Stackato 3.6 Released with Support for Docker Images

Stackato 3.6 is here, and I'm going to show you something very, very cool: deploying a Docker image to a Cloud Foundry-based platform.

Nothing up my sleeve. No source code in my local directory, just the Stackato CLI client, my trusty Stackato 3.6 demo cluster, and a cool little web app someone has graciously published to the Docker Hub.

$ stackato push --no-prompt --docker-image sparklyballs/shout-irc --as shout
No manifest
Docker Image:  	sparklyballs/shout-irc
Application Url:
Creating Application [shout] as [ -> ActiveTest -> dev -> shout] ... OK
  Map ... OK
Uploading Application [shout] ... Skipped, using docker image "sparklyballs/shout-irc:latest"
Starting Application [shout] ...
stackato[dea_ng]: Staging docker application sparklyballs/shout-irc:latest
stackato[dea_ng]: Located 17 images
stackato[dea_ng]: Downloading image 2fc25f9567a3
stackato[dea_ng]: Downloading image 8ae17d9bb816
stackato[dea_ng]: Downloading image 07efe1ba6b7a
stackato[dea_ng]: Downloading image b4d345255e1d
stackato[dea_ng]: Downloading image abd85a1bb9ed
stackato[dea_ng]: Downloading image c9284f1eb905
stackato[dea_ng]: Downloading image e1723d785e2f
stackato[dea_ng]: Downloading image 5a14c1498ff4
stackato[dea_ng]: Downloading image 2eccda511755
stackato[dea_ng]: Downloading image 2ce4ac388730
stackato[dea_ng]: Downloading image ec5f59360a64
stackato[dea_ng]: Downloading image 8254ff58b098
stackato[dea_ng]: Downloading image b39b81afc8ca
stackato[dea_ng]: Downloading image 615c102e2290
stackato[dea_ng]: Downloading image 837339b91538
stackato[dea_ng]: Downloading image 53f858aaaf03
stackato[dea_ng]: Downloading image 511136ea3c5a
stackato[dea_ng]: Located 1 tags
stackato[dea_ng]: Downloading tag `latest'
stackato[dea_ng]: Download complete
stackato[dea_ng]: Completed pulling docker image
stackato[fence.0]: Created Docker container
stackato[fence.0]: Prepared Docker container
stackato[dea_ng.0]: Instance is ready
OK deployed

There has been a lot of buzz and hand waving in the cloud and Platform-as-a-Service (PaaS) space about Docker integration, but this is the real thing. You can download the VM now, set up your own platform, and start doing what I just did.

How did it do that?

Stackato has been using Linux containers for isolating hosted applications since its earliest Beta releases in 2011. The Cloud Foundry core developers picked up on this and developed their own container management system called Warden. Shortly after that, a little PaaS called dotCloud open sourced their container management software, which proved to be... somewhat popular.

When moving to the Cloud Foundry v2 code base, we had to decide whether to adopt Warden (now Garden) or to integrate Docker into the Cloud Foundry DEA. We chose the latter, in large part so that in the future we could allow users to do what I just did: deploy Docker images directly to the platform.

Docker Apps and Staged Apps

This new feature is called Docker Apps. Unlike staged apps which use Heroku-style buildpacks to assemble runtime dependencies and configure the container, Docker images are essentially pre-built stacks of filesystem layers. This has two important effects:

  • Fetching Docker images takes longer than pushing source code (the first time), but
  • Subsequent deployments of the same Docker image layers are very fast

This is the cloud platform version of the familiar trade off between package management and build-from-source approaches. With Stackato you get to choose which technique will work best for you in a given case. You may be more comfortable creating Dockerfiles and publishing images than figuring out how to get your app working using a buildpack.

Locking it down

If you're the administrator of the system, you might be concerned about the safety of running arbitrary Docker containers on a multi-tenant system. Unlike staged applications which all run in the same, trusted base container, users could deploy Docker images which expose a root user or do other less-than-completely-secure things.

With this concern in mind, we've made sure admins can limit the deployment of Docker apps to a group of trusted users, a list of trusted images and registry servers, or all of the above.

All the hard work you don't see

Docker Apps is the most visible (and exciting) feature in Stackato 3.6, but a lot of other work went on behind the scenes. The buildpacks in Stackato have all been updated, along with Ruby (2.1.5), and of course Docker (1.5). The release includes a merge from Cloud Foundry v205 and some restructuring of our code and build systems to help us keep in closer step with upstream releases and contributors in the community. Some of our customers will be happy to see the more fine grained permission controls available in the new Feature Flags.

Additional Resources:

This blog post was originally published by Troy Topnik on May 11, 2015 at ActiveState blog.