Here the slides for the Atomic System Containers talk I gave at Devconf.cz 2017:
http://scrivano.org/static/system-containers-demo/
If you are interested in the video, it is on YouTube:
Facebook detox?
I have been using Facebook for the last years to fill every dead time:waiting for the bus, ads on TV, compiling, etc. The quality of the information coming from Facebook is inferior to any other social network, at least to my experience (it can be I follow/know the wrong people), though the part of the brain that controls procrastination seems addicted to this lower quality information and the chattering there. Also, I don’t want to simply delete my Facebook account and move on, most of the people I know are present only there, neither I want to be more “asocial”.
[Read More]
use bubblewrap as an unprivileged user to run systemd images
bubblewrap is a sandboxing tool that allows unprivileged users to run containers. I was recently working on a way to allow unprivileged users, to take advantage of bubblewrap to run regular system images that are using systemd. To do so, it was necessary to modify bubblewrap to keep some capabilities in the sandbox.
Capabilities are the way, since Linux 2.2, that the kernel uses to split the root power into a finer grained set of permissions that each thread can have.
[Read More]
Brainfuc**d brainf**k
Every programmer at some point gets in touch with the Brainfuck programming language and how surprising is that very few instructions are needed to have a Turing complete language, 6 is the case of Brainfuck (plus other 2 for I/O operations).
I have recently found an old project of mine that I have used to learn how to write a GCC frontend, it took a while to adapt it to work with a newer GCC version.
[Read More]
Refactoring a function name across several patches with git rebase
git rebase is one of my favorite git commands. It allows to update a set of local patches against another git branch and also to rework, trough the -i flag some previous patches.
The problem I had to deal with was quite simple, rename a function called notProperPythonCode to proper_python that was defined in the first patch and be sure that all other patches are using the correct name. The –exec flag allows to run a custom script after each patch is applied, so that I could run sed to process the Python files and replace the old function name with the new one.
[Read More]
System containers for Atomic
The main reason behind system containers was the inability to run Flannel in a Docker container as Flannel is required by Docker itself. CoreOS solved this chicken and egg problem by using another instance of Docker (called early-docker) that is used to setup only Etcd and Flannel.
Differently, Atomic system containers will be managed by runc and systemd.
The container images, even though being served through the Docker v2 registry, are slighty different than a regular Docker container in order to be used by Atomic.
[Read More]
ostree-docker-builder
rpm-ostree, used together with OStree, is a powerful tool to generate immutable images for .rpm based systems, why not to use it for generating Docker images as well?
rpm-ostree already supports the generation of a Docker container tree, that can be feed to Docker almost as it is; ostree-docker-builder instead is a new tool to make this task simpler.
The following JSON description is enough to create an Emacs container using rpm-ostree based on Fedora-22.
[Read More]
Summer of Code 2015 for wget
coming as a surprise, this year we have got 4 students to work full-time during the summer on wget. More than all the students who have ever worked for wget before during a Summer of Code!
The accepted projects cover different areas: security, testing, new protocols and some speed-up optimizations. Our hope is that we will be able to use the new pieces as soon as possible, this is why we ask students to keep their code always rebased on top of the current wget development version.
[Read More]
Create a QCOW2 image for Fedora 22 Atomic
This tutorial shows how to create a QCOW2 image that can directly imported via virt-install to test out Fedora 22 Atomic starting from a custom OStree repo.
To create the image, we are going to use both rpm-ostree and rpm-ostree-toolbox. Ensure they are installed as well as Docker, libvirtd and Vagrant-libvirt.
The first phase consists in generating the OStree repo that is going to be used by the image. We can use directly the files from the fedora-atomic project as:
[Read More]
How to deploy a WordPress Docker container using docker-compose
These are the steps to setup the current website in a Docker container:
wget -O- https://github.com/docker/compose/releases/download/1.2.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
mkdir wordpress
cd wordpress
db:
image: mysql:5.5
environment:
MYSQL_ROOT_PASSWORD: "A VERY STRONG PASSWORD"
web:
image: wordpress:latest
ports:
- "80:80"
links:
- db:mysql
/usr/local/bin/docker-compose up