atomic-host-goss container runs goss (with privileges) in host os context

[keithy]

https://github.com/keithy/atomic-host-goss

This functionality works standalone, but could be merged into the mainline release.

1. Dockerfile includes "run" definition used by the atomic tool.
2. goss-on-host script copies goss into the host context and runs it there.

[aelsabbahy]

This seems interesting, but conflicts with the current implementation.

Perhaps adding a new dockerfile/image for this purpose might be cleaner.

[keithy]

Fedora Atomic Host as an OS is almost officially End of Life, since it has been superceeded by Fedora Core OS. The "atomic" tool and this way of providing super-priviledged containers is no longer relevant.

[aelsabbahy]

oh.. hah. This is part of the reason why goss has almost no container support aside from wrapper scripts (e.g. dgoss).. I figure the ecosystem will be changing a lot until the industry normalizes on a set of tools.

Thanks for the initial PR. If there are any other use-cases for goss that you have, please let me know.

[aelsabbahy]

Oh, one last thing.. is there a new "super container" concept? I did not experiment with Fedora Core OS or Fedora silverblue yet to know what's the latest experimental work on that front.

[keithy]

This is being discussed: https://github.com/coreos/fedora-coreos-tracker/issues/37 I made some progress: https://github.com/coreos/fedora-coreos-tracker/issues/311

The options for FCOS basically are: A) Upload a binary directly (or publish an rpm to be overlayed) to the main OS.

• access this binary remotely via ssh B) Create some safe-layer with the help of systemd that layers on-top of the OS, but does not use/need a container runtime. This option currently lacks the transport/versioning/updating that a container based solution would provide. C) A container based solution equivalent to the previous super-priviledged containers scheme that does run via podman etc.

This tool (when complete) https://github.com/keithy/ign-tool can be used to assemble an ignition provisioning script. This tool includes the ability to include modules or "plugs" as I call them. The "Plugs" are published via the github wiki and this solution should converge over the next few days!

• Option A) https://github.com/keithy/ign-tool/wiki/plug:goss
• Option B) install https://github.com/keithy/ign-tool/wiki/plug:install-packages
• Option B) service https://github.com/keithy/ign-tool/wiki/plug:portable-goss

The two options are, 1) a systemd portable service that runs goss serve on a port (continuously/on demand) b) a user that is allocated a safe-chrooted-shell (also provided via systemd)

Since all the niceness is provided by systemd, this solution ought to work similarly on other systemd based distributions.

[aelsabbahy]

This is extremely informative, thanks. Interesting to see all the new container centric distributions.