This question has being churning around in my mind for a while, so i decided to share my thoughts with you all, to do this I dusted of my old art pencil and did some drawings. My old school art teacher would be so proud ‘not’. Anyway back to the script, these are my thoughts from many years interacting with teams and understand what people do, please do not be offended if i have not captured this fully. The big question is, which one are you…..?
Docker 1.3 is out and it’s time to upgrade and check out the new features. Lets get the upgrade or install out of the way before we look at the new features. To upgrade, this is what I did on my Ubuntu 14.04 desktop, first make sure you do not have any containers running, shut them down safely, then do the following,
sudo apt-get update sudo apt-get remove --purge lxc-docker #Only do this is you have docker installed already. sudo apt-get autoremove --purge #Only do this if ypsou have docker install all ready. sudo apt-get install lxc-docker #This will install docker
Now we have a working docker installed, lets do a quick check to make sure it is OK and working,
sudo service docker statusThis will return the process number if docker is running, if not you will need to start docker 'service docker start', make sure their is no errors. sudo docker version This will return the version of docker
We now good to go.................
Check out the following link from the guys at Docker,http://blog.docker.com/2014/10/docker-1-3-signed-images-process-injection-security-options-mac-shared-directories/
So lets have a quick look at what I like in this release, the big one for me is ‘digital signature verification‘, this is a much needed feature, but it is only a tech preview, so what dose this mean, it mean the feature is part implemented, at present only official containers from the official repo are signed and only warnings are given. it gives the ability to create a signed container and when it is pulled/downloaded by docker the signature will be validated. This is a step in the right direction and I can wait till we see this feature finished.
The next feature is a little handy one, if you have being developing with docker and using nsenter you can now do the same with ‘docker exec’ Container life cycle improvements, you can now use the new ‘docker create’ to create a container but not run it, at a later point you can use ‘docker start’ to run the container.
Their were some security features added, I have not got a chance to look at them and I will update this blog post later with some info.