Docker’s containerised kit for building Linux distros
19 April 2017 | 0
Since its beginning, Docker has been created by synthesising elements in Linux and repackaging them in useful ways. Docker’s next trick is the reverse: using container elements to synthesise distributions of Linux.
Docker has now unveiled LinuxKit and the Moby Project, a pair of projects that are intended to allow operating system vendors, DIYers, and cutting-edge software creators to create container-native OSes and container-based systems.
LinuxKit, which Docker has been using internally to create Docker Desktop and Cloud, uses containers as a building block for assembling custom Linux distributions. It provides a minimal system image—35MB at its absolute smallest—with all its system daemons containerised. Both system components and the software it ships with are delivered in containers.
In fact, the only way to run software in LinuxKit is in containers. That design decision is meant to reduce the attack surface of the system and make it easier to replace any software affected by security issues.
Docker’s intended audience is those building “major products that require Linux as a base,” David Messina, Docker’s senior vice president of marketing and community, said in a phone call.
One fairly stock use case for LinuxKit is the internet of things. Linux systems for IoT need to be both compact and secure, and other Linux vendors have rolled out similar projects: Canonical with Ubuntu Core, Suse with JeOS.
Patrick Chanezon, chief developer advocate for Docker, cited a number of big industrial companies trying to build Linux-based IoT solutions that were frustrated by existing solutions and are eyeing LinuxKit as a possibility.
But Chanezon and Messina both noted that LinuxKit is not intended solely for high-end, industrial use cases. It’s also meant to appeal to individual power users of Gentoo, Linux From Scratch, or Slackware, who roll customised distros and deploy them to exotic hardware devices. “It’s flexible and easy enough to have a hobbyist use it as well,” said Messina.
At DockerCon 2017, John Gossman, Azure Architect at Microsoft, described a LinuxKit use case on Azure. Hyper-V isolation, normally only available for Windows containers, is now offered for Linux containers as well. User have their choice of Linux kernels; LinuxKit will be offered as one of those options.
Then there’s the Moby Project, which is to the container ecosystem what LinuxKit is to Linux distributions: a way to build customised container systems.
Moby is intended to be a collaborative project for container ecosystem users, where anyone who has a component in the ecosystem—a runtime here, an orchestration framework there—can share components and expertise.
The project provides three elements: a tooling framework for assembling, experimenting with, and testing systems; a library of around 80 containerised components; and a “reference blueprint” or set of details on how to assemble a system from those pieces.
Some of those pieces are common components used in both containerised app stacks and in the Linux distributions, such as Redis or Nginx, used to build these stacks. Others are pieces that Docker has donated to the community at large over the last several months, such as containerd or LinuxKit.
Guidance, not dogma
Moby Project is likely to be used as a way for Docker to share aspects of its internal engineering processes with the rest of the world, much as Google did when it first revealed Kubernetes. Chanezeon said that the upstream core, open source Docker project is assembled from a Moby Project blueprint, as well as from some pieces in the library (such as containerd or swarmkit). Docker wanted to reduce duplication of effort inside its company; Moby theoretically allows others to do the same.
Another possible motive for creating Moby is to give the community working details about components Docker has liberated from its product. Those who might want to use those pieces can turn to working examples, whether from Docker or others.
Docker earned kudos for freeing up key pieces of Docker and placing them under the provenance of a foundation. It further separates Docker as a project from Docker as a company. Moby appears to complement that process, by providing guidance for how those pieces are used in a production environment.
People will be watching to see to what extent guidance is merely guidance, not dogma. With LinuxKit, Docker has taken steps to make it a less Docker-centric project by having several partners as collaborators, chiefly the Linux Foundation but also Microsoft, Intel, Hewlett-Packard Enterprise, and ARM.
Docker emphasises that Moby also is a collaborative effort. Docker is positioning itself as one facilitator among many, with collaborators drawn from a variety of industries (automotive, industrial, and so on). Docker described governance for Moby as “inspired by the Fedora project,” and made clear that any code shared by a dev is not a donation; the owner retains full control.
IDG News Service