27

If I run Docker Engine and the same container on a set of different Linux distributions, will the container run in the same way? I am asking because in many cases applications depend on a specific Linux distribution for some resources, such as fonts. If my application running inside a Docker container depends on a font used in Ubuntu (and there may be many other dependencies), how is this managed? Will I need to install the font inside container, will I need to run Ubuntu inside the container running the application, or does the application use fonts from the underlying OS running the container?

user1340582
  • 19,151
  • 35
  • 115
  • 171
  • How are the fonts being used? E.g. your program uses them via X, or via HTML/CSS in a web browser, or some other way? – Bryan Apr 28 '15 at 09:52

2 Answers2

24

Any missing resources should be installed in a Docker image (which can start from the ubuntu image).
It should not rely on host for dependencies.

The idea is to be able to reproduce the environment each time a container is run from an image.

A container don't see the host resources (beside mounted volumes), since it has the Docker engine between the container and the host, in order to configure cgroups and namespaces to control which resources the container can see and access.

Docker

The "fedora" image referenced in jboss/base is the base image:

images

In Docker terminology, a read-only Layer is called an image. An image never changes.

Since Docker uses a Union File System, the processes think the whole file system is mounted read-write. But all the changes go to the top-most writeable layer, and underneath, the original file in the read-only image is unchanged.
Since images don't change, images do not have state.

See "What is the relationship between the docker host OS and the container base image OS?":

The only relationship between the host OS and the container is the Kernel.

as the kernel is still the kernel of the host, you will not have any specific kernel module/patches provided by the distribution.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • That's right, the only thing that the Docker process should share with the host OS is the kernel. Everything else should be in the container image itself (or a well-defined external service such as a database server). – Thilo Apr 28 '15 at 06:05
  • Thanks. Does the docker engine come with a default linux, or do you always define it in your dockerfile? I see that e.g. Jboss Wildfly uses a "base" image which starts by downloading Fedora. – user1340582 Apr 28 '15 at 06:26
  • 1
    @user1340582 no the docker engine is installed on the Linux host, which is why say host should have a kernel 3.10+ (in order to provide the lxc, cgroups and others features Docker relies on) – VonC Apr 28 '15 at 06:30
  • 1
    @user1340582 the Dockerfile of jboss Wildfly (https://registry.hub.docker.com/u/jboss/wildfly/dockerfile/) uses an image (jboss base, https://registry.hub.docker.com/u/jboss/base/dockerfile/, base on fedora image). This is independent of the host (I could run it on my Tiny core boot2docker VM, a 27 MB Linux host) – VonC Apr 28 '15 at 06:32
  • The phrase "it has the Docker engine between the container and the host" isn't really accurate. Perhaps "the Docker engine configures cgroups and namespaces to control which resources the container can see and access"? – Adrian Mouat Apr 28 '15 at 08:13
  • @AdrianMouat I agree. I tried and edit the answer accordingly, but don't hesitate to rephrase it and edit it too. – VonC Apr 28 '15 at 08:17
  • I look at the picture above and it is a bit confusing. On the docker site it says that containers are different compared to VM:s in that a Guest OS is required for in VM:s, but then when you look at a dockerfile, the first thing it does is it downloads a full Fedora OS before pulling the app? :) – user1340582 Apr 28 '15 at 13:21
  • 2
    It does not download a fedora "OS", but a fedora image (see my edited answer above), that is a filesystem which contains fedora files. TO be a full functionning OS, it needs the kernel of its Linux host: see http://stackoverflow.com/q/18786209/6309 – VonC Apr 28 '15 at 13:30
1

What you need to be careful is

  • the kernel dependency,
  • and some mandatory access control (SELinux, Apparmor) configurations, which are distribution dependent and may have an impact on how your Docker containers work.
xuhdev
  • 8,018
  • 2
  • 41
  • 69