Cloud Foundry Containers - a comparison of Warden and Docker

Showing 1-7 of 7 messages
Cloud Foundry Containers - a comparison of Warden and Docker James Bayer 10/9/13 5:48 PM
Primarily Alex Jackson from the Cloud Foundry engineering team has put together analysis that we believe presents a very objective comparison of the capabilities of Warden and Docker [1]. There is also a brief mention of the new lmctfy project from Google [2]. If you are interested in this area, please review and let us know if you have adjustments or additions that should be made. The doc should be available for public comments using GDocs or you may reply on this thread.

The Cloud Foundry team has no immediate plans to take action in code based on this analysis, but it will help inform future direction options. We are currently using Warden in several places:
- end user app process isolation in DEAs
- the recently usable bosh-lite [3] development env for BOSH that targets a Linux Host with Containers for BOSH development instead of an IaaS with VMs 

In the past, several data multi-tenant data services like Redis, Mongo, etc that are not planned to be maintained actively by the CF Team had used Warden to isolate the service processes provisioned for dedicated tenants. 

We welcome any input from the community on the current analysis and also as to what additional container capabilities are requested.

[1] https://docs.google.com/a/gopivotal.com/document/d/1DDBJlLJ7rrsM1J54MBldgQhrJdPS_xpc9zPdtuqHCTI/edit
Re: [vcap-dev] Cloud Foundry Containers - a comparison of Warden and Docker Dr Nic Williams 10/9/13 6:01 PM
The cf-services-contrib-release & cf-services-release are also using Warden for some of the services to provide isolation (especially for those services that do not have multi-tenancy).


To unsubscribe from this group and stop receiving emails from it, send an email to vcap-dev+u...@cloudfoundry.org.



--
Dr Nic Williams
Stark & Wayne LLC - consultancy for Cloud Foundry users
cell +1 (415) 860-2185
twitter @drnic
Re: [vcap-dev] Cloud Foundry Containers - a comparison of Warden and Docker Dr Nic Williams 10/9/13 6:02 PM
Sorry, couldn't Undo that fast enough after reading the disclaimer sentence on services.
Re: [vcap-dev] Cloud Foundry Containers - a comparison of Warden and Docker Andrea Campi 10/9/13 7:09 PM

Great doc!


Can you or Alex elaborate on:


How does Docker handle users and the “root” user in the container?


Docker runs processes as root inside the container. If you want/need a different user, you can create it when preparing the image and then use 'su'   as usual.

Did you have a more complex scenario in mind?
To unsubscribe from this group and stop receiving emails from it, send an email to vcap-dev+u...@cloudfoundry.org.
Re: [vcap-dev] Cloud Foundry Containers - a comparison of Warden and Docker solomo...@dotcloud.com 10/9/13 7:26 PM
On Wednesday, October 9, 2013 7:09:36 PM UTC-7, Andrea Campi wrote:
 

How does Docker handle users and the “root” user in the container?


Docker runs processes as root inside the container. If you want/need a different user, you can create it when preparing the image and then use 'su'   as usual.

Docker can drop privileges to the uid of your choice with 'docker run -u' (there is a corresponding configuration field in the remote api). As a convenience it will also lookup non-numerical user ids by parsing /etc/passwd in the container's filesystem (if it exists).

The default uid is 0.

 
Did you have a more complex scenario in mind?


On Oct 9, 2013, at 5:48 PM, James Bayer <jba...@gopivotal.com> wrote:

Primarily Alex Jackson from the Cloud Foundry engineering team has put together analysis that we believe presents a very objective comparison of the capabilities of Warden and Docker [1]. There is also a brief mention of the new lmctfy project from Google [2]. If you are interested in this area, please review and let us know if you have adjustments or additions that should be made. The doc should be available for public comments using GDocs or you may reply on this thread.

The Cloud Foundry team has no immediate plans to take action in code based on this analysis, but it will help inform future direction options. We are currently using Warden in several places:
- end user app process isolation in DEAs
- the recently usable bosh-lite [3] development env for BOSH that targets a Linux Host with Containers for BOSH development instead of an IaaS with VMs 

In the past, several data multi-tenant data services like Redis, Mongo, etc that are not planned to be maintained actively by the CF Team had used Warden to isolate the service processes provisioned for dedicated tenants. 

We welcome any input from the community on the current analysis and also as to what additional container capabilities are requested.

[1] https://docs.google.com/a/gopivotal.com/document/d/1DDBJlLJ7rrsM1J54MBldgQhrJdPS_xpc9zPdtuqHCTI/edit

To unsubscribe from this group and stop receiving emails from it, send an email to vcap-dev+u...@cloudfoundry.org.
Re: Cloud Foundry Containers - a comparison of Warden and Docker Christopher Ferris 10/10/13 11:50 AM
Awesome, thanks James for bringing this forward. 

I know there's a lot of interest here, in IBM, in this subject as I am sure there is with others in the community.

Chris
Re: Cloud Foundry Containers - a comparison of Warden and Docker Brian Martin 10/10/13 12:06 PM
Thanks James, I added some comments to your google doc.

Brian Martin
IBM Cloud Services