From mboxrd@z Thu Jan 1 00:00:00 1970 From: Giovanni Biscuolo Subject: Re: Feature requests Date: Mon, 25 Mar 2019 10:40:00 +0100 Message-ID: <87sgvbz40f.fsf@roquette.mug.biscuolo.net> References: Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([209.51.188.92]:42584) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h8M5m-00061E-D8 for guix-devel@gnu.org; Mon, 25 Mar 2019 05:40:31 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h8M5l-0002zH-2O for guix-devel@gnu.org; Mon, 25 Mar 2019 05:40:30 -0400 Received: from ns13.heimat.it ([46.4.214.66]:38432) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h8M5k-0002xz-MN for guix-devel@gnu.org; Mon, 25 Mar 2019 05:40:29 -0400 In-Reply-To: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Joshua Marshall , guix-devel@gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi Joshua, Joshua Marshall writes: [...] > I'd like to see it take on > the ability to have a per-installation target cgroup, network namespace, > and filesystem chroot settings set with defaults which are overridable at > invocation. me too and the only missing point above (AFAIU) is network isolation for Guix containers, I mean one created via `guix environment` or `guix system container`) having that, the "last mile" in *obsoleting* tools like Docker & Co. (e.g. kubernetes, even openstack probably) is to have a declarative way to setup containers, something like `containers.` from NixOS [1] ...and a set of Guix services to declaratively `scale out` an infrastrtucture: a layer 4+7 proxy (e.g. haproxy, missing in Guix), Software Defined Network (openvswitch, got it!), Software Defined Storage (ceph: we have the pachage but missing the service AFAIU) anyway: containers are here to solve infrastructural problems, not development environments problems :-) [1] https://nixos.org/nixos/manual/index.html#sec-declarative-containers > In this way, a user could install and use packages with > mutually incompatible dependencies (I talked about this with a few people > on IRC) like what happens with python. If this kind of functionality were > added, it would largely supplant Docker, you cited Docker so I guess you are using containers as a mean to isolate *development environment* each other and from the *production environment*, not to build an insfrastructure of isolated set of processes (including networking layer) - let's call them nodes - possibly distributed on several hosts in this thread Julien already explained how to achieve this with `guix environment`: with Guix (and Nix, the *only* other sofware natively permitting this) you don't need to install a container to have *isolated* development environments AFAIU in *many*, many, many use cases containers (Docker, LXC and so on) are _not_ used as an infrastructural component but as a development tool: Guix obsoletes this thanks to its native isolated environments (made possible by The Store) I hope more and more developers will realize this since this is _for_sure_ a big win for the entire free software community (no more python virtualenv clones, *please*) > virtualenv, pip, poetry, apk, > pacman, and probably a few other tools at my company which are there just > to handle this kind of frailness. `guix environment` and the package definition programming interface [2] (it's really easy to learn, believe me :-) ) are your best friends here you can even `guix pack` sofware bundles (e.g. in Docker format) and distribute it to your internal/external customers who are still not able to use Guix to install them [2] https://www.gnu.org/software/guix/manual/en/html_node/Defining-Packages= .html#Defining-Packages [...] HTH to better explain how development works in a Guix environment :-) Gio =2D-=20 Giovanni Biscuolo Xelera IT Infrastructures --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERcxjuFJYydVfNLI5030Op87MORIFAlyYofEACgkQ030Op87M ORJZJBAAhi3i/j9u1+6eIBCCd3FH/GcT+byICT+S/2J4ACB9uZu85f17vl3h2MQX ISiIU2QGrdaZxEq/rQgciRTKtdztv/+FycorBMWgaZJJS48gf5a7jTyTBvekFiPu L1pNnuchPaNXixNAfk7QjIzG1YRFSXSQOk2a4McIbKAZ9pPWltQCRnGXEYakq+M3 d9BB4Hel5+SCf5sBJ/A5CU6BZWi+M3ZitQwJvb6ob/F3xMv12dcvAfl7qtSTqJDQ 72bmx1G0vLEpY/BtpOyC+F++FY9EdvwI+r/nS56gqttcFloIvEzwAVGOFjDUPlK0 NjWhtEtF+AmrSnIEbZe6vWzm1/M1SC+9YT2cCIZQV818I0viW30KSDthaMuc8z11 hbHM2YebCu6qF8XVtR1mvlLzfyQfeymzHf04w6xmH3BdvW7tjXUwrwcMx5GNgZmx JAUyYtI6AbCabsddInxKaGu3/c/oRe8sTcsq6j/ipY0l7YLBcnhqOCw3KpeQhr3w mV6eyY13NwvnyhdOIzIXeEtMEoIIAVFHlsR02MrKjKHX2tUYfgMjFqkVK3KO1p5S gdwsw7FGZlCyFMGIe/Ldcez0l9EChNsiKl4/+u6m+zd+smrnvrOHksfTPQSqneNN wK5svDZg+Lmj9jj3iG1I501nS3NLOFxZn9XYwBSK/2XKmHJ+f9o= =kLVG -----END PGP SIGNATURE----- --=-=-=--