##(see the SpecSpec for an explanation)

 * '''Launchpad Entry''': UbuntuSpec:cloud-server-n-containers-finetune
 * '''Created''':
 * '''Contributors''': dlezcano, serge-hallyn, soren
 * '''Packages affected''': lxc, linux-image

== Summary ==

Make the use of containers for service segregation on par with
KVM in terms of functionality and transparancy.

== Release Note ==

##This section should include a paragraph describing the end-user impact of this change.  It is meant to be included in the release notes of the first release in which it is implemented.  (Not all of these will actually be included in the release notes, at the release manager's discretion; but writing them is a useful exercise.)

##It is mandatory.

Containers functionality has been greatly improved.

== Rationale ==

== User stories ==

Joe is a system administrator who wants to start a temporary image
to run postfix.  To save on resources he runs it using a container.
He wants to be able to update the image without fear of updates
un-doing hacks needed for containers.

Jane is a system administrator who wants to be able to mix containers
with KVM VMs through libvirt.  She wants libvirt to auto-start
containers, and virt-manager to cleanly shut down the containers.

== Assumptions ==

== Design ==

== Implementation ==

##This section should describe a plan of action (the "how") to implement the changes discussed. Could include subsections like:

== Test/Demo Plan ==

##It's important that we are able to test new features, and demonstrate them to users.  Use this section to describe a short plan that anybody can follow that demonstrates the feature is working.  This can then be used during testing, and to show off after release. Please add an entry to http://testcases.qa.ubuntu.com/Coverage/NewFeatures for tracking test coverage.

##This need not be added or completed until the specification is nearing beta.

== Unresolved issues ==

##This should highlight any issues that should be addressed in further specifications, and not problems with the specification itself; since any specification with problems cannot be approved.

== BoF agenda and discussion ==

##Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected.

=== UDS Natty discussion ===

{{{
== Make LXC ready for production ==

Conclusions:
 * Some kernel patches (setns, ipvs, ns-cgroup-removal) are heading upstream
   * kernel team may backport those into natty
   * ns cgroup is being deprecated - should be turned off
     * MUST be associated with taking the clone-children control file patch to replace ns cgroup functionality
 * For more forward-looking and experimental lxc patches,
   * Create a kernel based on natty hosted on kernel.ubuntu.com
   * Create a ppa with both custom kernel and lxc package to exploit it
   * Examples of functionality:
     * user namespace
     * containerized syslog
     * tinyproc (see below)
 * Investigate solutions for /proc and /sys containerization
   * One attractive solution was to separate proc from container-safe tinyproc
     * could be a mount option
       * a CAP_HOST_PROC capability is required for mounting full proc
       * tinyproc does not provide /proc/sysrq-trigger, for instance
 * Networking:
   * We should let libvirt handle creation of bridge
   * Someone should investigate getting netcf working in debian+ubuntu
     * To play nice with networkmanager
 * Container auto-start on boot
   * Let libvirt handle it
 * Meeting schedule for Friday to investigate a libvirt binding for liblxc
   * Summary from that meeting:
     * Action for natty to make a debootstrapped image work on host and in container
     * Action for Soren to look at libvirt-lxc console bug
       * (Serge to file a bug)
     * Action to create a new libvirt-container driver, based on openvz driver, which execs lxc.sf.net programs.
       * Ping libvirt community for reaction
       * Updating the existing driver to match lxc.sf.net functionality is too much duplicated work.
     * Long term, we would like to have the container driver call out to lxc.sf.net library - much more work
 * Upstart script for lxc
   * We should see if we can let libvirt handle it all
 * Action: find someone willing to work on a script on top of lxc for easing container creation
 * Action: find someone to push top/ps/netstat/etc containerization patches upstream
 * Action: pursue solutions to container reboot and poweroff
 * Action: Create trees based on Natty kernel tree, hosted on kernel.ubuntu.com, for more experimental container features to push upstream.
 * Action: Serge to follow up on user-namespace-over-dbus patch (sent to lkml in May)
}}}

----
CategorySpec