Friday, July 24, 2015

boot2docker on Tribblix

Containers are the new hype, and Docker is the Poster Child. OK, I've been running containerized workloads on Solaris with zones for over a decade, so some of the ideas behind all this are good; I'm not so sure about the implementation.

The fact that there's a lot of buzz is unmistakeable, though. So being familiar with the technology can't be a bad idea.

I'm running Tribblix, so running Docker natively is just a little tricky. (Although if you actually wanted to do that, then Triton from Joyent is how to do it.)

But there's boot2docker, which allows you to run Docker on a machine - by spinning up a copy of VirtualBox for you and getting that to actually do the work. The next thought is obvious - if you can make that work on MacOS X or Windows, why not on any other OS that also supports VirtualBox?

So, off we go. First port of call is to get VirtualBox installed on Tribblix. It's an SVR4 package, so should be easy enough. Ah, but, it has special-case handling for various Solaris releases that cause it to derail quite badly on illumos.

Turns out that Jim Klimov has a patchset to fix this. It doesn't handle Tribblix (yet), but you can take the same idea - and the same instructions - to fix it here. Unpack the SUNWvbox package from datastream to filesystem format, edit the file SUNWvbox/root/opt/VirtualBox/, replacing the lines

             # S11 without 'pkg'?? Something's wrong... bail.
             errorprint "Solaris $HOST_OS_MAJORVERSION detected without executable $BIN_PKG !? I are confused."
             exit 1


         # S11 without 'pkg'?? Likely an illumos variant

and follow Jim's instructions for updating the pkgmap, then just pkgadd from the filesystem image.

Next, the boot2docker cli. I'm assuming you have go installed already - on Tribblix, "zap install go" will do the trick. Then, in a convenient new directory,

env GOPATH=`pwd` go get

That won't quite work as is. There are a couple of patches. The first is to the file src/ Look for the CreateHostonlyNet() function, and replace

    out, err := vbmOut("hostonlyif", "create")
    if err != nil {
        return nil, err


    out, err := vbmOut("hostonlyif", "create")
    if err != nil {
               // default to vboxnet0
        return &HostonlyNet{Name: "vboxnet0"}, nil

The point here is that , on a Solaris platform, you always get a hostonly network - that's what vboxnet0 is - so you don't need to create one, and in fact the create option doesn't even exist so it errors out.

The second little patch is that the arguments to SSH don't quite match the SunSSH that comes with illumos, so we need to remove one of the arguments. In the file src/, look for DefaultSSHArgs and delete the line containing IdentitiesOnly=yes (which is the option SunSSH doesn't recognize).

Then you need to rebuild the project.

env GOPATH=`pwd` go clean
env GOPATH=`pwd` go build

Then you should be able to play around. First, download the base VM image it'll run:

./boot2docker-cli download

Configure VirtualBox

./boot2docker-cli init

Start the VM

./boot2docker-cli up

Log into it

./boot2docker-cli ssh

Once in the VM you can run docker commands (I'm doing it this way at the moment, rather than running a docker client on the host). For example

docker run hello-world


docker run -d -P --name web nginx
Shut the VM down

./boot2docker-cli down

While this is interesting, and reasonably functional, certainly to the level of being useful for testing, a sign of the churn in the current container world is that the boot2docker cli is deprecated in favour of Docker Machine, but building that looks to be rather more involved.


UX-admin said...

I do not understand... Zones can do everything Docker can, and then some, AND THEN some. Docker is poor man's zones. Why would anyone who has Illumos (or a derivative thereof) even care about Docker in the slightest?

Anonymous said...

What is the API endpoint of a Solaris zone?

Peter Tribble said...

Technological superiority is irrelevant. Docker is one of the hottest technologies around at the moment - either you know what it does, or you push yourself into obsolescence. Simply not caring and pretending it doesn't exist is arrogant in the extreme. So it's necessary to learn about such technologies; if you're an illumos user then having a way to do so while still being able to run the best operating system on the planet underneath is surely a good thing.

UX-admin said...

"Hottest trends", in plain English: "this is high fashion now" are particularly irrelevant in computer science and system engineering, because when push comes to shove, facts are the only things which count.

Fact: Docker is inferior technology which one does not need or require if one knows about, and uses Solaris zones in one of Illumos derivatives.

Fact: people which Docker use it because they are blissfully unaware of the fact that there is better technology out there, namely zones.

Fact: Docker has had to re-invent the wheel multiple times. See PID 1 reaping problem.

Fact: with Docker, one gets only a dumb container which is not a fully fledged UNIX virtual server, which means that one must invest additional system engineering to bring it to a state where even basic functionality like SSH is available.

Fact: zones do not need such additional engineering effort. They work and provide what is expected of a lightweight virtual server container without additional effort.

Fact: being fashionable in computer science has historically been extremely detrimental and desctructive, especially for the infrastructure stability.