Package and dependency management should be done by Nereon

[ronaldtse]

Package and dependency management should be placed in Nereond — when we have it :wink:

[drystone]

I think this is better done by Riffol - otherwise Roffol will always depend on Nereond. I like the possibility of Riffol being standalone and Nereond being an optional configuration management tool.

[ronaldtse]

One distinction we need to be certain is between “runtime” and “static” configuration.

Runtime configuration contains items that change amongst container runs.

Packages, and the realm of the Dockerfile, should be considered static configuration since they don’t change in a container. This is like the distinction between a function and its arguments.

With nereon, we are pushing the definition of runtime configuration because traditionally config files in docker are already considered “static”, while they really shouldn’t be.

This way we minimize the necessity to build multiple container variants for trivial changes.

I believe the packages should really be installed by the Dockerfile, Riffol is just to check if those packages are installed.

On the other hand, for configuration management, if we are to control dependencies as well, it would be cleaner to have Nereond handle it? It’d be weird for systemd to install packages...

[drystone]

Yes, absolutely, init is the place to install packages. It's only tradition that dictates otherwise. Installing a package is essentially the same as any other configuration step: persist some data and run a script to integrate it with the packages it depends upon.

I was under the impression that Nereond was simply going to parse config with tightly controlled side effects (ie putting a few config files in place) - and initially it wasn't even going to do that, it was going to stream configuration to Riffol which was, in turn going to write the config files. If anything, I prefer that option: Nereond is completely without side effects and all the 'running' of stuff gets done in one place, in defined order, by Riffol, using applications, some long running, others more like the old rc.local that performs some specific configuration and exits.

I'm playing devil's advocate here a little but based on my understanding of system requirements, having loosely coupled Riffol and Nereond with distinct functionalities is the approach I'd take.

[ronaldtse]

It’s true to a certain degree, but one major difference between static config and runtime config is the deterministic nature. Runtime config is always certain to be set. Packages installs usually depend on the accessibility of repos. We don’t want any indeterministic action, such as the inability to access the yum repos, to block the running of a built container.

But of course, if we can offline the package installs, bundle them in the config, then it will become deterministic and hence fine.

So I’ll revise my definition — only configuration that can have fully resolved dependencies be considered suitable for init.