RancherOS - Tiny Linux distro that runs the entire OS as Docker containers

  •        252

RancherOS is a minimalist Linux distribution perfect for running Docker containers. It runs Docker directly on top of the kernel and delivers Linux services as containers. It includes only the services needed to run Docker. RancherOS reduces the hassle with updating, patching, and maintaining your container host operating system.




Related Projects

Rancher - Complete container management platform

Rancher is an open source project that provides a complete platform for operating Docker in production. It provides infrastructure services such as multi-host networking, global and local load balancing, and volume snapshots. It integrates native Docker management capabilities such as Docker Machine and Docker Swarm. It offers a rich user experience that enables devops admins to operate Docker in production at large scale.

Docker-Secure-Deployment-Guidelines - Deployment checklist for securely deploying Docker

Within today’s growing cloud-based IT market, there is a strong demand for virtualisation technologies. Unfortunately most virtualisation solutions are not flexible enough to meet developer requirements and the overhead implied by the use of full virtualisation solutions becomes a burden on the scalability of the infrastructure. Docker reduces that overhead by allowing developers and system administrators to seamlessly deploy containers for applications and services required for business operations. However, because Docker leverages the same kernel as the host system to reduce the need for resources, containers can be exposed to significant security risks if not adequately configured. The following itemised list suggests hardening actions that can be undertaken to improve the security posture of the containers within their respective environment. It should be noted that proposed solutions only apply to deployment of Linux Docker containers on Linux-based hosts, using the most recent release of Docker at the time of this writing (1.4.0, commit 4595d4f, dating 11/12/14). Part of the content below is based on publications from Jérôme Petazzoni [1] and Daniel J Walsh [2]. This document aims at adding on to their recommendations and how they can specifically be implemented within Docker. Note: Most of suggested command line options can be stored and used in a similar manner inside a Dockerfile for automated image building. Docker 1.3 now supports cryptographic signatures [3] to ascertain the origin and integrity of official repository images. This feature is however still a work in progress as Docker will issue a warning but not prevent the image from actually running. Furthermore, it does not apply to non-official images. In general, ensure that images are only retrieved from trusted repositories and that the --insecure-registry=[] command line option is never used.

udocker - A basic user tool to execute simple docker containers in batch or interactive systems without root privileges

A basic user tool to execute simple docker containers in user space without requiring root privileges. Enables download and execution of docker containers by non-privileged users in Linux systems where docker is not available. It can be used to pull and execute docker containers in Linux batch systems and interactive clusters that are managed by other entities such as grid infrastructures or externally managed batch or interactive systems. The INDIGO udocker does not require any type of privileges nor the deployment of services by system administrators. It can be downloaded and executed entirely by the end user.

dumb-init - A minimal init system for Linux containers

dumb-init is a simple process supervisor and init system designed to run as PID 1 inside minimal container environments (such as Docker). It is deployed as a small, statically-linked binary written in C.Lightweight containers have popularized the idea of running a single process or service without normal init systems like systemd or sysvinit. However, omitting an init system often leads to incorrect handling of processes and signals, and can result in problems such as containers which can't be gracefully stopped, or leaking containers which should have been destroyed.

Chakra - Desktop OS

Chakra is a free, user-friendly and extremely powerful liveCD distribution based on the KDE Software Compilation. Chakra is by default a GTk free distribution specially made for run Qt based applications and frameworks at full performance. Its goal is to build an operating system that meets most requirements desktop users have today,

Manjaro - User-friendly Linux Distribution

Manjaro is a user-friendly Linux distribution based on the independently developed Arch operating system. Arch itself is renowned for being an exceptionally fast, powerful, and lightweight distribution that provides access to the very latest cutting edge – and bleeding edge – software. However, Arch is also aimed at more experienced or technically-minded users. Manjaro provides all the benefits of the Arch operating system combined with a focus on user-friendliness and accessibility.

boot2docker - Lightweight Linux for Docker

Boot2Docker is a lightweight Linux distribution made specifically to run Docker containers. It runs completely from RAM, is a small ~38MB download and boots in ~5s (YMMV).Boot2Docker is currently designed and tuned for development. Using it for any kind of production workloads at this time is highly discouraged.

Dragonfly - Dragonfly is an intelligent P2P based file distribution system.

Dragonfly is an intelligent P2P based file distribution system. It resolved issues like low-efficiency,low-success rate,waste of network bandwidth you faced in large-scale file distribution scenarios such as application deployment, large-scale cache file distribution, data file distribution, images distribution etc. In Alibaba, the system transferred 2 billion times and distributed 3.4PB data every month, it becomes one of the most important infrastructure in Alibaba. The reliability is up to 99.9999%. DevOps takes a lot of benefits from container technologies . but at the same time, it also bring a lot of challenges: the efficiency of image distribution, especially when you have a lot of applications and require image distribution at the same time. Dragonfly works extremely well with both Docker and Pouch, and actually we compatible with any other container technologies without any modifications of container engine.

runtime-spec - OCI Runtime Specification

The Open Container Initiative develops specifications for standards on Operating System process and application containers. The specification can be found here.

dockertest - Write better integration tests! Dockertest helps you boot up ephermal docker images for your Go tests with minimal work

When developing applications, it is often necessary to use services that talk to a database system. Unit Testing these services can be cumbersome because mocking database/DBAL is strenuous. Making slight changes to the schema implies rewriting at least some, if not all of the mocks. The same goes for API changes in the DBAL. To avoid this, it is smarter to test these specific services against a real database that is destroyed after testing. Docker is the perfect system for running unit tests as you can spin up containers in a few seconds and kill them when the test completes. The Dockertest library provides easy to use commands for spinning up Docker containers and using them for your tests.Using Dockertest is straightforward and simple. Check the releases tab for available releases.

Portus - Authorization service and frontend for Docker registry (v2)

Portus is an authorization server and a user interface for the next generation of the Docker registry. Portus targets version 2 of the Docker Registry API. The minimum required version of Registry is 2.1, which is the first version supporting soft deletes of blobs. Portus supports the concept of users and teams. Users have their own personal Docker namespace where they have both read (aka docker pull) and write (aka docker push) access. A team is a group of users that have read and write access to a certain namespace. You can read more about this in our documentation page about it.

logspout - Log routing for Docker container logs

Docker Hub automated builds for gliderlabs/logspout:latest and progrium/logspout:latest are now pointing to the release branch. For master, use gliderlabs/logspout:master. Individual versions are also available as saved images in releases.Logspout is a log router for Docker containers that runs inside Docker. It attaches to all containers on a host, then routes their logs wherever you want. It also has an extensible module system.

Tails - Live Operating System supports Privacy and Anonymity

Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity, and helps you to use the Internet anonymously and circumvent censorship. All connections to the Internet are forced to go through the Tor network. It leaves no trace on the computer you are using unless you ask it explicitly. It uses cryptographic tools to encrypt your files, emails and instant messaging.

PLD - PLD Linux Distribution

PLD is a free, RPM-based Linux distribution, aimed at the more advanced users and administrators, who accept the tradeoffs of using a system, that might require manual tweaking in exchange for much flexibility. PLD kernels are build using modules. You are free to pick which modules to load depending on hardware you want to use. It supports Easy package management, Multiple desktop environments and lot more.

Debian - The Universal Operating System

Debian is a free operating system (OS) for your computer. An operating system is the set of basic programs and utilities that make your computer run. Debian provides more than a pure OS: it comes with over 29000 packages, precompiled software bundled up in a nice format for easy installation on your machine.

Bodhi Linux - The Enlightened Linux Distribution

Bodhi Linux is a Linux-based operating system based upon two things Minimalism, Enlightenment desktop. It provides you a base system that is functional but not bloated. Bodhi’s default application set takes up less than 10MB of space in total.

Nomad - Easily Deploy Applications at Any Scale

Nomad is a cluster manager, designed for both long lived services and short lived batch processing workloads. Developers use a declarative job specification to submit work, and Nomad ensures constraints are satisfied and resource utilization is optimized by efficient task packing. Nomad supports all major operating systems and virtualized, containerized, or standalone applications.

Minix - Operating System by Andrew S. Tanenbaum

MINIX 3 is a free, open-source, operating system designed to be highly reliable, flexible, and secure. It is based on a tiny microkernel running in kernel mode with the rest of the operating system running as a collection of isolated, protected, processes in user mode.

docker-slim - DockerSlim (docker-slim): Optimize and secure your Docker containers (free and open source)

Creating small containers requires a lot of voodoo magic and it can be pretty painful. You shouldn't have to throw away your tools and your workflow to have skinny containers. Using Docker should be easy.docker-slim is a magic diet pill for your containers :) It will use static and dynamic analysis to create a skinny container for your app.

gantryd - Framework for easy management of docker-based components across machines

gantryd is a distributed, etcd-based system for running, updating, monitoring and managing various Docker images (known as "components") across multiple machines.gantryd manages the running, monitoring and draining of containers, automatically updating machines progressively on update, and draining the old containers as it goes along. A container is only shutdown when all connections to it have terminated (or it is manually killed). This, combined with progressive update, allows for continuous deployment by simply pushing a new docker image to a repository and running update via gantryd.py.