very early review - rocket(coreos)
TRANSCRIPT
Very Early Review - Rocket (App Container runtime)
Dec 3, 2014
by @subicura (Chungsub Kim)
from 2013/06
Alex Polvi
Brandon Philips
Michael Marineau
dockerCoreOS use docker docker contributor
A highly-available key value store standalone
widespread adoption and use outside CoreOS itself
etcd
A Distributed init System
fleetd
OpenSource
CoreOS ❤️ OpenSource
many open source = about 100 github projects
quay.ioSecure hosting for private Docker repositories
client
+ …
new container runtime
composability
Unix philosophy independent and composable
clean integration points
building images running images
uploading downloading
overlay networking all compiled into one monolithic binary running primarily as root on your server
central daemon
docker container -> docker platform
App Container Runtime
rkt - fetch/run/…
actool - build/validation/…
security
isolation crypto
image auditing application identity
docker process model - where everything runs through a central daemon - is “fundamentally flawed”. so rewrite!
unique identity
signing
central daemon
Metadata Server
standard
standard specification proposing a standard
app-container tar/gzip/bzip2/xz/…
The standard container manifesto was removed in docker.
docker spec
App Container Image
discovery
simple golang’s vanity URL convention
without running their own registry alternative protocol
such BitTorrent
simple docker hub
docker registry
App Container Discovery
simple & support alternative protocol
DEMO
$ curl -L https://github.com/coreos/rocket/releases/download/v0.1.0/rocket-v0.1.0.tar.gz -o rocket-v0.1.0.tar.gz$ tar xzvf rocket-v0.1.0.tar.gz$ cd rocket-v0.1.0$ mv rkt /usr/local/bin$ mv actool /usr/local/bin$ rkt help$ actool help
install rocketos ubuntu 14.04.1 id root library sudo apt-get install libseccomp-dev
$ mkdir sample$ cd sample$ mkdir -p rootfs/bin$ cd rootfs/bin$ curl -L https://github.com/subicura/sample-go-server/releases/download/1.0.0/sample-go-server -o sample$ chmod +x sample$ cd ../..$ vi manifest.json$ actool validate manifest.json #manifest.json: valid AppManifest$ actool build --app-manifest manifest.json rootfs sample.aci$ actool validate sample.aci #sample.aci: valid app container image
create ACI
{ "acVersion": "1.0.0", "acKind": "AppManifest", "name": "subicura.com/sample-1.0.0", "os": "linux", "arch": "amd64", "exec": [ "/bin/sample" ], "ports": [ { "name": "www", "protocol": "tcp", "port": 5000 } ], "annotations": { "authors": "Chungsub Kim <[email protected]>" }}
manifest.json
$ mv sample.aci sample.tar # no type returned from DetectFileType issue$ gzip sample.tar -c > sample.aci # use gzip$ rkt run sample.aci
$ curl http://localhost:5000
fly rocket!
$ rkt run https://github.com/subicura/sample-go-server/releases/download/1.0.0/sample.aci
or
$ docker pull coreos/etcd$ mkdir -p etcd/rootfs$ cd etcd$ docker run --name=etcd coreos/etcd$ docker export etcd | sudo tar -x -C rootfs -f -$ docker kill etcd$ docker rm etcd$ vi manifest.json$ actool build --app-manifest manifest.json rootfs etcd.aci$ mv etcd.aci etcd.tar # no type returned from DetectFileType issue$ gzip etcd.tar -c > etcd.aci # use gzip$ rkt run etcd.aci
$ curl http://localhost:4001/version
docker migration???
{ "acVersion": "1.0.0", "acKind": "AppManifest", "name": "coreos.com/etcd", "os": "linux", "arch": "amd64", "exec": [ "/etcd -name node0" ], "ports": [ { "name": "etcdclient", "protocol": "tcp", "port": 4001 }, { "name": "etcdclieetcdraftnt", "protocol": "tcp", "port": 7001 } ], "annotations": { "authors": "Chungsub Kim <[email protected]>" }}
manifest.json
CONTAINER WARS
Github Star
Docker’s response
News
use Docker
use ACI Spec?
Rocket & Docker
Link
• https://github.com/coreos/rocket
• https://coreos.com/blog/rocket/
• http://www.youtube.com/watch?v=U3UmFQbUsN8
• http://blog.docker.com/2014/12/initial-thoughts-on-the-rocket-announcement/
• https://github.com/subicura/sample-go-server
Rocket is rocket?
THANK YOU