The Open Container Initiative (OCI) at 12 Months

The Open Container Initiative (OCI) at 12 Months

OCI talk given at DockerCon 2016

8ccf2bfccb6b570c4fae81e50dd80ed8?s=128

Chris Aniszczyk

June 21, 2016
Tweet

Transcript

  1. 2.

    Brief Introductions • Chris Aniszczyk (@cra) – Linux Foundation •

    Jeff Borek (@jeffborek) – OCI TB Certification WG Co-Chair • Michael Crosby (@crosbymichael) – OCI Runtime spec Lead Maintainer • Rob Dolin (@robdolin) – OCI TB Certification WG Co-Chair • Mrunal Patel (@mrunalp) – OCI Runtime spec Maintainer
  2. 3.

    Agenda • Panel (15 minutes) – Introduction – What is

    the OCI and Open Governance – OCI at 12 Months – OCI Release Process – OCI Certification Process – Getting Involved with the OCI community • Demo: OCI Tools and Runc (10 minutes) • Q&A (15 minutes)
  3. 4.

    What is the Open Container Initiative (OCI) An open source

    community (hosted by the Linux Foundation) for building a vendor-neutral, portable and open specification/runtime that delivers on the promise of containers as a source of application portability backed by a certification program.
  4. 6.

    OCI Governance Structure • Trademark Board (TB) – The Trademark

    Board shall be composed of one representative appointed by each OCI Member; responsible for trademarks, certification, budget • Technical Development Community (TDC) – open to any individual or any open source contributor • Technical Oversight Board (TOB) – responsible for managing conflicts, violations of procedures or guidelines and any cross-project or high-level issues that cannot be resolved in the TDC for OCI Projects. The TOB shall also be responsible for adding, removing or re-organizing OCI Projects.
  5. 7.

    OCI Release Process • https://github.com/opencontainers/tob/pull/15 (draft) • “Major specification releases

    MUST release at least three release candidates spaced a minimum of one week apart. This means a major release like a v1. 0.0 or v2.0.0 release will take 1 month at minimum: one week for rc1, one week for rc2, one week for rc3, and one week for the major release itself. Maintainers SHOULD strive to make zero breaking changes during this cycle of release candidates and SHOULD add restart the three-candidate count when a breaking change is introduced. For example if a breaking change is introduced in v1.0.0-rc2 then the series would end with v1.0.0-rc4 and v1. 0.0.”
  6. 8.

    • runtime-spec – a specification for the creation and lifecycle

    of a container – https://github.com/opencontainers/runtime-spec • image-spec – a software shipping container image format spec with security and naming as components – https://github.com/opencontainers/image-spec What is the current state of the OCI specifications?
  7. 9.

    What is the current state of the OCI specifications? •

    Runtime spec: https://github.com/opencontainers/runtime-spec/releases – v1.0.0-rc1 (June 5th 2016) – v0.5.0 (April 12th 2016) – v0.4.0 (Mar 10th 2016) – v0.3.0 (Feb 5th 2016) – v0.2.0 (Jan 12th 2016) – v0.1.0 (Sep 11th 2015) • Image spec: https://github.com/opencontainers/image-spec/releases – v0.3.0 (Jun X 2016) – v0.2.0 (May 31st 2016) – v0.1.0 (May 6th 2016)
  8. 10.

    What open source code is available? OCI Runtime reference implementation:

    runc: https://github.com/opencontainers/runc OCI Tools: https://github.com/opencontainers/ocitools
  9. 11.

    • The Certification Program WG is a committee of the

    OCI Trademark Board working to propose a set of criteria for implementations to meet if they want to use OCI trademarks (Open Container Initiative, OCI Certified, etc.) • Implementers whose implementations meet the bar of OCI certification can use OCI trademarks in marketing their solution • Users/customers can look for OCI Certified implementations to know that they are getting interoperable solutions • Implementers who want to build solutions can leverage/target OCI interoperability surfaces rather than having to build for multiple, inconsistent interoperability surfaces What does the certification working group do and what value can a certification program bring?
  10. 12.

    What are key factors for establishing a certification program for

    container technology? Questions being considered by the OCI Cert WG: • Implementations: ◦ Runtime spec ◦ Image format spec ◦ Both • Levels of compliance: ◦ MUST/REQUIRED == Compliant ◦ MUST/REQUIRED + SHOULD/RECOMMENDED == Unconditionally compliant • Testing: ◦ Automation vs. manual: Can we fully automate? ◦ Lab vs. peer vs. self: What optimizes cost and compliance
  11. 13.

    Demo: OCI Tools [root@dhcp-16-129 ~]# mkdir gopath [root@dhcp-16-129 ~]# export

    GOPATH=~/gopath [root@dhcp-16-129 ~]# go get github.com/opencontainers/ocitools [root@dhcp-16-129 ~]# cd $GOPATH/src/github.com/opencontainers/ocitools [root@dhcp-16-129 ocitools]# make go build -tags "" -o ocitools . go build -tags "" -o runtimetest ./cmd/runtimetest [root@dhcp-16-129 ocitools]# make install [root@dhcp-16-129 ocitools]# ./test_runtime.sh -l debug ----------------------------------------------------------------------------------- VALIDATING RUNTIME: runc ----------------------------------------------------------------------------------- time="2016-06-10T21:50:02Z" level=debug msg="validating root filesystem" time="2016-06-10T21:50:02Z" level=debug msg="validating container process" time="2016-06-10T21:50:02Z" level=debug msg="validating capabilities" time="2016-06-10T21:50:02Z" level=debug msg="validating hostname" time="2016-06-10T21:50:02Z" level=debug msg="validating rlimits" time="2016-06-10T21:50:02Z" level=debug msg="validating sysctls" time="2016-06-10T21:50:02Z" level=debug msg="validating maskedPaths" time="2016-06-10T21:50:02Z" level=debug msg="validating readonlyPaths" time="2016-06-10T21:50:02Z" level=debug msg="validating mounts exist" Runtime runc passed validation
  12. 15.

    Get involved with the OCI community! • Join the technical

    community and projects! ◦ Weekly technical meetings open to all ▪ https://github.com/opencontainers/specs#weekly-call ◦ IRC: #opencontainers at irc.freenode.net ◦ GitHub ▪ https://github.com/opencontainers/runtime-spec ▪ https://github.com/opencontainers/image-spec ▪ https://github.com/opencontainers/ocitools ◦ Mailing list: dev@opencontainers.org ◦ Roadmap (milestones) ▪ https://github.com/opencontainers/runtime-spec/milestones ▪ https://github.com/opencontainers/image-spec/milestones • Consider joining and what role you would like to play in the initiative ◦ https://opencontainers.org/join