On Wed, Mar 5, 2014 at 6:58 PM, drago01 <drago01(a)gmail.com&gt; wrote: If there are reasons they are built-in (and I think currently nothing is being built-in without good reasons), that should not be changed. Only just talking about what is currently a module (or otherwise a separate file - if applicable). The vmlinuz should be kept as-is and stay the same for all products (server, workstation and cloud). Yes, that's only too true. But it should be possible to guarantee proper upgrades through means of packaging. And of course this will be tested. As much as is sensibly possible. Every MB counts but we don't want to drive the kernel team members insane. :) -- Sandro

On Wed, Mar 5, 2014 at 9:54 AM, Don Zickus <dzickus(a)redhat.com&gt; wrote: This is a fair point. To be honest, I've ignored the "every MB counts" aspect entirely for now. I've instead been focusing on required functionality, because that's likely going to be the main driver of what the resulting size will be. FWIW, the existing kernel package installed today (a debug kernel even) is ~142 MB. 123MB of that is the /lib/modules content. ~6MB of that is vmlinuz. The remaining 13MB is the initramfs, which is actually something that composes on the system during install and not something we can shrink from a packaging standpoint. josh

On Wed, Mar 05, 2014 at 10:02:17AM -0500, Josh Boyer wrote: Of course. :-) It also helps with monitoring. 3-4 years from now after all the chopping, these pacakges bloat right back up and everyone forgets why we chopped in the first place. Hard requirements help keep everything in check and forces people to request more space which the cloud team can evaluate properly and still control their enviroment. Anyway, this was just my rant for the day. I saw the initial email and immediately disagreed with the approach. Spent a few minutes thinking of a better way and thought, well I wasted a few minutes thinking about it might as well respond in email. :-) Cheers, Don

On Thu, Mar 06, 2014 at 08:16:00AM +0900, Sandro "red" Mathys wrote: Ever work in the embedded space? Every MB counts there too. :-) This was solved by creating budgets for size and memory requirements. This helped control bloat, which is going to be your biggest problem with cloud deployment. What concerns me is that you don't know what size your cloud deployment is but expect everyone to just chop chop chop. How do we know if the kernel is already at the right size? There is s a huge difference between re-architecting the kernel packaging to save 1 or 2 MB (off ~143 MB size currently) vs. re-architecting to save 50 MB. The former is really a wasted exercise in the bigger picture, wherease the latter (if proven needed) accomplishes something. But again it comes down to understanding your environment. Understanding your environment revovles around control. I get the impression you are not sure what size your environment should be. So I was proposing the kernel stay put or maybe create _one_ extras package that gets installed in addition to the bzImage. But from the sound of it, the chopping is really going to get you savings of about ~30MB or so. The thing is a few years ago, the kernel converted a lot of modules to built-ins (inside the kernel). What that means from a novice perspective is we took a whole bunch of external bloat that could be stripped away and stuffed it into the kernel binary itself. The goal at the time was to speed up boot times (because loading modules was slow). Now with the re-design of module loading in the last couple of years, maybe this can be reverted. This could shave MBs off the kernel binary itself. And then you can only package the modules cloud really needs. This at least has the ability to scale across other SIGs too. However, this all hinges on _how much chopping we should do_. I doubt Josh really wants to embark on this thrashing without very good convincing reason to do so. So having some numbers to work off of, provides us the right idea how much and what type of work needs to get done (little tweaks vs re-think the whole approach). Heh. Ever work with open source projects? The turnover and lost knowledge is one thing. However, to me the biggets problem would be the 'lack of caring'. Trust me you can convince everyone to chop MBs out of their packages. You might even get something really small for your cloud deployment. Fast forward a year. Do you think package maintainers are going to remember to go through the painful exercise of chopping again when they rebase their packages or add new features? Probably not. Bloat will shoot right back up. Heck look at Fedora in the last few years. It went from running fine on a laptop with 2GB of memory to now needing a laptop with 4GB of memory and lots of disk space. Why? Because everyone thinks memory and disk is cheap. However, cloud folks have a different attitude. Memory and disk is _not_ cheap and can impact their business. Without disk and memory budgets how are you going to manage the bloat and make sure the cloud deployments are competitive and provide the host providers the most bang for the resource buck? And I get that it is hard to come up with numbers like this. So I would start with an image and see how it compares. I think Cloud already has an image. Is it to big? What makes you believe that? Are competitors that much smaller? Then start chopping say 5% off at time to see how low you can bring it before everyone screams too much. Why not? If the host provider can buy a 1 TB disk and carve out X number of cloud deployments on there, then if Fedora Cloud bloats up 10%, that means less cloud deployments and less revenue. So yes, I would be concerned over the 1MB. In fact, I would come back and ask the kernel team to find something else to chop to bring it down in size. Or look to see if some other package can trade the size. It should be the opposite. Tell us what number makes long term sense to you and we can figure out what to throw out. I would calculate the number based on deployment size (that is ultimately what you need to manage). That includes the kernel binary, the initrd and the /lib/modules (though the initrd image is thrown out once the disk is mounted). I can also tell you how much memory that will take up too (as I did a similar analysis to reduce the kdump memory usage on RHEL). Based on Josh's rough number of ~143MB, I would selfishly propose 150 MB disk space requirement. :-) The memory requirement for that is going to be about 300MB I believe (I would have to re-run the numbers and figure out what modules are loaded [probably a _lot_ less than that though]). Cheers, Don

On Thu, Mar 06, 2014 at 10:33:47AM -0500, Josh Boyer wrote: Ok. That is pretty damn good. Good job! Again the question is, is that enough? You might be able to chop sound/ too (I know we could probably go crazy and chop lots of other things too., just thought sound/ would be a big easy chop). Does this approach affect other SIGs too? Most of the others don't care about disk and memory space, right? Cheers, Don

On Thu, Mar 6, 2014 at 11:18 AM, Matthew Miller <mattdm(a)fedoraproject.org&gt; wrote: I gave it some thought. I haven't tested anything. Existing magic should work for most installs since there's still a "kernel" package and that's what yum keys off of. If/when we do this, I'll certainly test more carefully to make sure. That brings up a question though, how often would cloud expect to do a yum update of individual packages as opposed to just updating the entire image? If we expect the 3 kernel magic to work there, then some changes to yum/dnf may be required given that Cloud would be explicitly specifying "kernel-core" and not "kernel". josh

On Thu, Mar 06, 2014 at 01:14:54PM -0500, Josh Boyer wrote: Unless we jump into Colin's rpm ostree future very quickly, we need to support this. There is a hardcoded default list for install-instead-of-upgrade packages -- I think we'd just ask for kernel-core to be added to that. Additonally, the protected packages functionality (which keeps you from removing the running kernel) may need a tweak. -- Matthew Miller -- Fedora Project -- <mattdm(a)fedoraproject.org&gt;

On Fri, Mar 7, 2014 at 3:53 AM, Josh Boyer <jwboyer(a)fedoraproject.org&gt; wrote: What about Anaconda? I guess it does have its own mechanic to guarantee a kernel is installed, right? Probably hardcoded as well. Since we're going to build future images with ImageFactory/Anaconda, it must be possible to install either kernel-core or kernel (when installing with a kickstart file, that is). I think putting "-kernel" in %packages doesn't currently have much effect, does it? So if I'm right and Anaconda needs to be adapted for this, I'm happy to reach out to the Anaconda team on our behalf, if necessary. -- Sandro

On Fri, Mar 7, 2014 at 8:14 AM, Matthew Miller <mattdm(a)fedoraproject.org&gt; wrote: I'm beginning to like this whole idea less and less. josh

On Fri, Mar 7, 2014 at 3:14 AM, Josh Boyer <jwboyer(a)fedoraproject.org&gt; wrote: Yesterday, I updated to Josh's 2.5 kernel, then I removed kernel and kernel-drivers, only leaving kernel-core. Today, I again updates, this time 3.8 being available. Now guess what? The "install instead of update" magic worked. I know have both kernel-core packages. So I figure yum works this magic with any kernel* package. So it would seem no change to yum is necessary after all. Going to reach out to the yum developers to find out the details. Also, whether dnf does the exact same or not. -- Sandro

On Fri, Mar 14, 2014 at 16:42:11 +0900, "Sandro \"red\" Mathys" <red(a)fedoraproject.org&gt; wrote: The behavior is controlled by the installonlypkgs setting in yum.conf. From the man page: installonlypkgs List of package provides that should only ever be installed, never updated. Kernels in particular fall into this category. Defaults to kernel, kernel-bigmem, kernel-enter‐ prise, kernel-smp, kernel-modules, kernel-debug, kernel-unsup‐ ported, kernel-source, kernel-devel, kernel-PAE, kernel-PAE- debug. I believe kernel-modules-extra also got added to the default relatively recently. But that change doesn't seem to have made it to the documentation. (That package provides installonlypkgs(kernel-module), so there might be some extra magic related to that provide.)

On Fri, Mar 14, 2014 at 03:46:02PM +0900, Sandro red Mathys wrote: And this is why I should read all the mail before responding. :) How about the removal protection? -- Matthew Miller -- Fedora Project -- <mattdm(a)fedoraproject.org&gt;

Am 14.03.2014 16:25, schrieb Sandro red Mathys: be careful, on the devel-list that leaded to a flamewar without intention https://lists.fedoraproject.org/pipermail/devel/2014-January/193310.html

On Sat, Mar 15, 2014 at 12:25:48AM +0900, Sandro red Mathys wrote: I think the first is preferable; the main case where you get a kernel without the drivers package is when you're building something intended to be small, and going downwards isn't the way to really do that. Apparently this is by design in dnf; it's one of the features they didn't see as valuable. Which is funny to me because that was the case with yum initially too (we wrote it as a plugin for that reason) but over time it became a core feature). -- Matthew Miller -- Fedora Project -- <mattdm(a)fedoraproject.org&gt;

On Fri, Mar 14, 2014 at 12:06:21PM -0400, Josh Boyer wrote: Yeah, I agree. -- Matthew Miller -- Fedora Project -- <mattdm(a)fedoraproject.org&gt;

On Wed, Mar 05, 2014 at 10:02:17AM -0500, Josh Boyer wrote: Also, I just arbitrarly threw out 100MB, if we should start higher, say 150MB, then it doesn't matter to me. :-) Cheers, Don

On Wed, Mar 05, 2014 at 09:28:45AM -0700, Kevin Fenzi wrote: Haha. Great point! Cheers, Don

On Wed, 05 Mar 2014 17:37:42 +0100 Reindl Harald <h.reindl(a)thelounge.net&gt; wrote: At least for my uses, the amount of non persistent disk space isn't a big deal. If I need disk space, I would attach a persistent volume... I'd care much more about memory usage, boot time (you want to spin things up fast), and cpu usage (cpus are likely the most scarce resource for me at least). kevin

On Thu, Mar 6, 2014 at 1:45 AM, Kevin Fenzi <kevin(a)scrye.com&gt; wrote: Exactly, you usually have hundreds or even thousands of instances running. Sure, "every MB counts" isn't to be taken literal here, maybe I should rather have said "every 10 MB count". Figure you get your additional persistent volumes for free somehow, so all those Amazon AWS, HP Cloud, Rackspace, etc. users envy you. And those admins that need to buy physical disks to put into their private clouds, too. Also, more data equals more network traffic and more time - both things that matter in terms of costs, at least in public clouds. -- Sandro

Am 06.03.2014 16:00, schrieb drago01: since there is no transparent compression for the rootfs and even after btrfs get stable you shouldn't just convert existing installations from 2008 that's no option reducing package sizes would affect 5 years old setups too but as said - i see more sane potential to split the glibc locales out to sub packages which are as big as the kernel then risk breaking updates because needed modules are in a now extra package another thing would be split docs and manpages in general in subpackages - only god knows if and when DNF supports "tsflags=nodocs" which is driven by a yum plugin another thing would be to split database support of libraries in subpackages -> dbmail pulls libzdb which pulls mysql, postgresql.. and take a deeper look in circular dependencies at all, i had several "nice to have" things on my servers and removing some of them ended in a freed dependency chain uninstalling 400 MB on each machine and even more on some - over the years i reduced my rootfs-usage down to 40-50% that way some of these expensive dependencies i solved by maintain such packages at my own and disable postgresql support completly - but that's only a sane way in a defined environment so again: there are *many* places to gain more than with the kernel itself and especially in case of C software yum pulls such subpackages in most cases by implicit dependencies

On Thu, Mar 06, 2014 at 08:38:44AM +0900, Sandro "red" Mathys wrote: Sure, but what if the trade-off in size comes with a cost in speed? Is cloud ok with the kernel taking twice as long to boot? Or maybe running slower? Or maybe crashing more often (because we removed safety checks?). I mean if Josh wanted to he could make everything modular and have a really small kernel footprint (like 40MB or so) running in 50MB of memory (I have done this with kdump). But it costs you speed in loading modules (as opposed to built into the kernel). You may lose other optional optimizations that help speed things up. Other SIGs made not like it, but again it depends on how you frame your environment. Maybe cloud really needs its own kernel. We don't know. What is cloud willing to sacrafice to obtain smaller size? Cheers, Don

On Thu, Mar 06, 2014 at 11:02:47AM -0500, Josh Boyer wrote: For the record, it is _literally_ sitting in our "nice to have" category. See https://fedoraproject.org/wiki/Cloud_Changelist#Change:_Cloud-Friendly_Ke... :) On the ubuntu EC2 image, /lib/modules/$(uname -r) is 24M + 5.2M vmlinuz + 1.1M in /lib/firmware. Total package size is 32M on disk. And 5.9M initrd. CoreOS is bigger, with 33M in /lib/modules and 5.2M in lib/firmware, and a /19M vmlinuz. Which may just go to show that _calling_ yourself ultra-minimal and focused is actually more important than _being_ that. -- Matthew Miller -- Fedora Project -- <mattdm(a)fedoraproject.org&gt;

Am 06.03.2014 18:04, schrieb Don Zickus: hopefully a joke :-) * i use a ton of virtual Fedora instances * any of them is using ext4 * some may benefit from XFS but not that much to have different base environments and spread the test matrix for updates * even if BTRFS is the overall default in a few years most of them are installed 2008 and dist-upgraded over the years, tiny, clean and perfectly maintained * i do not plan a from-scratch install as long as i live filesystems may hahve their pros and cons but as admin the most benefit is limit the things you are using and know how to handle them in trouble, 1% performance is nice but the price of a mistake because things are working not as usual in border cases is way too high disclaimer: maybe not perfect english but i think the point is clear

On Thu, Mar 06, 2014 at 01:10:46PM -0500, Josh Boyer wrote: Currently, this is required by the kernel for pre but not at runtime. (I guess /bin/kernel-install ends up putting things into the initramfs.) Is there any easy way to do that differently and any win from it? +1 -- Matthew Miller -- Fedora Project -- <mattdm(a)fedoraproject.org&gt;

On Fri, Mar 7, 2014 at 3:10 AM, Josh Boyer <jwboyer(a)fedoraproject.org&gt; wrote: I really think comparing our cloud images to theirs is comparing apples to !apples. The numbers are nice to know what we're competing against, but don't think we need to have the smallest kernel. I don't know this for a fact, but I think the Ubuntu EC2 image is tailored very specifically to run in EC2 only. We don't do this kind of tailoring in Fedora. One to rule them all. And CoreOS is very tailored, and has different images for about everything they run on so it's fair to assume they also have several different kernel setups. We only want two: core/cloud and full. Excellent progress there. So 35MB are already gone and I figure (re)moving graphics, sound and other obvious things will gain us quite some more MB. Nice job. Exactly. We only offer different images for different purposes (software stacks), not for different platforms. So every image should be able to run on all supported platforms. -- Sandro

On Fri, Mar 07, 2014 at 08:23:15AM -0500, Josh Boyer wrote: I agree too. I think you did an awesome job Josh. Most of the fat is trimmed. :-) Anything more should really come with some numbers/data. Cheers, Don

On Fri, Mar 07, 2014 at 09:50:37AM -0500, Josh Boyer wrote: Oh, I thought you had the package split already into kernel-common and kernel-drivers? But yes I would be interesting in seeing those changes because that filters to RHEL eventually. I can already see RHEL developers whining about extra packages to install... ;-) Though all the kernel-tools stuff seemed to have gone smoothly... Cheers, Don

On Wed, Mar 5, 2014 at 2:48 AM, Sandro "red" Mathys <red(a)fedoraproject.org&gt; wrote: I'm not overly thrilled with having multi-tiered driver packages. That leads to major headaches when we start shuffling things around from one driver package to another. The current solution I have prototyped is a kernel-core/kernel-drivers split. Here "core" could be analogous to "cloud", but I imagine it will be useful for other things. People wanting to do PCI passthrough can just install the kernel-drivers package. Same questions I asked Sam and Matt: - Do you need/want a firewall (requires iptables, etc)? - Do you need/want NFS or other cloudy storage things (for gluster?)? - Do you need/want openvswitch? The list of modules I have in my local rawhide KVM guest is below. The snd_* related drivers probably aren't necessary. The btrfs and things it depends on can be ignored (unless you plan on switching from ext4). Anything that has table or nf in the module name is for the firewall. Matt already provided a much smaller module list for openstack and EC2, but I'm guessing we want to target the broadest usecase. Think about it and let me know. josh [jwboyer@localhost ~]$ lsmod Module Size Used by nls_utf8 12557 1 isofs 39794 1 uinput 17708 1 bnep 19735 2 bluetooth 445507 5 bnep 6lowpan_iphc 18591 1 bluetooth fuse 91190 3 ip6t_rpfilter 12546 1 ip6t_REJECT 12939 2 xt_conntrack 12760 9 cfg80211 583354 0 rfkill 22195 4 cfg80211,bluetooth ebtable_nat 12807 0 ebtable_broute 12731 0 bridge 135391 1 ebtable_broute stp 12946 1 bridge llc 14092 2 stp,bridge ebtable_filter 12827 0 ebtables 30833 3 ebtable_broute,ebtable_nat,ebtable_filter ip6table_nat 13015 1 nf_conntrack_ipv6 18777 6 nf_defrag_ipv6 100248 1 nf_conntrack_ipv6 nf_nat_ipv6 13213 1 ip6table_nat ip6table_mangle 12700 1 ip6table_security 12710 1 ip6table_raw 12683 1 ip6table_filter 12815 1 ip6_tables 26809 5 ip6table_filter,ip6table_mangle,ip6table_security,ip6table_nat,ip6table_raw iptable_nat 13011 1 nf_conntrack_ipv4 18791 5 nf_defrag_ipv4 12702 1 nf_conntrack_ipv4 nf_nat_ipv4 13199 1 iptable_nat nf_nat 25249 4 nf_nat_ipv4,nf_nat_ipv6,ip6table_nat,iptable_nat nf_conntrack 110550 8 nf_nat,nf_nat_ipv4,nf_nat_ipv6,xt_conntrack,ip6table_nat,iptable_nat,nf_conntrack_ipv4,nf_conntrack_ipv6 iptable_mangle 12695 1 iptable_security 12705 1 iptable_raw 12678 1 snd_hda_codec_generic 66943 1 ppdev 17635 0 snd_hda_intel 56588 4 snd_hda_codec 133858 2 snd_hda_codec_generic,snd_hda_intel snd_hwdep 17650 1 snd_hda_codec snd_seq 65180 0 snd_seq_device 14136 1 snd_seq crct10dif_pclmul 14250 0 crc32_pclmul 13113 0 crc32c_intel 22079 0 snd_pcm 103502 2 snd_hda_codec,snd_hda_intel ghash_clmulni_intel 13259 0 microcode 216608 0 virtio_console 28109 1 serio_raw 13413 0 snd_timer 28806 2 snd_pcm,snd_seq virtio_balloon 13530 0 snd 83790 16 snd_hwdep,snd_timer,snd_pcm,snd_seq,snd_hda_codec_generic,snd_hda_codec,snd_hda_intel,snd_seq_device soundcore 14491 1 snd parport_pc 28048 0 parport 40605 2 ppdev,parport_pc pvpanic 12801 0 i2c_piix4 22155 0 btrfs 940276 1 xor 21366 1 btrfs raid6_pq 101472 1 btrfs qxl 74078 2 drm_kms_helper 50413 1 qxl virtio_pci 17713 0 8139too 33711 0 virtio_ring 20004 3 virtio_pci,virtio_balloon,virtio_console virtio 14172 3 virtio_pci,virtio_balloon,virtio_console ttm 85373 1 qxl 8139cp 32036 0 mii 13527 2 8139cp,8139too ata_generic 12910 0 drm 288814 4 qxl,ttm,drm_kms_helper i2c_core 38734 3 drm,i2c_piix4,drm_kms_helper pata_acpi 13038 0

On Wed, Mar 5, 2014 at 9:59 AM, Gerd Hoffmann <kraxel(a)redhat.com&gt; wrote: So you agree multi-tiered subpackages is a bad idea, but then you propose a netfilter specific subpackage? ... Probably not. They'll likely just be in kernel-core. Nested virt? I dunno, it was mentioned at one point so I thought I'd bring it up for discussion again. I'm of the opinion the latter is probably what we should shoot for. It's going to be the broadest target that is still reasonably small. Me either. I'm guessing because systemd/NetworkManager on my KVM guest auto-loads them. OK. Was planning on that already. josh

On Wed, Mar 05, 2014 at 10:08:04 -0500, Josh Boyer <jwboyer(a)fedoraproject.org&gt; wrote: Couldn't the planned module provides allow something like this to work without worry much about which modules are in which packages? netfilter could juts require the modules it needs and it would pull in and extra kernel module packages that are needed.

On Wed, 2014-03-05 at 10:59 -0500, Josh Boyer wrote: This can also have unforseen consequences. Coming from conary, where we had rich dependencies stored in the repository, if you start putting module provides and depends metadata into the repositories for every single module, the CPU time and network traffic required to even do a simple update can grow excessively. I am not saying that there is no solution to the problem, but I wouldn't count on it near term. Justin

On Wed, Mar 05, 2014 at 10:08:04AM -0500, Josh Boyer wrote: I agree that this is valuable, because it lets the same image be used for testing locally. -- Matthew Miller -- Fedora Project -- <mattdm(a)fedoraproject.org&gt;