Containers are a hot trend in data center innovation, so we should expect some tough competition among companies looking to cash in on that trend. That competition was on display this week as CoreOS co-founders used the Linux Collaboration Summit as a chance to tout their Rocket open source code project as an alternative to the fast-growing Docker container approach.
CoreOS has attracted 50 developers to the Rocket project since its launch Dec. 1. The project took some flak as proponents of the well-established Docker project criticized the way its organizers made the launch.
The contributions include people from IBM and Google, and developers associated with the Mesos, Cloud Foundry, and Kubernetes projects, said Alex Polvi, co-founder and CEO of CoreOS, in an interview.
CoreOS supplies a lightweight version of Linux for running containers on a host server. Containers let IT launch and run many applications on a single server box, generally doing so more quickly and simply than they can with virtual machines. Red Hat is working on its own container Linux distribution, Atomic Server, due to be announced shortly.
Polvi appeared on a panel about containers on Wednesday, the first day of the Linux Collaboration Summit in Santa Rosa, Calif. Thursday, CoreOS's CTO and co-founder, Brandon Philips, gave a talk, "Rocket and the App Container Specification," giving Rocket a higher profile at the event than Docker, which starred in no sessions.
Yet Docker is by far the leader today. Many Linux developers, kernel process representatives, and container users attending the conference acknowledged that Docker Inc. has established a near de facto standard for Linux containers in less than two years.
[Want to learn more about how a rivalry between Docker and Rocket might play out? See Rocket Vs. Docker Will Come Down To DevOps.]
Rocket's founders contend they can differentiate from Docker on factors such as being more secure, modular, and lightweight. Polvi said CoreOS, as sponsor of the project, is committed to producing a more secure container runtime than Docker and offering a way to build containers that are "composable," meaning they can serve as a component embedded in other systems.
When Rocket backers announced the project, they said the Docker container formatting system, while highly successful, had branched out to become more of a workflow- and deployment-process-driven project. Docker has many useful tools, but Rocket creators contend developers want something more modular and thus lighter weight.
"Rocket's internals are more modular," said Philips during his summit session. "Its execution will be divided into stages," he said, drawing on a rocket launch metaphor.
In our interview, Polvi said, "We're trying to follow the Unix philosophy. The goal is for a tool to do one job and do it well, so that it's reusable by other tools."
Polvi acknowledged Rocket will not be as easy to use as Docker, which has made building a container a smooth process for most developers through its graphical user interface. Rocket remains a command line tool and will stay that way, Polvi said.
In terms of security, "it’s programming 101 stuff," said Polvi. Rocket developers think the contents of a container should be verified as coming from the expected source and as remaining untampered with, before the package is considered ready to ship. That means "cryptographically verifying the content before adding it to the container." In other words, downloaded code accompanied by a private key should be checked against the registered holder of the key to verify the code came from the party that is assumed to be the source.
Containers share many resources at the heart of a server, including memory, CPU, and storage. The Docker container daemon, which controls background Docker processes without the knowledge of the user, runs with root or administrator status on a server. That means if malicious code is able to get into the container, it sits in a prime place to cause problems.
Polvi claims Philips and other CoreOS developers raised the issue early in the Docker project, but it did not get either accepted or rejected at the time. "We tried to bring it to their attention for a year and half," before launching their own project, Polvi said.
"It's all about prioritization. Ease of use is good for adoption," he said, and security is sometimes a barrier to ease of use.
Philips added his own footnote to the security discussion. With open source and other frequently downloaded code going into containers to help an application do what it needs to do, developers are frequently turning to GitHub and online libraries to retrieve their code.
"We're downloading things over the Internet. Turns out, you can't trust everyone on the Internet," Philips said.
Want to discuss data center innovation with peers? Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio