

Docker 0.6: Events API, registry improvements, expert mode, security updates. - nickstinemates
http://blog.docker.io/2013/08/websockets-dockerfile-upgrade-better-registry-support-expert-mode-and-more/

======
codexon
When is the AUFS requirement going to be removed?

Ubuntu is going to drop it in the near future. So the idea of rebooting all
servers to install a custom kernel with AUFS makes me not even want to try it.

~~~
eikenberry
Any references on why they are dropping it and what they are replacing it
with?

~~~
WestCoastJustin
I assume they are dropping it to allow much wider adoption. Docker makes use
of AUFS for many of its cool features, like quickly spinning up containers,
snapshots, diffs, etc. Ubuntu is dropping AUFS support in its stock kernels
[1], and RHEL (CentOS, SL, etc) does not have support for AUFS in their stock
kernels [2], and it is a major pain to try and add it (i.e. not even a simple
recompile, you need custom patches, etc). So, given these two issues, you run
the risk of alienating your user base pretty quickly.

[1] [http://ubuntu.5.x6.nabble.com/RFC-AUFS-disabled-
for-12-04-td...](http://ubuntu.5.x6.nabble.com/RFC-AUFS-disabled-
for-12-04-td4532153.html)

[2]
[https://github.com/dotcloud/docker/issues/172](https://github.com/dotcloud/docker/issues/172)

~~~
eikenberry
I was talking about why Ubuntu was dropping AUFS, not why docker was. I've
been following the UnionFS area in Linux for awhile now and AUFS still seems
to be the only viable option. So I was asking to find out if Ubuntu expects
one of the alternatives to be ready soon.

~~~
shykes
Speaking as a dotCloud employee: yes, it's also our opinion that aufs is still
the most viable option in a production setting. Finding a permanent solution
to the clusterfuck of union filesystems in linux seems as likely as peace in
the middle-east: those with a viable solution are powerless to impose it;
those who could change the status quo seem paralyzed by bias, personal feuds
or simply having other fish to fry. Meanwhile the rest of the World has thrown
their hands up and stopped waiting. Aufs works in production, moving on.

Speaking as a Docker maintainer: we'll add support for whatever our users want
most, and makes it easy to run docker everywhere.

~~~
tacticus
Perhaps something like btrfs could work.

By creating your base image in a subvol or individual file you can then
snapshot that and mount the snapshot into the container?

additionally it lets you piggy back on the stuff that inktank and openstack
are doing with ceph and btrfs

distributed storage with cow images for VMs for your container servers

~~~
shykes
btrfs is one of the alternatives we plan on supporting. In fact there is
already an experimental branch with btrfs support.

However, wearing my user / operator hat, if I had to choose I would stick to
aufs in production. If I had to switch (and the apparently stupid move by
ubuntu to drop it might indeed force me to), I would first try to use more
proven code, like lvm or raid/dm.

btrfs and overlayfs are neat, promising technology for the future - that place
where our production deployments can't go :)

------
shykes
Hi everybody, this is quite a monster of a release: 378 commits by 40
different people :)

Here's the full release pull request if you're interested:
[https://github.com/dotcloud/docker/pull/1628](https://github.com/dotcloud/docker/pull/1628)

~~~
nacs
I've been meaning to try this for a while now but the release of your new
Ubuntu repo (as opposed to PPA, details here for other Ubuntu users:
[http://docs.docker.io/en/latest/installation/ubuntulinux/](http://docs.docker.io/en/latest/installation/ubuntulinux/)
) has convinced me to finally install.

Congrats on the release. Love how fast the docker team is updating.

~~~
shykes
Thanks!

Out of curiosity, what's your reasoning for preferring a custom repo instead
of a PPA?

------
timClicks
Can anyone point to an evaluation of the various orchestration/wiring tools
mentioned in the post, e.g. "Orchestra, Shipper, Deis, Pipeworks, etc"?

~~~
nickstinemates
I haven't seen one, Tim, but I'd love to see it. Will you volunteer? :)

~~~
timClicks
Added to weekend projects list. ETA mid-October.

------
johnpmayer
It's worth pointing out that there's now a digitalocean pre-configured image
with Docker.

~~~
nickstinemates
This is so cool. I'll be picking one up.

------
contingencies
Given the recent thread I'm interested in what the security updates were given
that the word security doesn't occur in the changelog. Can someone closer to
the source please explain?

~~~
nickstinemates
From the blog post:

> We have tightened Docker’s default access control configuration, to make it
> more suitable for use on a host machine shared with untrusted applications.
> Running docker commands now requires either root privileges, or a user
> account included in the “docker” group.

> This means that after upgrading to 0.6, you will need sudo to run docker
> commands.

> Don’t worry, you can revert your configuration with the “-H” flag. Just make
> sure you understand the security implications!

