CI LXC -> Docker

Harald Sitter sitter at kde.org
Tue Mar 31 14:21:37 UTC 2015 

Alohas

due to the systemd migration in vivid unprivileged LXC as used on KCI
have become unusable, so I had to rush to another thing that does what
we need while not being broken.

KCI is now using docker \o/

...or at least I am deploying that right now under the assumption that
it will actually work. Also for the next day or two integration will
be disabled while I make sure that jobs turn red over night.

Ideally this change doesn't affect anyone but me, I do however expect
odd build failures as the docker roll out was not very well tested and
is hard to test cover in general. So perhaps keep an eye out for
those.

Docker offers three new main advantages (additionally to what we
already had through LXC):
- clear separation of an image (the base file systems as it were) and
the container (the thing running on top of the base image)
- easy management of both images and containers
- sensible API bindings for ruby that do not make me want to write my own

Currently this is a bit of a hacky implementation as I had to do a
rushed rollout due to stupidity and it works mostly like the previous
LXC thing worked:
- tooling change gets pushed
  - tooling tests run and succeed
  - tooling gets staged for deployment
  - VM management jobs get triggered
    - (re)creates intermediate base image from dockerfile
    - pushes staged tooling into image
    - installs ruby bundle for the environment of the image
    - tags image latest for its series_type identifier (e.g. vivid_unstable)
- random build job runs
  - creates container using latest image for series_type identifier
  - runs builder inside container
  - removes container again

I am not quite happy how the dockerfile is used right now, but other
than that the code is a vast improvement over what we had with LXC as
we had to do config file meddling and so forth to get our bind mounts
set up and also stacked up a vast quantity of hacks to work around all
sorts of problems with how unprivileged containers work. There's also
various features missing in docker that make it in some areas inferior
still (lack of subuid support for example); supposedly some of them
are getting resolved in 1.6 I have heard.

HS

More information about the kubuntu-devel mailing list