Docker - the open-source application container engine
Перейти к файлу
Louis Opter 8e49cb453f Merge pull request #1181 from dotcloud/export_portmapping
Export PortMapping in container.go
2013-07-10 14:24:20 -07:00
auth Removed DOCKER_INDEX_URL 2013-07-09 08:10:43 -07:00
contrib More unit test fixes 2013-07-01 17:24:21 -07:00
docker Gofmt -s (simplify) 2013-07-03 14:35:18 -07:00
docs Fix installation link from welcome page. 2013-07-02 16:48:57 -07:00
hack Documented release process for maintainers in hack/RELEASE.md 2013-06-29 22:08:25 -07:00
packaging Merge pull request #987 from dotcloud/601-packaging-ubuntu 2013-07-02 08:51:01 -07:00
registry Hardened repos name validation 2013-07-09 16:46:55 -07:00
term uses the terminal size to display search output, add -notrunc and fix bug in resize 2013-07-08 17:20:13 +00:00
testing testing, issue #775: Add automatic testing notifications to docker-ci 2013-07-04 21:43:46 -07:00
utils Moved parseRepositoryTag to the utils package 2013-07-09 08:06:10 -07:00
.gitignore Cleaning up the welcome page, terminology, and images. 2013-07-02 15:03:29 -07:00
.mailmap Update AUTHORS 2013-06-20 23:29:20 -04:00
AUTHORS Merge branch 'add-daemon-storage-path-param' of https://github.com/heavenlyhash/docker into heavenlyhash-add-daemon-storage-path-param 2013-06-25 13:33:45 +00:00
CHANGELOG.md Rephrase changelog 2013-07-01 17:05:49 -07:00
CONTRIBUTING.md Improved wording of a maintainer's responsibilities 2013-05-28 22:33:48 -06:00
Dockerfile * Hack: standardized docker's build environment in a Dockerfile 2013-07-08 21:30:29 -07:00
FIXME Merge branch 'master' into simpler-build-upload 2013-06-19 18:48:19 -07:00
LICENSE Docker is now licensed under the Apache 2.0 license 2013-02-18 09:56:20 -08:00
MAINTAINERS Make Victor Vieux a core maintainer 2013-05-30 11:31:49 -07:00
Makefile Testing|hack, issue #1009: Update make kack environment 2013-06-24 15:01:51 -07:00
NOTICE Update NOTICE 2013-06-12 15:50:30 -06:00
README.md Replaced gendered language in the README 2013-07-07 13:55:02 +10:00
Vagrantfile Vagrantfile: Add support for VMWare Fusion provider 2013-06-18 06:19:14 +01:00
api.go add remote addr in debug 2013-07-08 12:45:50 +00:00
api_params.go * API: Send all tags on History API call 2013-06-18 10:31:07 -07:00
api_test.go Remove all network dependencies from the test suite 2013-07-08 15:23:04 -07:00
archive.go Fix #1162 - Remove bufio from Untar 2013-07-08 13:42:17 -07:00
archive_test.go Style fixes for fmt + err usage. 2013-07-04 14:33:17 -07:00
builder.go Add Entrypoint to builder and container config 2013-07-01 05:34:27 -09:00
buildfile.go Merge branch 'master' of github.com:dotcloud/docker into standalone_registry 2013-07-09 11:31:14 -07:00
buildfile_test.go Remove all network dependencies from the test suite 2013-07-08 15:23:04 -07:00
changes.go remove TrimLeft as it's go1.1 2013-06-03 17:25:51 +00:00
commands.go Fixing missing tag field when pulling containers which does not exist 2013-07-09 16:45:32 -07:00
commands_test.go Merge pull request #1049 from dotcloud/1040_ignore_stderr_tests-fix 2013-07-09 10:32:24 -07:00
container.go export portmapping in network.go 2013-07-10 14:09:35 +00:00
container_test.go add sleep in tests and go fmt 2013-07-02 10:47:37 +00:00
graph.go fix typo 2013-07-09 10:55:28 +00:00
graph_test.go Fix issue within TestDelete. The archive is now consumed by graph functions 2013-06-18 17:22:32 -07:00
image.go Fix #1162 - Remove bufio from Untar 2013-07-08 13:42:17 -07:00
lxc_template.go Revert #1126. Remove mount shm 2013-07-05 10:47:00 -07:00
mount.go run auplink before unmounting aufs 2013-06-14 21:38:15 +03:00
mount_darwin.go Moved server and client logic into sub-packages docker/server and docker/client, respectively. The UI is not affected. 2013-02-13 17:10:00 -08:00
mount_linux.go go fmt 2013-02-26 17:26:46 -08:00
network.go Add support for UDP (closes #33) 2013-07-09 17:42:35 -07:00
network_proxy.go Add support for UDP (closes #33) 2013-07-09 17:42:35 -07:00
network_proxy_test.go Add support for UDP (closes #33) 2013-07-09 17:42:35 -07:00
network_test.go Add support for UDP (closes #33) 2013-07-09 17:42:35 -07:00
runtime.go Mutex style change. 2013-07-02 15:53:08 -07:00
runtime_test.go Add support for UDP (closes #33) 2013-07-09 17:42:35 -07:00
server.go Fixed potential security issue (never try http on official index when polling the endpoint). Also fixed local repos name when pulling index.docker.io/foo/bar 2013-07-09 11:30:12 -07:00
server_test.go Typo correction: Excepted -> Expected' 2013-07-03 14:35:18 -07:00
state.go Make sure container is not marked as ghost when it starts 2013-07-09 10:48:33 -07:00
sysinit.go Don't remove the container= environment variable, as it is crucial for a lot of tools to detect, whether they're run inside an LXC container or not. 2013-07-02 19:13:37 +02:00
tags.go Fixed tag parsing when the repos name contains both a port and a tag 2013-07-09 16:46:25 -07:00
tags_test.go Implement several golint suggestions, including: 2013-07-03 14:36:04 -07:00
utils.go Merge pull request #1053 from dynport/do-not-copy-hostname-from-image 2013-07-03 10:34:15 -07:00
utils_test.go - Runtime: small bugfixes in external mount-bind integration 2013-06-26 15:26:47 -07:00
z_final_test.go Implement regression test for stdin attach 2013-06-24 18:36:04 -07:00

README.md

Docker: the Linux container engine

Docker is an open-source engine which automates the deployment of applications as highly portable, self-sufficient containers.

Docker containers are both hardware-agnostic and platform-agnostic. This means that they can run anywhere, from your laptop to the largest EC2 compute instance and everything in between - and they don't require that you use a particular language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases and backend services without depending on a particular stack or provider.

Docker is an open-source implementation of the deployment engine which powers dotCloud, a popular Platform-as-a-Service. It benefits directly from the experience accumulated over several years of large-scale operation and support of hundreds of thousands of applications and databases.

Docker L

Better than VMs

A common method for distributing applications and sandbox their execution is to use virtual machines, or VMs. Typical VM formats are VMWare's vmdk, Oracle Virtualbox's vdi, and Amazon EC2's ami. In theory these formats should allow every developer to automatically package their application into a "machine" for easy distribution and deployment. In practice, that almost never happens, for a few reasons:

  • Size: VMs are very large which makes them impractical to store and transfer.
  • Performance: running VMs consumes significant CPU and memory, which makes them impractical in many scenarios, for example local development of multi-tier applications, and large-scale deployment of cpu and memory-intensive applications on large numbers of machines.
  • Portability: competing VM environments don't play well with each other. Although conversion tools do exist, they are limited and add even more overhead.
  • Hardware-centric: VMs were designed with machine operators in mind, not software developers. As a result, they offer very limited tooling for what developers need most: building, testing and running their software. For example, VMs offer no facilities for application versioning, monitoring, configuration, logging or service discovery.

By contrast, Docker relies on a different sandboxing method known as containerization. Unlike traditional virtualization, containerization takes place at the kernel level. Most modern operating system kernels now support the primitives necessary for containerization, including Linux with openvz, vserver and more recently lxc, Solaris with zones and FreeBSD with Jails.

Docker builds on top of these low-level primitives to offer developers a portable format and runtime environment that solves all 4 problems. Docker containers are small (and their transfer can be optimized with layers), they have basically zero memory and cpu overhead, they are completely portable and are designed from the ground up with an application-centric design.

The best part: because docker operates at the OS level, it can still be run inside a VM!

Plays well with others

Docker does not require that you buy into a particular programming language, framework, packaging system or configuration language.

Is your application a unix process? Does it use files, tcp connections, environment variables, standard unix streams and command-line arguments as inputs and outputs? Then docker can run it.

Can your application's build be expressed as a sequence of such commands? Then docker can build it.

Escape dependency hell

A common problem for developers is the difficulty of managing all their application's dependencies in a simple and automated way.

This is usually difficult for several reasons:

  • Cross-platform dependencies. Modern applications often depend on a combination of system libraries and binaries, language-specific packages, framework-specific modules, internal components developed for another project, etc. These dependencies live in different "worlds" and require different tools - these tools typically don't work well with each other, requiring awkward custom integrations.

  • Conflicting dependencies. Different applications may depend on different versions of the same dependency. Packaging tools handle these situations with various degrees of ease - but they all handle them in different and incompatible ways, which again forces the developer to do extra work.

  • Custom dependencies. A developer may need to prepare a custom version of their application's dependency. Some packaging systems can handle custom versions of a dependency, others can't - and all of them handle it differently.

Docker solves dependency hell by giving the developer a simple way to express all their application's dependencies in one place, and streamline the process of assembling them. If this makes you think of XKCD 927, don't worry. Docker doesn't replace your favorite packaging systems. It simply orchestrates their use in a simple and repeatable way. How does it do that? With layers.

Docker defines a build as running a sequence of unix commands, one after the other, in the same container. Build commands modify the contents of the container (usually by installing new files on the filesystem), the next command modifies it some more, etc. Since each build command inherits the result of the previous commands, the order in which the commands are executed expresses dependencies.

Here's a typical docker build process:

from ubuntu:12.10
run apt-get update
run DEBIAN_FRONTEND=noninteractive apt-get install -q -y python
run DEBIAN_FRONTEND=noninteractive apt-get install -q -y python-pip
run pip install django
run DEBIAN_FRONTEND=noninteractive apt-get install -q -y curl
run curl -L https://github.com/shykes/helloflask/archive/master.tar.gz | tar -xzv
run cd helloflask-master && pip install -r requirements.txt

Note that Docker doesn't care how dependencies are built - as long as they can be built by running a unix command in a container.

Install instructions

Quick install on Ubuntu 12.04 and 12.10

curl get.docker.io | sudo sh -x

Binary installs

Docker supports the following binary installation methods. Note that some methods are community contributions and not yet officially supported.

Installing from source

  1. Make sure you have a Go language compiler and git installed.

  2. Checkout the source code

    git clone http://github.com/dotcloud/docker
    
  3. Build the docker binary

    cd docker
    make VERBOSE=1
    sudo cp ./bin/docker /usr/local/bin/docker
    

Usage examples

First run the docker daemon

All the examples assume your machine is running the docker daemon. To run the docker daemon in the background, simply type:

# On a production system you want this running in an init script
sudo docker -d &

Now you can run docker in client mode: all commands will be forwarded to the docker daemon, so the client can run from any account.

# Now you can run docker commands from any account.
docker help

Throwaway shell in a base ubuntu image

docker pull ubuntu:12.10

# Run an interactive shell, allocate a tty, attach stdin and stdout
# To detach the tty without exiting the shell, use the escape sequence Ctrl-p + Ctrl-q
docker run -i -t ubuntu:12.10 /bin/bash

Starting a long-running worker process

# Start a very useful long-running process
JOB=$(docker run -d ubuntu /bin/sh -c "while true; do echo Hello world; sleep 1; done")

# Collect the output of the job so far
docker logs $JOB

# Kill the job
docker kill $JOB

Running an irc bouncer

BOUNCER_ID=$(docker run -d -p 6667 -u irc shykes/znc zncrun $USER $PASSWORD)
echo "Configure your irc client to connect to port $(docker port $BOUNCER_ID 6667) of this machine"

Running Redis

REDIS_ID=$(docker run -d -p 6379 shykes/redis redis-server)
echo "Configure your redis client to connect to port $(docker port $REDIS_ID 6379) of this machine"

Share your own image!

CONTAINER=$(docker run -d ubuntu:12.10 apt-get install -y curl)
docker commit -m "Installed curl" $CONTAINER $USER/betterbase
docker push $USER/betterbase

A list of publicly available images is available here.

Expose a service on a TCP port

# Expose port 4444 of this container, and tell netcat to listen on it
JOB=$(docker run -d -p 4444 base /bin/nc -l -p 4444)

# Which public port is NATed to my container?
PORT=$(docker port $JOB 4444)

# Connect to the public port via the host's public address
# Please note that because of how routing works connecting to localhost or 127.0.0.1 $PORT will not work.
# Replace *eth0* according to your local interface name.
IP=$(ip -o -4 addr list eth0 | perl -n -e 'if (m{inet\s([\d\.]+)\/\d+\s}xms) { print $1 }')
echo hello world | nc $IP $PORT

# Verify that the network connection worked
echo "Daemon received: $(docker logs $JOB)"

Under the hood

Under the hood, Docker is built on the following components:

  • The cgroup and namespacing capabilities of the Linux kernel;

  • AUFS, a powerful union filesystem with copy-on-write capabilities;

  • The Go programming language;

  • lxc, a set of convenience scripts to simplify the creation of linux containers.

Contributing to Docker

Want to hack on Docker? Awesome! There are instructions to get you started on the website: http://docs.docker.io/en/latest/contributing/contributing/

They are probably not perfect, please let us know if anything feels wrong or incomplete.

Note

We also keep the documentation in this repository. The website documentation is generated using sphinx using these sources. Please find it under docs/sources/ and read more about it https://github.com/dotcloud/docker/tree/master/docs/README.md

Please feel free to fix / update the documentation and send us pull requests. More tutorials are also welcome.

Setting up a dev environment

Instructions that have been verified to work on Ubuntu 12.10,

sudo apt-get -y install lxc curl xz-utils golang git

export GOPATH=~/go/
export PATH=$GOPATH/bin:$PATH

mkdir -p $GOPATH/src/github.com/dotcloud
cd $GOPATH/src/github.com/dotcloud
git clone https://github.com/dotcloud/docker.git
cd docker

go get -v github.com/dotcloud/docker/...
go install -v github.com/dotcloud/docker/...

Then run the docker daemon,

sudo $GOPATH/bin/docker -d

Run the go install command (above) to recompile docker.

What is a Standard Container?

Docker defines a unit of software delivery called a Standard Container. The goal of a Standard Container is to encapsulate a software component and all its dependencies in a format that is self-describing and portable, so that any compliant runtime can run it without extra dependencies, regardless of the underlying machine and the contents of the container.

The spec for Standard Containers is currently a work in progress, but it is very straightforward. It mostly defines 1) an image format, 2) a set of standard operations, and 3) an execution environment.

A great analogy for this is the shipping container. Just like how Standard Containers are a fundamental unit of software delivery, shipping containers (http://bricks.argz.com/ins/7823-1/12) are a fundamental unit of physical delivery.

1. STANDARD OPERATIONS

Just like shipping containers, Standard Containers define a set of STANDARD OPERATIONS. Shipping containers can be lifted, stacked, locked, loaded, unloaded and labelled. Similarly, standard containers can be started, stopped, copied, snapshotted, downloaded, uploaded and tagged.

2. CONTENT-AGNOSTIC

Just like shipping containers, Standard Containers are CONTENT-AGNOSTIC: all standard operations have the same effect regardless of the contents. A shipping container will be stacked in exactly the same way whether it contains Vietnamese powder coffee or spare Maserati parts. Similarly, Standard Containers are started or uploaded in the same way whether they contain a postgres database, a php application with its dependencies and application server, or Java build artifacts.

3. INFRASTRUCTURE-AGNOSTIC

Both types of containers are INFRASTRUCTURE-AGNOSTIC: they can be transported to thousands of facilities around the world, and manipulated by a wide variety of equipment. A shipping container can be packed in a factory in Ukraine, transported by truck to the nearest routing center, stacked onto a train, loaded into a German boat by an Australian-built crane, stored in a warehouse at a US facility, etc. Similarly, a standard container can be bundled on my laptop, uploaded to S3, downloaded, run and snapshotted by a build server at Equinix in Virginia, uploaded to 10 staging servers in a home-made Openstack cluster, then sent to 30 production instances across 3 EC2 regions.

4. DESIGNED FOR AUTOMATION

Because they offer the same standard operations regardless of content and infrastructure, Standard Containers, just like their physical counterpart, are extremely well-suited for automation. In fact, you could say automation is their secret weapon.

Many things that once required time-consuming and error-prone human effort can now be programmed. Before shipping containers, a bag of powder coffee was hauled, dragged, dropped, rolled and stacked by 10 different people in 10 different locations by the time it reached its destination. 1 out of 50 disappeared. 1 out of 20 was damaged. The process was slow, inefficient and cost a fortune - and was entirely different depending on the facility and the type of goods.

Similarly, before Standard Containers, by the time a software component ran in production, it had been individually built, configured, bundled, documented, patched, vendored, templated, tweaked and instrumented by 10 different people on 10 different computers. Builds failed, libraries conflicted, mirrors crashed, post-it notes were lost, logs were misplaced, cluster updates were half-broken. The process was slow, inefficient and cost a fortune - and was entirely different depending on the language and infrastructure provider.

5. INDUSTRIAL-GRADE DELIVERY

There are 17 million shipping containers in existence, packed with every physical good imaginable. Every single one of them can be loaded onto the same boats, by the same cranes, in the same facilities, and sent anywhere in the World with incredible efficiency. It is embarrassing to think that a 30 ton shipment of coffee can safely travel half-way across the World in less time than it takes a software team to deliver its code from one datacenter to another sitting 10 miles away.

With Standard Containers we can put an end to that embarrassment, by making INDUSTRIAL-GRADE DELIVERY of software a reality.

Standard Container Specification

(TODO)

Image format

Standard operations

  • Copy
  • Run
  • Stop
  • Wait
  • Commit
  • Attach standard streams
  • List filesystem changes
  • ...

Execution environment

Root filesystem

Environment variables

Process arguments

Networking

Process namespacing

Resource limits

Process monitoring

Logging

Signals

Pseudo-terminal allocation

Security

Transfers of Docker shall be in accordance with applicable export controls of any country and all other applicable legal requirements. Docker shall not be distributed or downloaded to or in Cuba, Iran, North Korea, Sudan or Syria and shall not be distributed or downloaded to any person on the Denied Persons List administered by the U.S. Department of Commerce.