Quoting Oren Laadan (orenl@xxxxxxxxxxxxxxx): > > > Serge E. Hallyn wrote: > > A topic on ksummit agenda is 'containers end-game and how do we > > get there'. > > > > So for starters, looking just at application (and system) containers, what do > > the libvirt and liblxc projects want to see in kernel support that is currently > > missing? Are there specific things that should be done soon to make containers > > more useful and usable? > > > > More generally, the topic raises the question... what 'end-games' are there? > > A few I can think of off-hand include: > > > > 1. resource control > > 2. lightweight virtual servers > > 3. (or 2.5) unprivileged containers/jail-on-steroids > > (lightweight virtual servers in which you might, just > > maybe, almost, be able to give away a root account, at > > least as much as you could do so with a kvm/qemu/xen > > partition) > > 4. checkpoint, restart, and migration > > > > For each end-game, what kernel pieces do we think are missing? For instance, > > people seem agreed that resource control needs io control :) Containers imo > > need a user namespace. I think there are quite a few network namespace > > exploiters who require sysfs directory tagging (or some equivalent) to > > allow us to migrate physical devices into network namespaces. And > > checkpoint/restart needs... checkpoint/restart. > > Heh ... it does need ... checkpoint/restart; and a few issues > which we should think about sometime -- Yup, these are all things we need to discuss. For some of them we might just need to flail about and code a few approaches until we figure out an answer, but then I think that everyone has thought about a few of these in some detail, so there probably is much we could gain from talking. ... Does this mean we should try to have a mini-summit in the next 6 months or so? I'd recommend having one right before kernel summit so we can get our act together, but getting everyone to tokyo to chat seems uneconomical :) It'd be good to chat about at least the first two items before the summit, though. Maybe after we finish v17, we pick a few of these and try a focused push to get answers? > * Encapsulation of machine/OS config capabilities > - how to detect (versioning, capabilities) ? > - how to deal with mismatches ? (bail ? emulate ? hope for the best ?) > - what happens if, e.g. VDSO page changes, or how to detect FPU changes... > > * Conversion of checkpoint image between kernel version (and automation) > > * Network namespaces, mnt namespaces - what's the best approach ? > > * Security assessment and brainstorming > > * Appealing use-cases for everyday use: > - for hybernation > - to reboot to new kernel without losing your session > - to time travel back to before you lost in "bejewled" > > * Userspace tools - mainly for inspection of checkpoint images > > * Testing frameworks > > * Distributed c/r ? > > * Optimizations: low downtime, pre-copy, post-copy, cow, parallelization > > > Now I really go hide :p > > Oren. -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list