rocket

module

v0.1.0 Latest Latest Go to latest Published: Dec 1, 2014 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/milosgajdos83/rocket

README ¶

Rocket - App Container runtime

Release early, release often: Rocket is currently a prototype and we are seeking your feedback via pull requests

Rocket is a cli for running App Containers. The goal of rocket is to be a composable, secure, and fast.

Rocket Logo

Trying out Rocket

rkt is currently supported on amd64 Linux. We recommend booting up a fresh virtual machine to test out rocket.

To install the rkt binary:

curl -L https://github.com/coreos/rocket/releases/download/v0.1.0/rocket-0.1.0.tar.gz -o rocket-0.1.0.tar.gz
tar xzvf rocket-0.1.0.tar.gz
cd rocket-0.1.0
./rkt help

Keep in mind while running through the examples that rkt needs to be ran as root for most operations.

Rocket basics

Downloading an App Container Image (ACI)

Rocket uses content addressable storage (CAS) for storing an ACI on disk. In this example, the image is downloaded and added to the CAS.

$ rkt fetch https://github.com/coreos/rocket/releases/download/v0.1.0/ace-validator-main.aci
sha256-08699361d40a0728924ffe6fcd67dc933d7311cf8e6f403048c9271181b20e2e

These files are now written to disk:

$ find /var/lib/rkt/cas/blob/
/var/lib/rkt/cas/blob/
/var/lib/rkt/cas/blob/sha256
/var/lib/rkt/cas/blob/sha256/08
/var/lib/rkt/cas/blob/sha256/08/sha256-08699361d40a0728924ffe6fcd67dc933d7311cf8e6f403048c9271181b20e2e

Per the App Container [spec][spec] the sha256 is of the tarball, which is reproducable with other tools:

$ wget https://github.com/coreos/rocket/releases/download/v0.1.0/ace-validator-main.aci
...
$ gunzip ace-validator-main.tar.gz
$ sha256sum ace-validator-main.tar
08699361d40a0728924ffe6fcd67dc933d7311cf8e6f403048c9271181b20e2e ace-validator-main.tar

Launching an ACI

To run an ACI, you can either use the sha256 hash, or the URL which you downloaded it from:

$ rkt run https://github.com/coreos/rocket/releases/download/v0.1.0/ace-validator-main.aci

rkt will do the appropriate etag checking on the URL to make sure it has the most up to date version of the image.

Or, you can explicitly choose an image to run based on the sha256:

$ rkt run sha256-08699361d40a0728924ffe6fcd67dc933d7311cf8e6f403048c9271181b20e2e

These commands are interchangeable.

App Container basics

App Container is a specification of an image format, runtime, and discovery protocol for running a container. We anticipate app container to be adopted by other runtimes outside of Rocket itself. Read more about it here.

Rocket internals

Rocket is designed to be modular and pluggable by default. To do this we have a concept of "stages" of execution of the container.

Execution with Rocket is divided into a number of distinct stages. The motivation for this is to separate the concerns of initial filesystem setup, execution environment, and finally the execution of the apps themselves.

Stage 0

The first step of the process, stage 0, is the actual rkt binary itself. This binary is in charge of doing a number of initial preparatory tasks:

Generating a Container UUID
Generating a Container Runtime Manifest
Creating a filesystem for the container
Setting up stage 1 and stage 2 directories in the filesystem
Copying the stage1 binary into the container filesystem
Fetching the specified ACIs
Unpacking the ACIs and copying each app into the stage2 directories

Given a run command such as:

rkt run --volume bind:/opt/tenant1/database \
	sha256-8a30f14877cd8065939e3912542a17d1a5fd9b4c \
	sha256-abcd29837d89389s9d0898ds908ds890df890908

a container manifest compliant with the ACE spec will be generated, and the filesystem created by stage0 should be:

/container
/stage1
/stage1/init
/stage1/opt
/stage1/opt/stage2/sha256-8a30f14877cd8065939e3912542a17d1a5fd9b4c
/stage1/opt/stage2/sha256-abcd29837d89389s9d0898ds908ds890df890908

where:

container is the container manifest file
stage1 is a copy of the stage1 filesystem that is safe for read/write
stage1/init is the actual stage1 binary to be executed
stage1/opt/stage2 are copies of the RAFs

At this point the stage0 execs /stage1/init with the current working directory set to the root of the new filesystem.

Stage 1

The next stage is a binary that the user trusts to set up cgroups, execute processes, and other operations as root. This stage has the responsibility to take the execution group filesystem that was created by stage 0 and create the necessary cgroups, namespaces and mounts to launch the execution group:

Generate systemd unit files from the Application and Container Manifests (containing, respectively, the exec specifications of each container and the ordering given by the user)
Set up any external volumes (undefined at this point)
nspawn attaching to the bridge and launch the execution group systemd
Launch the root systemd
Have the root systemd

This process is slightly different for the qemu-kvm stage1 but a similar workflow starting at exec()'ing kvm instead of an nspawn.

Stage 2

The final stage is executing the actual application. The responsibilities of the stage2 include:

Launch the init process described in the Application Manifest

Directories ¶

Path	Synopsis
Godeps
_workspace/src/code.google.com/p/go-uuid/uuid The uuid package generates and inspects UUIDs.	The uuid package generates and inspects UUIDs.
_workspace/src/github.com/coreos/go-semver/semver
_workspace/src/github.com/coreos/go-systemd/unit
_workspace/src/github.com/gorilla/context Package context stores values shared during a request lifetime.	Package context stores values shared during a request lifetime.
_workspace/src/github.com/gorilla/mux Package gorilla/mux implements a request router and dispatcher.	Package gorilla/mux implements a request router and dispatcher.
_workspace/src/github.com/petar/GoLLRB/llrb A Left-Leaning Red-Black (LLRB) implementation of 2-3 balanced binary search trees, based on the following work: http://www.cs.princeton.edu/~rs/talks/LLRB/08Penn.pdf http://www.cs.princeton.edu/~rs/talks/LLRB/LLRB.pdf http://www.cs.princeton.edu/~rs/talks/LLRB/Java/RedBlackBST.java 2-3 trees (and the run-time equivalent 2-3-4 trees) are the de facto standard BST algoritms found in implementations of Python, Java, and other libraries.	A Left-Leaning Red-Black (LLRB) implementation of 2-3 balanced binary search trees, based on the following work: http://www.cs.princeton.edu/~rs/talks/LLRB/08Penn.pdf http://www.cs.princeton.edu/~rs/talks/LLRB/LLRB.pdf http://www.cs.princeton.edu/~rs/talks/LLRB/Java/RedBlackBST.java 2-3 trees (and the run-time equivalent 2-3-4 trees) are the de facto standard BST algoritms found in implementations of Python, Java, and other libraries.
_workspace/src/github.com/peterbourgon/diskv
_workspace/src/github.com/peterbourgon/diskv/examples/content-addressable-store
_workspace/src/github.com/peterbourgon/diskv/examples/super-simple-store
_workspace/src/golang.org/x/crypto/cast5 Package cast5 implements CAST5, as defined in RFC 2144.	Package cast5 implements CAST5, as defined in RFC 2144.
_workspace/src/golang.org/x/crypto/openpgp Package openpgp implements high level operations on OpenPGP messages.	Package openpgp implements high level operations on OpenPGP messages.
_workspace/src/golang.org/x/crypto/openpgp/armor Package armor implements OpenPGP ASCII Armor, see RFC 4880.	Package armor implements OpenPGP ASCII Armor, see RFC 4880.
_workspace/src/golang.org/x/crypto/openpgp/clearsign Package clearsign generates and processes OpenPGP, clear-signed data.	Package clearsign generates and processes OpenPGP, clear-signed data.
_workspace/src/golang.org/x/crypto/openpgp/elgamal Package elgamal implements ElGamal encryption, suitable for OpenPGP, as specified in "A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms," IEEE Transactions on Information Theory, v.	Package elgamal implements ElGamal encryption, suitable for OpenPGP, as specified in "A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms," IEEE Transactions on Information Theory, v.
_workspace/src/golang.org/x/crypto/openpgp/errors Package errors contains common error types for the OpenPGP packages.	Package errors contains common error types for the OpenPGP packages.
_workspace/src/golang.org/x/crypto/openpgp/packet Package packet implements parsing and serialization of OpenPGP packets, as specified in RFC 4880.	Package packet implements parsing and serialization of OpenPGP packets, as specified in RFC 4880.
_workspace/src/golang.org/x/crypto/openpgp/s2k Package s2k implements the various OpenPGP string-to-key transforms as specified in RFC 4800 section 3.7.1.	Package s2k implements the various OpenPGP string-to-key transforms as specified in RFC 4800 section 3.7.1.
_workspace/src/golang.org/x/net/html Package html implements an HTML5-compliant tokenizer and parser.	Package html implements an HTML5-compliant tokenizer and parser.
_workspace/src/golang.org/x/net/html/atom Package atom provides integer codes (also known as atoms) for a fixed set of frequently occurring HTML strings: tag names and attribute keys such as "p" and "id".	Package atom provides integer codes (also known as atoms) for a fixed set of frequently occurring HTML strings: tag names and attribute keys such as "p" and "id".
_workspace/src/golang.org/x/net/html/charset Package charset provides common text encodings for HTML documents.	Package charset provides common text encodings for HTML documents.
app-container
ace
aci
actool
discovery
schema
schema/types
cas
examples
dsfetch
metadatasvc
path
pkg
proc
tar
tarheader
rkt
stage0
stage1
version

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL