| 1 |
On 02/02/2017 04:05 PM, Rich Freeman wrote: |
| 2 |
> On Thu, Feb 2, 2017 at 3:35 PM, james <garftd@×××××××.net> wrote: |
| 3 |
> |
| 4 |
>> |
| 5 |
>> I think that unikernels are something everyone should be aware of |
| 6 |
>> as they purport to be the latest trend in securing all sorts of systems. |
| 7 |
>> (a brief read). |
| 8 |
>> |
| 9 |
> |
| 10 |
> Not really for all sorts, more for servers. Otherwise I get it, and |
| 11 |
> at this point now that I run almost everything in containers I tend to |
| 12 |
> be more inclined to run different distros in those containers. |
| 13 |
> |
| 14 |
>> This is only the case because profiles are in general in a mess and there |
| 15 |
>> are little in the way of conventions. What is so sacrosanct about upstream |
| 16 |
>> for a truly embedded gentoo system or a gentoo based IoT device? |
| 17 |
> |
| 18 |
> Nothing, in that space. |
| 19 |
> |
| 20 |
> The problem is the new user experience. When somebody is new to |
| 21 |
> Gentoo and not super-knowledgeable the first thing they're going to do |
| 22 |
> is set up a desktop. Now, they might not call it a desktop. They |
| 23 |
> might not even run X11 on it. But, they're basically falling into |
| 24 |
> that desktop user experience where whatever they do install "just |
| 25 |
> works" and is feature-complete. |
| 26 |
|
| 27 |
Wow, I'm shocked. Perhaps you have forgotten that is was "I" that |
| 28 |
bemoaned and protested ad nauseam for a simple, basic desktop |
| 29 |
for the noob moving to or just testing gentoo? Needless to say the |
| 30 |
majority of long term folks on gentoo-user, prefer to run those noobs |
| 31 |
off. (Remember I was on gentoo-user for 12 years, by the hour.) |
| 32 |
Now our gentoo distro is catering and concerned about these folks? |
| 33 |
(excuse me but I haft to roll around on the floor a bit to get some |
| 34 |
belly laughter out....) ok, I'm back now. Nobody give a damn about the |
| 35 |
gentoo noob; that's why it is gentoo policy not to have an installer. |
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
> It is true that we also attract advanced users who are looking for |
| 40 |
> something different. They have no issues getting any distro to dance |
| 41 |
> for them, and they're picking Gentoo because it is best suited for |
| 42 |
> their specific need. These users are much more likely to be |
| 43 |
> interested in minimal configurations, embedded systems, the hardened |
| 44 |
> profiles, and so on. |
| 45 |
|
| 46 |
This pool is growing and many are contributing.... hardened on top |
| 47 |
of minimal.... very very cool. |
| 48 |
|
| 49 |
> However, the problem is that if we optimize mainly for the second |
| 50 |
> group we basically lose the first group entirely, and I suspect that |
| 51 |
> is overall going to be the bigger group. |
| 52 |
|
| 53 |
Nope, sorry, I have to disagree. Please explain why we cannot, in the |
| 54 |
profiles, support both groups. The (minimal) embedded profile pathway |
| 55 |
need not be mentioned in the handbook. But, perhaps in the |
| 56 |
gentoo-embedded-handbook it could be introduced ? If the embedded devs are |
| 57 |
offended, then it could be unser it's own profile:: spartan, monopod, |
| 58 |
minimized or any self identifying moniker. |
| 59 |
|
| 60 |
|
| 61 |
> If what you want is a "unikernel profile" for Gentoo then you're going |
| 62 |
> to be changing a LOT of assumptions. |
| 63 |
|
| 64 |
Oops, hit the brakes! Unikernels the way that unikerel.org describes |
| 65 |
them is more of a enhanced state machine boot_code or an executive |
| 66 |
or a linux kernel plus one lib. Sorry but that's not the only vision |
| 67 |
and mine is to build highly targeted 'minimal' gentoo systems that can |
| 68 |
dynamically shed and load new frameworks (groups of packages and codes |
| 69 |
and such) on top of the 'default set' or embedded set of packages. So it |
| 70 |
can become a full blown mail server or a singular monotonic device, just |
| 71 |
sniffing ethernet, without a reboot. I'm betting the farm that my vision |
| 72 |
of minimal/embedded gentoo will be far more successful than those folks |
| 73 |
pushing proprietary Unikernel products. Still the generic moniker |
| 74 |
'unikernel' is the closest commonly used moniker to where I'm driving |
| 75 |
too, I so 'lifted' it from those folks. Goals are similar but mine is a |
| 76 |
minimized gentoo, at it's core and dynamically flexible without reboot. |
| 77 |
|
| 78 |
|
| 79 |
|
| 80 |
> Forget openrc vs systemd, there |
| 81 |
> is no reason to have any init implementation on the thing. Forget |
| 82 |
> linux vs bsd, there is also no reason to have a kernel in a container. |
| 83 |
> We don't need any editor because you're probably going to do any |
| 84 |
> config file editing from outside of the container. And that @system |
| 85 |
> set that has all that bootstrapping stuff is probably way overkill if |
| 86 |
> all you ultimately need is a single package to work (and maybe not all |
| 87 |
> of that package). Heck, your overall install approach also should be |
| 88 |
> questioned. Rather than build your unikernel from inside its own |
| 89 |
> container, you should be building from a more complete image and just |
| 90 |
> installing the minimum RDEPENDs in the production container (as with |
| 91 |
> catalyst or the chromiumos builds). And you probably wouldn't be |
| 92 |
> upgrading such things in place either, you'd just be creating newer |
| 93 |
> instances and cutting over from the old. |
| 94 |
|
| 95 |
I agree with you on this, absolutely. But you are far off from my |
| 96 |
branch of the profile tree and my pathway forward, so it's accurate |
| 97 |
but completely uncharacteristic to what I'm developing. |
| 98 |
|
| 99 |
|
| 100 |
> I don't question that it would be great for Gentoo to support all of |
| 101 |
> this stuff. I just think that we need to be careful not to destroy |
| 102 |
> the experience of somebody who just wants a "typical" install in order |
| 103 |
> to do it. Somebody who doesn't want to take the time to tweak how |
| 104 |
> their java implementation works probably wants the default install to |
| 105 |
> be something that meets the Oracle standard. Now, somebody who is |
| 106 |
> into tailoring can look at their application and tweak the living |
| 107 |
> daylights out of it, but that shouldn't be what you get when you run |
| 108 |
> "emerge icedtea" or whatever. |
| 109 |
|
| 110 |
|
| 111 |
I just do not see your 'either or scenario' as the only possibility. For |
| 112 |
example, in a recent gentoo-dev thread, those profile owners (devs) |
| 113 |
were asked to step forward and state the viability going forward of a |
| 114 |
profile review thread. If one of those devs wants one of those itemized |
| 115 |
profiles to continue to exist, is it going to be forcibly deleted? (no) |
| 116 |
|
| 117 |
So all I have to do is convince (beg?) one dev to have a place in the |
| 118 |
profile tree that is not subservient to upstream dictates? Perhaps |
| 119 |
another way forward for my work? (Glep-70?) |
| 120 |
|
| 121 |
|
| 122 |
> Sure, you could do all that with a profile, but the problem is: |
| 123 |
> 1. Maintainers aren't going to necessarily invest in that profile. |
| 124 |
|
| 125 |
Can I proxy-maintain a profile for minimized gentoo clusters? |
| 126 |
Can I share a profile with another compatible (need) profile ? |
| 127 |
|
| 128 |
|
| 129 |
> 2. New users won't necessarily use that new profile. |
| 130 |
|
| 131 |
That would be excellent. That's why there are many choices for profiles, |
| 132 |
right? |
| 133 |
|
| 134 |
|
| 135 |
> And when those things doesn't happen users look at Gentoo as the OS |
| 136 |
> that nothing works right on. |
| 137 |
|
| 138 |
Non-sequitur.... |
| 139 |
user's will be on a handbook delineated profile choice; capable users |
| 140 |
will be able to navigate handbook choices and other available profiles, |
| 141 |
or seek (neddy?) guidance. The profile I'm talking about could |
| 142 |
be logically under the old branch of 'experimental' if that survives |
| 143 |
too. But would be best as close to the root of the profile tree, as |
| 144 |
possible. The least amount of packages installed, is best, and located |
| 145 |
in a different branch than the default or whatever the new name is where |
| 146 |
a plethora of upstream issues exit. None of this would be a burden |
| 147 |
to ebuilds, if they do not work, so be it, I can and will fix what I |
| 148 |
need from upstream. Every week, that list grows shorter and shorter, |
| 149 |
particularly for the minimal builds. |
| 150 |
|
| 151 |
|
| 152 |
Hopefully I have justified and succinctly stated my vision, is |
| 153 |
accommodation not possible? All I really need is a minimized (a least or |
| 154 |
very low set of packages) profile that is not so concerned with most of |
| 155 |
the upstream projects and the noise found therein. |
| 156 |
|
| 157 |
|
| 158 |
hth, |
| 159 |
James |
Archives