enforced network in container on creation

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/682351

Change abandoned by Radosław Piliszek (<email address hidden>) on branch: stable/stein
Review: https://review.opendev.org/682351
Reason: oops, on wrong branch

Fix proposed to branch: master
Review: https://review.opendev.org/682353

sorry for targetting stein, I'm just testing on a stable target

@Radosław,

Would you clarify the use cases of this feature? For example, in what situation, Zun need to spin up a container without assigning a network?

@hongbin:

Since Docker supports that, we broaden the applicability of Zun to network isolated containers. Otherwise it is tedious to create separate networks per container and may hit some set limit. This is mostly coming from orchestration use case where you throw around "untrusted" jobs packed in Docker containers and you don't want them to have any connectivity to anything else there. Also, I thought that Zun supports that as you can skip defining the network but instead it chooses one of them according to its internal algorithm.

On Tue, Sep 17, 2019 at 2:40 AM Radosław Piliszek <
<email address hidden>> wrote:

> @hongbin:
>
> Since Docker supports that, we broaden the applicability of Zun to
> network isolated containers. Otherwise it is tedious to create separate
> networks per container and may hit some set limit. This is mostly coming
> from orchestration use case where you throw around "untrusted" jobs
> packed in Docker containers and you don't want them to have any
>

ACK. For VMs, there is a way to tell nova not to allocate any network for
the instance (by specifying --nic=none [1]). Are you requesting a similar
capability? or a different thing?

[1]
https://docs.openstack.org/python-openstackclient/latest/cli/command-objects/server.html#cmdoption-openstack-server-create-nic

> connectivity to anything else there. Also, I thought that Zun supports
> that as you can skip defining the network but instead it chooses one of
> them according to its internal algorithm.
>

Would you clarify what is "internal algorithm"? This sounds similar as
auto-allocated network [2]? or a different request?

[2]
https://specs.openstack.org/openstack/nova-specs/specs/newton/implemented/get-me-a-network.html

>
> --
> You received this bug notification because you are subscribed to Zun.
> Matching subscriptions: zun
> https://bugs.launchpad.net/bugs/1844122
>
> Title:
> enforced network in container on creation
>
> Status in Zun:
> In Progress
>
> Bug description:
> Now Zun enforces adding network on container creation.
> This seems not necessary for containers.
> I have a PoC which works by not assigning network if not explicitly
> requested.
> This bug is meant to track the idea.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/zun/+bug/1844122/+subscriptions
>

@hongbin

> Are you requesting a similar capability? or a different thing?

Exactly this.

> Would you clarify what is "internal algorithm"?

I meant generally what Zun does at the moment when not given a network.
I did not mean "auto-allocate", currently Zun just bails out when there is no available network and it would be nice for it to be able to create these automatically but this is not what I am after atm.

On Sun, Sep 22, 2019 at 3:25 AM Radosław Piliszek <
<email address hidden>> wrote:

> @hongbin
>
> > Are you requesting a similar capability? or a different thing?
>
> Exactly this.
>

ACK

>
> > Would you clarify what is "internal algorithm"?
>
> I meant generally what Zun does at the moment when not given a network.
> I did not mean "auto-allocate", currently Zun just bails out when there is
> no available network and it would be nice for it to be able to create these
> automatically but this is not what I am after atm.
>

ACK

>
> --
> You received this bug notification because you are subscribed to Zun.
> Matching subscriptions: zun
> https://bugs.launchpad.net/bugs/1844122
>
> Title:
> enforced network in container on creation
>
> Status in Zun:
> In Progress
>
> Bug description:
> Now Zun enforces adding network on container creation.
> This seems not necessary for containers.
> I have a PoC which works by not assigning network if not explicitly
> requested.
> This bug is meant to track the idea.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/zun/+bug/1844122/+subscriptions
>

Change abandoned by Radosław Piliszek (<email address hidden>) on branch: master
Review: https://review.opendev.org/682353
Reason: not pursuing, anyone feel free to pick it up (here or elsewhere), rather niche use case