Docker libcontainer unifies Linux container powers
Containers are finally coming into their own as a virtualization alternative, but until now their programs were incompatible. Now, the major container players are agreeing to line up behind Docker's libcontainer.
At DockerCon in San Francisco, Docker CTO and co-founder Solomon Hykes announced that the company would work as full partners with its former container technology rivals on Docker's key open-source component libcontainer.
What makes this important, even vital, news to the larger world of system administrators, datacenter managers, and cloud architects, is that Google, Red Hat, and Parallels are now helping build the program. Indeed, they will work with Docker as core maintainers of the code. Canonical's Ubuntu container engineers will also be working on it.
Libcontainer enables containers to work with Linux namespaces, control groups, capabilities, AppArmor security profiles, network interfaces and firewalling rules in a consistent and predictable way. It doesn't rely on Linux userspace components such as LXC, libvirt, or systemd-nspawn Docker claims "This drastically reduces the number of moving parts, and insulates Docker from the side-effects introduced across versions and distributions of LXC."
In an e-mail interview, James Bottomley, Parallels' CTO of Server Virtualization and the Linux Foundation Technical Advisory Board Chair, said, "We've finally managed to launch a unified effort around libcontainer. This is the library that will expose granular container features to applications that want them [hoping to spawn new generations of Docker like apps] and also allow us to make our tools go much more seamlessly across our disparate products." For example, this "would allow things like Docker and LXC to deploy on to OpenVZ or even our cloud server product."
Libcontainer, which is written natively in Google's Go, is also being ported into other languages. Microsoft may be porting it to ASP.NET. Parallels' libct, which includes libcontainer's functionality, has native C/C++ and Python bindings.
Bottomley added that "We [Parallels] are going to refactor the code so that the Docker Go code calls into libct at the low level. This will give us the same code paths for the Go and C/C++/Python APIs. The net result for Docker will be that it will give it native integration with checkpoint/restore and live migration. The accrual for us is that the Go library Docker uses to orchestrate containers will then work on OpenVZ and Parallels Cloud Server."
I think that libcontainer will soon become the default library for Linux containers. That's not just because so many powerhouse companies are now working on it, they're also already using it. Besides Red Hat embracing it in the just released Red Hat Enterprise Linux 7, Google is moving to Docker for its containers.