From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id IJAjIoi8DmNlIgEAbAwnHQ (envelope-from ) for ; Wed, 31 Aug 2022 03:42:32 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id YD8MIoi8DmMn0wAAauVa8A (envelope-from ) for ; Wed, 31 Aug 2022 03:42:32 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 0C3C819130 for ; Wed, 31 Aug 2022 03:42:32 +0200 (CEST) Received: from localhost ([::1]:34384 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oTCkQ-0002gA-S0 for larch@yhetil.org; Tue, 30 Aug 2022 21:42:30 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37792) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oTCkC-0002e1-4j for help-guix@gnu.org; Tue, 30 Aug 2022 21:42:16 -0400 Received: from mail-lf1-x129.google.com ([2a00:1450:4864:20::129]:38573) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oTCkA-0003TE-2y for help-guix@gnu.org; Tue, 30 Aug 2022 21:42:15 -0400 Received: by mail-lf1-x129.google.com with SMTP id q7so17927751lfu.5 for ; Tue, 30 Aug 2022 18:42:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=worcester-edu.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc; bh=kWeL7p5o1fX9LlPWMdkXBSviBsW+hat4uTz8UgfGss8=; b=opxXLxN//KPdUhi6uspx5fsgTadDBAFVtx02jwmteyjasqqOlLViUJzMl5DSH5wDoh af7DN2/nCu8hM57ssKEt12P89w58dcWyezLEuZ2bfRcKA5sG2cMY+WqKTAv5jk71tm7T lxSFAR6l4E+S/37gWIZydrHK9Rxmt5e7vDx1Lvwkyn50Z/OksFMmZEyUVq4U4HZEOOWA DzzQfwT6nZu7AfARMtQXm8rNjy1KpE2ulznaVgYp2ie4GKd5UwXVF29AgWoboDkw06t+ Sb6w4BWDg4GUKxSogKlYteWf9GfOzFlEU4A99NXkfjB/xCgorwfaDvNW8NkpfWn5xsvH HRUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc; bh=kWeL7p5o1fX9LlPWMdkXBSviBsW+hat4uTz8UgfGss8=; b=DVtCcrLvs8HBnkSwSgyr7ZHN11ri928t6oDiCbEu84Ndjy7iFRt2+B39hb2aXLkNEu wWoLSqbEChVRlas++hJqhPyitvqiQ3OR4sO+IRzfd4gN4zOgqlDvqv6iF8F7VQcT8Rxt +yv56PHhZ6jzq91J4dYpKNNFNSJrOMqr/ziNEAAP1i8KJoyk1tF+wZTq6sHSinTP1a4X uzxI2Uwz3CWRRjkhFXLI+Zp06Da21IpJHAqvwxmpOndvaWwTYff+9e+rkcB9P5Gz1rKk gIV90x6xiu+zHtwuB6OqdLiHwWgHb6FUP/skeQ2U6lhotaiZkOtvqeNrqIVUGV8rooEy WnzQ== X-Gm-Message-State: ACgBeo29YKGKUcXwYAPFqAxQ6djCXeKGFLjY8pJfkCxYXOU5KLsnZftR UfzT8SywdnupZ+XxOMTKluco50FdfZM6IM8q/ydzuw== X-Google-Smtp-Source: AA6agR4uPkthGO898uz6ntKhg/LbjfeUVqtcYz2EZ5qjadHWTzAsoj6reQ4wcs3WT0Q4TWsOAWqu/Z4HCYPg5fMnP+Y= X-Received: by 2002:a05:6512:1087:b0:492:e36c:d6c6 with SMTP id j7-20020a056512108700b00492e36cd6c6mr7982402lfg.502.1661910131877; Tue, 30 Aug 2022 18:42:11 -0700 (PDT) MIME-Version: 1.0 References: <8735dzqhge.fsf@beadling.co.uk> <47774701-8E8E-4185-9DB9-7E5D7F91ACD2@yasuaki.com> <87lerbxxfs.fsf@elephly.net> In-Reply-To: <87lerbxxfs.fsf@elephly.net> From: "Thompson, David" Date: Tue, 30 Aug 2022 21:42:00 -0400 Message-ID: Subject: Re: Enterprise Guix Hosting? To: Ricardo Wurmus Cc: Yasuaki Kudo , Phil , =?UTF-8?Q?Ludovic_Court=C3=A8s?= , Benjamin Slade , Olivier Dion , help-guix Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=2a00:1450:4864:20::129; envelope-from=dthompson2@worcester.edu; helo=mail-lf1-x129.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1661910152; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=kWeL7p5o1fX9LlPWMdkXBSviBsW+hat4uTz8UgfGss8=; b=V9Q2f3364lkDR0xoszC+NWCFolpHTiZpb67epUWFi56WwqfzNpDYAgY7D+SPZGP/z1aQZx OS0dP3TNgZWKNzsnLMd/MsODsJgKFXj75cV0UTetV/z+HnUcrsZcwQ1pY1CCKVeLneLx1K r4yyz318dEJ3J+8qsICxSNJzYNFSz14Bn9o3Z8rh7mss5L0N2+a7VjfVG57H0j7wzqnx7f sgtFPd5HRXpI/AZ9L86TcHTSffbrx5oBzJfRJ1qgPwD+ln6YJ2Gz9ml19Fz1ncfW9ra8zI G90CfVuwKU4Tc+lX3HNHSBy5fyZ5zWbeWZr1kEQcuaItQkATPG1W7ozfZRZHvw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1661910152; a=rsa-sha256; cv=none; b=E0xMX+WXKE0DOXNZOsoSxzKxdaqKad8WFzHLIwDvlr6GSBZ+PVJ+ecS/pRMKAspTyG1VCF q5ykdy4r20rieZRKLMjQFPM0HetFLAC2XovGVjlNIbqIqsYPHftnSvlaMxY0Qqred7jhnD BOWQ3WBZAyr+E4iSn1TtuKpuq/i1YX6+GZB5joVXeucV9+GpcazvD843Jk4vQWG3GPBI5T ejTwld2EHzhm6ieZps4zWrqdSiyv9aJQHpjTztuK/R/wiViZIP4jFaaOHeh34gIjN/89UW o0PB3GVvqvPlirY29Me+wR3lbdTE96aHsrz3pdwC31f9M8Q9SGZWc4wnDYj1sw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=worcester-edu.20210112.gappssmtp.com header.s=20210112 header.b="opxXLxN/"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -0.79 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=worcester-edu.20210112.gappssmtp.com header.s=20210112 header.b="opxXLxN/"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 0C3C819130 X-Spam-Score: -0.79 X-Migadu-Scanner: scn1.migadu.com X-TUID: F3tysiWOA1Tl Hi Ricardo, On Fri, Aug 26, 2022 at 3:43 AM Ricardo Wurmus wrote: > > > Hi Yasu > > > Our idea is at the coop is that we want to develop software > > development acceleration tools, and a major part would be > > container-less software provisioning so that composition would not > > mean more and more layers of technical debt... > > Don=E2=80=99t discount containers too soon. Guix has =E2=80=9Cguix syste= m container=E2=80=9D, > which spins up lightweight Guix System containers that share /gnu/store. > You only need to set up a bridge interface on the host and create a > network device pair and move one end into the container=E2=80=99s net nam= espace. I thought for sure that 'guix system container' would be something people would love, but it doesn't seem to get much use! Having all containers share the store eliminates several problems that come with Docker's primitive layer approach. When I realized all we had to do was bind mount store items into the container I couldn't believe it was so simple. > You can do containers and compose them without layers upon layers of > file system blobs. The reasons why this is not commonly done on > existing commercial platforms: > > - container images are often provided from different origins, so there > is no trust and thus no way to have them share the same files or > common packages > > - without reproducible builds trust cannot be established > > - container images are erroneously considered a requirement for > isolation, but it is not actually required to use them even in the > presence of an unshared mount namespace. All true. "Container" has come to mean the image more than the execution environment, so Guix containers not being based on disk images makes them not fit in. > Using a shared /gnu/store as a big cache for all containers can be a > real asset. We can learn lessons from the HPC experience here. What might have a positive impact is if Guix had an answer to 'docker compose'. Most of the pieces are there already. Such a tool could be combined with 'guix shell' so you could get all the tools needed for local development *and* automatically start any necessary daemons, like database servers, in isolated containers. - Dave