X
Modern Developer, Oracle News | July 7, 2017

Three New Open Source Container Utilities

By: Vish Abrams | Architect, Cloud Development

Share

By Vish Abrams

Containers are more popular than ever. Here at Oracle, we use containers for many of our cloud services. While preparing for containers in production, we developed tools to help with building and operating containers. Today we are happy to announce that we are open sourcing these tools so that others can benefit from our work. You can find SmithCrashcart, and Railcar on the Oracle Github page. Read on for more information about them.

Smith: Secure Microcontainer Builder

We have run into a number of operational issues with conventional container build processes. Smith is a tool that solves these issues by making container builds more consistent and secure. It builds microcontainers from rpms, yum repositories, or even existing Docker containers. For more information on the operational challenges that led to our usage of microcontainers, check out The Microcontainer Manifesto.

Crashcart: Microcontainer Debugging Tool

When containers are minimized for production use, missing tools make it more challenging for operators to diagnose and remedy any issues that arise. Most debugging can be done from the host, but sometimes you need access to the file system as the container sees it. Crashcart was built for this use case. It allows you to load a set of binaries into a running container so that you can figure out what might be going wrong. Find out why side-loading binaries is hard and how Crashcart accomplishes it in Hardcore Container Debugging.

Railcar: Alternative Container Runtime

Go is a poor choice of language for a container runtime. (NOTE: The runtime is the component that deals with isolation via namespaces and cgroups. Go is still an excellent choice for container daemons and CLIs.) To understand some of the problems, you can read this blog post by Weaveworks. In order to work around this issue and others, runc (the default implementation of the oci-runtime spec) has some code written in c that runs before the go runtime starts. Go is a great language, but for small system utilities that need tight control over threads and make a high volume of syscalls, there are better options. Rust gives low-level control like c, but is memory-safe and avoids whole classes of bugs and vulnerabilities. There is more information about the development of Railcar in Building a Container Runtime in Rust.

Architect, Cloud Development

Vish Abrams is an architect focusing on cloud, virtualization, and container technologies. He was formerly chief technology officer of Nebula, Inc. A founding engineer of OpenStack, he was elected to the first OpenStack Technical Committee, served four consecutive terms as the OpenStack Compute Project Technical Lead, and was a board member of the OpenStack Foundation. in addition to his programming and systems skills, Vish has spent over a decade teaching, most recently classes in object oriented analysis and design.

 

More about Vish Abrams

Share