help-guix
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Enterprise Guix Hosting?


From: Thompson, David
Subject: Re: Enterprise Guix Hosting?
Date: Tue, 30 Aug 2022 21:42:00 -0400

Hi Ricardo,

On Fri, Aug 26, 2022 at 3:43 AM Ricardo Wurmus <rekado@elephly.net> wrote:
>
>
> Hi Yasu
>
> > Our idea is at the coop is that we want to develop software
> > development acceleration tools, and a major part would be
> > container-less software provisioning so that composition would not
> > mean more and more layers of technical debt...
>
> Don’t discount containers too soon.  Guix has “guix system container”,
> which spins up lightweight Guix System containers that share /gnu/store.
> You only need to set up a bridge interface on the host and create a
> network device pair and move one end into the container’s net namespace.

I thought for sure that 'guix system container' would be something
people would love, but it doesn't seem to get much use!  Having all
containers share the store eliminates several problems that come with
Docker's primitive layer approach.  When I realized all we had to do
was bind mount store items into the container I couldn't believe it
was so simple.

> You can do containers and compose them without layers upon layers of
> file system blobs.  The reasons why this is not commonly done on
> existing commercial platforms:
>
> - container images are often provided from different origins, so there
>   is no trust and thus no way to have them share the same files or
>   common packages
>
> - without reproducible builds trust cannot be established
>
> - container images are erroneously considered a requirement for
>   isolation, but it is not actually required to use them even in the
>   presence of an unshared mount namespace.

All true.  "Container" has come to mean the image more than the
execution environment, so Guix containers not being based on disk
images makes them not fit in.

> Using a shared /gnu/store as a big cache for all containers can be a
> real asset.  We can learn lessons from the HPC experience here.

What might have a positive impact is if Guix had an answer to 'docker
compose'.  Most of the pieces are there already.  Such a tool could be
combined with 'guix shell' so you could get all the tools needed for
local development *and* automatically start any necessary daemons,
like database servers, in isolated containers.

- Dave



reply via email to

[Prev in Thread] Current Thread [Next in Thread]