Farkas,
Here are some comments inline.
On Tue, Jul 10, 2018 at 7:39 AM Farkas Levente <lfar...@lfarkas.org> wrote:
> Hi,
> We're using centos and fedora for production and development. I'm waiting
> for a long time to be able to use docker's multi stage build feature which
> imho would an essential feature for all kind of container build.
> Unfortunately neither rhel/centos' nor fedora's latest release do not
> update docker in the last 1.5 years (!).
>
Regretfully, I can't comment on why Fedora hasn't shipped Docker CE, as I
don't really participate as much as I wish I could with Fedora. But, I can
say that you don't see an update in CentOS, because it hasn't been updated
in Red Hat Enterprise Linux and CentOS is a rebuild of RHEL. Docker CE is
not meant for enterprise editions of Linux. If you really want Docker CE or
EE, I would encourage you to download CE or talk to Docker about purchasing
Docker EE :-)
> docker 1.13 was released January 19, 2017.
>
Yes, coincidentally, you will notice that this the last major release of
the docker engine before it was split up into three new entities - Moby,
Docker CE, and Docker EE. Moby is a bigger project than just the docker
engine and was never really set up in a way to make it easy for a Linux
distribution to build and ship the engine and cli together as a thing like
what was done in the docker 1.13 days. So, basically, we just kept patching
docker 1.13. Red Hat and Fedora would have been happy to have just kept
shipping newer versions but alas, that just wasn't an option.
> I understand that everybody would like to use the new and fancy OCI tools
> and stuff.
>
Yes :-)
> So I try to understand the current state of these tools. But it seems for
> me that these tools are far from ready and not even ready for daily usage.
>
I would love to know what other things give you that impression? I use
these tools daily and I actually think they are quite good. In RHEL,
Buildah is at 1.1<+, CRI-O is at 1.9+ and Podman is at 0.6.1 and heading
for GA quickly.
> eg. buildah can only va run by root and no usable way to develop and test
> as a regular user etc.
>
The team is working diligently to drop as many privileges as possible and
they are making good progress. That said, the fact that you know you are
running as root with buildah is an improvement. I just want to make sure
that it is crystal clear to you that when you have a docker daemon running
on your box, you are running as root. Just because you are running the
docker command as a user, doesn't protect you in any way shape or form.
docker run --privileged centos7 bash gives you a root shell.
This is NO different than sudo. In fact it's worse, because at least sudo
can log the commands that you run and log those off system if things are
set up correctly.
> First of all is there any good comprehensive tutorial (may with compare
> with docker) which tools should have to use and how.
>
Here's a good one:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html/managing_containers/finding_running_and_building_containers_without_docker
>
> ..and until these tools get ready...
>
I really think you should give them more of try, I am happy to help answer
questions.
> is there any plan or change that rh/fedora will update docker to something
> newer or everybody should have to use docker-ce packages from docker or
> other even more dirtier trick to build small containers?
>
I think I explained this above, but let me make sure this is crystal clear.
There is no option for Red Hat to ship a new version of docker. The only
option are:
1. Build and ship binary versions of the engine in Moby (no cli)
2. Can't ship Docker CE because it's not intended for enterprise
distributions of Linux
3. Can't ship Docker EE because that requires a contract with Docker Inc.
I would encourage you to keep checking out the OCI Container Tools, or
perhaps go download Docker CE.... Hopefully that helps...
>
> Thanks in advance.
>
> --
> Levente "Si vis pacem para bellum!"
>
--
--
Scott McCarty, RHCA
Product Management - Containers, Red Hat Enterprise Linux & OpenShift
Email: smcca...@redhat.com
Phone: 312-660-3535
Cell: 330-807-1043
Web: http://crunchtools.com
Does Serverless and Containers spell the end for operating systems?
http://bit.ly/2JfBUkf
