Add a version in the image tag #51
Conversation
|
It's still not clear why a "container interface version" is needed at all. I've not seen this pattern being used by any other container supplier. It would also might make it more difficult to integrate mock's use of containers for bootstrapping builds: https://rpm-software-management.github.io/mock/Feature-container-for-bootstrap.html |
|
I don't have an opinion on this particular change that I haven't reviewed. My main comment is just that we're targeting at most 50 users of this tool in the next years, almost 100% of which we internally train, so just make sure not to complicate current use nor future evolutions for the sake of publishing with the highest standards for python packages and containers (and it's really easy to build or update the container locally). We're not even sure we'll keep using such containers for local builds in the long run, when mock's build process is cleaner because it starts from a really minimal build root, and allows to reproduce what koji does. Note: if my comment doesn't make sense, just ignore it, I just dumped my thoughts at this point. |
glehmann
force-pushed
the
gln/image-tag-version-zqly
branch
from
8cd9978 to
4f37aff
Compare
Now that the images are easily available on ghcr.io. It makes the completion easier to use for the main tool. Signed-off-by: Gaëtan Lehmann <[email protected]>
so we can change the interface used to communicate with the container. Using an image tag allows to automatically download the expected image on the developer's computer in case of update. In the future, if we distribute tagged versions of xcp-ng-dev (on pypi for example), we might want to use that version instead. Signed-off-by: Gaëtan Lehmann <[email protected]>
glehmann
force-pushed
the
gln/image-tag-version-zqly
branch
from
4f37aff to
dda80ec
Compare
The whole goal is that when the interface between the cli and the container (essentially init scripts) changes, we don't leave the user hitting random behaviors. Maybe we should step back think about what we want to happen when we update this tool and/or the container. That would point to 2 needed changes:
So the best course I see would be to (probably by default, with a flag to disable it) issue the image pull from the client script. But then, when the script is not uptodate, pulling a new image may just break a working setup. What could be the options?
So this PR ultimately addresses option 2. But maybe option 1 is simpler / more acceptable?
Why would we want to use out build-env container to bootstrap mock, rather than a generic Fedora or Alma? |
As far as I understand these are the cases we want to control:
I think tags is the wrong place to enforce this behaviour, because we don't control the behaviour of docker of podman, nor their errors, instead I would like to propose an alternative to encode this versioning: Embed a version to the contents of the container, probably into the entrypoint, change the entrypoint to have a container-version argument, make the tool to call the container entrypoint with this new argument; and finally add the check to the entrypoint script to output the correct error to guide the user to do the right action. Bonus points if the error message or documentatione numerate the versions of the tool and the dates of the container using the current interface version. (of course the information for the current version will be incomplete, but it can have the previous ones in updated containers / tools)
Because all the base deps are already in the container and don't need to be redownloaded |
A problem is, I'm not sure we can tell whether the container is up-to-date (so all we can check is compatibility): Also, do we really want to ever tell the user to "use a newer (or older) container"?
That's the general idea I meant with option 3, the difference being I'm also suggesting the tool updates the container when itself is uptodate.
|
The uses case I brought forward is not concerned with that, only with the incompatibilities. I want to make sure we solve one problem at a time to make progress |
I don't think that's what we want. At least this is not what I want.
We could use the tool version instead of the protocol version in the tag. We could put the XCP-ng version in the tag as well or in the image name. All of that works for me.
|
|
And we should probably talk about that in real life next week (with a beer) 🙂 |
That looks like a description of "how" rather than "what", no?
Well, every the tool version does not necessarily introduce breaking protocol changes. We would have to ignore at least the "patchlevel" component of version. And this would raise the question of what image to use during development of a protocol-breaking feature. In short, IMO the protocol-version works much better. |
Yes, the image may be already available locally, or it may be downloaded as part of the tool being executed. Regardless of what podman or docker do, we end up in 4 cases regarding incompatibility. This is why I want to decide on what happens on incompatible interfaces. We can deal with downloads of up-to-date containers and others at another time
I agree, I don't want to couple the container tags with the version of the tool |
There are four cases only if you are considering using a non-matching version. I propose not to do that. Also I'm not sure what you mean by "how" vs "what". We both described a different behavior. How is one version more "how" and the other more "what"?
Why would we ignore the patch level?
How would the protocol version make the situation better?
The container is just a part of the tool, so it makes plenty of sense to couple them IMO? |
After re-reading, right. I'm struggling to pinpoint how the reasoning diverge 😅 In fact if I just look in Pau's 4 items at the 2 "up-to-date" condition on one hand, and the 2 "incompatible" ones, I can see the outcome as essentially identical in each group... and that matches quite well your own 2 items. Aren't you in fact already agreeing on this point?
By definition we don't want a "micro version bump" to change an interface, thus there should be no point in including it by its very definition.
Docker/podman tags are not "free". When a tag is updated, there is no ref left to the former layers, and
We would not have to tag/publish/whatever a new version to use a new protocol version, any commit can change it. That's a lot simpler. |
Just because there are two modules in a single project, it doesn't mean they need to be coupled. Not coupling allows us to share containers for more cases (like mock, as I said before) |
I'm not sure. Maybe it would actually be easier to find out with a beer ;)
Well, there are other things than the interface that could be updated. For example installing the updates in the image.
That's a good point
Weren't you already thinking of distributing the package on pypi? Tagging an image shouldn't be more difficult, and perhaps even quite easier. |
But it doesn't mean that it wouldn't be easier to couple them.
We want to integrate the mock usage in I'll stop there because it looks more like incompatible opinions than an actual comparison of solutions. |
And once want to decouple them, how easy or hard would it be to do? :)
I don't think it's that easy, at least I would like to upstream in the future the container configuration to mock directly. That way any mock user can build packages for xcp-ng. |
4 participants
so we can change the interface used to communicate with the
container.
Using an image tag allows to automatically download the expected image on
the developer's computer in case of update.
In the future, if we distribute tagged versions of xcp-ng-dev (on pypi for
example), we might want to use that version instead.
Related discussions from #37: