New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal: Host management #8681
Comments
Ben, can you outline how the client's public key will get placed in the server's "authorized_keys" upon new host creation? I understand that we'll need to merge with the libtrust work before getting this fully implemented. |
@bfirsh can you detail the integration points for host drivers? Are those similar to boot2docker-cli drivers? Also can you hint at the implication on the installation experience for new user? Does that mean the boot2docker installer morph into a docker client install with support drivers? |
Driver's responsibility to select OS and if possible (which should be in most cases) user specify-able, as well as a bootstrapping script. If the driver's provider provides boot2docker as an image, it should be used as a default. |
@proppy Right now drivers implement this interface: // Driver defines how a host is created and controlled. Different types of
// driver represent different ways hosts can be created (e.g. different
// hypervisors, different cloud providers)
type Driver interface {
DriverName() string
GetURL() (string, error)
GetIP() (string, error)
GetState() (state.State, error)
Create() error
SetConfigFromFlags(flags interface{}) error
Remove() error
Start() error
Stop() error
Restart() error
Kill() error
GetSSHCommand(args ...string) *exec.Cmd
// Pause() error
} and register themselves with a FeedbackFirst off, awesome work @bfirsh , @cpuguy83 and countless others who have been involved in this idea and moving this implementation forward. It's very exciting stuff. I got interested in the movement around hosts and went off and implemented an Amazon EC2 driver. It's a lot of fun to be able to bootstrap a host pretty quickly from the command line. Ben and the boot2docker-cli maintainers (which is where the original driver code came from) did a great job implementing an interface that's pretty easy to write to. Like anything new, there's plenty of rough surfaces that need to get ironed out before we even consider merging this into Docker. My feedback on the proposal is as follows: Implement
|
+1, good to see this merged already!
This would be rad as hell. I'd argue that this isn't necessarily a day 1 feature - but on the other hand, it'll be harder to add later (drivers might have to be significantly rewritten).
I think as soon as we're talking about a set of hosts that share an application, we're out of the scope of host management. If whatever system is making the decisions about what host to run what on, and what order to do things in, exposes the Docker API, then that could be a selectable host in
Not sure I understand the second use case here. |
The rest of my feedback: Don't switch active host by default on
|
Yes, I think this is absolute essential to implement and get correct now, or else people will not use this feature - we should log each mutating request and the received response, as well as have a staging / dry-run feature.
Fair enough, but what about a set of clients that share hosts? There needs to be some way to account for this. To continue the git comparison: you can easily set up remotes and track branches across different clients / machines, and I think users will want to run commands against the same hosts from different Additionally, let's suppose that I have some SSH keys which were generated by
Yes, let's not get into the business of aggregate host / resource scheduling etc. with this feature. But what's the answer to e.g. "how do I pull the same image concurrently on two or more hosts"?
I suppose what I was envisioning is exposing host management as an API, so that you could remotely run
|
How about I like the idea of the driver being an option to the For now, we'll remove the default option for the azure image, and behave like the b2d iso:
|
@proppy Here are some examples of drivers: https://github.com/bfirsh/docker/tree/host-management/hosts/drivers We plan to make this the primary installation experience for new users on OS X and we'll be deprecating boot2docker-cli. For Windows, there is ongoing work to add Windows support to the Docker client, so it depends if that lands or not. |
@nathanleclaire Thanks for your pull requests Nathan, really appreciate it. I agree we need a sync mechanism. Version 2 of host management will be a hosted service, probably as part of the Hub, but this is a first step to get us towards that. The migration path makes sense, I think. In the future version of Docker it'll ask you, "do you want to push your hosts up to the Hub?" (think iCloud migration). With regards to selecting the host on create: I think this makes sense from a behaviour point of view. I think your objection is that sometimes it throws panics, and it shouldn't do that. It's a known issue that Docker won't when a stopped host is active, and I'm currently refactoring the client to make that work. We should be using |
In terms of cleaning up CLI commands, I went back and forth on this design with @tianon, so he might have opinions. I don't think there's anything wrong with long help commands. In fact, I like them, because it makes it easy to get a quick overview of how the whole thing works. I made the Docker help much longer for this reason. I don't think it makes sense for there to be separate commands for each driver. It's optional, for a start. I think a good solution could be to group the options based on what driver they're for. It'll make the help text easier to scan and won't complicate the design. /cc @cpuguy83 |
I have added some builds to the description if you'd like to try it out. |
Er, just a quick sanity check to make sure I'm not missing something obvious. In the example you have
Is that supposed to be an image named echo on the host dev with whatever entrypoint (presumably |
@kojiromike Oops. Yes. Thank you! |
+1 Adding this as a separate tool would be great. It feels irresponsible to add remote host functionality to core before the necessary security, permissions and logging are supported and stable. Discussion of this functionality and similar comments by @nathanleclaire at 50+ minutes into: http://new.livestream.com/primeimagemedia/events/3532966 |
I've updated the binaries in the description with a more recent build. |
@inthecloud247 while we agree this is terrific functionality that Docker users will love to have, I disagree sharply with the idea that we should provide it as a separate tool. This feature set is so incredibly compelling that every docker user should have access to it built in. Yes, the default provider list will need to be carefully curated and managed, and this will cause docker to be larger. These drawbacks are well worth the advantage of making a simple and effective union between a local docker environment, a group of local docker servers, and even a collection of clouds where workloads can be run. Let's find a way to get at least support providers who can assign maintainers to provide for the long term care and feeding of their contributions. |
Some of the multi-host functionality seems to be available now using fig... just need to merge the changes proposed by the recent Docker Global Hack Day 2 winner. The pull request has been open for 11 days: docker/compose#607 Kinda sad if he wins the hack day and the pull request gets closed :-( |
Does the driver expect to be able control the daemon? or is that cool if the daemon start with the VM? Also if the VM generates the certs at boot, it there a standard way for the hosts code to pull the client certs over ssh? or should it be done per driver? |
@proppy The driver just needs to boot up the vm with the daemon listening on an available port. Weather that means installing the daemon or having docker baked into the image, it doesn't matter. None of the drivers have security at the moment, we're moving away from the CA based certs to ssh style: #8265 I'd like to get an interface into that PR for the driver to be able to pull the clients 'public key,' so that the driver can properly configure the deamons 'authorized_clients' file, but haven't had a chance. We'll need this when these features merge. |
Love this proposal 👍 I just filed an issue over at bfirsh#18 as we have several VMware drivers ready to be PR'd (vCloud Air, Fusion and vSphere), can you guys shed some light on what are the plans for this proposal? |
@jeffmendoza does the driver assume it has lifecycle control over the daemon? In the current spec does:
refers to the host or the daemon? or it doesn't matter? |
@proppy Those refer to the host. Example: you would want to use |
For those working on host management, just a heads up: I have started to squash my branch and base it on top of #8265. The new branch is here: https://github.com/bfirsh/docker/tree/host-management-with-client-daemon-auth I will transfer any changes from the host-management branch over to that branch, but if you start building on top of that branch now, the merge conflicts might be less painful. :) |
Man |
I have now rebased the host management branch on top of #8265 and squashed it: https://github.com/bfirsh/docker/compare/host-management Any pull requests should now be based on top of that. The driver interface hasn't changed, so it should be a trivial matter to rebase any existing pull requests. The main thing which has changed is that drivers are expected to set up identity auth for communication with the host. See this commit for an example of how to do so. The old branch is here for reference. Full update and preview builds coming soon. |
Has there been any progress on splitting the actual driver implementations |
@tianon Not really official sanctioned, but I've been playing around with implementing plugins, specifically implenenting a graphdriver for plugins, which could be used for this, in theory: https://github.com/cpuguy83/docker/tree/poc_storage_plugin |
Thanks for your feedback, everyone. Host management is now Docker Machine! |
Silly me, I assumed we were having an open discussion here... Secrets within puzzles inside a mystery. It's been real. |
Getting started with Docker is a pain. If you want to use Docker locally, you have to install boot2docker and figure out how to install and run it. If you want to use Docker remotely, you have to figure out how to spin up an instance on a cloud provider, install Docker, set up certificates to secure the connection, etc.
I am proposing we add a way of managing Docker hosts from within the client itself. It’ll let you create hosts on both cloud providers and local hypervisors, then set up the client to point at them.
It works a bit like this:
Initially, it will ship with a Virtualbox driver to replace the boot2docker client, and various drivers for cloud providers.
Active host
A host can be “active”, which means Docker commands will run against that host. This is a bit like selecting a branch in Git.
Client/daemon authentication and encryption
TLS will be enabled by default in the same release this ships.
Backwards compatibility
Docker ships with a hardcoded “default” host. The default host is always available, cannot be removed, and cannot be changed. When it is active, Docker behaves as it does at the moment (reads
DOCKER_HOST
, etc).The
-H
option can be used to override the active host. If the host specified with-H
is not prefixed with a protocol, Docker will attempt to look up a host of that name and use it. If there is a protocol, Docker will treat it as a URL to connect to.Storage of host configuration
Hosts will be stored in flat files in your home directory so it is simple and accessible.
The configuration for a host is stored in
~/.docker/hosts/<name>/config.json
, and a driver can store arbitrary files in~/.docker/hosts/<name>/
(SSH keys, disk images, etc).A file called
~/.docker/hosts/.active
stores the name of the current active host.Questions
Do we pick a single operating system? Is it the driver’s responsibility to choose the “best” operating system for a provider? Do we offer a choice of operating system?
How do we upgrade Docker on the hosts? Is this the driver’s responsibility? Is this the operating system’s responsibility? Could it be the Docker daemon’s responsibility?
Builds
As of 36583edf5c25fff1d33db411cdc2fbaafa2e5ea9
See also
The text was updated successfully, but these errors were encountered: