From mboxrd@z Thu Jan 1 00:00:00 1970 From: Joshua Marshall Subject: Re: Feature requests Date: Mon, 25 Mar 2019 13:38:04 -0400 Message-ID: References: <87sgvbz40f.fsf@roquette.mug.biscuolo.net> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="000000000000544c270584eeabfe" Return-path: Received: from eggs.gnu.org ([209.51.188.92]:54134) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h8TYD-00036A-Lp for guix-devel@gnu.org; Mon, 25 Mar 2019 13:38:23 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h8TY9-0000Ib-Ly for guix-devel@gnu.org; Mon, 25 Mar 2019 13:38:21 -0400 Received: from mail-lf1-x12a.google.com ([2a00:1450:4864:20::12a]:41913) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h8TY9-0000DZ-3W for guix-devel@gnu.org; Mon, 25 Mar 2019 13:38:17 -0400 Received: by mail-lf1-x12a.google.com with SMTP id 10so6637684lfr.8 for ; Mon, 25 Mar 2019 10:38:16 -0700 (PDT) In-Reply-To: <87sgvbz40f.fsf@roquette.mug.biscuolo.net> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Giovanni Biscuolo Cc: guix-devel@gnu.org --000000000000544c270584eeabfe Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Thank you! I have ~500 pages of other stuff to read this week, but I'll get to this as soon as I can. On Mon, Mar 25, 2019 at 5:40 AM Giovanni Biscuolo wrote: > Hi Joshua, > > Joshua Marshall writes: > > [...] > > > I'd like to see it take on > > the ability to have a per-installation target cgroup, network namespace= , > > and filesystem chroot settings set with defaults which are overridable = at > > invocation. > > me too and the only missing point above (AFAIU) is network isolation for > Guix containers, I mean one created via `guix environment` or `guix > system container`) > > having that, the "last mile" in *obsoleting* tools like Docker & > Co. (e.g. kubernetes, even openstack probably) is to have a declarative > way to setup containers, something like `containers.` from NixOS > [1] > > ...and a set of Guix services to declaratively `scale out` an > infrastrtucture: a layer 4+7 proxy (e.g. haproxy, missing in Guix), > Software Defined Network (openvswitch, got it!), Software Defined > Storage (ceph: we have the pachage but missing the service AFAIU) > > anyway: containers are here to solve infrastructural problems, not > development environments problems :-) > > [1] https://nixos.org/nixos/manual/index.html#sec-declarative-containers > > > In this way, a user could install and use packages with > > mutually incompatible dependencies (I talked about this with a few peop= le > > on IRC) like what happens with python. If this kind of functionality > were > > added, it would largely supplant Docker, > > you cited Docker so I guess you are using containers as a mean to > isolate *development environment* each other and from the *production > environment*, not to build an insfrastructure of isolated set of > processes (including networking layer) - let's call them nodes - > possibly distributed on several hosts > > in this thread Julien already explained how to achieve this with `guix > environment`: with Guix (and Nix, the *only* other sofware natively > permitting this) you don't need to install a container to have > *isolated* development environments > > AFAIU in *many*, many, many use cases containers (Docker, LXC and so on) > are _not_ used as an infrastructural component but as a development > tool: Guix obsoletes this thanks to its native isolated environments > (made possible by The Store) > > I hope more and more developers will realize this since this is > _for_sure_ a big win for the entire free software community (no more > python virtualenv clones, *please*) > > > virtualenv, pip, poetry, apk, > > pacman, and probably a few other tools at my company which are there ju= st > > to handle this kind of frailness. > > `guix environment` and the package definition programming interface [2] > (it's really easy to learn, believe me :-) ) are your best friends here > > you can even `guix pack` sofware bundles (e.g. in Docker format) and > distribute it to your internal/external customers who are still not able > to use Guix to install them > > [2] > https://www.gnu.org/software/guix/manual/en/html_node/Defining-Packages.h= tml#Defining-Packages > > [...] > > HTH to better explain how development works in a Guix environment :-) > > Gio > > -- > Giovanni Biscuolo > > Xelera IT Infrastructures > --=20 Please be advised that this email may contain confidential information.=20 If you are not the intended recipient, please notify us by email by=20 replying to the sender and delete this message. The sender disclaims that= =20 the content of this email constitutes an offer to enter into, or the=20 acceptance of, any agreement; provided that the foregoing does not=20 invalidate the binding effect of any digital or other electronic=20 reproduction of a manual signature that is included in any attachment. =20 =C2=A0=C2=A0=20 =C2=A0=C2=A0=20 --000000000000544c270584eeabfe Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thank you!=C2=A0 I have ~500 pages of other stuff to read = this week, but I'll get to this as soon as I can.

On Mon, Mar 25, 20= 19 at 5:40 AM Giovanni Biscuolo <g@xelera= .eu> wrote:
Hi Joshua,

Joshua Marshall <j.marshall@arroyo.io> writes:

[...]

> I'd like to see it take on
> the ability to have a per-installation target cgroup, network namespac= e,
> and filesystem chroot settings set with defaults which are overridable= at
> invocation.

me too and the only missing point above (AFAIU) is network isolation for Guix containers, I mean one created via `guix environment` or `guix
system container`)

having that, the "last mile" in *obsoleting* tools like Docker &a= mp;
Co. (e.g. kubernetes, even openstack probably) is to have a declarative
way to setup containers, something like `containers.<name>` from NixO= S
[1]

...and a set of Guix services to declaratively `scale out` an
infrastrtucture: a layer 4+7 proxy (e.g. haproxy, missing in Guix),
Software Defined Network (openvswitch, got it!), Software Defined
Storage (ceph: we have the pachage but missing the service AFAIU)

anyway: containers are here to solve infrastructural problems, not
development environments problems :-)

[1] https://nixos.org/nixos/manu= al/index.html#sec-declarative-containers

> In this way, a user could install and use packages with
> mutually incompatible dependencies (I talked about this with a few peo= ple
> on IRC) like what happens with python.=C2=A0 If this kind of functiona= lity were
> added, it would largely supplant Docker,

you cited Docker so I guess you are using containers as a mean to
isolate *development environment* each other and from the *production
environment*, not to build an insfrastructure of isolated set of
processes (including networking layer) - let's call them nodes -
possibly distributed on several hosts

in this thread Julien already explained how to achieve this with `guix
environment`: with Guix (and Nix, the *only* other sofware natively
permitting this) you don't need to install a container to have
*isolated* development environments

AFAIU in *many*, many, many use cases containers (Docker, LXC and so on) are _not_ used as an infrastructural component but as a development
tool: Guix obsoletes this thanks to its native isolated environments
(made possible by The Store)

I hope more and more developers will realize this since this is
_for_sure_ a big win for the entire free software community (no more
python virtualenv clones, *please*)

> virtualenv, pip, poetry, apk,
> pacman, and probably a few other tools at my company which are there j= ust
> to handle this kind of frailness.

`guix environment` and the package definition programming interface [2]
(it's really easy to learn, believe me :-) ) are your best friends here=

you can even `guix pack` sofware bundles (e.g. in Docker format) and
distribute it to your internal/external customers who are still not able to use Guix to install them

[2] ht= tps://www.gnu.org/software/guix/manual/en/html_node/Defining-Packages.html#= Defining-Packages

[...]

HTH to better explain how development works in a Guix environment :-)

Gio

--
Giovanni Biscuolo

Xelera IT Infrastructures


Please be advised that this email may contain confiden= tial information. If you are not the intended recipient, please notify us b= y email by replying to the sender and delete this message. The sender discl= aims that the content of this email constitutes an offer to enter into, or = the acceptance of, any agreement; provided that the foregoing does not inva= lidate the binding effect of any digital or other electronic reproduction o= f a manual signature that is included in any attachment.

=C2=A0= =C2=A0=C2=A0=C2=A0 --000000000000544c270584eeabfe--