moby tool converts the yaml specification into one or more bootable images.
A kernel image is a Docker image with a
bzImage file for the kernel to be executed,
and a tarball
kernel.tar containing any modules. This is somewhat inconsistent with
the other images (see below) and may be changed. The kernel build is in the
For all other images, ie
init and the system containers and daemons, the filesystem
of the container is extracted. The
kernel filesystems are left unchanged,
while the other containers are currently extracted under the
init script runs them. In future they may be extracted to the
image store instead. The builds and source for these containers can be found in the
init that is being used is being reworked, as an earlier incarnation was much
less containerised and we ran a full Alpine Linux distribution here. It should end
up as just
init, a basic setup script, and
moved into containers.
The system containers are fairly low level, and most users will probably want to
start with something based on the examples. The aim is to provide a base set that
covers general setup (such as
sysfs to configure that, and a container to provide
dhcp which many platforms use), and a set of platform specific ones, for example
metadata-* ones which will get userdata from cloud providers. There will be
dev containers to allow easy access to the system, for example with
Then there will be some common applications.
For each system or daemon container, an OCI
config.json file is generated. This is
currently done via a modified version of
riddler running in a container but will
soon be switched to run directly from the config. This is added to the built image
so it can be called at runtime.
Once all the container filesystems have been unpacked, they are joined into a Linux
initramfs, which is a compressed
cpio archive. This and the kernel can be booted
directly on some platforms, such as qemu or hyperkit, but other platforms need these
to have a bootloader added, so this is done by the output formats.
kernel+initrd target outputs the raw kernel and initramfs, as well as a file
with the specified command line. It can be used to build other targets or used by
The output formats are all, except the simple
kernel+initrd target, generated via
Docker containers, as there are not yet good libraries for outputting these formats
in Go. Most of the current ones create an ISO or ext4 filesystem with
as a boot loader, which directly boots the kernel and initramfs. This is not a requirement
and other bootloaders can be used, and the filesystem could be unpacked onto the
media if required too, or a more complex boot loader scheme used, such as the one
ChromeOS has, with upgrade and fallback facilities.
Because the image is run as an initramfs, and the system containers are baked in, upgrades are done by updating the system externally. This makes the whole system immutable, the phoenix server model. Persistent storage can be added using a volume (examples coming soon based on what the Docker Editions use). For running programs dynamically, a container orchestrator such as Docker or Kubernetes can be used; simpler distributed applications can be hard coded into the initramfs if they are suited to being run directly on immutable infrastructure.
In production we expect most users will use a cluster of instances, usually running
distributed applications, such as
Kubernetes or distributed
databases. We will provide examples of how to run these effectively, largely using
infrakit, although other machine orchestration systems can equally well be used,
for example Terraform or VMWare, and we welcome examples and documentation for those