[opensuse-factory] Docker 1.11 Update
Hi all, In the recent Docker 1.11 update, several components of the Docker daemon were split into different parts. The container runtime (runC) and the daemon that manages runC runners (containerd) are separated from the Docker daemon completely. To this end, I've packaged all three components separately -- which means we have to add two packages. runC is the same codebase Docker was using previously, it's just being used in a different form now (a binary rather than actually hooking into the exported functions of libcontainer -- the brains of runC). I'm one of the maintainers of this project and am sure that our users will probably want to use this package by itself (we're working on some killer features in runC that might). runC is backed by the Open Container Initiative (and thus by the Linux Foundation), and is Docker's contribution to the community -- a reference implementation of an OCI runtime. containerd is provided by Docker Inc to be the a reference daemon to spawn OCI containers. It has its own API which Docker uses to communicate with it. This has been packaged as a separate systemd service, as users may want to use this by itself. It is designed to be agnostic to things Docker cares about (building container images, reproducibilty, etc). It's a low-level daemon to control runC. There are three maintainence requests for this update: * runC: https://build.opensuse.org/request/show/390657 * containerd: https://build.opensuse.org/request/show/390658 * Docker: https://build.opensuse.org/request/show/391280 In addition, the Docker package update includes a backport of a fix for CVE-2016-3697. -- Aleksa Sarai Software Engineer (Containers) SUSE Linux GmbH https://www.cyphar.com/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Fri, 22 Apr 2016 16:23, Aleksa Sarai <asarai@...> wrote:
Hi all,
In the recent Docker 1.11 update, several components of the Docker daemon were split into different parts. The container runtime (runC) and the daemon that manages runC runners (containerd) are separated from the Docker daemon completely. To this end, I've packaged all three components separately -- which means we have to add two packages.
runC is the same codebase Docker was using previously, it's just being used in a different form now (a binary rather than actually hooking into the exported functions of libcontainer -- the brains of runC). I'm one of the maintainers of this project and am sure that our users will probably want to use this package by itself (we're working on some killer features in runC that might). runC is backed by the Open Container Initiative (and thus by the Linux Foundation), and is Docker's contribution to the community -- a reference implementation of an OCI runtime.
containerd is provided by Docker Inc to be the a reference daemon to spawn OCI containers. It has its own API which Docker uses to communicate with it. This has been packaged as a separate systemd service, as users may want to use this by itself. It is designed to be agnostic to things Docker cares about (building container images, reproducibilty, etc). It's a low-level daemon to control runC.
There are three maintainence requests for this update: * runC: https://build.opensuse.org/request/show/390657 * containerd: https://build.opensuse.org/request/show/390658 * Docker: https://build.opensuse.org/request/show/391280
In addition, the Docker package update includes a backport of a fix for CVE-2016-3697.
Have you ensured that a update of package "docker" from version 1.10.x to 1.11.x pulls in package "runc" and "containerd" as "Require" and not just as "Recomment" ? Else a "zypper up" or "zypper patch" would not leave the docker system in a functional state if "noRecomments" is set in the zypper config. Next is the state of docker-compose, that can only described as "poor". IMHO just packaging the docker-compose 1.7.0 binary blob from github with a additional man-page would be a big improvement above the status quo. Thank you for the work invested. - Yamaban. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Moin, On Fri, 22 Apr 2016, 17:32:37 +0200, Yamaban wrote:
On Fri, 22 Apr 2016 16:23, Aleksa Sarai <asarai@...> wrote:
Hi all,
In the recent Docker 1.11 update, several components of the Docker daemon were split into different parts. The container runtime (runC) and the daemon that manages runC runners (containerd) are separated from the Docker daemon completely. To this end, I've packaged all three components separately -- which means we have to add two packages. [...] Have you ensured that a update of package "docker" from version 1.10.x to 1.11.x pulls in package "runc" and "containerd" as "Require" and not just as "Recomment" ? Else a "zypper up" or "zypper patch" would not leave the docker system in a functional state if "noRecomments" is set in the zypper config.
FWIW, I have noRecommends set and a "zypper up" did indeed pull the two additional packages -- and docker still runs.
Next is the state of docker-compose, that can only described as "poor".
IMHO just packaging the docker-compose 1.7.0 binary blob from github with a additional man-page would be a big improvement above the status quo.
Yep, I can only agree here.
Thank you for the work invested.
Likewise.
- Yamaban.
Cheers. l8er manfred
participants (3)
-
Aleksa Sarai -
Manfred Hollstein -
Yamaban