Docker + Red Hat OpenShift = The Tipping Point for Open PaaS?
What if you could wrap up your application in a lightweight container and then move it to any Linux server and have it perform in a predictable way with no changes? bare metal? virtualized? in a multi tenant environment? securely?
What if you could choose your language and runtime environment (Ruby, Python, JEE, JavaScript, etc) and have it provisioned with your application code? with full life-cycle management? with auto scaling? supported by the vendor behind the technology? on any PaaS?
TL;DR version — Docker is an awesome way to containerise any application running on Linux, but it has some shortfalls. Red Hat’s collaboration with dotCloud the company behind Docker will fix these and allow Docker run on almost any distribution of Linux (including RHEL and it’s derivatives). They will also integrate the technology that underpins the OpenShift PaaS (cartridges) so that the lifecycle of an application runtime can be managed. Meaning your application will eventually be able to run anywhere on your infrastructure or on the cloud with no changes — cool eh?
I believe that the announced partnership last week by Red Hat and dotCloud to get Docker working on Fedora/RHEL and into OpenShift may actually make some of the what if’s above a reality. Though the news hasn’t hit the major tech news headlines this really is the tipping point for Open PaaS to eventually win against the future that is being pushed on us by the proprietary/closed source vendors with their siloed approach to the world.
Docker is awesome… but what is it?
Docker is a super cool way of containerising your application on Linux so that rather than having a full virtual machine with an Operating System and all of its files in a large image file you instead store just the files that are different for your application and the Docker container makes sure that your application only sees its view of the world. Applications running in Docker containers are kept separate due to the power of Linux containers (LXC).
The power of this approach is that basically you can have an extremely lightweight, super fast VM like runtime environment for your application that are highly portable, for a quick 5 minute intro watch this video and come back.
Docker and OpenShift currently leverage the same building blocks to implement containers, such as Linux kernel namespaces and resource management with Control Groups (cGroups).
Docker has some drawbacks though because it doesn’t work in distributions of Linux built for the enterprise use such as RHEL and it doesn’t use Security-Enhanced Linux (SELinux) which allows the OS to provide secure multi-tenancy and reduce the risk of malicious applications or kernel exploits. This is because Docker uses AuFS (Advanced Multi Layer Unification Filesystem) is not compatible with SELinux due to labelling limitations so Docker cannot run on Fedora, RHEL or CentOS. Soon this limitation will be removed and the security and portability of Docker containers will take a major leap forward.
So what have Docker and Red Hat announced?
As announced in the press release and the docker blog post the main points of the partnership are:
- Packaging Docker for the Fedora Project, Red Hat and dotCloud are collaborating to package Docker for Fedora which will ultimately enable Docker to build and deploy on Red Hat Enterprise Linux.
- Removing Docker’s dependency on AuFS (Advanced Multi Layered Unification Filesystem) to meet mission-critical requirements from enterprise customers. The new approach will be based on the device-mapper thin provisioning technology included in Fedora, Red Hat Enterprise Linux, and other Linux distributions. This approach allows Docker to be more compatible with upstream kernel versions and frees it from a dependency on Ubuntu.
- Enabling libvirt within Docker to enable users to take full advantage of the robust networking capabilities of libvirt.
- Integrate Docker with OpenShift’s cartridge model for application orchestration. This integration will combine the power of Docker containers with OpenShift’s ability to describe and manage multi-container applications, enabling customers to build more sophisticated applications with enhanced portability.
The tipping point for Open PaaS?
There has been quite a few ripples from this announcement in the Fedora, Docker and PaaS community and some good analysis. Here is my take on why this is such an important announcement for the future of open PaaS, something I care a lot about
Docker has fast become the container of choice for many on Linux and on many open source PaaS’s that are emerging, however without SELinux and the ability to run on Enterprise Linux it was severely restricted. Docker is super powerful and the adoption and ecosystem already building up around it and with Red Hat onboard it means mean that it’s starting to emerge as a standard for Linux containers.
Yes but what has this got to do with PaaS?
Well PaaS has always needed a way to take your application from one PaaS to another, with Docker as a standard you will have a fully portable application that behaves exactly the same on one PaaS as it doesn’t on another. This frees up your application from all of those proprietary formats that each PaaS has come up with in order to give you the PaaS service in the first place.
OpenShift’s cartridge model allows “application containers” to be defined in a common manner so that for example a JEE container can be created and more importantly orchestrated (scaled up and down) and managed by the PaaS. At the moment the format for these “application containers” is fairly specific to each PaaS provider, however with Red Hat committing to integrate their cartridge model with Docker it starts to pave the way for Docker containers to have a standardised way to describe these so called “application containers” as well.
And this is the really exciting part, with a standardised way to containerise not only the files on an operating system but also the application containers as well we could have a truly open ecosystem for PaaS. You would be able to build your application on a local desktop, virtual machine, on-premise PaaS or cloud PaaS and move your application from one PaaS provider to another while having an extremely portable containerised application AND a fully supported application container containing your Java Application Server of choice. We would rapidly start to see support for almost every sort of application container available (Jetty, Tomcat, JBoss EAP, Oracle WebLogic, IBM Websphere, vert.x, Ruby on Rails, Django, whatever) in a standardised way.
To have a truly open ecosystem in PaaS is what we’ve been waiting for and I believe that the decision announced last week has the potential to form the seed of this open ecosystem.
Update: I made it to the home page of Hacker News so feel free to join the discussion there: https://news.ycombinator.com/item?id=6494527
