To my mind, this is the missing answer to "how do I actually use Docker?"
I'm particularly excited by the idea of having a cluster of machines self-configure; normally this is incredibly painful, relying on multicast (not normally available on the cloud) or some ugly hacks (like using S3).
We want to build an environment where you run and manage all of those servers and databases inside of containers and via APIs. Or even better skip the APIs and just add nodes and have something like etcd help you configure it dynamically
But, we needed to get all of the foundations solid and that is where we are today.
I believe philips is saying that CoreOS is still experimenting with and reifying exactly what the layer above containerized applications should be composed of and look like.
Update: what is really interesting is the amount of hype the Docker project created, having no fundamentally new ideas or technological advances, just well-written (we must admit) web pages full of buzzwords.
As a person who ran FreeBSD jail-based virtual hosting in production, I would say that disk and network I/O will be a bottleneck, because either interface does not scale well enough.)
On performance: containerization > virtualization. Containerization is also not just about performance (people are running it in virtualized environments) it's also about contained configurations.
Your tone is unnecessarily belligerent (I could be reading into what you wrote though).
Also - I know people who know people and are pushing for the Docker team to support containerizing FreeBSD jails too. Since the primary work horse right now for Docker is lxc, it should be possible to generalize it enough to include support for FreeBSD jails.
Docker does more than just "jail"; it does for jails what package managers did for programs.
I have tried to make minimalist but compatible system. It doesn't happen. Things like kerberos, sasl, ldap, pam messes everything up. I ended up with almost exactly the "minimum install". Paraphrasing a bit "dependencies! dependencies! dependencies!" and minimal install of Fedora or Ubuntu Server is almost optimal.
Well there's still no usable (web) gui for managing zfs (tell me what you want, but that IS wha is needed to make zfs more popular).
Would a minimal install of [your_server] into kvm give more rough performance than LXC+Docker?
One downside of Docker & LXC is that applications CAN breakout of the "jail" and affect the host machine. The docker guys told me about that fact and that they will work on that in the future.
After all that fizzbuzz, I'm not sure anymore, maybe chef/puppet/ansible or salt would be a much better solution than dealing with bits "manually". Because that would be the Model Driven Approach.
Close to so-called real life notion might be one like this: some guys managed to get funding for an mix of buzzwords they not fully understood themselves, especially an OS design. But after placing Minimum Viable Buzzwords website they got a lot of hype, so, magically, it became a "great idea" a "big thing" being absolutely nothing new and solving no real problems.
There is no problem with installation of packages or tarbals on the same system, through network, on multiple hosts, whatever. As long as it is the same version of the system. There is nothing to fix. It is optimal already and package managers and ports systems doing the job well enough, taking care of dependencies, security updates, restarts, etc.
All the buzz and hype is about people who do does not know and do not want to know how underlying system works, what are the basic ideas, etc. For such guys the promise of a simple interface (they can see it is simple on the site) which requires no thinking or understanding, is, of course, a piece of cake.
This is exactly how we have all the piles upon piles of Java crap. There is no need to think or understand and deployment is easy - just dumb all the shit in the same dir. Now we have all the mess and some smartases talking "JVM optimizations" but forgetting to mention, than a slight change in workload, leave alone the code, will make all their prior assumption invalid. OK, fuck it.
`INSTANCE=$(docker run jonwood/nginx-node) && curl http://127.0.0.1:4001/v1/keys/nginx-nodes/$INSTANCE -d $(docker port $INSTANCE 80)`
You'd then use Etcd's tree listing interface to grab the JSON fragments for each of those NGinx nodes, and configure Varnish or HAProxy or something to hit those backends.
Obviously this isn't anywhere near production ready (for example if one of your NGinx instances goes down there's nothing to remove it from the pool), but so far I'm impressed with what CoreOS is doing.
My plan to solve this was to use Doozer with a small daemon in each agent server which would keep some kind of registry of the services running on the machine. I think that could be relatively lightweight and with the ability to broadcast via watches there could be some kind of action attached to a node being removed and added.
In other words, it does not replace Chef/Puppet. Maybe only for the configuration part, but not for the installation part. You may still want to use Chef/Puppet for creating the container in the first place.
This means that your Docker container doesn't need to run a Chef/Puppet/SSH configuration agent. It will need some sort of "discover my config and configure myself" process running, which would perform much the same role though.
In other words, the container is "smart" and self-assembles. If you need to add more webserver capacity (for scaling), you just launch more webserver containers; they will register themselves with the load balancer and attach to the database.
Of course, building these smart containers is non-trivial, so I'm eager to see some real-world examples.
So, just like Heroku buildpacks, you can create your own, and you can even create one with your app baked in; but most people would end up using an off-the-shelf container.
But this is just my interpretation! Your approach may be better, and it doesn't look like CoreOS will care which way you want to do things!
Also, not quite sure I understand config "inside vs outside" being the big idea. You can easily include Puppet manifests and have Puppet run in standalone mode from within the container with no outside access to config. That's not new.
What I want from something like CoreOS is a stripped-down container host that will host stripped-down app containers. I want to package my app in the most-stripped-down fashion possible and deploy it on this stripped-down container host.
The idea of using Chef/Puppet to deploy an app onto a full-blown install of Ubuntu/CentOS/etc. seems like overkill. There's a lot of superfluous crap on that full install that consumes storage, memory, and CPU resources. Having a full OS also creates more attack vectors. If you were an attacker, would you rather root some Rails app on a full install of Ubuntu, complete with shells, compilers, etc., or a box with only the bare essentials required to run that Rails app?
I suppose that an argument for having a full-OS install is to make it easy for things like Chef/Puppet to update the server in situ. Stripped-down containers could make that unnecessary. Imagine an app container so small that it's easier to just blow away the container and create a new one with the freshest software.
If that's all you want then use Ubuntu Server.
Look at concepts like Puppet's exported resources. The tools to accomplish service discovery have been around (and many of us have been using them) for year. I'm just excited to see the concept finally getting a bit more mindshare via Docker and now CoreOS.
Containers can be thought of as way of packaging an entire runtime environment which is more lightweight and more universally deployable than creating a virtual machine image.
This one slide explains it well: http://www.docker.io/static/img/about/docker_vm.jpg
With something like AUFS (like what docker does) a R/W layer can be placed on top of this allowing the guest container to modify its own files without impacting the underlying shared read only layer.
I'm itching to play with etcd also and hopefully it can gain more momentum than Zookeeper or Doozer did.
Targeting virtualized hardware keeps our testing matrix small right now and makes it easy for people to try it out.
1) Installation: On physical hardware you need to provide a way for people to initially boot and then install the software on disk. Sophisticated people want something they can boot over the network and script. Everyone that is just trying it out wants a GUI; which means you have to build something that finds disks, helps the user partition them and installs the software.
On virtual hardware there is usually no install step: you just get a VM image and run it. This lowers the barrier to people trying something out.
2) Hardware support complexity: Physical hardware has hundreds of different devices that come in thousands of different combinations. Some of it requires 3rd party drivers and custom configuration at boot time. Supporting everything ever made adds a lot of complexity.
I think it is a bit comparable to the complexity that ORMs have of running on top of 20 different databases and still providing a useable interface that doesn't break.
In the virtual hardware space there are only about 4 sets of Kernel drivers that you need to support all of them and they are generally well tested.
3) Test cycles: It is easy to turn on and off virtual machines for testing and the developer feedback loop is tight for even the tricky bits like our boot code (>60s). However, on physical gear it can take 5+ minutes to test out a single iteration because of copying over the new binaries, slow booting disks, etc.
4) Customer debug cycles: Without easy access to the same physical hardware a user has I have to build a debug image, have them install it, then give me the debug output. This cycle can take days.
Something like the Open Compute hardware can reduce a lot of these pain points. Also, in a given year a majority of servers have similar hardware so you can work on a lot of gear with minimal additions if you curate.
You are correct though that SmartOS does not offer container based virtualization of Linux.
So to answer my own question, I guess.. "yes"
(Also: zfsonlinux.org works well)
As an example: with containers you can run a database that needs a CentOS environment on the same physical machine that is running an application server that expects a Debian looking environment. All without the performance hit you would take from VMs.
"Operating system-level virtualization is a server virtualization method where the kernel of an operating system allows for multiple isolated user-space instances, instead of just one. Such instances (often called containers, VEs, VPSs or jails) may look and feel like a real server, from the point of view of its owner. On Unix systems, this technology can be thought of as an advanced implementation of the standard chroot mechanism. In addition to isolation mechanisms, the kernel often provides resource management features to limit the impact of one container's activities on the other containers."
Maybe it needs an extra distinguishing flourish for distinction? Kontainer? Softainer? DContainer?
I think that anyone interested on this should check http://smartos.org/. Coreos and Smartos have many things in common. I don't know if the creators of docker/coreos have tried smartos. I think they should. It's always good to check and learn from similar projects.
Instead of working at the IaaS level for each app, you can have IaaS provide a cluster for containers to run in, and then put up a personal PaaS built out of containers - have more flexibility, spend less money, app folks don't have to worry about infra as much.
And in the case that you're at a scale that you can use real hardware (or a hybrid approach), it's easy to move without the containers having to worry about it.
Also, we are just getting started and didn't want to try and support everything day 0. :)
I would think that this is not that hard to make something similar from any existing distro, with actual build steps, etc.
Ie the "open source way", and not something with probable financial interest.
SDK (roll your own) docs here: http://coreos.com/docs/sdk/
Our EC2 images: http://coreos.com/docs/ec2/
46 repos worth of source here: https://github.com/coreos
The form is mainly to send t-shirts to the people that try it out for us. We do have a profit motive, because we want this project to be sustainable. Similar to Ubuntu and Redhat.
We will have an RSS/Atom feed soon. :)
Really, a Linux version of SmartOS. I really like SmartOS but I like to get as much running in Zones as possible and there would be less friction doing this with a Linux kernel.
CoreOS runs fine on top of Xen, VMWare and KVM today. So, a CoreOS image should boot fine under OpenStack. Send me an email if you want to try running it under a local OpenStack.
I would like to see this distro build its kernel from source for most or every installation.
Sorry if that's a n00b question, I'm still fumbling my way around the (ever-growing) virtualization / devops landscape.
I do remember times when there were essentially two choices - Debian or RH. There was also Suse, but the madness of making everything look like Netware, with standard, classiesc UNIX tools replaced by some home-brew programs with dozens of parameters nobody knew. It died long ago, thank god.
The advantage of Debian was that it was de-facto standard academia linux. Which means more-or-less stable and well tested, while some designs were (and still) lame. apt is such a lousy mess compared to RPM.)
Then the wave of migration from proprietary UNIXes to cheap Linux systems began, and RHEL flourished, being the OS of choice if you wish to run Oracle or Informix (the second was very impressive and still is). RHEL at that time was actively developed, well-tested, and even went through a painful transition to NTPL.
Then good people made CentOS from RHEL's sources and nowadays it is still default choice for some stable, but little bit lagging behind the popular distros Linux (it is still on 2.6.x kernels)
Then was the raise of Ubuntu. Well, it is popular, which almost never mean good.) Nevertheless for the wast majority Linux = Ubuntu. Leaving aside the crazy habit of incorporation of any new shinny crap invented by freedesktop guys, such as various init, management and settings "services" it is quite stable, and well-tested, indeed. Btw, comparing to the glorious days of 2.4 to 2.6 migration, or that NTPL stuff, there are almost no problem with core libraries and tools.
So, does anyone need a new distro? My answer is NO. It is quite easy to reduce CentOS or even Ubuntu (or Fedora, which is also infected by systemd madness) to a minimal and stable set of packages. All you need to do is exclude all Gnome-related stuff with dependencies, keeping image and fonts manipulation libraries, and X11 libs to be able to recompile popular packages.
The key idea here is begin with already many times tested sources, such as CentOS .srpm (got through tests by two separate teams) or Ubuntu's packages, cutting off unnecessary dependencies. Then you will have compatible and well-tested OS for containers or whatever else sales people call the banal para-virtualization.
Setting up your own yum repository is a matter of few hours, Debian packaging is more messy, but manageable. This is what sysadmin's job all about.
Btw, vendors such as Amazon already have done this job, so if you hate system administration (which is a sign that shopping might be a better future ,) just re-use these images - it is much better than some new "core OS".
The so-called "minimal install" of Ubuntu is also fine, and all you need to do is re-compile important packages, such as MySQL the way you like it and place them to your local repo.
There is also alot of room for new types of operating systems. CoreOS seems to be a operating system design that is not present in any other distro that I am aware of, and definantly not stripped down Ubuntu.
Another interesting OS design I am aware of is NixOS, which features a purely functional package management system.
For the typical use cases, the answer is, as always, stick with the tried and tested. However there is still plenty of unexplored space that may be superior for specific domains, and might even become superior (or more likely influence) the common case solution.
The curse of FreeBSD is that so-called Linux vendors doesn't take trouble to support it. There are, for example, no support for Android SDK for FreeBSD, while, being mostly Java-based it is not that difficult. The emulator and driver for debugging seems like a complicated thing, but it is not that complicated.
So, when Google or even Percona will do packaging for you, then one could say that an OS makes some sense.