Solomon Hykes

Announcing Docker 0.6

Events API, build and registry improvements, expert mode, security updates, and more.

Notice:

If you are currently using the Ubuntu PPA to install docker you will need to modify your APT sources in order to upgrade to docker 0.6.0.  Please visit http://docs.docker.io/en/latest/installation/ubuntulinux/  for the new repository information.

Dear Dockers,

Wow, we have quite a release for you today. Since the last release just one month ago, the project has received 378 commits by 40 different contributors! In addition to boatloads of usability improvements and bugfixes, 0.6 introduces a websockets events api, upgrades to the Dockerfile syntax, a major improvement of the registry download and upload protocol, tighter security and access control, an “expert mode” for advanced usage scenarios, and much more. You can see the full changelog here.

We hope you like it.

Solomon & the Docker team

Content

What is Docker?

Docker is a open-source application container engine. It gives developers a way to package their app and all its dependencies into a portable container which can be deployed on any modern Linux machine, virtualized or not. Containers are completely sandboxed and do not interfere with each other (think “iPhone apps for the server”), have virtually no performance overhead, and can easily be moved across machines and datacenters. Best of all, they don’t depend on any language, framework or packaging system.

0.6 summary

Community Changes

We switched to a new Twitter handle: @docker.
And we changed the Google Group name: docker-club is now docker-user.
And there is now a new development-focused group: docker-dev.

New ways to install docker

Starting with docker 0.6 we have improved our build and release tooling to provide a new APT repository and support for nightly builds of docker.  You can still download the latest builds from https://get.docker.io.

If you are a current user of the Ubuntu PPA or would like to install docker via APT you will need to visit http://docs.docker.io/en/latest/installation/ubuntulinux/ to upgrade your APT sources.  We have deprecated support for the Ubuntu PPA in favor of our own repository.  This will allow us to provide quicker releases as well as nightly builds.

If you like to contribute live on the edge and want to by running the nightly build of docker you can visit https://test.docker.io  and https://test.docker.io/ubuntu/info for the latest builds.

Websockets support

Thanks to Benoit Chesneau, the Docker remote API now exposes a live feed of events, which you can use to notify your program in real time of the creation new containers, the starting and stopping of processes, and so on.

Thanks to the team at @RainforestQA for contributing websocket support for the attach API endpoint. With this, Shipyard has introduced an awesome feature allowing remote attach of your Docker containers.

YUpN9QpK16nMI8KIRrWL69uVstTDJkCQYwG-8_w_0ZwZGqT1DrYv2D7fKItWJIGE2ljF8vaUv2Flt4BHOrOsr6Z6ZZJ4BtdvYS0kXCC9SJ7IpSYGRBtv0u6U

Advanced usage features

The new -lxc-conf flag allows you to customize the lxc configuration of your docker containers. This can be used for selective access to certain device files, fine-grained resource control, cpu affinity, etc. Docker’s default configuration handles most use cases while preserving healthy security defaults and portability… but if you know what you’re doing and need to tweak a few knobs… this option is for you!

Additionally, containers needing extended privileges can now use the -privileged flag in the docker run command. This flag will grant full device access to the container, as well as all available kernel capabilities. This, in turn, enables FUSE (which was required at install-time for OpenJDK and LibreOffice in some distros), KVM, GPU access, and many more.

Security and access control

We have tightened Docker’s default access control configuration, to make it more suitable for use on a host machine shared with untrusted applications. Running docker commands now requires either root privileges, or a user account included in the “docker” group.

This means that after upgrading to 0.6, you will need sudo to run docker commands.

Don’t worry, you can revert your configuration with the “-H” flag. Just make sure you understand the security implications!

Index and Registry changes

We have made several major improvements to how docker communicates with the registry, which would make the experience of downloading and uploading images much smoother – especially if you use a private registry.

First, we have upgraded the checksum system used to verify the integrity of images during transfer. Thanks to this smarter checksum, the image can be packaged and compressed on-the-fly and streamed directly to the registry, without needing to cache it in advance. As a result, image creation now consumes less cpu and less disk space. This also solves the annoying “checksum mismatch” error that sometimes occurs when you upload the same image to several registries.

Second, we have also improved authentication to support for sending different credentials to different registries. That means you can now customize the authentication scheme of your private registry, and the docker client will support it out of the box.

Third, we have implemented parallel download of layers, so images made of several small layers will download significantly faster.

Usability improvements and bugfixes

This release includes all sorts of improvements – we’re including a small list here, but there’s more in the Changelog!

A new command docker cp allows you to extract files and folders from containers.

The handling of volumes has been improved so that the -v and -volumes-from flags play better with each other.

The display logic has been improved so that images are sorted in a more intuitive way when listing them.

There is now a bash completion script for docker commands! Thanks to Kawsar Saiyeed and Felix Bünemann for their contribution.

“docker run” now plays more nicely with process supervisors, by handling SIGINT and SIGTERM. Thanks @unclejack.

The interaction between the ENTRYPOINT and CMD commands has been improved.

Improved registry support

  • New checksum system. No more “checksum mismatch” error!
  • No more pre-caching of images means less disk and cpu usage
  • Parallel push means faster downloads!
  • Support for authenticating on multiple registries

Improved build

We have extended the Dockerfile syntax with several useful commands, and fixed issues with the build command:

  • USER instruction in Dockerfile
  • WORKDIR instruction in Dockerfile
  • Edge cases in the handling of environment variables have been fixed
  • The caching of build steps can be disabled with a command-line flag

Documentation updates

The documentation now features a FAQ entry explaining the differences between Docker and raw lxc, as well as more examples.

What’s next?

Container wiring and service discovery

In its current version, docker doesn’t make it very easy to manipulate multiple containers as a cohesive group (ie. orchestration), and it doesn’t make it seamless for containers to connect to each other as network services (ie. wiring).

To achieve wiring and orchestration with docker today, you need to write glue scripts yourself, or use one several companion tools available, like Orchestra, Shipper, Deis, Pipeworks, etc.

We want the Docker API to support orchestration and wiring natively, so that these tools can cleanly and seamlessly integrate into the Docker user experience, and remain interoperable with each other.

Better integration with process supervisors

For docker to be fully usable in production, it needs to cleanly integrate with the host machine’s process supervisor of choice. Whether it’s sysV-init, upstart, systemd, runit or supervisord, we want to make sure docker plays nice with your existing system. This will be a major focus of the 0.7 release.

Plugin API

We want Docker to run everywhere, and to integrate with every devops tool. Those are ambitious goals, and the only way to reach them is with the Docker community. For the community to participate fully, we need an API which allows Docker to be deeply and easily customized.

We are working on a plugin API which will make Docker very, very customization-friendly. We believe it will facilitate the integrations listed above – and many more we didn’t even think about.

Broader kernel support

Our goal is to make Docker run everywhere, but currently Docker requires Linux version 3.8 or higher with lxc and aufs support. If you’re deploying new machines for the purpose of running Docker, this is a fairly easy requirement to meet. However, if you’re adding Docker to an existing deployment, you may not have the flexibility to update and patch the kernel.

Expanding Docker’s kernel support is a priority. This includes running on older kernel versions, but also on kernels with no AUFS support, or with incomplete lxc capabilities.

Cross-architecture support

Our goal is to make Docker run everywhere. However currently Docker only runs on x86_64 systems. We plan on expanding architecture support, so that Docker containers can be created and used on more architectures.

Production-ready

Docker is still beta software, and not suited for production. We are working hard to get there, and we are confident that it will be possible within a few months. Stay tuned for a more detailed roadmap soon.

How you can help

Contribute! Docker is growing faster than we can keep up! We are looking for volunteers to help improve the various components of the project – everything from documentation, packaging, project infrastructure to plugins and core components. Check out the contribution guidelines as a start.

Make screencasts and articles. If you do anything cool and useful with docker, record a screencast and tell us about it! This could be dockerizing an application, installing it in a specific environment, cool usage tricks, etc. We recommend ascii.io, it’s insanely easy to use.

Dockerize your favorite tools. Docker plays well with other tools in the devops toolbox. Got a tool you want to integrate with Docker? Create a github issue and we’ll help you out.

Join the conversation. There are insane volumes of interesting conversations going on on irc (#docker@freenode), twitter  and the google group. Whether you have a beginner question or want to discuss a point of design, never hesitate to speak up!

And of course all the usual ways of spreading the word – tweets, github follows, etc. etc. are always welcome.

Hack day on October 1st

The next Docker hack day is on Tuesday, October 1st at the dotCloud HQ in San Francisco. RSVP now

, , ,

Solomon Hykes

Announcing Docker 0.6


4 Responses to “Announcing Docker 0.6”

  1. Aaron

    The instructions did not include the installation of the public key. Do you happen to have this?

    Reply
  2. Russell Smith

    Docker Terminal was awesome to do – made possible only by Benoit and the other contributors! If you ever want to get console access in a browser, this is your ticket!

    Reply
  3. Tom Bortels

    Awesome work! The PPT and nightly builds are especially welcome to me, but it’s all good – thank you to everyone who contributed.

    Two minor nits – first, the screenshot of Shipyard is too small to read. I guess I’ll have to go run Shipyard myself to take a look. 🙂

    Second, “… or use one several companion tools available, like Orchestra, Shipper, Deis, Pipeworks, etc.” – Holy Moly! I’d heard of Deis, but the other three were new to me, and only Pipeworks was easy to google (it’s pretty darn cool, incidentally). The others are hard to find – turns out you have an unfortunate namespace collision with PANTS (that often have a shipper). Couldn’t find Orchestra at all. Can we get some links to these packages? Or, maybe better, a page somewhere that lists and summarizes docker-related projects, with links?

    Anyway – minor quibbles, awesome release. Thank you.

    Reply

Leave a Reply to Russell Smith

Click here to cancel reply.

Get the Latest Docker News by Email

Docker Weekly is a newsletter with the latest content on Docker and the agenda for the upcoming weeks.