search

oracle / oraclesolaris-contrib

oraclesolaris-contrib is a repository focussed on the Oracle Solaris 11.4 StatsStore, using methodologies like REST to connect to Oracle Solaris 11.4 and the new features being introduced in Oracle Solaris 11.4 OS.
https://www.oracle.com/solaris/solaris11/
Other
47 stars 15 forks source link

Open Container Initiative (OCI) aka docker containers #1

Open guillermomolina opened 3 years ago

guillermomolina commented 3 years ago

I would like to share some probe of concept I was working on a while ago. Basically it is a thin wrapper over zones to make them feel like docker containers, and a CLI command to manage them with compatible options to the docker (oci) command. It is based on the already available OCI zone brand and the runz command it provides. Basically a docker container is like a native zone. But a normal docker container does not use systemd (svcd SMF), so I've implemented a way to create zones without SMF. I've also implemented the layers feature available on docker images, based on zfs snapshots.

Finally:

The API, the environment and the CLI.

It would be awesome to have something like this officially implemented.

joostpvh commented 3 years ago

Hi @guillermomolina,

Sorry for the delay in my response. This is very interesting, and something we'd very much like to explore. I've simply not had the cycles to look at this and try it out, but would very much like to.

Are there any restrictions on your current implementation with regards to Solaris or Python versions?

Also it would be good to understand how you'd like to use this? I.e. what is the use case and what is critical to work well?

What would you think is a good next step?

Cheers,

Joost.

guillermomolina commented 3 years ago

Hi @joostpvh

There are no restrictions regarding to Solaris, I do use oci branded zone, because I manage zones with runz. So you need a more or less updated Solaris 11(.4?). But as runz itself seems to be a small wrapper over zonecfg/zoneadm, you may very well go and modify oci-solaris-python to use another "backend", maybe zonecfg/zoneadm directly or use rad. Python version is not an issue, I am using python 3 so we are safe there.

The goal here is that Solaris goes "OCI" compliant. the project oci-solaris-python exists because runz is buggy and undocumented. I had to reverse engineer it (live debugging it with gdb) in order to make it work, So fixing would help a lot. What I want to do is something like this:

oci container run -dit --name my-apache-app -p 8080:80 -v "$PWD":/var/apache2/2.4/htdocs httpd:2.4

And get an apache running at port 8080

IPS has a big constraint in Solaris repo, all packages depends on core-os and core-os depends on many other packages. So the minimum install is very big for a container. A more granular dependency system would help on keeping Solaris oci images smaller even if you are using IPS to install software. I am using a trick here in order to have smaller containers, I create a local repo and take out the core-os dependency for the packages. With that I get containers (zones) of less than 50mb, still using IPS.

Zones are heavier than other container implementations even native zones. For example, the use of Solaris without SMF is a bit hacky. svcs are too hard coded into the system. It would be nice to work a little more with oci branded zones in that respect. In the docker world, most of the time there is only one service working, which is tied to the health of the container itself. The containerd daemon is the watch dog.

The next step is to add network and volume services to the containers.

Cheers,

Guillermo

jfasolack commented 3 years ago

Hi Guillermo, thank you for sharing this - and also sorry for my late response. I'm looking forward to try it out and explore the possibilities this offers.

I hope to give you some feedback soon.

Cheers, Jörg