Pattern to safely spawn a container from a container

Registered by Alex Schultz on 2019-11-11

Use systemd on the host to launch the side process containers directly with
support for network namespaces that Neutron agents require. The benefit of
this approach is that we no longer have to give the Neutron containers privs
to launch containers which they shouldn't require.

Blueprint information

Status:
Started
Approver:
Bogdan Dobrelya
Priority:
Medium
Drafter:
Dan Prince
Direction:
Approved
Assignee:
Alex Schultz
Definition:
Approved
Series goal:
Accepted for ussuri
Implementation:
Blocked
Milestone target:
milestone icon victoria-3
Started by
Alex Schultz on 2019-11-11

Related branches

Sprints

Whiteboard

https://review.opendev.org/#/c/620062/ - spec
https://review.opendev.org/#/c/693442/ - tripleo-ansible
https://review.opendev.org/#/c/693589/ - tripleo-heat-templates

Gerrit topic: https://review.opendev.org/#/q/topic:systemd-wrappers

Addressed by: https://review.opendev.org/693442
    WIP - Implement tripleo-systemd-wrapper role

Gerrit topic: https://review.opendev.org/#/q/topic:bp/safe-side-containers

Addressed by: https://review.opendev.org/693589
    Use a systemd service to handle sidecar containers

Addressed by: https://review.opendev.org/694525
    Remove neutron wrappers

Gerrit topic: https://review.opendev.org/#/q/topic:bug/1860155

Addressed by: https://review.opendev.org/706379
    Add handling of signal 15 in kill script

Addressed by: https://review.opendev.org/706381
    Use a systemd service to handle sidecar containers

Addressed by: https://review.opendev.org/706990
    Remove neutron wrappers

Addressed by: https://review.opendev.org/714033
    Remove neutron wrappers usage

Addressed by: https://review.opendev.org/724730
    Revert "Remove neutron wrappers"

__
Feature reverted https://review.opendev.org/c/724843

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.