Speaker
Dr
Stanislav Polyakov
(SINP MSU)
Description
Docker is a one of the most popular systems for container virtualization on the market. It gives user a lot of possibilities, but its use requires root access which is sometimes dangerous.
We propose a set of simple command line tools for managing Docker containers called YASTD (Yet Another Simple Tools for Docker). It has three purposes:
- to allow users to create containers remotely accessible via SSH;
- to let users configure their containers and save the changes as new images;
- to isolate users from each other and restrict their access to the Docker features that could potentionally disrupt the work of a server.
The tools are mostly named after Docker options and include
1) containers managing tools:
- create - creates a container from an image, accessible by the user via SSH;
- show - shows the containers started by a user along with their statuses;
- stop - stops a running container;
- start - restarts a stopped container;
- pause - pauses all processes within a container;
- unpause - unpauses a paused container;
- rm - removes a container;
2) images managing tools:
- commit - saves a container into an image;
- images - shows the list of images available to a user;
- rmi - removes a user image;
3) an administrative tool:
- create-user - creates a new user, sets up a personal storage directory and prepares the user's public SSH key.
The administrators have to prepare a set of basic images with SSH service configured. The users can create their own containers from these images, each container only accessible to the user who created it.
The scripts provide two mechanisms for saving changes made by users:
- a personal storage directory is mapped to each container started by a user, allowing them to access the changes made in the respective directory of their other containers;
- if the changes are not limited to the mapped directory, e.g. a software is installed or modified inside the container, a user can save the container to a new image and start containers from this new image.
Images created by users are only accessible to the users who created them. Potentially these images can be migrated to other computers.
All commands were realized as Python scripts.
Primary author
Dr
Stanislav Polyakov
(SINP MSU)
Co-authors
Dr
Alexander Kryukov
(SINP MSU)
Dr
Andrey Demichev
(SINP MSU)
