> > The LABEL would be the preferred way.
>
> Sure, just someone(tm) needs to find the Dockerfile in git. I
> couldn't find it from a dozen minutes reading
> https://fedoraproject.org/wiki/Changes/Layered_Docker_Image_Build_Service
> and pals.
>
>
> - FChE
>
--
-- Jeremy Eder
systemtap has always worked
in the rhel-tools container...the label on that image includes --privileged.
On Thu, Oct 5, 2017 at 1:25 PM, Daniel Walsh wrote:
> On 10/05/2017 01:18 PM, Jeremy Eder wrote:
>
> setenforce 0 works...security-opt label:disable does not.
>
> On Thu, Oct 5
>>
>>
>> - FChE
>> ___
>> devel mailing list -- de...@lists.fedoraproject.org
>> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
>>
>
> Rather then putting the system into permissive mode, you should run a
> privileged container or at least disable SELinux protections.
>
>
> docker run -ti --security-opt label:disable ...
>
>
>
--
-- Jeremy Eder
Forgot to add Will Cohen (discussed stap errors with him briefly). Also my
replies won't make it to the dev list since I am not subscribed (just fyi I
guess).
On Thu, Oct 5, 2017 at 9:10 AM, Jeremy Eder wrote:
> First of all, that readme is awesome.
>
> spot checking the t
candidate-registry.fedoraproject.org/f26/systemtap <
>> http://candidate-registry.fedoraproject.org/f26/systemtap>
>> >
>> > Both images have help files, so please read them prior using the
>> containers:
>> > https://src.fedoraproject.org/container/tools/blob/master/f/
>> root/README.md
>> > https://github.com/container-images/systemtap/blob/master/help/help.md
>> >
>> > (or `atomic help $the_container_image`)
>> >
>> > [1] https://pagure.io/atomic-wg/issue/214
>>
>
>
--
-- Jeremy Eder
2017 at 1:07 PM, Josh Berkus wrote:
> On 01/05/2017 05:15 PM, Jeremy Eder wrote:
> > On Thu, Jan 5, 2017 at 7:22 PM, Josh Berkus > <mailto:jber...@redhat.com>>wrote:
> >
> > Also, performance is MUCH better on PostgreSQL pgbench than
> devicemapper
> >
On Thu, Jan 5, 2017 at 7:22 PM, Josh Berkus wrote:
> Also, performance is MUCH better on PostgreSQL pgbench than devicemapper
> is. Like 3X better.
Details please? Were you using the loopback dm driver?
specific to device mapper storage drivers right?
>
> On Tue, Oct 25, 2016 at 5:03 AM, Jeremy Eder wrote:
>
>> Hi,
>>
>> Vivek Goyal (cc) and I were discussing ways to deliver page cache
>> sharing, POSIX compliance and SELinux support with a single docker graph
>
;
> jzb
>
>
> --
> Joe Brockmeier
> Senior Evangelist, Linux Containers
> j...@redhat.com
> Twitter: @jzb
>
>
--
-- Jeremy Eder
Hi,
Vivek Goyal (cc) and I were discussing ways to deliver page cache sharing,
POSIX compliance and SELinux support with a single docker graph driver,
using existing kernel facilities. We decided to go with a bind-mount
technique, and Vivek has posted a first cut here:
https://github.com/docker/d
Sorry hit send too soon. other thing i was going to mention is if we have 2
bases, then the minimal one should take advantage of Colin's research into
yum micro (I forget the exact name).
On Fri, Oct 21, 2016 at 12:52 PM, Jeremy Eder wrote:
> rhel7:pet
>
> On Fri, Oct 21, 20
hell would need to execute
>>>> >
>>>> > docker run -ti rhel7 /bin/sh
>>>> >
>>>> > (I always do this anyways, but I guess some people do not)
>>>> >
>>>> >
>>>> > The other big issue is on stopping of containers. docker stop
>>>> currently
>>>> > defaults to sending SIGTERM to the pid 1 of the container.
>>>> >
>>>> > systemd requires that SIGRTMIN+3 be sent to it to close down properly.
>>>> > If we want to have systemd work by default, we would
>>>> >
>>>> > need to change the default SIGSTOP of the base image. This means any
>>>> > application based on the base image that does not
>>>> >
>>>> > override the SIGSTOP would get SIGRTMIN+3. Most apps will die when
>>>> they
>>>> > get this signal, but if the App had a signal handler for
>>>> >
>>>> > SIGTERM, the signal handler will not work correctly.
>>>> >
>>>> >
>>>> > Adding
>>>> >
>>>> > SIGSTOP SIGTERM
>>>> >
>>>> > to a Dockerfile would fix the issue, but it will cause unexpected
>>>> > breakage. I don't see an easy solution for this.
>>>> >
>>>> >
>>>> >
>>>>
>>>>
>>>
>>>
>>> --
>>> Daniel Riek
>>> * Sr. Director Systems Design & Engineering
>>> * Red Hat Inc, Tel. +1-617-863-6776
>>>
>>>
>>>
>>
>
--
-- Jeremy Eder
On Wed, Oct 12, 2016 at 10:29 AM, Colin Walters wrote:
>
> On Tue, Oct 11, 2016, at 02:45 PM, Jeremy Eder wrote:
>
> Because layered products (not just OpenShift) do not want to be coupled to
> the RHEL release schedule to update their profiles. They want to own their
> profil
On Tue, Oct 11, 2016 at 2:14 PM, Colin Walters wrote:
> On Tue, Oct 11, 2016, at 01:36 PM, Jeremy Eder wrote:
>
> Going fwd, I think we would rather not maintain two locations (atomic-*
> and atomic-openshift-* tuned profiles with identical content.
>
>
> Yes, agreed.
>
Hi,
Right now we've got the tuned package in the base atomic content. There
are atomic-host and atomic-guest tuned profiles which are currently
identical to the atomic-openshift ones. We'd like to make a change to the
atomic-openshift-node/master profiles (which are distributed with the
openshif
e has problems.
We could create an abrt container that does the same for RH-based ecosystem.
On Fri, Sep 9, 2016 at 11:21 AM, Jeremy Eder wrote:
> Hmm, appears this was not integrated into Fedora Atomic? Is there a plan
> to do so?
>
> On Fri, Mar 20, 2015 at 5:50 AM, Jakub Filak
>
> Regards,
>
> Jakub
>
>
>
>
>
> 1: https://admin.fedoraproject.org/updates/gnome-abrt-1.1.0-
> 1.fc22,abrt-2.5.0-2.fc22,libreport-2.5.0-1.fc22
>
--
-- Jeremy Eder
On May 19, 2016 17:03, "Jason DeTiberus" wrote:
>
>
>
> On Thu, May 19, 2016 at 4:31 PM, Jeremy Eder wrote:
>>
>> Would commissaire be intended to address the case where I want to
adjust config options across a cluster? (openshift node or master configs)
&
n Thu, May 19, 2016 at 3:55 PM, Stephen Milner
>> wrote:
>> >>> > Hello all,
>> >>> >
>> >>> > Have you heard about some kind of cluster host manager project and
>> >>> > want to learn more? Curious about what this Commissaire thing is
>> that
>> >>> > has shown up in the Project Atomic GitHub repos?
>> >>> > The short answer is it is a lightweight REST interface for cluster
>> >>> > host management. For more information check out the introductory
>> blog
>> >>> > post ...
>> >>> >
>> >>> >
>> http://www.projectatomic.io/blog/2016/05/introducing_commissaire/
>> >>> >
>> >>> > ... and stay tuned for more in-depth posts for development and
>> >>> > operations in the near future!
>> >>> >
>> >>> > --
>> >>> > Thanks,
>> >>> > Steve Milner
>> >>> >
>> >>>
>> >>
>> >>
>> >>
>> >> --
>> >> Jason DeTiberus
>> >
>> >
>>
>
>
--
-- Jeremy Eder
Awesome!
On Apr 15, 2016 00:32, "SGhosh" wrote:
> On 04/14/2016 05:00 PM, Dusty Mabe wrote:
>
>> https://github.com/ansible/ansible-modules-extras/pull/1902
>>
>>
>> See link. I thought there might be some interested parties on this list :)
>>
>>
> You think? :)
>
> Thanks!
> subhendu
>
>
On Wed, Apr 13, 2016 at 9:06 AM, Daniel J Walsh wrote:
> COW on loopback device, how do I fix?
>
Want to try out Overlayfs How?
>
Yes! These
!
On Tue, Apr 12, 2016 at 10:26 AM, Marius Vollmer
wrote:
> Elvir Kuric writes:
>
> > On 04/12/2016 02:28 PM, Jeremy Eder wrote:
> >
> > I think --force-wipe and --init-storage ... or any destructive operation
> > on disks was not good option in past ( due by
The machine readable output could maybe look like
>
> # docker-storage-setup status -M
> /dev/vda:root
> /dev/sda:
> /dev/sdb:error=missing
>
> Or should we go full JSON right away?
>
>
> What do you think? Am I heading down the wrong path? If nobody stops
> me, I'll hopefully make some PRs soon for this, and we can discuss the
> details there.
>
>
--
-- Jeremy Eder
und when calculating images' sha(s). I've updated docker
> 1.10.1 on rawhide again though.
>
> |
> | second note: docker daemon got restarted or reloaded and all running
> | containers are dead (which is expected)
> |
> | third note: regarding my concern about docker's new DNS builtin. I did
> not
> | see it which is very greate because we already use internal DNS from
> | dnsmasq/consul/skydns
> |
>
>
--
-- Jeremy Eder
nings to
> the community via Fedora Magazine and Project Atomic.
>
> Best,
>
> jzb
> --
> Joe Brockmeier | Community Team, OSAS
> j...@redhat.com | http://community.redhat.com/
> Twitter: @jzb | http://dissociatedpress.net/
>
>
--
-- Jeremy Eder
atomic host or not?
>
> I did try 'uname -r' as well to try and determine if there was a
> specifically named kernel version for atomic hosts as an alternative
> to determining if it's an atomic host, but to no avail.
>
> Best regards,
>
> --
>
> Charlie Drage
> Red Hat - OSAS Team / Project Atomic
> 4096R / 0x9B3B446C
> http://pgp.mit.edu/pks/lookup?op=get&search=0x622CDF119B3B446C
>
>
--
-- Jeremy Eder
015 at 12:44 PM, Carl Mosca wrote:
> I have read that bumping the size has no effect on the 10GB images.
>
> When I tried it, I saw no change in new containers
>
> On Aug 6, 2015 11:34 AM, "Jeremy Eder" wrote:
>>
>> Unfortunately, not at this time. We have s
t;
> TIA,
> Carl
>
> --
> Carl J. Mosca
--
-- Jeremy Eder
;s storage from inside a container?
--
-- Jeremy Eder
> I believe that *is* the correct URL, but it hasn't gone out to mirrors yet.
>
> The repo is also here:
>
> http://buildlogs.centos.org/centos/7/atomic-host/x86_64/repo/
That did it, thanks!
- Original Message -
> From: "Karanbir Singh"
> To: atomic-devel@projectatomic.io
> Sent: Friday, June 19, 2015 3:44:08 AM
> Subject: Re: [atomic-devel] [CentOS-devel] "Rebuild" images ready for testing
>
> Hi,
>
> On 18/06/15 21:49, Joe Brockmeier wrote:
> > http://buildlogs.centos.org/
Check permissions on all the keys and directories, and look at the content of
/root/.ssh/authorized_keys on the atomic system, IIRC atomic (or cloud-init?)
puts some stuff there disabling root login and pausing for 10 seconds.
- Original Message -
> From: "James"
> To: "SGhosh" , "Giuse
- Original Message -
> From: "Daniel J Walsh"
> To: "RJ Nowling" , "Jeremy Eder"
> Cc: atomic-devel@projectatomic.io
> Sent: Tuesday, May 19, 2015 1:09:57 PM
> Subject: Re: [atomic-devel] Running ISV-supplied Management Tools
> LABEL RU
35
Inquiry data :
Vendor Identification : DP
Product Identification: BP13G+
Product Revision Level: 2.20
Vendor Specific : 51K01CY
Exit Code: 0x00
- Original Message -
> From: "Huamin Chen
Oh, he used it on the host. Gotcha! Now it makes sense. Can you send me a
link to the RPM please?
- Original Message -
> From: "RJ Nowling"
> To: "Jeremy Eder"
> Cc: "Christoph Görn" , atomic-devel@projectatomic.io
> Sent: Tuesday, May 1
ic-devel@projectatomic.io
> > Sent: Tuesday, May 19, 2015 9:23:47 AM
> > Subject: Re: [atomic-devel] Running ISV-supplied Management Tools
> >
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> >
> > And what tool is it? Can we rep
- Original Message -
> From: "RJ Nowling"
> To: atomic-devel@projectatomic.io
> Sent: Thursday, May 14, 2015 10:44:33 AM
> Subject: [atomic-devel] Running ISV-supplied Management Tools
>
> Hi,
>
> We needed to use a ISV-supplied tool to configure the RAID controllers on
> some machines
- Original Message -
> From: "Matt Micene"
> To: "Jeremy Eder"
> Cc: atomic-devel@projectatomic.io, "Vivek Goyal"
> Sent: Tuesday, May 12, 2015 9:36:16 AM
> Subject: Re: [atomic-devel] Centralized Overrides?
> > But there are others
- Original Message -
> From: "Colin Walters"
> To: atomic-devel@projectatomic.io
> Sent: Tuesday, May 12, 2015 8:55:31 AM
> Subject: Re: [atomic-devel] Centralized Overrides?
>
> Hi,
>
> On Mon, May 11, 2015, at 02:02 PM, Jeremy Eder wrote:
>
&g
Hi,
Since RHEL Atomic descends from RHEL (and same with CentOS/Fedora), we inherit
some defaults in a growing list of areas that don't make sense for a
specialized container distribution. We resolved many of the performance issues
in the last year or so, using the tuned profile delivery vehicl
- Original Message -
> From: "Fabian Deutsch"
> To: atomic-devel@projectatomic.io
> Sent: Monday, May 11, 2015 8:54:13 AM
> Subject: [atomic-devel] API to leverage during the install phase of a
> container?
>
> Hey,
>
> lately I've been experimenting with LABELs, especially to leverage
I haven't tested this, but it came to mind when reading about --cgroup-parent.
Think we can use --cgroup-parent to create resource jails around daemon ops
like build/load/import/save ?
I worry about fairness (especially disk I/O) when daemon tasks like the above
are co-located with "prodcution"
- Original Message -
> From: "James"
> To: atomic-devel@projectatomic.io
> Cc: go...@redhat.com
> Sent: Friday, April 17, 2015 4:18:18 PM
> Subject: [atomic-devel] Screen in Atomic
>
> RE:
> https://lists.projectatomic.io/projectatomic-archives/atomic-devel/2015-April/msg00036.html
>
>
- Original Message -
> From: "Karanbir Singh"
> To: "Jeremy Eder"
> Cc: atomic-devel@projectatomic.io, "Langdon White"
> Sent: Thursday, March 26, 2015 4:43:35 PM
> Subject: Re: [atomic-devel] Tools container for Fedora and CentOS
>
&g
44 matches
Mail list logo
