Question: would it make sense to use something like:client.py

subuser-security / subuser

Run programs on linux with selectively restricted permissions.

http://subuser.org

GNU Lesser General Public License v3.0

890 stars 65 forks source link

Question: would it make sense to use something like:client.py #28

Closed peter1000 closed 10 years ago

peter1000 commented 10 years ago

I was wondering what you think:

would it make sense instead of all the subprocess calls to use a much simplified version of something like:

https://github.com/dotcloud/docker-py/blob/master/docker/client.py I mean only the things what subuser needs:

CONS::

 1. Not sure if that suports other HOST OS except of linux

 2. Not sure if docker changes internally if one would need to adjust much
   (but that might be also needed if using subcalls?)

3. maybe/depending more dependencies

PROS::

1. than all would be in pure python and  not much subproccess calles.

2. probably nicer and better coding

played a bit with the above: https://github.com/dotcloud/docker-py/blob/master/docker

had to install: python-requests python-urllib3 python-websocket

for just a fast test quite nice: build command did not work in the beginning though - probably mistake of mine

peter1000 commented 10 years ago

:+1: figured the build stuff out - the image existed already before.

anyway it would be an extra layer but the real advantage it is all in python?

To build the dockerfile with the package

#!/usr/bin/env python
import docker
c = docker.Client(base_url='unix://var/run/docker.sock',
                  version='1.6',
                  timeout=10)       
c.build(path="/home/workerm/Downloads/docker-py-master", tag="subuser-test", quiet=False, fileobj=None, nocache=False, rm=False, stream=False)

timthelion commented 10 years ago

It would be nice, in terms of getting rid of this garbage:

https://github.com/timthelion/subuser/blob/112d4f3d5fb2630a680c80c8f4002a2840ef57fe/logic/subuserCommands/subuserlib/dockerImages.py#L21

https://github.com/timthelion/subuser/blob/112d4f3d5fb2630a680c80c8f4002a2840ef57fe/logic/subuserCommands/update#L89

However, I really do not want to do this:

I really don't want to add any new dependencies.
It would potentially be stressfull to keep up with an ever changing docker API(not sure if it's actually any MORE stressfull than worying about the formatting of CLI call output changing though...)

peter1000 commented 10 years ago

I think one can get rid of some of the dependencies: I already remove 'python-websocket'

About the API changes: I'm not sure if it would be much work: anyway I will still look into it as I'm just interested how much I can strip off for a bare naked version.

No problem if you do not want to use it.

peter1000 commented 10 years ago

at the moment I will not have time to look into this: if you want you can close it?

timthelion commented 10 years ago

You were right, this will be better.

peter1000 commented 10 years ago

but it will add additional dependencies.

I do not have any more the stuff I played around with - but one could try to get rid of the things subuser does not need.

On the other hand maybe it's easier to make it just an dependencies: in that case if the docker api changes one can just update the module.

I'm still busy with other things: but might look into it...

timthelion commented 10 years ago

I am convinced we can eliminate all dependencies. Writing to a socket file really isn't that complicated.

timthelion commented 10 years ago

I have implemented my own direct communications with the Docker daemon.