github.com/stackdocker/rkt@v0.10.1-0.20151109095037-1aa827478248/README.md (about) 1 # rkt - App Container runtime 2 3 [![godoc](https://godoc.org/github.com/coreos/rkt?status.svg)](http://godoc.org/github.com/coreos/rkt) 4 [![Build Status (Travis)](https://travis-ci.org/coreos/rkt.png?branch=master)](https://travis-ci.org/coreos/rkt) 5 [![Build Status (SemaphoreCI)](https://semaphoreci.com/api/v1/projects/28468e19-4fd0-483e-9c29-6c8368661333/395211/badge.svg)](https://semaphoreci.com/coreos/rkt) 6 7 ![rkt Logo](logos/rkt-horizontal-color.png) 8 9 rkt (pronounced _"rock-it"_) is a CLI for running app containers on Linux. rkt is designed to be composable, secure, and fast. 10 11 Some of rkt's key features and goals include: 12 - First-class integration with init systems ([systemd](Documentation/using-rkt-with-systemd.md), upstart) and cluster orchestration tools (fleet, Kubernetes) 13 - Compatibility with other container software (e.g. rkt can run [Docker images](Documentation/running-docker-images.md)) 14 - Modular and extensible architecture ([network configuration plugins](Documentation/networking.md), swappable execution engines based on systemd or QEMU/KVM) 15 16 For more on the background and motivation behind rkt, read the original [launch announcement](https://coreos.com/blog/rocket). 17 18 ## App Container 19 20 rkt is an implementation of the [App Container spec](Documentation/app-container.md). 21 rkt's native image format ([ACI](Documentation/app-container.md#ACI)) and runtime/execution environment ([pods](Documentation/app-container.md#pods)) are defined in the specification. 22 23 ## Project status 24 25 rkt is maturing rapidly while under active development, and its interfaces are not yet considered stable. We do not recommend its use in production, but we encourage you to try out rkt and provide feedback via issues and pull requests. 26 27 Check out the [roadmap](ROADMAP.md) for more details on the future of rkt. 28 29 ## Trying out rkt 30 31 ### Using rkt on Linux 32 33 `rkt` consists of a single self-contained CLI, and is currently supported on amd64 Linux. A modern kernel is required but there should be no other system dependencies. We recommend booting up a fresh virtual machine to test out rkt. 34 35 To download the `rkt` binary, simply grab the latest release directly from GitHub: 36 37 ``` 38 wget https://github.com/coreos/rkt/releases/download/v0.10.0/rkt-v0.10.0.tar.gz 39 tar xzvf rkt-v0.10.0.tar.gz 40 cd rkt-v0.10.0 41 ./rkt help 42 ``` 43 44 ### Trying out rkt using Vagrant 45 46 For Mac (and other Vagrant) users we have set up a `Vagrantfile`: clone this repository and make sure you have [Vagrant](https://www.vagrantup.com/) 1.5.x or greater installed. `vagrant up` starts up a Linux box and installs via some scripts `rkt` and `actool`. With a subsequent `vagrant ssh` you are ready to go: 47 ``` 48 git clone https://github.com/coreos/rkt 49 cd rkt 50 vagrant up 51 vagrant ssh 52 ``` 53 54 Keep in mind while running through the examples that right now `rkt` needs to be run as root for most operations. 55 56 ## rkt basics 57 58 ### Building App Container Images (ACIs) 59 60 rkt's native image format is ACI, defined in the [App Container spec](Documentation/app-container.md). 61 To build ACIs, a simple way to get started is by using [`acbuild`](https://github.com/appc/acbuild). 62 Another good resource is the [appc build repository](https://github.com/appc/build-repository) which has resources for building ACIs from a number of popular projects and languages. 63 There are also tools for converting [Docker images to ACIs](https://github.com/appc/docker2aci) (although note that rkt can [also run Docker images natively](Documentation/running-docker-images.md) directly from Docker repositories by using this library internally). 64 65 The example below uses a pre-built ACI for [etcd](https://github.com/coreos/etcd) (this was built by the [build-aci script](https://github.com/coreos/etcd/blob/master/scripts/build-aci)). 66 67 ### Downloading an App Container Image (ACI) 68 69 rkt uses content addressable storage (CAS) for storing an ACI on disk. In this example, the image is downloaded and added to the CAS. Downloading an image before running it is not strictly necessary (if it is not present, rkt will automatically retrieve it), but useful to illustrate how rkt works. 70 71 Since rkt verifies signatures by default, you will need to first [trust](https://github.com/coreos/rkt/blob/master/Documentation/signing-and-verification-guide.md#establishing-trust) the [CoreOS public key](https://coreos.com/dist/pubkeys/aci-pubkeys.gpg) used to sign the image, using `rkt trust`: 72 73 ``` 74 $ sudo rkt trust --prefix=coreos.com/etcd 75 Prefix: "coreos.com/etcd" 76 Key: "https://coreos.com/dist/pubkeys/aci-pubkeys.gpg" 77 GPG key fingerprint is: 8B86 DE38 890D DB72 9186 7B02 5210 BD88 8818 2190 78 CoreOS ACI Builder <release@coreos.com> 79 Are you sure you want to trust this key (yes/no)? yes 80 Trusting "https://coreos.com/dist/pubkeys/aci-pubkeys.gpg" for prefix "coreos.com/etcd". 81 Added key for prefix "coreos.com/etcd" at "/etc/rkt/trustedkeys/prefix.d/coreos.com/etcd/8b86de38890ddb7291867b025210bd8888182190" 82 ``` 83 84 In Documentation, you can find a [detailed, step-by-step guide for the signing procedure](Documentation/getting-started-ubuntu-vivid.md#trust-the-coreos-signing-key). 85 86 Now that we've trusted the CoreOS public key, we can fetch the ACI using `rkt fetch`: 87 88 ``` 89 $ sudo rkt fetch coreos.com/etcd:v2.0.4 90 rkt: searching for app image coreos.com/etcd:v2.0.4 91 rkt: fetching image from https://github.com/coreos/etcd/releases/download/v2.0.4/etcd-v2.0.4-linux-amd64.aci 92 Downloading aci: [========================================== ] 3.47 MB/3.7 MB 93 Downloading signature from https://github.com/coreos/etcd/releases/download/v2.0.0/etcd-v2.0.4-linux-amd64.aci.asc 94 rkt: signature verified: 95 CoreOS ACI Builder <release@coreos.com> 96 sha512-1eba37d9b344b33d272181e176da111e 97 ``` 98 99 Sometimes you will want to download an image from a private repository. This usually involves passing usernames and passwords or other kinds of credentials to the server. rkt currently supports authentication via configuration files. You can find configuration file format description (with examples!) in [configuration documentation](Documentation/configuration.md). 100 101 For the curious, we can see the files written to disk in rkt's CAS: 102 103 ``` 104 $ find /var/lib/rkt/cas/blob/ 105 /var/lib/rkt/cas/blob/ 106 /var/lib/rkt/cas/blob/sha512 107 /var/lib/rkt/cas/blob/sha512/1e 108 /var/lib/rkt/cas/blob/sha512/1e/sha512-1eba37d9b344b33d272181e176da111ef2fdd4958b88ba4071e56db9ac07cf62 109 ``` 110 111 Per the [App Container Specification](https://github.com/appc/spec/blob/master/spec/aci.md#image-archives), the SHA-512 hash is of the tarball and can be reproduced with other tools: 112 113 ``` 114 $ wget https://github.com/coreos/etcd/releases/download/v2.0.4/etcd-v2.0.4-linux-amd64.aci 115 ... 116 $ gzip -dc etcd-v2.0.4-linux-amd64.aci > etcd-v2.0.4-linux-amd64.tar 117 $ sha512sum etcd-v2.0.4-linux-amd64.tar 118 1eba37d9b344b33d272181e176da111ef2fdd4958b88ba4071e56db9ac07cf62cce3daaee03ebd92dfbb596fe7879938374c671ae768cd927bab7b16c5e432e8 etcd-v2.0.4-linux-amd64.tar 119 ``` 120 121 ### Launching an ACI 122 123 After it has been retrieved and stored locally, an ACI can be run by pointing `rkt run` at either the original image reference (in this case, "coreos.com/etcd:v2.0.4"), the full URL of the ACI, or the ACI hash. Hence, the following three examples are equivalent: 124 125 ``` 126 # Example of running via ACI name:version 127 $ sudo rkt run coreos.com/etcd:v2.0.4 128 ... 129 Press ^] three times to kill container 130 ``` 131 132 ``` 133 # Example of running via ACI hash 134 $ sudo rkt run sha512-1eba37d9b344b33d272181e176da111e 135 ... 136 Press ^] three times to kill container 137 ``` 138 139 ``` 140 # Example of running via ACI URL 141 $ sudo rkt run https://github.com/coreos/etcd/releases/download/v2.0.4/etcd-v2.0.4-linux-amd64.aci 142 ... 143 Press ^] three times to kill container 144 ``` 145 146 In the latter case, `rkt` will do the appropriate ETag checking on the URL to make sure it has the most up to date version of the image. 147 148 Note that the escape character ```^]``` is generated by ```Ctrl-]``` on a US keyboard. The required key combination will differ on other keyboard layouts. For example, the Swedish keyboard layout uses ```Ctrl-å``` on OS X and ```Ctrl-^``` on Windows to generate the ```^]``` escape character. 149 150 ## Known issues 151 152 Due to a bug in the Linux kernel, using rkt's overlay support on top of an overlay filesystem requires Linux 4.3+. 153 154 ## Contributing to rkt 155 156 rkt is an open source project under the Apache 2.0 [license](LICENSE), and contributions are gladly welcomed! 157 See the [Hacking Guide](Documentation/hacking.md) for more information on how to build and work on rkt. 158 See [CONTRIBUTING](CONTRIBUTING.md) for details on submitting patches and the contribution workflow. 159 160 ## Contact 161 162 - Mailing list: [rkt-dev](https://groups.google.com/forum/?hl=en#!forum/rkt-dev) 163 - IRC: #[rkt-dev](irc://irc.freenode.org:6667/#rkt-dev) on freenode.org 164 - Planning: [milestones](https://github.com/coreos/rkt/milestones)