Docker Releases Version 0.9 With Major Improvements
I love Docker, it's a fantastic concept, and so far the execution and progress of the project has been flawless. I also love FreeBSD; FreeBSD is a clean and powerful system with advanced features like Dtrace, ZFS, and Jails. Combine the two and it sounds better than chocolate and peanut butter. With the recent version 0.9 release, Docker announced the infrastructure support to glue the two together, along with KVM, OpenVZ, Solaris Zones, and nearly any other environment for application isolation through an execution driver API.
The execution driver API support allows third parties to extend Docker to customize the environment of the container Docker builds. From what I can tell, the FreeBSD execution driver hasn't been built yet, but I imagine it is not too far away. I envision that the (admittedly imaginary) FreeBSD driver would also take advantage of ZFS and the ability to create snapshots, clones, and the other ZFS goodness. The Docker FreeBSD driver could take the setup and possible complexity out of building and releasing FreeBSD Jails, opening up powerful technology to a wider audience.
Docker also announced that they are using the new API to introduce their own execution driver as a replacement for LXC: libcontainer.
Thanks to libcontainer, Docker out of the box can now manipulate namespaces, control groups, capabilities, apparmor profiles, network interfaces and firewalling rules – all in a consistent and predictable way, and without depending on LXC or any other userland package. This drastically reduces the number of moving parts, and insulates Docker from the side-effects introduced across versions and distributions of LXC.
The Docker team is so impressed with libcontainer that they no longer require LXC, and now default to using libcontainer. An interesting side note is that the libcontainer project is written in Go, which should make it very fast, and easy to maintain.
The promise of Docker is more than knowing that the libraries you test with are the same ones in production. Docker represents a fundamental shift in how the datacenter is managed, potentially as big a change as virtualization was a few years back. Virtualization allows us to abstract the hardware away from the operating system, and to load up the hardware with more workload than it was capable of with bare metal deployments. Docker uses the containers concept to go one step higher and abstract away the operating system as well. The entire system is focused solely on providing the application the resources it needs as efficiently as possible, coupled with an easy to build and deploy operating environment. This means things like change control, patching, and code deployment all become the same thing. It also means that instead of building and monitoring hundreds or thousands of virtual machines, the management overhead is limited to the number of hardware servers under your control, vastly simplifying systems administration.
The march towards Docker 1.0 continues, and 0.9 is a milestone worth your attention. These are fascinating times to be working in the systems field.