1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
Find a file
Flavio Crisciani 1c4286bcff
Adding test for docker/docker#8795
When a container was being destroyed was possible to have
flows in conntrack left behind on the host.
If a flow is present into the conntrack table, the packet
processing will skip the POSTROUTING table of iptables and
will use the information in conntrack to do the translation.
For this reason is possible that long lived flows created
towards a container that is destroyed, will actually affect
new flows incoming to the host, creating erroneous conditions
where traffic cannot reach new containers.
The fix takes care of cleaning them up when a container is
destroyed.

The test of this commit is actually reproducing the condition
where an UDP flow is established towards a container that is then
destroyed. The test verifies that the flow established is gone
after the container is destroyed.

Signed-off-by: Flavio Crisciani <flavio.crisciani@docker.com>
2017-04-10 21:31:35 -07:00
.github Update ISSUE_TEMPLATE.md 2016-10-17 11:43:25 +00:00
api Merge pull request #32339 from aluzzardi/selinux 2017-04-08 01:37:17 +02:00
builder Merge pull request #31352 from dnephin/allow-arg-in-fromt 2017-04-10 13:23:40 -04:00
cli Merge pull request #32427 from adshmh/add-unit-tests-to-cli-command-idresolver-package 2017-04-10 12:41:09 -04:00
client use an encrypted client certificate to connect to a docker daemon 2017-04-07 01:50:51 -04:00
cmd Merge pull request #32244 from Microsoft/jjh/panicfix 2017-04-01 20:00:59 +02:00
container Merge pull request #31634 from AkihiroSuda/clarify-env-without-value 2017-03-31 17:34:32 +02:00
contrib Add Ubuntu 17.04 Zesty Zapus 2017-04-07 13:58:44 +02:00
daemon Fix missing Init Binary in docker info output 2017-04-10 16:54:07 +05:30
distribution Merge pull request #31720 from jonjohnsonjr/always-head 2017-03-16 14:39:02 +01:00
dockerversion Move UAStringKey to dockerversion pkg 2016-12-26 18:53:22 -08:00
docs Added word to documentation 2017-04-10 09:14:01 -04:00
experimental updated Readme.md with fixed deadlinks 2017-04-06 12:31:18 +05:45
hack Fix install.sh of get.docker.com for debian-sudo 2017-04-07 05:07:22 +02:00
hooks docs: added support for CLI yaml file generation 2017-03-14 16:04:08 -07:00
image Fixing a typo in spelling 2017-03-30 14:31:45 +05:30
integration-cli Adding test for docker/docker#8795 2017-04-10 21:31:35 -07:00
keys Do not use keyservers to fetch GPG keys for apt 2017-01-07 12:06:52 +00:00
layer modify ID to ChainID to avoid confusing 2017-03-09 16:59:04 +08:00
libcontainerd Wait to delete container when restoring on Windows 2017-03-31 10:59:00 -07:00
man cli: add --mount to docker run 2017-04-05 04:52:08 +00:00
migrate/v1 Use distribution reference 2017-02-07 11:08:37 -08:00
oci oci/namespace: remove unnecessary variable idx 2016-12-22 09:08:43 +08:00
opts api: Remove SecretRequestOption type 2017-03-16 11:20:31 -07:00
pkg Merge pull request #32450 from miaoyq/fixed-a-bug-of-multireader 2017-04-10 11:39:47 -04:00
plugin Add an initial smaller sleep time before net dialing plugin socket. 2017-04-06 11:16:35 -07:00
profiles profiles: seccomp: allow clock_settime when CAP_SYS_TIME is added 2017-03-20 11:05:23 +01:00
project Rename project/CONTRIBUTORS.md -> project/CONTRIBUTING.md 2017-03-15 08:48:27 -04:00
reference reference: handle combination of tag and digest in ImageDelete 2017-02-16 10:48:40 +01:00
registry Validate insecure registry (--insecure-registry) values 2017-02-14 13:13:23 -08:00
restartmanager Adding support for docker max restart time 2017-02-04 03:54:47 +00:00
runconfig Allow user to modify ingress network 2017-03-26 15:46:18 -07:00
vendor Vendoring Libnetwork library 2017-04-10 17:52:16 -07:00
volume Fix panic on error looking up volume driver 2017-04-04 09:22:01 -04:00
.dockerignore [EXPERIMENTAL] Integration Test on Swarm 2017-02-28 02:10:09 +00:00
.gitignore delete generated rpm "changelog" 2017-03-29 18:19:07 +02:00
.mailmap Update Erica in mailmap 2017-03-28 19:55:08 +00:00
AUTHORS Update Erica in mailmap 2017-03-28 19:55:08 +00:00
CHANGELOG.md Merge pull request #32298 from thaJeztah/fix-changelog 2017-04-04 09:45:03 +02:00
CONTRIBUTING.md Update stackoverflow.com install counters 2017-04-09 09:19:06 +02:00
Dockerfile update criu to 2.12.1 2017-04-01 00:54:28 +03:00
Dockerfile.aarch64 Dockerfile: move comments to fix build error 2017-03-16 14:07:31 +02:00
Dockerfile.armhf Seccomp Update 2017-03-07 22:19:46 +00:00
Dockerfile.ppc64le [ppc64le] fix notary vendor link 2017-03-22 17:47:23 -04:00
Dockerfile.s390x Seccomp Update 2017-03-07 22:19:46 +00:00
Dockerfile.simple Seccomp Update 2017-03-07 22:19:46 +00:00
Dockerfile.solaris Add functional support for Docker sub commands on Solaris 2016-11-07 09:06:34 -08:00
Dockerfile.windows update git, hoist powershell setttings to top and use simpler way to get git 2017-02-12 19:27:05 -08:00
LICENSE Update copyright dates 2017-02-24 19:41:59 +00:00
MAINTAINERS Merge pull request #32176 from thaJeztah/add-albers-to-maintainers 2017-03-28 17:29:38 +02:00
Makefile docs: fix Makefile for yaml docs generation 2017-03-29 15:07:16 -07:00
NOTICE Update LICENSE date 2017-02-15 17:34:33 +01:00
poule.yml add ehazlett and johnstep to random_assign 2017-04-02 01:15:19 +02:00
README.md Merge pull request #32055 from FabianLauer/so-counters 2017-04-09 23:05:09 +02:00
ROADMAP.md Header has incorrect punctuation. 2016-12-19 21:38:59 +08:00
vendor.conf Vendoring Libnetwork library 2017-04-10 17:52:16 -07:00
VENDORING.md fix the bare url and the Summary of http://semver.org 2017-01-17 16:20:11 +08:00
VERSION prepare master for the next release 2017-03-14 20:43:33 -07:00

Docker: the container engine Release

Docker is an open source project to pack, ship and run any application as a lightweight container.

Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest cloud compute instance and everything in between - and they don't require you to use a particular language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider.

Docker began as an open-source implementation of the deployment engine which powered dotCloud, a popular Platform-as-a-Service. It benefits directly from the experience accumulated over several years of large-scale operation and support of hundreds of thousands of applications and databases.

Docker logo

Security Disclosure

Security is very important to us. If you have any issue regarding security, please disclose the information responsibly by sending an email to security@docker.com and not by creating a GitHub issue.

Better than VMs

A common method for distributing applications and sandboxing their execution is to use virtual machines, or VMs. Typical VM formats are VMware's vmdk, Oracle VirtualBox's vdi, and Amazon EC2's ami. In theory these formats should allow every developer to automatically package their application into a "machine" for easy distribution and deployment. In practice, that almost never happens, for a few reasons:

  • Size: VMs are very large which makes them impractical to store and transfer.
  • Performance: running VMs consumes significant CPU and memory, which makes them impractical in many scenarios, for example local development of multi-tier applications, and large-scale deployment of cpu and memory-intensive applications on large numbers of machines.
  • Portability: competing VM environments don't play well with each other. Although conversion tools do exist, they are limited and add even more overhead.
  • Hardware-centric: VMs were designed with machine operators in mind, not software developers. As a result, they offer very limited tooling for what developers need most: building, testing and running their software. For example, VMs offer no facilities for application versioning, monitoring, configuration, logging or service discovery.

By contrast, Docker relies on a different sandboxing method known as containerization. Unlike traditional virtualization, containerization takes place at the kernel level. Most modern operating system kernels now support the primitives necessary for containerization, including Linux with openvz, vserver and more recently lxc, Solaris with zones, and FreeBSD with Jails.

Docker builds on top of these low-level primitives to offer developers a portable format and runtime environment that solves all four problems. Docker containers are small (and their transfer can be optimized with layers), they have basically zero memory and cpu overhead, they are completely portable, and are designed from the ground up with an application-centric design.

Perhaps best of all, because Docker operates at the OS level, it can still be run inside a VM!

Plays well with others

Docker does not require you to buy into a particular programming language, framework, packaging system, or configuration language.

Is your application a Unix process? Does it use files, tcp connections, environment variables, standard Unix streams and command-line arguments as inputs and outputs? Then Docker can run it.

Can your application's build be expressed as a sequence of such commands? Then Docker can build it.

Escape dependency hell

A common problem for developers is the difficulty of managing all their application's dependencies in a simple and automated way.

This is usually difficult for several reasons:

  • Cross-platform dependencies. Modern applications often depend on a combination of system libraries and binaries, language-specific packages, framework-specific modules, internal components developed for another project, etc. These dependencies live in different "worlds" and require different tools - these tools typically don't work well with each other, requiring awkward custom integrations.

  • Conflicting dependencies. Different applications may depend on different versions of the same dependency. Packaging tools handle these situations with various degrees of ease - but they all handle them in different and incompatible ways, which again forces the developer to do extra work.

  • Custom dependencies. A developer may need to prepare a custom version of their application's dependency. Some packaging systems can handle custom versions of a dependency, others can't - and all of them handle it differently.

Docker solves the problem of dependency hell by giving developers a simple way to express all their application's dependencies in one place, while streamlining the process of assembling them. If this makes you think of XKCD 927, don't worry. Docker doesn't replace your favorite packaging systems. It simply orchestrates their use in a simple and repeatable way. How does it do that? With layers.

Docker defines a build as running a sequence of Unix commands, one after the other, in the same container. Build commands modify the contents of the container (usually by installing new files on the filesystem), the next command modifies it some more, etc. Since each build command inherits the result of the previous commands, the order in which the commands are executed expresses dependencies.

Here's a typical Docker build process:

FROM ubuntu:12.04
RUN apt-get update && apt-get install -y python python-pip curl
RUN curl -sSL https://github.com/shykes/helloflask/archive/master.tar.gz | tar -xzv
RUN cd helloflask-master && pip install -r requirements.txt

Note that Docker doesn't care how dependencies are built - as long as they can be built by running a Unix command in a container.

Getting started

Docker can be installed either on your computer for building applications or on servers for running them. To get started, check out the installation instructions in the documentation.

Usage examples

Docker can be used to run short-lived commands, long-running daemons (app servers, databases, etc.), interactive shell sessions, etc.

You can find a list of real-world examples in the documentation.

Under the hood

Under the hood, Docker is built on the following components:

Contributing to Docker GoDoc

Master (Linux) Experimental (Linux) Windows FreeBSD
Jenkins Build Status Jenkins Build Status Build Status Build Status

Want to hack on Docker? Awesome! We have instructions to help you get started contributing code or documentation.

These instructions are probably not perfect, please let us know if anything feels wrong or incomplete. Better yet, submit a PR and improve them yourself.

Getting the development builds

Want to run Docker from a master build? You can download master builds at master.dockerproject.org. They are updated with each commit merged into the master branch.

Don't know how to use that super cool new feature in the master build? Check out the master docs at docs.master.dockerproject.org.

How the project is run

Docker is a very, very active project. If you want to learn more about how it is run, or want to get more involved, the best place to start is the project directory.

We are always open to suggestions on process improvements, and are always looking for more maintainers.

Talking to other Docker users and contributors

Internet Relay Chat (IRC)

IRC is a direct line to our most knowledgeable Docker users; we have both the #docker and #docker-dev group on irc.freenode.net. IRC is a rich chat protocol but it can overwhelm new users. You can search our chat archives.

Read our IRC quickstart guide for an easy way to get started.
Docker Community Forums The Docker Engine group is for users of the Docker Engine project.
Google Groups The docker-dev group is for contributors and other people contributing to the Docker project. You can join this group without a Google account by sending an email to docker-dev+subscribe@googlegroups.com. You'll receive a join-request message; simply reply to the message to confirm your subscription.
Twitter You can follow Docker's Twitter feed to get updates on our products. You can also tweet us questions or just share blogs or stories.
Stack Overflow Stack Overflow has thousands of Docker questions listed. We regularly monitor Docker questions and so do many other knowledgeable Docker users.

Brought to you courtesy of our legal counsel. For more context, please see the NOTICE document in this repo.

Use and transfer of Docker may be subject to certain restrictions by the United States and other governments.

It is your responsibility to ensure that your use and/or transfer does not violate applicable laws.

For more information, please see https://www.bis.doc.gov

Licensing

Docker is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.

Other Docker Related Projects

There are a number of projects under development that are based on Docker's core technology. These projects expand the tooling built around the Docker platform to broaden its application and utility.

  • Docker Registry: Registry server for Docker (hosting/delivery of repositories and images)
  • Docker Machine: Machine management for a container-centric world
  • Docker Swarm: A Docker-native clustering system
  • Docker Compose (formerly Fig): Define and run multi-container apps
  • Kitematic: The easiest way to use Docker on Mac and Windows

If you know of another project underway that should be listed here, please help us keep this list up-to-date by submitting a PR.

Awesome-Docker

You can find more projects, tools and articles related to Docker on the awesome-docker list. Add your project there.