SHA256
1
0
forked from pool/docker

Accepting request 244864 from Virtualization

Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/244864
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=3
This commit is contained in:
Ludwig Nussel 2014-08-16 13:38:01 +00:00 committed by Git OBS Bridge
parent d6b7df5719
commit 79162f7c36
5 changed files with 233 additions and 8 deletions

209
README_SUSE.md Normal file
View File

@ -0,0 +1,209 @@
# Abstract
Docker is a lightweight "virtualization" method to run multiple virtual units
(containers, akin to “chroot”) simultaneously on a single control host.
Containers are isolated with Kernel Control Groups (cgroups) and Kernel Namespaces.
Docker provides an operating system-level virtualization where the Kernel
controls the isolated containers. With other full virtualization solutions
like Xen, KVM, or libvirt the processor simulates a complete hardware
environment and controls its virtual machines.
# Terminology
## chroot
A change root (chroot, or change root jail) is a section in the file system
which is isolated from the rest of the file system. For this purpose, the chroot
command is used to change the root of the file system. A program which is
executed in such a “chroot jail” cannot access files outside the designated
directory tree.
## cgroups
Kernel Control Groups (commonly referred to as just “cgroups”) are a Kernel
feature that allows aggregating or partitioning tasks (processes) and all their
children into hierarchical organized groups to isolate resources.
## Image
A "virtual machine" on the host server that can run any Linux system, for
example openSUSE, SUSE Linux Enterprise Desktop, or SUSE Linux Enterprise Server.
A Docker image is made by a series of layers built one over the other. Each layer
corresponds to a permanent change committed from a container to the image.
For more details checkout [Docker's official documentation](http://docs.docker.com/terms/image/).
## Image Name
A name that refers to an image. The name is used by the docker commands.
## Container
A running Docker Image.
## Container ID
A ID that refers to a container. The ID is used by the docker commands.
## TAG
A string associated to a Image. It commonly used to identify a specific version
of a Image (like tags in version control systems). It is also possible to refer
the same Image with different TAGs.
## Kernel Namespaces
A Kernel feature to isolate some resources like network, users, and others for
a group of processes.
## Docker Host Server
The system that runs the Docker daemon, provides the images, and the management
control capabilities through cgroups.
# Overview
Docker is a platform that allows developers and sysadmins to manage the complete
lifecycle of images.
Docker makes incredibly easy to build, ship and run images containing
applications.
Benefits of Docker:
* Isolating applications and operating systems through containers.
* Providing nearly native performance as Docker manages allocation of resources
in real-time.
* Controlling network interfaces and applying resources inside containers through cgroups.
* Versioning of images.
* Building images based on existing ones.
* Sharining/storing on [public](http://docs.docker.com/docker-hub/) or
[private](http://docs.docker.com/userguide/dockerrepos/#private-repositories)
repositories.
Limitations of Docker:
* All Docker containers are running inside the host system's Kernel and not with
a different Kernel.
* Only allows Linux "guest" operating systems.
* Docker is not a full virtualization stack like Xen, KVM, or libvirt.
* Security depends on the host system. Refer to the [official documentation](http://docs.docker.com/articles/security/)
for more details.
## Container drivers
Docker has different backend drivers to handle the containers. The recommended
on is [libcontainer](https://github.com/docker/libcontainer), which is also the
default choice. This driver provides direct access with cgroups.
The Docker packages ships also a LXC driver which handles containers using the
LXC tools.
At the time of writing, upstream is working on a `libvirt-lxc` driver.
## Storage drivers
Docker images are made by series of stacked layers. The recommended driver is
DeviceMapper one, which is also the default choice.
The Docker packages ships also an experimental BTRFS driver. To use this driver
Docker daemon must run on a BTRFS partition already prepared by the host system.
To use the experimental BTRFS driver the Docker daemon must be started with this
command:
```
docker -d -s btrfs
```
# Setting up a Docker host
Prepare the host:
1. Install the `docker` package.
2. Automatically start the Docker daemon at boot:
`sudo systemctl enable docker`
3. Start the Docker daemon:
`sudo systemctl start docker`
The Docker daemon listens on a local socket which is accessible only by the `root`
user and by the members of the `docker` group.
The `docker` group is automatically created at package installation time. To
allow a certain user to connect to the local Docker daemon use the following
command:
```
sudo /usr/sbin/usermod -aG docker <username>
```
The user will be able to communicate with the local Docker daemon upon his next
login.
## Networking
If you want your containers to be able to access the external network you must
enable the `net.ipv4.ip_forward` rule.
This can be done using YaST by browsing to the
`Network Devices -> Network Settings -> Routing` menu and ensuring that the
`Enable IPv4 Forwarding` box is checked.
This option cannot be changed when networking is handled by the Network Manager.
In such cases the `/etc/sysconfig/SuSEfirewall2` file needs to be edited by
hand to ensure the `FW_ROUTE` flag is set to `yes` like so:
```
FW_ROUTE="yes"
```
# Basic Docker operations
Images can be pulled from [Docker's central index](http://index.docker.io) using
the following command:
```
docker pull <image name>
```
Containers can be started using the `docker run` command.
Please refer to the [official documentation](http://docs.docker.com/)
for more details.
# Building Docker containers using KIWI
Starting from version 5.06.8 KIWI can be used to build Docker images.
Please refer to KIWI's [official documentation](https://doc.opensuse.org/projects/kiwi/doc/#chap.lxc).
The official `kiwi-doc` package contains examples of Docker images.
## Docker build system versus KIWI
Docker has an [internal build system](http://docs.docker.com/reference/builder/)
which makes incredibly easy to create new images based on existing ones.
Some users might be confused about what to use. The right approach is to build
the [base images](http://docs.docker.com/terms/image/#base-image-def) using KIWI
and then use them as foundation blocks inside of your Docker's build system.
That two advantages:
1. Be able to use docker specific directives (like `ENTRYPOINT`, `EXPOSE`, ...).
2. Be able to reuse already existing layers.
Sharing the common layers between different images makes possible to:
* Use less disk space on the Docker hosts.
* Make the deployments faster: only the requested layers are sent over the
network (it is like upgrading installed packages using delta rpms).
* Take full advantage of caching while building Docker images: this will result
in faster executions of `docker build` command.
To recap: KIWI is not to be intended as a replacement for Docker's build system.
It rather complements with it.

View File

@ -1,3 +1,24 @@
-------------------------------------------------------------------
Fri Aug 8 15:31:41 UTC 2014 - fcastelli@suse.com
- Final changes to README_SUSE.md
-------------------------------------------------------------------
Fri Aug 8 10:28:48 UTC 2014 - fcastelli@suse.com
- Added other small fixes to README_SUSE.md
-------------------------------------------------------------------
Thu Aug 7 14:06:30 UTC 2014 - fcastelli@suse.com
- Small improvements to README_SUSE.md
-------------------------------------------------------------------
Thu Aug 7 13:29:30 UTC 2014 - fcastelli@suse.com
- Removed useless sysctl rule.
- Added README_SUSE.md
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jul 25 06:17:04 UTC 2014 - fcastelli@suse.com Fri Jul 25 06:17:04 UTC 2014 - fcastelli@suse.com

View File

@ -7,7 +7,6 @@ After=multi-user.target
Type=simple Type=simple
EnvironmentFile=/etc/sysconfig/docker EnvironmentFile=/etc/sysconfig/docker
ExecStart=/usr/bin/docker -d $DOCKER_OPTS ExecStart=/usr/bin/docker -d $DOCKER_OPTS
ExecStartPre=/usr/sbin/sysctl -p /etc/sysctl.d/200-docker.conf
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View File

@ -27,11 +27,11 @@ Group: System/Management
Url: http://www.docker.io Url: http://www.docker.io
Source: %{name}-%{version}.tar.bz2 Source: %{name}-%{version}.tar.bz2
Source1: docker.service Source1: docker.service
Source2: sysctl-docker.conf
Source3: 80-docker.rules Source3: 80-docker.rules
Source4: sysconfig.docker Source4: sysconfig.docker
Source5: docker.socket Source5: docker.socket
Source6: docker-rpmlintrc Source6: docker-rpmlintrc
Source7: README_SUSE.md
Patch0: 0002-Stripped-dockerinit-binary.patch Patch0: 0002-Stripped-dockerinit-binary.patch
BuildRequires: bash-completion BuildRequires: bash-completion
BuildRequires: device-mapper-devel >= 1.2.68 BuildRequires: device-mapper-devel >= 1.2.68
@ -91,6 +91,7 @@ Zsh command line completion support for %{name}.
%prep %prep
%setup -q -n docker %setup -q -n docker
%patch0 -p1 %patch0 -p1
cp %{SOURCE7} .
%build %build
%{go_disable_brp_strip_static_archive} %{go_disable_brp_strip_static_archive}
@ -121,8 +122,6 @@ install -D -m0644 contrib/completion/zsh/_docker "%{buildroot}/etc/zsh_completio
install -D -m 0644 %SOURCE1 %{buildroot}%{_unitdir}/%{name}.service install -D -m 0644 %SOURCE1 %{buildroot}%{_unitdir}/%{name}.service
install -D -m 0644 %SOURCE5 %{buildroot}%{_unitdir}/%{name}.socket install -D -m 0644 %SOURCE5 %{buildroot}%{_unitdir}/%{name}.socket
install -D -m 0644 %SOURCE2 %{buildroot}%{_sysconfdir}/sysctl.d/200-%{name}.conf
# #
# udev rules that prevents dolphin to show all docker devices and slows down # udev rules that prevents dolphin to show all docker devices and slows down
# upstream report https://bugs.kde.org/show_bug.cgi?id=329930 # upstream report https://bugs.kde.org/show_bug.cgi?id=329930
@ -150,9 +149,8 @@ groupadd -r docker 2>/dev/null || :
%files %files
%defattr(-,root,root) %defattr(-,root,root)
%doc README.md LICENSE %doc README.md LICENSE README_SUSE.md
%{_bindir}/docker %{_bindir}/docker
%config %{_sysconfdir}/sysctl.d/200-docker.conf
%{_prefix}/lib/docker/ %{_prefix}/lib/docker/
%{_prefix}/lib/docker/dockerinit %{_prefix}/lib/docker/dockerinit
%{_unitdir}/%{name}.service %{_unitdir}/%{name}.service

View File

@ -1,2 +0,0 @@
# Enable IPv4 forward, required to have working network within the containers
net.ipv4.ip_forward = 1