Hi Peter
Thanks for the response. I’ve tried to expand in-line. I think that Fedora IoT looks
like a good approach, but I need good estimates for any holes/risks for my IoT usecase
(consumer facing IoT).
Tim
On 12 Oct 2018, at 14:13, Peter Robinson <pbrobinson(a)gmail.com>
wrote:
On Fri, Oct 5, 2018 at 11:24 AM Tim Coote
<tim+fedoraproject.org(a)coote.org> wrote:
>
> I see from the full log that there was a discussion about adding services to the base
platform using containers, and a note about my aversion to containers ;-)
It was mentioned you had an aversion but not the reasons as to why.
> Is there a description of good and bad patterns of use for containers for this
purpose?
I'm not sure what you mean by that, do you mean for creating the containers?
I
meant for using multiple containers that provide mutually communicating services on a
single computer. The ‘simple box’ model has several per computer services that handle
singleton roles, such as:
- systemd to handle keeping services going/restarting as appropriate, querying current and
recent states, etc
- syslog for log centralisation on the box (+ logstash or similar that works with the
standard logging for optionally shipping to some central location),
- logrotate for managing log lifetimes,
- various local event buses, although these could usefully be replaced by AMQP.
I’d guess that these types of capabilities are exercises for the user, but I’m sure that
there are either some cookbook answers or known issues that could save evalutation and
development time.
Now I’ve looked a bit harder, I am trying to work out how to build the starting SDCard
image, and/or pxe-boot images to put into the testing pipeline, dropping on the right
containers and their control mechanisms, without the manual steps for creating users, etc.
(btw, fedora-arm-image-installer trips up on the filesystem layout for switches such as
—norootpass, and blacklisting modules: is there a bugzilla for these wrinkles?)
> fwiw, my ‘aversion’ probably comes from a sampling bias. I find that, although the
containers are separate, in practice linking them together can be brittle and stuff like
logging is a challenge. I’m keen to sustain the same s/w integration model between cloud
and pis so that I can move services around as usecases require (eg in pi for better
responsiveness, lower cost, in cloud for easier large-scale modification).
And that use case is actually done better with containers than on base
images TBH.
Probably my ignorance of the tooling for running services in containers
in a production environment. K8s seems to be good for hiding individual machines in a
cloud, but for the Pi, there typically is only one machine. Ideally, I’m looking for a
known working model to provide the services shared by containers on one machine (as per
the bullets above.)
> I guess that there’s also going to be issues with naming/addressing: as a general
integration mechanism, given the flakey nature of communications, I’ve tended to use AMQP
as a backbone messaging layer. What’s the best way to name/address containers for this
use? Give each container its own /64 subnet?
What do you mean by naming? Can you flash this out a bit, why would a
container need a /64 subnet?
When I’ve got 100k pis, each controlling a dozen or so
devices, I need a mechanism for identifying the pis, the devices, or at least the s/w
controlling them uniquely (name) and another for finding them (address). So that some sort
of alarm Thing can consume events from a number of sensors, say accelerometers on phones
and person identifiers in homes, react to some combination of events and turn on the
relevant cameras.
I don’t know that a container would require /64s, but that seems to be the boundary that’s
favoured in the networking community per physical subnet. So, I think that it depends on
what toplogy one wants to get to the containers (eg flat across all hosts/containers
within a subnet, or does each host constitute a series of subnets: I say ‘series of’ as
the work from IETF’s WG on Homenet has shown that each host needs at least a GUA - for
global routeability - and a ULA - eg so that the network works before its connected to the
internet. Additionally, hosts tend to pick up subnets from all internet ingress
networks.)
> Any thoughts gratefully received.
>
> tc
>
>> On 4 Oct 2018, at 10:57, Peter Robinson <pbrobinson(a)gmail.com> wrote:
>>
>> =================================================
>> #fedora-meeting: Fedora IoT Working Group Meeting
>> =================================================
>>
>>
>> Meeting started by pbrobinson at 14:01:02 UTC. The full logs are
>> available at
>>
https://meetbot.fedoraproject.org/fedora-meeting/2018-10-03/fedora_iot_wo...
>> .
>>
>>
>>
>> Meeting summary
>> ---------------
>> * roll call (pbrobinson, 14:01:02)
>>
>> * 1) ==== Working Group process and admin ==== (pbrobinson, 14:03:21)
>> * LINK:
https://fedoraproject.org/wiki/InternetOfThings/PRD
>> (pbrobinson, 14:03:27)
>> * last week we approved the IoT PRD (pbrobinson, 14:03:38)
>> * ACTION: please give it a final review and I'll open a ticket to get
>> the council to review and accept it (pbrobinson, 14:04:21)
>>
>> * 2) ==== Nightly builds ==== (pbrobinson, 14:10:07)
>>
>> * 3) ==== Fedora 29 status for IoT ==== (pbrobinson, 14:11:36)
>> * what should our release criteria be (pbrobinson, 14:15:15)
>> * ACTION: pwhalen to put together an initial wiki page for release
>> criteria in the
http://fedoraproject.org/wiki/InternetOfThings/
>> subset and set it out to the list for review? (pbrobinson,
>> 14:25:54)
>> * ACTION: pbrobinson to send out details of the latest F-29 for wider
>> testing to the list (pbrobinson, 14:26:23)
>> * please provide feedback on staging IoT landing site
>>
https://iot.stg.fedoraproject.org/ (pbrobinson, 14:28:16)
>>
>> * 4) ==== Fedora 30 planning ==== (pbrobinson, 14:28:33)
>> * Fedora 30 will be the First core release as an edition (pbrobinson,
>> 14:28:59)
>> * plan on doing releases between F-29 GA and F-30 so it'll be more of
>> a marker as hopefully by then have a lot of the process in place
>> (pbrobinson, 14:29:51)
>> * ARMv7 (arm32) will definitely be there, as will multi arch
>> containers from the build pipeline (pbrobinson, 14:42:08)
>> * multi arch container build pipeline with a number of containers
>> available (pbrobinson, 14:42:08)
>> * also planned is an "IoT Toolbox container" (pbrobinson, 14:42:08)
>> * provisioning tools using ignition (pbrobinson, 14:42:08)
>> * tightened security around seccomp (pbrobinson, 14:42:08)
>> * a bunch of CI/CD for automated testing (pbrobinson, 14:42:09)
>>
>> * 5) ==== Open Floor ==== (pbrobinson, 14:42:47)
>>
>> Meeting ended at 14:50:53 UTC.
>>
>>
>>
>>
>> Action Items
>> ------------
>> * please give it a final review and I'll open a ticket to get the
>> council to review and accept it
>> * pwhalen to put together an initial wiki page for release criteria in
>> the
http://fedoraproject.org/wiki/InternetOfThings/ subset and set it
>> out to the list for review?
>> * pbrobinson to send out details of the latest F-29 for wider testing to
>> the list
>>
>>
>>
>>
>> Action Items, by person
>> -----------------------
>> * pbrobinson
>> * pbrobinson to send out details of the latest F-29 for wider testing
>> to the list
>> * pwhalen
>> * pwhalen to put together an initial wiki page for release criteria in
>> the
http://fedoraproject.org/wiki/InternetOfThings/ subset and set
>> it out to the list for review?
>> * **UNASSIGNED**
>> * please give it a final review and I'll open a ticket to get the
>> council to review and accept it
>>
>>
>>
>>
>> People Present (lines said)
>> ---------------------------
>> * pbrobinson (67)
>> * tim-jones (11)
>> * pwhalen (9)
>> * zodbot (8)
>> * ipcloud (4)
>> * bcotton (4)
>>
>>
>>
>>
>> Generated by `MeetBot`_ 0.1.4
>>
>> .. _`MeetBot`:
http://wiki.debian.org/MeetBot
>> _______________________________________________
>> IoT mailing list -- iot(a)lists.fedoraproject.org
>> To unsubscribe send an email to iot-leave(a)lists.fedoraproject.org
>> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
https://lists.fedoraproject.org/archives/list/iot@lists.fedoraproject.org
> _______________________________________________
> IoT mailing list -- iot(a)lists.fedoraproject.org
> To unsubscribe send an email to iot-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/iot@lists.fedoraproject.org
_______________________________________________
IoT mailing list -- iot(a)lists.fedoraproject.org
To unsubscribe send an email to iot-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/iot@lists.fedoraproject.org