# The Docker Image Construction Problem

Last edited: July 11, 2015

[Ryan J. O'Neil](mailto:roneil1@gmu.edu)  
Engineering @ [Yhat, Inc.](https://yhathq.com/)  
[SEOR](http://seor.gmu.edu) @ George Mason University

## Abstract

Nohthing too concrete.

## 1. Introduction

As cloud computing becomes more prevalent in the world of software and information technology, techniques for automated and repeatable cloning of computing environments grow increasingly important. One strategy for doing this is the creation of containers. A container is an isolated environment similar to a virtual machine, but with a much lighter weight architecture. Instead of setting another kernel on top of the host operating system, containers share the host's kernel. Container resources are isolated from the host, making it easy to run programs within their own custom environments, while still benefitting from low overhead.

### 1.1. A few notes about Linux containers

Running containers on a Unix host operating system is not a new thing. Development of the `chroot` system call for Unix and BSD dates back to the late 1970s and early '80s. This enabled creation of `chroot` "jails" in which system users could execute commands as the `root` user, but were only allowed to see a subset of the file system. Later, the FreeBSD project extended the concept into a command called `jail`. In 2005, Sun Microsystems coined the term container with the creation of "Solaris Containers," which were also built upon the `chroot` concept.

Recent developments in the Linux kernel have made container virtualization more convenient and powerful. Notable among these are the addition of "control groups" in the 2.6.24 kernel, which allow isolation of hardware resources to a group of processes, and "namespace isolation" in the 3.8 kernel, which isolates processes from seeing other processes on the same system. These advancements form the basis for modern container architectures, such as LXC, Docker, and Rocket, which allow containers to function as though they are their own operating systems and user spaces.

### 1.2. Motivation for the problem

The lure of low-overhead virtualization is proving extremely attractive for engineers with many different roles in information technology. Containers provide easy replication of environments for software development, testing, and serving of infrastructure needs. They can be set up and torn down quickly without modifying their hosts, thus mapping naturally to distributed architectures. They allow one to capture complicated depedency structures for software in a single place, significantly speeding up development and testing times.

However, virtualization is no panacea. With the adoption of containers systems come new operational problems. This paper explores one of these we call the Docker Image Construction Problem. While our focus will be on Docker's specific implementation of containers, the salient aspects of this problem can be mapped to other implementations as well.

Consider a scenario many devops professionals are faced with regularly: the creation of environments for developing, testing, and finally running prduction software in.

### 1.3. Docker cache mechanics


## 2. Formulation

### 2.1. Individual image construction

### 2.2. Maximizing Docker cache usage

### 2.3. Model formulation

$$
\begin{array}{r l}
   \max        & z & = &\sum\limits_{i < j \in I}\sum\limits_{s = 1}^{\left\vert{C_i \cap C_j}\right\vert}\sum\limits_{c \in C_i \cap C_j} t_c y_{i,j,s,c} & & {\scriptsize\left(1\right)} \\
   \text{s.t.} &   &   & \sum\limits_{c \in C_i} x_{i,s,c} = 1 & \forall\, i \in I  & {\scriptsize\left(2\right)} \\
               &   &   & \sum\limits_{s = 1}^{\left\vert{C_i}\right\vert} x_{i,s,c} = 1 & \forall\, i \in I & {\scriptsize\left(3\right)} \\
               &   &   & y_{i,j,s,c} \leq x_{i,s,c} & \forall\, i < j \in I,\, s = 1,\dotsc,\left\vert{C_i \cap C_j}\right\vert,\, c \in C_i \cap C_j & {\scriptsize\left(4\right)} \\
               &   &   & y_{i,j,s,c} \leq x_{j,s,c} & \forall\, i < j \in I,\, s = 1,\dotsc,\left\vert{C_i \cap C_j}\right\vert,\, c \in C_i \cap C_j & {\scriptsize\left(5\right)} \\
               &   &   & \sum\limits_{c \in C_i \cap C_j} y_{i,j,s,c} \leq \sum\limits_{c \in C_i \cap C_j} y_{i,j,s-1,c} & \forall\, i < j \in I,\, s = 2,\dotsc,\left\vert{C_i \cap C_j}\right\vert & {\scriptsize\left(6\right)} \\
               &   &   & x_{i,s,c} \in \{0,1\} & & {\scriptsize\left(7\right)} \\
               &   &   & y_{i,j,s,c} \geq 0 & & {\scriptsize\left(8\right)} \\
\end{array}
$$

## 3. Numerical Example

## 4. Enhancements to the Formulation

### 4.1. Preprocessing

#### 4.1.1. Fully shared paths

#### 4.1.2. Unshared paths

### 4.2. Heuristics for generating initial feasible solutions

#### 4.2.1. Most common command

#### 4.2.2. Highest potential command

### 4.3. Decomposition

#### 4.3.1. Master problem

#### 4.3.2. Subproblem & Benders cuts

## 5. Next Steps