Farkas,
Also, here is a brand new on off the press by Ben Breard:
https://rhelblog.redhat.com/2018/07/11/unleash-powerful-linux-container-building-capabilities-with-buildah/
Best Regards
Scott M
On Thu, Jul 12, 2018 at 10:14 AM Scott McCarty <smcca...@redhat.com> wrote:
> Farkas,
> Here are some comments inline.
>
> On Tue, Jul 10, 2018 at 7:39 AM Farkas Levente <lfar...@lfarkas.org>
> wrote:
>
>> Hi,
>> We're using centos and fedora for production and development. I'm waiting
>> for a long time to be able to use docker's multi stage build feature which
>> imho would an essential feature for all kind of container build.
>> Unfortunately neither rhel/centos' nor fedora's latest release do not
>> update docker in the last 1.5 years (!).
>>
>
> Regretfully, I can't comment on why Fedora hasn't shipped Docker CE, as I
> don't really participate as much as I wish I could with Fedora. But, I can
> say that you don't see an update in CentOS, because it hasn't been updated
> in Red Hat Enterprise Linux and CentOS is a rebuild of RHEL. Docker CE is
> not meant for enterprise editions of Linux. If you really want Docker CE or
> EE, I would encourage you to download CE or talk to Docker about purchasing
> Docker EE :-)
>
>
>> docker 1.13 was released January 19, 2017.
>>
>
> Yes, coincidentally, you will notice that this the last major release of
> the docker engine before it was split up into three new entities - Moby,
> Docker CE, and Docker EE. Moby is a bigger project than just the docker
> engine and was never really set up in a way to make it easy for a Linux
> distribution to build and ship the engine and cli together as a thing like
> what was done in the docker 1.13 days. So, basically, we just kept patching
> docker 1.13. Red Hat and Fedora would have been happy to have just kept
> shipping newer versions but alas, that just wasn't an option.
>
>
>
>
>> I understand that everybody would like to use the new and fancy OCI tools
>> and stuff.
>>
> Yes :-)
>
>> So I try to understand the current state of these tools. But it seems for
>> me that these tools are far from ready and not even ready for daily usage.
>>
>
> I would love to know what other things give you that impression? I use
> these tools daily and I actually think they are quite good. In RHEL,
> Buildah is at 1.1<+, CRI-O is at 1.9+ and Podman is at 0.6.1 and heading
> for GA quickly.
>
>
>> eg. buildah can only va run by root and no usable way to develop and test
>> as a regular user etc.
>>
>
> The team is working diligently to drop as many privileges as possible and
> they are making good progress. That said, the fact that you know you are
> running as root with buildah is an improvement. I just want to make sure
> that it is crystal clear to you that when you have a docker daemon running
> on your box, you are running as root. Just because you are running the
> docker command as a user, doesn't protect you in any way shape or form.
>
> docker run --privileged centos7 bash gives you a root shell.
>
> This is NO different than sudo. In fact it's worse, because at least sudo
> can log the commands that you run and log those off system if things are
> set up correctly.
>
>
>> First of all is there any good comprehensive tutorial (may with compare
>> with docker) which tools should have to use and how.
>>
>
> Here's a good one:
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html/managing_containers/finding_running_and_building_containers_without_docker
>
>
>>
>> ..and until these tools get ready...
>>
>
> I really think you should give them more of try, I am happy to help
> answer questions.
>
>
>> is there any plan or change that rh/fedora will update docker to
>> something newer or everybody should have to use docker-ce packages from
>> docker or other even more dirtier trick to build small containers?
>>
>
> I think I explained this above, but let me make sure this is crystal
> clear. There is no option for Red Hat to ship a new version of docker. The
> only option are:
>
> 1. Build and ship binary versions of the engine in Moby (no cli)
> 2. Can't ship Docker CE because it's not intended for enterprise
> distributions of Linux
> 3. Can't ship Docker EE because that requires a contract with Docker Inc.
>
> I would encourage you to keep checking out the OCI Container Tools, or
> perhaps go download Docker CE.... Hopefully that helps...
>
>>
>> Thanks in advance.
>>
>> --
>> Levente "Si vis pacem para bellum!"
>>
>
>
> --
>
> --
> Scott McCarty, RHCA
> Product Management - Containers, Red Hat Enterprise Linux & OpenShift
> Email: smcca...@redhat.com
> Phone: 312-660-3535
> Cell: 330-807-1043
> Web: http://crunchtools.com
>
> Does Serverless and Containers spell the end for operating systems?
> http://bit.ly/2JfBUkf
>
>
>
--
--
Scott McCarty, RHCA
Product Management - Containers, Red Hat Enterprise Linux & OpenShift
Email: smcca...@redhat.com
Phone: 312-660-3535
Cell: 330-807-1043
Web: http://crunchtools.com
Does Serverless and Containers spell the end for operating systems?
http://bit.ly/2JfBUkf
