Support for configuring lxd-profile for applications in bundles
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
As discussed with thumper -
Juju as of 2.5.0 allows charms to configure a LXD profile, using the lxd-profile.yaml embedded in a charm, to provide sensible configuration to be used when an application is deployed to a LXD controller.
It would be super useful if this could be extended to allow a lxd-profile statement to be configured in the application sections of a bundle, regardless of whether or not a charm has an existing lxd-profile.yaml, to customise the profile used when deploying LXD units of the specific application.
Example uses which come to mind are configuring uidmapping, nesting, or device passthrough in a clean way when deploying complex platforms such as OpenStack, where traditionally device passthrough for devices such as SR-IOV VNFs has had to be done manually, with scripts, or other tools, prior to deploying applications to LXD containers.
Another use case is configuring the uidmapping for volumes which are required to access data on the host machine when deploying applications to unprivileged containers - this would allow specific UIDs and GIDs to be specified as well as volumes to pass through from the host for services deployed to LXD controllers, where mounting a networked or local filesystem might be possible on the host, but not possible in an unprivileged container due to kernel drivers or permissions restrictions in the LXD container.
I think the most sensible configuration would be to have lxd-profile sections specified in the bundle merge with any existing charm-specified values, where the charm specifies a profile, prior to upload to the controller, so a single lxd-profile map could be sent to the controller and then applied by the LXD controller to the existing or new LXD profile used by deployed/deploying services.
Happy to discuss further if any of this isn't clear or if there are considerations I haven't though of - however I feel this change would allow Juju to be much more self sufficient as a tool to deploy workloads atop LXD, and allow users to better leverage LXD's functionality from Juju without resorting to manual hacks to profiles. The intrinsic benefit also of doing this in the bundle is there is then an artefact detailing the LXD configuration required for a deployed model to function correctly.
Changed in juju: | |
status: | New → Triaged |
importance: | Undecided → Wishlist |
Changed in juju: | |
status: | Triaged → Fix Released |
Changed in juju: | |
status: | Fix Released → Triaged |
Encountered the same need for nested containers with Contrail charms as they deploy docker containers which either requires collocation on bare-metal or usage of kvm as standard lxd profiles do not allow nesting and we do not control the code base of the charm to modify its profile.
Docker containers they run do not have separate network namespaces so they had access to all host interfaces.
As a result, using a workaround is necessary where a dummy charm is created with a profile, deployed with as many units as you need for the target application and the units of that application are placed into containers via service collocation.