MESSAGE
| DATE | 2017-04-25 |
| FROM | Ruben Safir
|
| SUBJECT | Subject: [Hangout of NYLXS] docker updates
|
https://www.nextplatform.com/2017/04/19/docker-completes-platform-diy-linux-kit/
Docker Completes Its Platform With DIY Linux
April 19, 2017 Timothy Prickett Morgan

It all started with a new twist on an old idea, that of a lightweight
software container running inside Linux that would house applications
and make them portable. And now Docker is coming full circle and
completing its eponymous platform by opening up the tools to allow users
to create their own minimalist Linux operating system that is
containerized and modular above the kernel and that only gives
applications precisely what they need to run.
The new LinuxKit is not so much a variant of Linux as a means of
creating them. The toolkit for making Linuxes, which was unveiled at
DockerCon 2017 this week, is derived from containderd, the software
container that Docker donated to the Cloud Native Computing Foundation,
the open source consortium started by Google where its Kubernetes open
source container orchestration system lives. Containerd is a daemon that
runs with either Linux or Windows platforms, and it is an essential
piece of the portability story that makes Docker so compelling to
hyperscalers, cloud builders, enterprises, and HPC centers alike.
Patrick Chanezon, who joined Docker in March 2015 as a member of the
technical staff and who put together the Docker Enterprise Edition that
was announced this March, explains why Docker got into the business of
creating Linux distros and why it is opening up LinuxKit so others can
create their own containerized Linux operating systems.
“Over the past four years, containers have changed all of the major
technology platforms, whether they target the datacenter, the cloud, or
IoT, and this opens up two opportunities,” Chanezon explains. “One is
that with containers, the operating system itself can become more
secure, lean, and portable, and two, to drive the container ecosystem to
the next level and take it mainstream, we need some means of collaborate
on components and share some tooling.”
Docker knows a thing or two about this problem. The Docker runtime is
entirely dependent on Linux, and over the past two years, the company
has expanded out from supporting a few key Linuxes as the foundation of
containers to run on MacOS and Windows 10 on the desktop, Windows Server
on servers, and the virtualized server instances on Amazon Web Services,
Microsoft Azure, and Google Cloud Platform. So Docker, the company, had
to create variants of its stack to run on these platforms and create its
own Linux substrate, tuned for each platform, so Docker would run. The
tool for making these different Linux substrates is now being open
sourced as LinuxKit, and it is basically a minimal, hardened Linux
kernel with all of the operating system services running on top of it
inside of containers.
Every time Docker has done the hard work of abstracting the container
environment a little more, it has helped spur on adoption of the Docker
container platform. Take a look at this pretty chart showing the
exponential growth in the aggregate number of pulls of application
containers on the Docker Hub repository service:

By opening up LinuxKit for any and all to use, Docker will accomplish a
few things. First, it will get help porting Docker to more platforms.
Indeed, it is widely expected that IBM will be announcing support for
Docker containers on its System z mainframes with the intent of
eventually making Docker available natively on Power Systems machines,
presumably running on Linux partitions but perhaps also in conjunction
with its own AIX and IBM i (formerly OS/400) operating systems with a
tiny little Linux substrate shimmed in there.
LinuxKit is being launched under the auspices of the Linux Foundation,
the place where Linux creator Linus Torvalds gets his paycheck and also
where the Xen hypervisor and other key open source projects live. Intel
is in on the effort, and so is ARM Holdings, which controls the ARM
processor instruction set. Microsoft, which runs Linux on its Azure
cloud as a peer to Windows and which runs Docker containers on top of
its Windows Server stack, whether it is in the datacenter or on the
Azure cloud, is also helping steer LinuxKit. Hewlett Packard Enterprise,
still the dominant server maker in the world, is also participating, and
so is IBM.
The minimalist LinuxKit distribution has an ISO that is around 35 MB,
and the typical Linux underpinning Docker Enterprise weighs in at around
100 MB. That bare-bones Linux setup includes the operating system kernel
plus the runc and containerd to run the system services in containers
and then a DHCP server and a random number generator. (Chanezon did not
know offhand what the memory footprint of this entry LinuxKit is or how
it compares to a running Linux instance underneath Docker Enterprise or
any of the other Linux distributions, but that would be neat to know.)
Because this Linux is only designed to run containers, it has a much
smaller attack surface from a security standpoint, not just smaller disk
and memory capacity requirements. This added security through boxing
things off is probably one of the most compelling features of software
containers and was, at a much larger grained level, a key selling point
for virtual machines in the datacenter a decade ago when they were first
taking off on the X86 architecture.
The file system used for the LinuxKit instance is not writable, so you
can’t hack it with malicious code; application data is stored in other
file systems that are mounted from the containers where the code is
running. Not only does Docker want to sandbox the Linux services in
containers to isolate them, but Chanezon says that Linux is too big for
any one person or organization to secure by themselves, so the way to
secure all of the Linux services has to be sandboxed and secured by many
people working side-by-side. Containerization of Linux services like
that enabled by LinuxKit will help break the security job down into
bite-sized pieces while providing a framework for consistency. “We think
Linux is too big for any person to secure, so it has to be a community
approach,” says Chanezon.
While Docker does not expect that many enterprises and HPC shops will
want to build their own Linux instances using LinuxKit, we think that
the idea will take off and that companies will get in the habit of
securing their most sensitive systems and applications by stripping down
to the essentials and containerizing elements of the Linux operating
system, just like Docker itself has done for its dozen different Linux
distros to support all of those platforms.
At DockerCon this week, Docker is also launching a different effort
called the Moby Project, which is a build system for creating a
container service. (LinixKit builds Linux substrates, and Moby lashes a
bunch of other tools to the Docker runtime to turn it into a container
service.) The Moby service is used internally at Docker to build its
platforms, and it is written in the Go programming language like all of
the rest of the Docker stack and, not coincidentally, the Kubernetes
stack. (Google invented Go and ported the container management elements
of its internal Borg container and cluster management tool to Go when it
created Kubernetes.) To seed the Moby Project, Docker is contributing
over 80 components that it has created for its Docker stack. (Of course,
not all Docker elements are open.)
The Moby framework does not require that companies donate their code to
use it, since it is a service, not a program that is redistributed. To
get it rolling, Docker is putting in the instructions for creating the
base Docker Community Edition, which was also launched in March of this
year.
The structure of development at Docker will now look like that set up by
Red Hat in the early days of Linux:

In essence, Moby is the build system that creates Docker Community
Edition, which is akin to Fedora, and Docker Enterprise is derived from
Moby and is akin to Red Hat Enterprise Linux.
Lifting And Shifting
The final bit of interesting news at DockerCon 2017 is that Docker, the
company, is teaming up with HPE, Microsoft, Cisco Systems, and Avanade
to take on the containerization of legacy applications.
Scott Johnston, senior vice president at Docker, tells us exactly what
we expected: Global 2000 customers have somewhere on the order of
thousands to tens of thousands of applications, and across these major
firms, less than 5 percent of the applications have been containerized
so far. While somewhere between 5 percent and 10 percent of the
applications that are being containerized are net-new,
microservices-style applications that everyone is talking about all the
time, the other 90 percent to 95 percent are just lifting and shifting
legacy applications from bare metal or virtual machines to containers.

Incidentally, Oracle is one of those lifters and shifters and announced
at the Docker confab that its eponymous database plus its java
Devlopment Kit, WebLogic application server, HTTP Server, Coherence
caching server, and Instant Client had all been containerized and are
now part of the Docker Store. Oracle has not yet containerized any of
parts of its Fusion application suite, and to our knowledge, SAP has not
containerized its application yet, either. But this seems inevitable.
(The code is no doubt already modular.)
Working with the partners above, Docker has come up with a program
(marketing, not code) to pull legacy applications into containers, and
to do so without changing source code, with a fixed price and statement
of work – and to do it in under five days. Companies have been beta
testing this program for the past several months. Financial services
firm Northern Trust took an internal company address book and servicing
application that was running on a Linux virtual machine and lifted it
onto containers and moved it out to the Azure cloud. The resulting
machine needed half as much compute and memory to run, and new instances
of this application could be deployed four times as fast.
In general, says Johnston, customers who move from bare metal or VMs to
Docker containers can provision, scale, and deploy applications up to 75
percent faster, and those moving from bare metal to containers can save
50 percent on compute and those who are moving from VMs will save around
25 percent. This is a big deal in an IT environment that has spent a
decade doing more with less and now thinks of this as situation normal.
--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com
Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
_______________________________________________
Hangout mailing list
Hangout-at-nylxs.com
http://www.nylxs.com/mailman/listinfo/hangout
|
|
