a container tool that's more dank
Ruby
Latest commit e2ba273 Jan 9, 2017 @myfreeweb stuff
Permalink
Failed to load latest commit information.
.gitignore
CODE_OF_CONDUCT.md
Dankfile.yaml
README.md
UNLICENSE
danker

README.md

danker

(WORK IN PROGRESS)

Danker is a really simple container tool for FreeBSD (Linux support coming soon).

  • Just a tiny Ruby script with no gem dependencies!
  • No daemon, no client-server API, contained programs run in the foreground.
  • No centralized hub to pull built images from.
  • ABI-aware (e.g. runs Linux containers on FreeBSD).

Danker lets you build containers, run commands within them, and pack them into archives (excluding unnecessary files!) for running with plain jail/chroot/etc. commands in a production environment. Also it can trace open files inside of the container using DTrace - to help with the "excluding unnecessary files" part.

Building is the most important part here. Danker will download files, check their hashes, extract them and run a setup script inside of the container. A container can inherit everything from a parent container (using the from property). Union mounts are used for that.

Downloads are cached in a content-addressable (hash-based) store, so if you've already downloaded a file with a particular hash, it won't be redownloaded. (Even if you specify a sha1 hash and you previously specified a sha256 one!)

Built containers' filesystem overlays are stored in a similar way, each one is named with the hash of the parameters used to build it (downloads, setup script, parent container). If something changed that's not included in that list (e.g. a remote package you download in the setup script), you can do a force rebuild with the -F flag.

So, a Dankfile.yaml looks like this:

freebsd-11.0:
  abi: { os: freebsd, version: 11.0-RELEASE, cpu: amd64 }
  downloads:
    - from: http://ftp.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/base.txz
      hash: sha256:bb80ededf207c48122434833b83110225b798fb31273051fcb64316ff782c1ef
      extract: true
      to: / # path inside of the container
  setup: |
    env ASSUME_ALWAYS_YES=YES pkg bootstrap

my-app:
  from: freebsd-11.0
  mounts:
    - from: . # path is relative to the Dankfile itself
      to: /app # path inside of the container
  setup: |
    env ASSUME_ALWAYS_YES=YES pkg install python36
  commands:
    serve: |
      cd /app
      python3.6 app.py serve
  packing:
    include: |
      /app/**/*
      /usr/local/bin/python3.6
      /usr/local/lib/python3.6/**/*
      /usr/local/lib/libpython3.6m.*
      /usr/local/lib/libintl.*
      /usr/local/lib/libreadline.*
      /usr/local/lib/libffi.*
      /usr/share/zoneinfo/**/*
      /var/run/ld-elf.*
      /libexec/resolvconf/*
      /libexec/ld-elf.*
      /lib/**/*
      /bin/**/*
    exclude: |
      /usr/local/lib/python3.6/test/**/*
      /usr/local/lib/python3.6/idlelib/**/*
      /usr/local/lib/python3.6/tkinter/**/*
      /usr/local/lib/python3.6/lib2to3/**/*

In that example, you can run the serve script with:

sudo danker -c my-app run serve

TODO

  • Unmount on interrupt signal
  • Preserve exit code from the jail command
  • Force rebuild only last container in inheritance chain
  • Garbage collection for built overlays
  • Include dankfiles
  • Running on Linux (unshare + chroot)
  • Optional networking settings (cmdline args / env)
  • Optional resource limits (same)

Contributing

Please feel free to submit pull requests!

By participating in this project you agree to follow the Contributor Code of Conduct.

License

This is free and unencumbered software released into the public domain.
For more information, please refer to the UNLICENSE file or unlicense.org.