Docker is donating its container format and runtime to a new group called Open Container Project (OCP) that will operate under the umbrella of the Linux Foundation. Docker will join with CoreOS, and in conjunction, work with a host of technology companies that will develop a draft spec for the OCP. In total, about 20 companies are participating in the project.
This is a major development in the Docker and container ecosystem but not one that is unexpected. CoreOS has charted its own course with Rocket, a container it developed and launched just before DockerCon Europe last December. The move did not sit well with some in the Docker community but it did force discussion on what, if any standard, should emerge out of the new container ecosystem. This spring, CoreOS received a big show of support from Google and a host of others for a new open appc spec, an open version of its container technology.
Opening up libcontainer, Docker’s container format and runtime, shows how much influence Docker is having on the market. In its announcement, Docker states that the mission of OCP is to “enable users and companies to continue to innovate and develop container-based solutions, with confidence that their pre-existing development efforts will be protected and without industry fragmentation.” It also cites CoreOS, which founded the App Container Initiative, as a major contributor to the OCP.
As stated on GitHub, Docker’s libcontainer is a native Go implementation for creating containers with namespaces, cgroups, capabilities, and filesystem access controls. It allows the developer to manage the lifecycle of the container, performing additional operations after the container is created. It’s a pluggable interface between Docker’s toolchain and the underlying container mechanism, and is used to support a variety of container types (besides Docker’s own implementation) including LXC, OpenVZ and chroot.
Docker has taken the entire contents of the libcontainer project, “including [nsinit] and all modifications needed to make it run independently of Docker, and donated it to this effort,” said Docker CEO Ben Golub in a blog post today. Due to OCP, libcontainer will cease to operate as a separate project. The current maintainers of libcontainer — Michael Crosby, Rohit Jnagal, Victor Marmol, Mrunal Patel , Alexandr Morozov, Daniel Minh and Tianon Gravi will be joined by appc maintainers CoreOS CTO Brandon Philips and Vincent Batts to drive the project forward.
The news seems timed right for Docker. They have grown from a project launched by Solomon Hykes in 2013 to a one that has 40,000 Docker-based tools and over 150,000 Docker-based applications. It has been downloaded more than 500 million times. That’s substantial by any measure. It is used on multiple architectures and operating systems, including 32 bit, Power, Z, Windows and SmartOS.
But with popularity comes inevitable community tensions. CoreOS CEO Alex Polvi and CTO Phillips made their viewpoints felt with Rocket. Polvi, in an interview earlier this year with The New Stack, talked openly about their differences with Docker but also with the hopes of developing an open standard:
There are no technical reasons that the Docker container format and the Rocket container format can’t converge. We are 100 percent in support of them converging. We want the standard to be well-engineered and well-designed. We’re not going to sit around and just take the de facto if it’s broken. We will put out what we think is well-designed and has been reviewed by a number of folks outside of ourselves who also say it’s well-designed. We are happy to collaborate with Docker on that effort to provide interoperability. But we’re not going to cede it to Docker just because it’s there. We want it to be good — to be a well-defined, solid, technically well-built implementation.
How OCP will be “good,” is the question. Docker CEO Ben Golub says it depends a lot on keeping the project tightly focused. The goal is to define container format and runtime, not a technology stack, Golub said in a blog post today. OCP will not be an advocacy group. It will have a governance model that includes a technical advisory board with an effort to be vendor neutral, so they “can avoid partisan infighting that has harmed similar initiatives.”
Polvi takes some credit for OCP. He certainly deserves it. In an email interview, he mentioned the effort to getting the parties together and how they were able to accomplish that. Still, there is a real sense that Docker and CoreOS now each have the opportunity to develop a common spec that more than anything else will hopefully give customers some more confidence in container technology. Both companies will pursue developing their own container technologies as will the myriad of others, such as VMware and Canonical, which developed LXD, a Linux container hypervisor. CoreOS has always made security a cornerstone of its strategy. Here’s what he said in our email interview:
Security is still a big concern for us. Our announcement in December was focused on security, composability, and open standards. App Container and OCP address the open standards aspect of it. Our participation in OCP will always have an eye for security. Additionally, we will continue to invest in rkt to make sure that there is a very secure OCP runtime.
Docker and its ecosystem represent an open source movement that is incredibly civil, at least in public view. Maybe there’s too much venture capital investment in the community, making for a comfortable market and not enough tension. But in the meantime, this is one booming ecosystem that now has some standards to work towards.
CoreOS, Docker and Red Hat are sponsors of The New Stack.