Thursday, March 26, 2015

New Docker binaries available for Linux on z Systems

There are new Docker binaries available for Linux on z Systems, fixing a segmentation fault. Check out http://www.ibm.com/developerworks/linux/linux390/docker.html. Replacing is simple: extract the archive and copy the binary over your old one. Please make sure you are on a recent devicemapper level.

Monday, March 16, 2015

Creating Base Images

In First Steps with Docker, we have used a fairly crude way to create initial base images. A minimalistic approach to come to a base image environment is to have only the necessary rpms installed through on-board tools. This assumes the system is enabled for accessing all packages online.

Inspired from https://github.com/docker/docker/blob/master/contrib/mkimage-yum.sh, this script works both for SLES 12 and RHEL 7:

Wednesday, March 11, 2015

Virtualization vs. Containerization

Containers provide isolated runtime environments for applications: the entire user space environment is exclusively presented to the container, and any changes to it do not impact other containers' environments. To provide this isolation, a combination of OS-based mechanisms is used: Linux name spaces are used for isolation and scoping mechanism. File system mounts define what files are accessible to the container. cgroups define resource consumption of containers. Still all containers share the same OS kernel which can realize memory footprint efficiencies when identical libraries are used by multiple containers.

With system virtualization, the hypervisor provides a full virtual machine to a guest: the entire OS image including the kernel is now dedicated to the virtual machine. CPU virtualization is used to provide each guest with an exclusive view of a full system environment, and these mechanisms also ensure isolation from other guests. Hypervisor-based management of virtual CPUs, memory and I/O devices is used to define resource consumption of guests.

Which one is better?


Wednesday, March 4, 2015

Dockerfiles

Starting a container, doing manual changes to it and committing into a new image is error-prone and does not scale for handling many images. In this post, I will show a powerful and more precise way of shaping new images.

This method uses a file called Dockerfile to control how new images are built. It is placed in a directory and consists of keyword-parameter lines. Let's take a look:
[root@r1745042 ~]# cat apache/Dockerfile
FROM rhel7-yum
RUN yum -y install httpd
COPY index.html /var/www/html/index.html

First Steps with Docker

Docker is platform-agnostic and relies on Linux kernel functionality which is present on most platforms, including s390x (IBM z Systems). Its commands are identical on every platform, so there are lots of resources on the Internet which work for z Systems z.
However, Docker only executes native z code and does not emulate anything: you need to work with containers which contain s390(x) binaries, not e.g. x86 binaries.

This post shows how containers are created, used, and modified. For all of these commands, an online help is available: docker --help shows an overview of all commands, and docker COMMAND --help shows more specifics on the specified command.