1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
Find a file
Tianon Gravi 54a6e6d122 Add CONFIG_OVERLAYFS_FS to check-config.sh
Also, added some slight adjustment to the AUFS_FS output/note to make it more clear what it applies to.

Example output:
```console
$ ./contrib/check-config.sh
info: reading kernel config from /proc/config.gz ...

Generally Necessary:
- cgroup hierarchy: properly mounted [/sys/fs/cgroup]
- CONFIG_NAMESPACES: enabled
- CONFIG_NET_NS: enabled
- CONFIG_PID_NS: enabled
- CONFIG_IPC_NS: enabled
- CONFIG_UTS_NS: enabled
- CONFIG_DEVPTS_MULTIPLE_INSTANCES: enabled
- CONFIG_CGROUPS: enabled
- CONFIG_CGROUP_CPUACCT: enabled
- CONFIG_CGROUP_DEVICE: enabled
- CONFIG_CGROUP_FREEZER: enabled
- CONFIG_CGROUP_SCHED: enabled
- CONFIG_MACVLAN: enabled
- CONFIG_VETH: enabled
- CONFIG_BRIDGE: enabled
- CONFIG_NF_NAT_IPV4: enabled
- CONFIG_IP_NF_FILTER: enabled
- CONFIG_IP_NF_TARGET_MASQUERADE: enabled
- CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled
- CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled
- CONFIG_NF_NAT: enabled
- CONFIG_NF_NAT_NEEDED: enabled

Optional Features:
- CONFIG_MEMCG_SWAP: enabled
- CONFIG_RESOURCE_COUNTERS: enabled
- CONFIG_CGROUP_PERF: missing
- Storage Drivers:
  - "aufs":
    - CONFIG_AUFS_FS: missing
      (note that some kernels include AUFS patches but not the AUFS_FS flag)
    - CONFIG_EXT4_FS_POSIX_ACL: enabled
    - CONFIG_EXT4_FS_SECURITY: enabled
  - "btrfs":
    - CONFIG_BTRFS_FS: enabled
  - "devicemapper":
    - CONFIG_BLK_DEV_DM: enabled
    - CONFIG_DM_THIN_PROVISIONING: enabled
    - CONFIG_EXT4_FS: enabled
    - CONFIG_EXT4_FS_POSIX_ACL: enabled
    - CONFIG_EXT4_FS_SECURITY: enabled
  - "overlayfs":
    - CONFIG_OVERLAYFS_FS: missing
```

Signed-off-by: Andrew Page <admwiggin@gmail.com>
2014-11-18 12:20:49 -07:00
api Merge pull request #8993 from SvenDowideit/make-ps-size-docs-clearer 2014-11-17 17:42:27 -07:00
builder Remove unused sysinfo parameter to runconfig.Parse 2014-11-14 18:20:54 -08:00
builtins Don't hard code true for auth job 2014-10-30 19:41:55 -04:00
contrib Add CONFIG_OVERLAYFS_FS to check-config.sh 2014-11-18 12:20:49 -07:00
daemon Fix for rmi -f when error "no such id". (9056) 2014-11-17 17:04:10 -08:00
docker Merge pull request #8335 from duglin/Issue5198 2014-11-15 10:53:31 -08:00
dockerinit pkg/reexec: move reexec code to a new package 2014-10-30 14:48:30 +02:00
dockerversion Move even more stuff into dockerversion 2014-02-11 17:26:54 -07:00
docs Merge pull request #9189 from satnam6502/docfix 2014-11-18 01:17:48 -05:00
engine fix for iptables cleanup 8307 2014-10-29 10:59:20 -07:00
events Revert "Fix line delimited JSON response" 2014-10-09 13:46:21 -07:00
graph improve error message to print the tag 2014-11-11 22:18:40 +00:00
image Merge pull request #8964 from jlhawn/image_checksum 2014-11-13 18:07:20 -08:00
integration Remove unused sysinfo parameter to runconfig.Parse 2014-11-14 18:20:54 -08:00
integration-cli Merge pull request #9204 from jfrazelle/9056-rmi 2014-11-17 18:08:52 -08:00
links adding support for port ranges on --expose 2014-10-31 23:06:30 +00:00
nat adding support for port ranges on --expose 2014-10-31 23:06:30 +00:00
opts Fix input volume path check on Windows 2014-11-14 18:20:54 -08:00
pkg Merge pull request #8937 from vbatts/vbatts-mount_optional_fields 2014-11-17 18:25:00 -08:00
project Update libcontainer to 28cb5f9dfd6f3352c610a4f1502 2014-11-17 12:16:37 -08:00
registry registry: always treat 127.0.0.1 as insecure for all cases anytime anywhere 2014-11-12 12:14:43 -08:00
runconfig Remove unused sysinfo parameter to runconfig.Parse 2014-11-14 18:20:54 -08:00
trust Remove obsolete comments 2014-11-17 23:27:03 +09:00
utils Extract TreeSize to daemon build 2014-11-14 18:20:53 -08:00
vendor Update libcontainer to 28cb5f9dfd6f3352c610a4f1502 2014-11-17 12:16:37 -08:00
volumes volume: stream JSON & Decode 2014-11-04 16:15:07 +02:00
.dockerignore Add .dockerignore support 2014-06-26 22:49:08 +00:00
.drone.yml Drone Config: Disable integration-cli/docker_cli_exec_test as it breaks. 2014-09-19 15:40:48 -07:00
.gitignore Add windows/(386,amd64) to cross platforms list 2014-11-14 18:20:54 -08:00
.mailmap Fix my email entry so that my current email is first and the old commit email second. 2014-08-12 13:24:42 -07:00
AUTHORS Updated AUTHORS file 2014-08-12 16:19:10 -07:00
CHANGELOG.md Typo in 1.3.1 change log 2014-10-31 08:31:20 +01:00
CONTRIBUTING.md In contribution docs, emphasize that bug reports are appreciated! 2014-11-09 21:41:12 +00:00
Dockerfile Add windows/(386,amd64) to cross platforms list 2014-11-14 18:20:54 -08:00
hack Move 'hack' to the less confusing 'project' 2014-11-09 21:50:28 +00:00
LICENSE Fix boilerplate text in Apache license 2014-03-12 23:39:36 -07:00
MAINTAINERS add @tianon as maintainer of .dockerignore 2014-06-26 22:49:08 +00:00
Makefile Allow a few more DOCKER_* env vars to pass thru Makefile 2014-11-13 11:25:11 -08:00
NOTICE Fixes 3497 2014-01-13 17:12:53 -08:00
README.md Fix 80 char. error 2014-11-10 17:50:12 -08:00
VERSION Change version to 1.3.1-dev 2014-10-30 19:45:07 -04:00

Docker: the Linux container engine

Docker is an open source project to pack, ship and run any application as a lightweight container

Docker containers are both hardware-agnostic and platform-agnostic. This means that they can run anywhere, from your laptop to the largest EC2 compute instance and everything in between - and they don't require that you use a particular language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases and backend services without depending on a particular stack or provider.

Docker is an open-source implementation of the deployment engine which powers dotCloud, a popular Platform-as-a-Service. It benefits directly from the experience accumulated over several years of large-scale operation and support of hundreds of thousands of applications and databases.

Docker L

Security Disclosure

Security is very important to us. If you have any issue regarding security, please disclose the information responsibly by sending an email to security@docker.com and not by creating a github issue.

Better than VMs

A common method for distributing applications and sandboxing their execution is to use virtual machines, or VMs. Typical VM formats are VMWare's vmdk, Oracle Virtualbox's vdi, and Amazon EC2's ami. In theory these formats should allow every developer to automatically package their application into a "machine" for easy distribution and deployment. In practice, that almost never happens, for a few reasons:

  • Size: VMs are very large which makes them impractical to store and transfer.
  • Performance: running VMs consumes significant CPU and memory, which makes them impractical in many scenarios, for example local development of multi-tier applications, and large-scale deployment of cpu and memory-intensive applications on large numbers of machines.
  • Portability: competing VM environments don't play well with each other. Although conversion tools do exist, they are limited and add even more overhead.
  • Hardware-centric: VMs were designed with machine operators in mind, not software developers. As a result, they offer very limited tooling for what developers need most: building, testing and running their software. For example, VMs offer no facilities for application versioning, monitoring, configuration, logging or service discovery.

By contrast, Docker relies on a different sandboxing method known as containerization. Unlike traditional virtualization, containerization takes place at the kernel level. Most modern operating system kernels now support the primitives necessary for containerization, including Linux with openvz, vserver and more recently lxc, Solaris with zones and FreeBSD with Jails.

Docker builds on top of these low-level primitives to offer developers a portable format and runtime environment that solves all 4 problems. Docker containers are small (and their transfer can be optimized with layers), they have basically zero memory and cpu overhead, they are completely portable and are designed from the ground up with an application-centric design.

The best part: because Docker operates at the OS level, it can still be run inside a VM!

Plays well with others

Docker does not require that you buy into a particular programming language, framework, packaging system or configuration language.

Is your application a Unix process? Does it use files, tcp connections, environment variables, standard Unix streams and command-line arguments as inputs and outputs? Then Docker can run it.

Can your application's build be expressed as a sequence of such commands? Then Docker can build it.

Escape dependency hell

A common problem for developers is the difficulty of managing all their application's dependencies in a simple and automated way.

This is usually difficult for several reasons:

  • Cross-platform dependencies. Modern applications often depend on a combination of system libraries and binaries, language-specific packages, framework-specific modules, internal components developed for another project, etc. These dependencies live in different "worlds" and require different tools - these tools typically don't work well with each other, requiring awkward custom integrations.

  • Conflicting dependencies. Different applications may depend on different versions of the same dependency. Packaging tools handle these situations with various degrees of ease - but they all handle them in different and incompatible ways, which again forces the developer to do extra work.

  • Custom dependencies. A developer may need to prepare a custom version of their application's dependency. Some packaging systems can handle custom versions of a dependency, others can't - and all of them handle it differently.

Docker solves dependency hell by giving the developer a simple way to express all their application's dependencies in one place, and streamline the process of assembling them. If this makes you think of XKCD 927, don't worry. Docker doesn't replace your favorite packaging systems. It simply orchestrates their use in a simple and repeatable way. How does it do that? With layers.

Docker defines a build as running a sequence of Unix commands, one after the other, in the same container. Build commands modify the contents of the container (usually by installing new files on the filesystem), the next command modifies it some more, etc. Since each build command inherits the result of the previous commands, the order in which the commands are executed expresses dependencies.

Here's a typical Docker build process:

FROM ubuntu:12.04
RUN apt-get update && apt-get install -y python python-pip curl
RUN curl -sSL https://github.com/shykes/helloflask/archive/master.tar.gz | tar -xzv
RUN cd helloflask-master && pip install -r requirements.txt

Note that Docker doesn't care how dependencies are built - as long as they can be built by running a Unix command in a container.

Getting started

Docker can be installed on your local machine as well as servers - both bare metal and virtualized. It is available as a binary on most modern Linux systems, or as a VM on Windows, Mac and other systems.

We also offer an interactive tutorial for quickly learning the basics of using Docker.

For up-to-date install instructions, see the Docs.

Usage examples

Docker can be used to run short-lived commands, long-running daemons (app servers, databases etc.), interactive shell sessions, etc.

You can find a list of real-world examples in the documentation.

Under the hood

Under the hood, Docker is built on the following components:

Contributing to Docker

GoDoc Build Status

Want to hack on Docker? Awesome! There are instructions to get you started here. If you'd like to contribute to the documentation, please take a look at this README.md.

These instructions are probably not perfect, please let us know if anything feels wrong or incomplete.

Brought to you courtesy of our legal counsel. For more context, please see the Notice document.

Use and transfer of Docker may be subject to certain restrictions by the United States and other governments.
It is your responsibility to ensure that your use and/or transfer does not violate applicable laws.

For more information, please see http://www.bis.doc.gov

Licensing

Docker is licensed under the Apache License, Version 2.0. See LICENSE for full license text.