers yet but
Hi Jason,
Jason Brooks writes:
> I've experimented w/ making more changes to the ansible like these --
> adapting the scripts to the system containers rather than the reverse,
> but I started thinking it'd be easier to adapt the system containers
> to be more of a drop-in replacement, leaving th
Hi,
Great work Jason! We should definitely get these images into
atomic-system-containers.
Daniel Walsh writes:
> If these config changes should be in the standard etcd/flanneld
> containers please open pull requests to fix this on
> github.com:projectatomic/atomic-system-containers
>
> On 04/
Hi,
Dusty Mabe writes:
> i'm going to show how little I know with this question, but would it be
> possible
> to have a separate partition for system containers that was essentially xfs +
> an
> overlayfs of the host filesystem?
yes we could do that, we will just need to use a separate OSTre
Daniel Walsh writes:
> On 04/24/2017 01:56 PM, Dusty Mabe wrote:
>> NOTE: please reply-all when responding to this message
>>
>>
>> In Fedora Atomic Host if we use system containers as advertised
>> we end up using `atomic pull --storage ostree` which by default
>> throws images into /var/lib/con
Daniel J Walsh writes:
> We have to have a version by Tuesday for RHEL.
>
> On 03/16/2017 01:03 PM, Mrunal Patel wrote:
>
> If we can wait a bit, we should have a new 1.0.0.rc3 for runc soon.
I've tried to find a workaround for this issue on Atomic Host but it
seems that runC works only with r
Daniel J Walsh writes:
>> Could we get an updated runC package? There is also another fix
>> that would be nice to have for the Flannel system container:
>>
>> https://github.com/projectatomic/atomic-system-containers/pull/24
>>
> What OS Needs updating?
Fedora Atomic Host. I see that the last
Colin Walters writes:
> # atomic host status
> State: idle
> Deployments:
> ● fedora-atomic:fedora-atomic/25/x86_64/docker-host
> Version: 25.80 (2017-03-13 23:35:50)
> Commit:
> 24d4499420ffb2cc49681020bbe5aa6780d780d2b811eab1f5ffea6446b5a4c5
> OSName: f
Colin Walters writes:
> Does anyone know what the status of
> https://github.com/projectatomic/atomic-system-containers
> is in general, and in particular I'm interested in the
> "containerized docker" approach.
>
> Can someone who knows a bit more about this add
> e.g. a `README.md` with getting
Hi Aaron,
Aaron Weitekamp writes:
> I have a use case where from inside a container I want to pull down another
> container and mount as a rootfs in a tempdir. When doing this inside a
> container I get permissions denied[1]
> on the bindmount. Otherwise it appears to mount fine.
> I have no
Daniel J Walsh writes:
> I would like to get these into Project Atomic also, as
> atomic-system-containers
I've created a new repository "atomic-system-containers" and moved the
containers there:
https://github.com/projectatomic/atomic-system-containers
Regards,
Giuseppe
Hi everyone,
I am currently keeping the system containers definitions under:
https://github.com/giuseppe/atomic-oci-containers/
There are 5 system container images:
1) Etcd
2) Flannel
3) hello-world - a minimal image to show how create a system container
4) docker-centos - WIP for running docke
Hi,
Daniel J Walsh writes:
> One problem I have with this is forgetting to use the --system flag when
> installing the container.
>
> I would like to add a LABEL to the image that would tell atomic command
> to install using the --system
>
> method. This label would not be a generic label, sinc
Hi Tob,
Tob writes:
> thank you for working on it. So the plan to run systemd with a positive
> uid is to wrap it in bubblewrap? Will that work with docker (or OCI)?
it works with Docker and runc as well, they leave more capabilities in
the container than what bubblewrap does (with my WIP patch
Hi,
Tobias Florek writes:
> now that systemd conference has been a success, I wanted to ask whether
> you had a chance to look into it?
I was playing around with bubblewrap and systemd. I've submitted some
patches for systemd that got merged:
https://github.com/systemd/systemd/pull/4280
they
Giuseppe Scrivano writes:
> some new options were needed in bubblewrap to support a readonly rootfs
> and OCI hooks, those got merged in bubblewrap last week. I don't
> expect big changes to happen soon in bwrap-oci, so I think it is a good
> time to move it under projectat
Hi,
Colin Walters writes:
> On Tue, Aug 9, 2016, at 12:55 PM, Giuseppe Scrivano wrote:
>> Hi,
>>
>> I would like to introduce bwrap-oci, a tool to convert from an OCI
>> configuration file to a command line for bubblewrap:
>>
>> https://github.com
Colin Walters writes:
> On Tue, Aug 9, 2016, at 12:55 PM, Giuseppe Scrivano wrote:
>> Hi,
>>
>> I would like to introduce bwrap-oci, a tool to convert from an OCI
>> configuration file to a command line for bubblewrap:
>>
>> https://github.com/giuseppe/b
Hi,
I would like to introduce bwrap-oci, a tool to convert from an OCI
configuration file to a command line for bubblewrap:
https://github.com/giuseppe/bwrap-oci
While system containers are executed through runc which uses directly
the OCI configuration file, containers that run as non root will
Hi Muayyad,
Muayyad AlSadi writes:
> how can we remove old ostree images?
>
> for example I upgraded to fedora 24, then rebased to 23 again
Are you looking for something like the following?
# ostree refs --delete $BRANCH_NAME
# ostree prune --refs-only
Regards,
Giuseppe
Hi Colin,
Colin Walters writes:
> Hi,
>
> On Sat, Apr 9, 2016, at 05:43 AM, Giuseppe Scrivano wrote:
>
>> is it fine to apply this patch now?
>
> The dependencies will come in automatically via the new `atomic` rpm right?
>
> The way I think of this is that thi
Hi Colin,
Colin Walters writes:
> I'll wait before applying to see if anyone else has thoughts.
is it fine to apply this patch now?
Regards,
Giuseppe
python3-gobject-base is needed to use OSTree python bindings.
runc is a tool for spawning containers based on Open Container
Specifications.
Needed for: https://github.com/projectatomic/atomic/issues/298
Signed-off-by: Giuseppe Scrivano
---
fedora-atomic-docker-host.json | 4 +++-
1 file
Hi Amila,
Amila Sampath writes:
> Hi,
>
> I am Amila Sampath, and Engineering student form University of
> Peradeniya, Sri Lanka. Since I'm a Linux lover, I planed on working
> with a Linux related project for the GSOC 2016. I found interesting
> with your project of rollback Linux upgrades. I h
Hi,
has anyone looked before into the kernel modules we are shipping with
Fedora Atomic Host and is there any plan on removing modules that are
not needed?
For example, removing the following ones could help to reduce (slightly)
the image size:
3,0M/usr/lib/modules/4.4.2-301.fc23.x86_64/kern
Josh Berkus writes:
> Atomic folks,
>
> A couple of our contributors want to participate in Google Summer of
> Code as mentors. We're looking for ideas for student summer projects
> hacking on Atomic, as well as additional mentors.
>
> If you know of something which students could work on -- ide
Dusty Mabe writes:
> I am getting an error when trying to rebase to the updates-testing
> ostree. It is a similar fsetxattr error we have seen in the past:
>
>
> # Go to known reproducer starting point:
> -bash-4.3# rpm-ostree deploy 23.54 && reboot
>
> # After reboot:
> -bash-4.3# rpm-ostree reb
Josh Berkus writes:
> Folks,
>
> For some historical reason, we're shipping Fedora Atomic Host with a
> lot of the required container toolchain built into the host system.
> That is, kubernetes, etcd, flannel, and probably other tools are on
> the base system, not in containers. This has some pr
Nick Coghlan writes:
> On 8 December 2015 at 07:08, Joe Brockmeier wrote:
>> So - if we're talking about doing this for the Fedora release(s) we
>> should probably make sure to have the cloud list in the discussion as well.
>>
>> One question, apologies if it's uninformed - if we did this, is th
Daniel J Walsh writes:
> On 12/03/2015 06:49 AM, Fabian Deutsch wrote:
>> On Thu, Dec 3, 2015 at 12:25 PM, Giuseppe Scrivano
>> wrote:
>>> Fabian Deutsch writes:
>>>
>>>> On Wed, Dec 2, 2015 at 1:54 PM, Giuseppe Scrivano
>>>> wrote:
Fabian Deutsch writes:
> On Wed, Dec 2, 2015 at 1:54 PM, Giuseppe Scrivano wrote:
>>> The removal caused some trouble:
>>> - removing informations from drawbacks
>>> - Making debugging - testing changes - very cumbersome
>>> - Breaks "plugin"
Fabian Deutsch writes:
> On Tue, Dec 1, 2015 at 1:36 PM, Giuseppe Scrivano wrote:
>> Hi,
>>
>> I was experimenting with reducing the size of the Atomic Host image and
>> it seems that a lot of space is used by Python source files.
>
> For many (6?) years we ha
ces the used disk space by around 55 MB.
Any comments?
Thanks,
Giuseppe
>From 277e5fcdd6fbc2f3d51589a4065f2026f8becccd Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano
Date: Mon, 30 Nov 2015 13:42:10 +0100
Subject: [PATCH] treecompose-post.sh: delete any .py file
and leave only the preco
Clayton Coleman writes:
> This looks really clean Giuseppe - we should write it up as a blog
> post for others to try, and add the image to the origin DockerHub
> namespace. What limitations does it have?
I am not sure if something is missing there. I have based it on
origin/images/builder/doc
Giuseppe Scrivano writes:
> Should it be less invasive and perhaps use ostree-docker-builder through
> the "Custom Builder Image" strategy instead?
This is a custom docker builder that uses OSTree to create the
container:
https://github.com/giuseppe/ostree-custom-docker-b
Clayton Coleman writes:
> Can we get this into Openshift as a new builder strategy / or source?
> It's an excellent story for non-root builds.
I have looked a bit into adding a new builder and it doesn't look like a
trivial task.
Should it be less invasive and perhaps use ostree-docker-builder
Hi Clayton,
thanks for the feedback, I am going to look into this.
Regards,
Giuseppe
Clayton Coleman writes:
> Can we get this into Openshift as a new builder strategy / or source?
> It's an excellent story for non-root builds.
>
>> On Sep 30, 2015, at 9:01 PM, Gius
Hello,
I was experimenting for fun with creating Docker images using rpm-ostree
instead of "docker build". rpm-ostree already supports it, and it can
be specified in the .json file setting the "container" flag to true.
The generated tree can be tarred and imported directly into Docker.
I wrote a
James writes:
> I'm having trouble SSH-ing to root on an atomic host. To make it easy
> to debug, I can replicate the issue *from* the host.
>
> boot up atomic host. I'm using Fedora 21
>
> $ cat foo
> Host localhost
> HostName localhost
> User vagrant
> Port 22
> UserKnownHostsFile /dev/
52 matches
Mail list logo
