I've spent the last couple of months working an internship for The Linux Foundation, doing research on new developments and adoption trends in the open source industry. If you have spent any amount of time reading about open source over the last year, you have probably heard about Docker; a lot of people are talking about it these days and the impact it's going to have on virtualization and DevOps.
With new technologies like this, it can often be challenging to filter out the hype and understand the practical implications. Additionally, complex jargon often makes subjects like Linux containers confusing to the layman and limits discussion to those who are deeply knowledgeable on the subject. With this article, I will step back for a moment from the discussion of what Docker can do to focus on how it is changing the Linux landscape.
What is Docker again?
In a nutshell, Docker is an extension of Linux Containers (LXC): a unique kind of lightweight, application-centric virtualization that drastically reduces overhead and makes it easier to deploy software on servers. Solomon Hykes, the founder of Docker, explains this functionality well with his analogy of using standardized shipping containers to ship diverse goods around the globe. Docker allows systems administrators and developers to build applications that can be run on any Linux distribution or hardware in a virtualized sandbox without the need to make custom builds for different environments. These features are attracting a lot of big names and have turned Docker into one of the most successful open source projects of the last year. It seems Docker is here to stay, so what does this mean for Linux?
The many uses of Docker
Red Hat has been at the forefront of Docker adoption and development, with Paul Cormier being one of the biggest advocates for its use. The company has been working closely with Docker since September of last year, and has focused on improving the functionality of Docker on the OpenShift platform. The overall focus has been on using Docker as a tooling mechanism to improve resource management, process isolation, and security in application virtualization. These efforts have culminated with the launch of Project Atomic, a lightweight Linux host specifically tailored to run Linux containers. The focus of this project is to make containers easy to deploy, update, and roll back in an environment that requires far fewer resources than a typical Linux host.
Docker for DevOps
Another major focal point for Docker use is in the DevOps community. Docker has been designed in a way that it can be incorporated into most DevOps applications, including Puppet, Chef, Vagrant, and Ansible, or it can be used on its own to manage development environments. The primary selling point is that it simplifies many of the tasks typically done by these other applications. Specifically, Docker makes it possible to set up local development environments that are exactly like a live server, run multiple development environments from the same host that each have unique software, operating systems, and configurations, test projects on new or different servers, and allow anyone to work on the same project with the exact same settings, regardless of the local host environment. Finally, Docker can eliminate the need for a development team to have the same versions of everything installed on their local machine.
Spotify is working on incorporating Docker into their development work flow. The repeatable nature of Docker images makes it easier for them to standardize their production code and configurations. Their work has led to the creation of Helios, an application that manages Docker deployments across multiple servers and that alerts them when a server isn't running the correct version of a container.
Docker for continuous integration
eBay has focused on incorporating Docker into their continuous integration process to standardize deployment across a distributed network of servers that run as a single cluster. They isolate application dependencies inside containers to address the issue of each server having different software versions, application dependencies, and special hardware. This means the host OS does not need to be the same as the container OS, and their end-goal is to have different hardware and software systems running as a single Mesos cluster.
Docker for the security of a sandbox
Remote Interview develops software for recruiters to test the development skills of job candidates. They released CompileBox, a Docker-based sandbox that can run untrusted code and return the output without risking the host on which the software is running. During the development of CompileBox, the team at Remote Interview considered using Chroot jails, Ideone, and traditional virtual machines, but Docker was selected as the best option. Chroot does not provide the needed level of security, Ideone can quickly become cost-prohibitive, and virtual machines take an exceptionally long time to reboot after they are compromised. Docker was the obvious choice for this application because malicious code that attempts to destroy the system would be limited to the container and containers can be created and destroyed quickly as needed.
The future of Docker
A number of companies and organizations are coming together to bring Docker to desktop applications, a feat that could have wide-ranging impacts on end-users. Microsoft is even jumping on board by bringing Docker to their Azure platform, a development that could potentially make integration of Linux applications with Microsoft products easier than ever before.
Docker 1.0 was released on June 9th, during the first day of Dockercon, and it is considered the first release of Docker stable enough for enterprise use. Along with this launch, a new partnership was announced between Docker and the companies behind libcontainer, creating a unified effort toward making libcontainers the default standard for Linux-based containers. The growth of Docker and Linux containers shows no sign of slowing, and with new businesses jumping on the bandwagon on a regular basis, I expect to see a wealth of new developments over the coming year.