smallest OS for golang

[Kristofer Younger]

One of the things I've been thinking about as I work through some app design problems, is how to use Docker and Go in a very clean and (someday) very secure way.

the OS that runs inside the Docker container, probably needs, in my case, to be very small, and I have looked at

https://medium.com/@kelseyhightower/optimizing-docker-images-for-static-binaries-b5696e26eb07 - BusyBox

Plan9,

Minix,

Ubuntu Linux

{Open,Free,Net}BSD

and a few of the other Go OSes that are planned/announced/languishing

and I cannot help but wonder does Google have a x86/arm OS that they use internally, written in Go, runs on routers, VMs etc...

But I am curious as to others' opinions as to what is the smallest, least-complex version of a unix-like OS that would support the entire functionality of the Go language?

cheers,

[Tarrant Rollins]

A statically compiled go binary should be able to run with only the linux kernel. If you construct a docker container that contains a single folder, with a single file (your binary) this should work.

 

That is unless you are using things like a tmp dir, the procfs etc. In which case you need to add those things to your CHROOT or Docker Container.

 

In fact when [Rocket](https://github.com/coreos/rocket) first launched this was how they did their demo. Build a small hello world program and stick it and only it in their container.

 

-T

--

You received this message because you are subscribed to the Google Groups "golang-nuts" group.

To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

 

[Tyler Compton]

As far as Linux is concerned, I think you'd find other distros to be more fitting for your needs than Ubuntu. Ubuntu is built to be a fully featured desktop operating system right out of the box, so it probably has a lot more on it than you need.

[Naitik Shah]

I wanted something similar and using Arch Linux as a base I wrote this little thing: https://github.com/daaku/goruntime

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

-Naitik

[Shawn Milochik]

On Thu, Jan 29, 2015 at 11:31 AM, Tarrant Rollins <tar...@keyneston.com> wrote:

A statically compiled go binary should be able to run with only the linux kernel. If you construct a docker container that contains a single folder, with a single file (your binary) this should work.

 

That is unless you are using things like a tmp dir, the procfs etc. In which case you need to add those things to your CHROOT or Docker Container.

 

In fact when [Rocket](https://github.com/coreos/rocket) first launched this was how they did their demo. Build a small hello world program and stick it and only it in their container.

 

This is not true:

https://groups.google.com/d/msg/golang-nuts/AlLlqTx5bTA/PgAP4ED-e1MJ

However, in more recent testing, the busybox Docker image now supports running a Go program without any other dependencies, and that's about 2.4 MB.

 

[Sean Russell]

If you're looking for a truly minimalist OS, try CoreOS.  It's design to be a complement to Docker.

--- SER 

[Kristofer Younger]

yeah, even ubuntu server is pretty big.

[Kristofer Younger]

On Thursday, January 29, 2015 at 5:36:47 PM UTC-5, Sean Russell wrote:

If you're looking for a truly minimalist OS, try CoreOS.  It's design to be a complement to Docker.

but CoreOS is considered "Docker's hypervisor" first and foremost, no?

one generally doesn't use CoreOS inside the container? 

[Charles Haynes]

I use busybox, but only because I sometimes want to enter the container and look around. I've used the scratch (empty) container in the past and it works fine with statically linked binaries. If you want to do a little legwork you can include just the minimal required shared libraries, but that makes your container a tiny bit bigger.

One "gotcha" with using a minimal container - you won't have your root certificate authorities (needed for ssl/https clients) unless you explicitly include them.

I have this line in my Dockerfile to deal with it:

ADD ca-certificates.crt /etc/ssl/certs/ca-certificates.crt

and I get my ca-certificates.crt from my favorite distro. Obviously you will have to keep it up to date by hand. To use it you will need to include crypto/x509, init your cert pool and use that pool when you create your http.Transport.

-- Charles

[andrewc...@gmail.com]

I think using http://buildroot.uclibc.org/ to make a root file system is about as easy and small as you can get.

[Geoffrey Teale]

If ubuntu server is too big, you should probably look at Ubuntu Core.  More specifically Ubuntu Snappy Core is a great option for a minimal, secure computing environment to run Go apps in.

http://www.ubuntu.com/cloud/tools/snappy

-- 

Geoff Teale

[ron minnich]

I'm embedding a go toolchain in firmware. So I have coreboot, linux kernel, root file system with go toolchain, and commands as go source, which are compiled on demand. Since it includes the Go source (all of it) and the toolchain, it's 13 M with an lzma compressed initramfs. But once you boot, all the (limited set of) utilities are go, and all the source is there, and they get compiled when you run them. 

Needs lots of work, ideas welcome, but it does give me a way to build small but capable firmware images.

And it get me away from C.

github.com/rminnich/u-root

[Kevin Gillette]

It's unclear why you'd need any kind of userland _inside_ the container, besides any programs your Go binary explicitly calls. A static Go binary depends on nothing but the kernel, so your docker image (or other "minimal container") needs only contain one file in its filesystem: the static binary itself.

[Sokolov Yura]

Well, it is not exactly true:

$ go build -tags=netgo test_http.go                                                                                                                                                                                
$ ldd test_http                                                                                                                                                                                                    
        linux-vdso.so.1 =>  (0x00007fffe2bfc000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f39c6611000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f39c624c000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f39c6852000)

вторник, 3 февраля 2015 г., 23:14:33 UTC+3 пользователь Kevin Gillette написал:

[Sokolov Yura]

It looks like I'm mistaken a bit:
if one rebuild `net` package with tag 'netgo' then static binary could be built.

среда, 4 февраля 2015 г., 14:04:33 UTC+3 пользователь Sokolov Yura написал:

[Charles Haynes]

On Wed, Feb 4, 2015 at 7:14 AM, Kevin Gillette <extempor...@gmail.com> wrote:

It's unclear why you'd need any kind of userland _inside_ the container, besides any programs your Go binary explicitly calls. A static Go binary depends on nothing but the kernel, so your docker image (or other "minimal container") needs only contain one file in its filesystem: the static binary itself.

You're absolutely right, in theory there's no need and I've built Docker containers with just the static Go binary in them. In practice it's often handy to be able to do a few simple things inside the container. I've found it handy to be able to look at the file system "from the inside," to issue simple curl/wget commands, and to modify files while diagnosing problems. Busybox is tiny enough to be an acceptable overhead for me. 

-- Charles

[i...@deferpanic.com]

I'm personally super interested in unikernels and it seems that there has been work done for a go one - http://lsub.org/ls/clive.html .

[Tommi Virtanen]

On Thursday, January 29, 2015 at 7:16:07 AM UTC-8, Kristofer Younger wrote:

One of the things I've been thinking about as I work through some app design problems, is how to use Docker and Go in a very clean and (someday) very secure way.

the OS that runs inside the Docker container, probably needs, in my case, to be very small, and I have looked at

https://medium.com/@kelseyhightower/optimizing-docker-images-for-static-binaries-b5696e26eb07 - BusyBox

Plan9,

Minix,

Ubuntu Linux

{Open,Free,Net}BSD

and a few of the other Go OSes that are planned/announced/languishing

Docker is just a processes under the Linux kernel of the host, you can't run a completely separate OS under Docker (though you can run a different Linux distribution, after some kludges).

Others have already pointed out you can run a container with nothing but the Go app.

You can also run just Linux+Go, with no other userspace, in a virtual machine:

https://github.com/tv42/alone

Here's everything needed inside the vm for a small webserver. I'd call this pretty small:

1.8M build/arch/x86/boot/bzImage

1.6M network.alone

[Kristofer Younger]

And now, this am, on hackernews... http://minimal.linux-bg.org