►
Description
For some reason Docker today is a synonym for containers. The goal of this talk is to break that myth. Vagga is full-scale containerization for development environments which has much more features suited specifically for dev. envs, in a much smaller codebase. I’ll try to explore both the essential features of vagga itself and how rust is specifically well suited for containers, including existing libraries.
Paul Colomiets
https://twitter.com/PaulColomiets
https://github.com/tailhook
https://users.rust-lang.org/users/tailhook/activity
A
A
Hello,
everyone,
my
talk
will
technical
like
in
bars,
but
I
think
it
will
be
interesting.
The
plan
is,
we
will
talk
about
a
little
bit
about
what
Wagga
is
and
what
problems
it
solves.
Then
we
will
talk
about
challenges
about
some
rough
challenges
and
also
container
things
that
we
had
to
solve.
Then
we
will
talk
a
little
bit
about
libraries
little.
We
have
done
in
the
process
of
doing
vodka,
nose,
codeine,
Wagga,
and
if
we
have
some
time
we
will
talk
about
deployment
tools
which
complement
Wagga
itself.
So
what
is
Wagga?
A
A
We
do
a
little
bit
more
than
this
tools,
because
we
can
install
a
operating
system
like
kind
of
operating
system
in
container
actually
a
Linux
distribution,
because
we
need
all
that
things
like
image:
magic,
which
is
common
line,
tool
or
C
library
to
convert
images
and
do
other
crazy
stuff
is
images
and
for
some
reason
we
need
to
make,
and
we
just
install
all
the
dependencies
from
package.json
into
a
container
and
also
we
have
a
same
similar
in
some
sense
to
scripts.
In
packages
on.
A
In
this
case,
we
can
build
two
static,
JavaScript
files-
maybe
not
just
JavaScript-
maybe
he
says
files
or
images
or
SVG
images,
whatever
stuff
that
author
of
this
repository
wanted
to
build,
then
we
have
a
common
to
run.
This
just
runs
whatever
stuff
needed
to
run
the
applications
and
also
for
some
reasons.
This
example
shows
build
dogs.
Usually
it's
just
like
a
dog
to
build
all
the
documentation
and
it
doesn't
matter
for
new
user
of
your
product,
whether
it's
building
car
dog
or
like
sinks
or
whatever
documentation
tools.
A
This
project
has
so
you
just
type,
for
example,
like
a
build,
and
it
works
even
more.
If
you
do
get
poo
and
some
configuration
changes
like
you
edit
and
you
dependency
to
package
JSON
or
to
pythons
requirement,
sticks
T
or
you
change.
The
nginx
config,
whatever
you
just
type
water
on
and
everything
that
needs
to
be
rebuilt
is
rebuilt.
Everything
that
doesn't
change
it
just
runs.
F
is
about
changes,
I
mean
when.
A
Dependencies
of
the
container
change,
not
your
actual
code.
Of
course,
every
time
you
run
some
comments
like
in
Python,
your
new
code
is
appears,
but
if
you
change
the
pen,
dennis's
vulgar
and
just
rubles
that
rebuild
containers
which
need
to
be
rebuilt,
which
has
changed
dependencies
also,
we
call
Varga
a
higher
level
package
manager
because
it
can
install
not
just
like
package
for
Python
but
also
package
for
Python,
NPM,
Ruby
and
PHP
and
whatever,
of
course
rust.
But
for
us
we
have
no
special
comments
because
for
us
the
pin
style
and
dependencies
is
easy.
A
Out-Of-The-Box
and
you
can
combine
all
this
package
manager
C
in
one
container,
and
you
can
split
them
up
into
different
containers.
Sometimes
you
can
build
some
artifacts
as
part
of
container
and
put
them
into
another.
In
this
example,
we
build
with
some
JavaScript
static
files
and
put
them
to
the
containers
that
have
nginx.
The
resulting
container
has
only
nginx
and
build
javascript
file,
so
it
has
no
not
models,
no
other
dependencies.
That
javascript
depends
on.
So
it's
quite
small.
A
Another
high-level
thing
is
that
we
can
build
comments
that
depend
on
other
comments.
In
this
case,
we
have
a
mages
comments
that
we've
run
into
container
heavy
node
models
and
not
installed,
and
then
we
run
some
program
which
just
runs
Russ
program,
which
again
has
no
node
models,
and
you
can
test
some
stuff
for
the
built
in
another
country.
No,
this
way,
and
also
we
have
another
higher
level
feature.
A
We
can
run
multiple
processes
supervised
by
Varga
again
in
different
containers
and
the
point
here
is
you
can't
supervise
multiple
processes
in
bash
reliably,
because
in
shell
you
have
a
lot
of
things
like
Ramses
in
the
ground,
a
lot
of
job
control
and
other
things,
but
nothing
guarantees
it.
If
you
type
controls
he
that
all
demons
that
she'll
had
just
run,
whether
they
will
be
shut
down,
you
usually
have
some
detached
demons
somewhere
and
you
need
to
kill
them
manually
and
so
on.
A
So
if
you
type
control
C
of
it
or
if
you
Oh,
cancel
the
bus
station
by
some
other
means,
it
just
stops
all
the
processes.
So
wrapping
up
about
raga,
it
is
simply
among
config.
It
has
some
versioning.
So
you
don't
need
manually
to
check
whether
you
need
to
run
in
them.
Install
I.
Think
you
used
to
eat
in
in
cargo
cargo.
Does
all
the
dependency
checks
by
itself,
but
not
for
C
libraries
raga.
Does
it
for
everything
like
it
tries
to
do
it
for
everything
it
uses
user
names
namespaces?
A
A
So
do
you
know
what
fork
is
or
clone?
Is
the
system
called
fork?
Okay,
so
basically
fork
and
clone
is
actually
implementation
of
fork
with
some
more
parameters
when
processes
fork
it's
in
some
state
when
you
can
define
the
state
of
your
future
process,
but
you
must
be
very
careful
with
much
of
the
things
like
you
can
do
any
memory
allocations,
but
you
actually
need
to
do
a
lot
of
stuff.
Like
close
file
descriptors
like
set
up
some
parameters
for
process.
A
A
So
in
the
same
state,
when
you
can
do
any
memory
allocations
and
like
one
of
the
back
was,
if
you
iterate
over
the
hashmap
in
debug
mode,
it
graphs
I,
don't
remember
correctly
if
it's
because
of
memory
allocations
or
stack
size
or
whatever,
but
we
had
run
in
another.
Our
supervisor
I
will
talk
about
it,
a
little
bit
more
in
production
for
I,
think
a
half
of
year
in
release
mode,
and
it
worked
work
well
and
in
debug
mode
it
just
crashed
immediately.
A
So
actually
we
we
changed
access
map
to
a
vector
because
we
iterate
an
overeater.
We
don't
need
a
hash
map
in
this
month
after
fog
and
it
worked
so
as
the
key
here
is
that
we
in
rust
usually
don't
care
too
much
about
allocations
and
rely
on
compiler
to
do
all
sort
of
the
optimizations.
But
sometimes
you
need
to
know
exactly
how
rust
works
in
details.
A
So
the
good
things
that
are
asked
has
that
by
default
we
change
the
for
file
descriptors,
which
we
want
to
propagate
to
child
processes
such
as
pipes
to
communicate
the
process.
We
explicitly,
we
explicitly
reserved
the
flag
after
fog,
so
another
issue,
it's
not
exactly
what
it
not
trust
related,
but
it's
about
containers.
A
The
point
is
when
we
create
a
container.
Basically,
a
peed
namespace
I
will
not
figure
many
details
about
namespaces
and
containers,
but
anyway
so
first
process
that
spawn
it
in
container.
It
has
a
different
set
of
defaults
for
signals,
which
means,
if
you
don't
catch,
for
example,
term
signal
or
interrupt
signal.
A
Your
process
just
ignores
that
thing
like
if
you
type
control
C
on
any
interactive
things
that
run
by
docker.
It
usually
just
ignores
the
signal.
So
in
Vega
we
just
have
a
unit
system
by
the
ear
of
God
like
unit
process.
It's
not
exactly
in
a
process,
but
process
which
has
bit
one
in
container
is
vigor
itself.
A
Sometimes
we
need
it
even
to
go
to
the
kernel
source.
Look
at
the
error
codes
that
Colonel
returns
and
gas,
which
chief
statement
we
had
like
we
couldn't
couldn't
pass.
It
was
like
some
quest
or
something
because
like
if
you
do
mount
something
like
mount
by
and
aim
to
be
operating
system.
Iran's
like
invalid
value
or
permission
denied.
You
don't
need
now
what
permission
is
denied
like
you
are
root
user
and
what
what
permission
denied
yeah
and
basically
most
of
the
things
are
still
undocumented.
A
A
It
things
that
heat
so
like
root
user
actually
in
container
it
is
root
user,
but
it
can
do
something
like
very
privileged
ones
like
M
cannot,
we
can
flicked
it
with
al
deed
system
of
the
host
system.
I,
don't
know
what
it
is
and
how
it
works,
but
it
turns
out
that
in
all
boom
it
doesn't
work
well
with
user
name
spaces
in
recent
systems.
It
work
well
works.
Well,
sometimes
I
could
want
to
broke
our
installation
process
by
removing
local
gang
package.
A
There
are
reliable
murals
like
Alpine,
murals
are
small,
but
they
remove
old
versions
of
repository
from
me
rose
and
set
has
a
tons
of
problems.
We
can
support
our
own
mirror
for
images
and
for
packages,
so
this,
like
our
main
major
pain
and
for
supporting
wagon,
not
like
Siskel's
and
container
stuff
and
other
things,
which
was
very
very
surprising
to
me,
and
when
we
have
time
so
we
will
talk
a
little
bit
more
about
rust.
Libraries
we've
done.
First,
we
have
unfair,
great
and
sure
is
fiscal
that
stars
namespaces.
A
We
can
make
a
namespace
with
chanterelle
call
and
clone
call.
In
fact
we
use
on
the
clone
most
of
the
time,
but
there
is
some
UNIX
utility
Linux
fertility
cult
and
fair,
and
we
call
crate
and
she'll
just
because
it's
similar.
So
basically,
it
looks
like
this.
This
code
works
both
with
an
procreate
and
with
STD
common
STD
process
comment.
You
just
create
a
binary
at
arcs
and
the
status
method
runs
common
itself
and
returns.
Whatever
comment
returns
the
status,
so
we
just
added
another
methods
like
unsure
these
namespaces.
A
There
are
fawning
spaces
here,
like
Network
user
ujc
is
about
hostname
and
mounting
spaces
about
about
filesystem.
We
have
true
gear
like
makes
this
part
of
file
systems
in
you
root
for
the
new
process.
We
have
set
you
it
Maps,
a
Maps
users
in
host
system
to
users
in
container
user,
IDs
and
group
IDs.
A
A
We
also
have
here
helper
to
to
make
actually
supervisors
it
processes,
zombies,
who
know
what
the
zombie
process
is.
Ok,
most
of
the
room,
so
rust
doesn't
provide
this
thing
out
of
the
box,
because
you
can
just
run
a
comment
and
get
status,
and
this
exact
comment
will
be
processed
as
well.
But
if
you
are
right
in
pit
one
I
mean
supervisor,
you
need
to
process
zombies
too.
A
Also,
we
don't
allow
demonizing
processes
by
default
because
I
think
it
also
all
starting
unix-like
if
your
child
processes,
if
parent
process
that
your
child
got
to
be
parented
to
in
it
to
to
bid
one
process,
and
it
only
useful
for
certain
things
like
for
making
diamonds
and
even
now,
even
for
system
stuff
like
running
a
web,
server
or
or
I
mean
whatever
think
you,
you
don't
run
directly
in
Gemini's,
you
run
it
with
system
D
or
upstart,
or
launch
D
by
supervisor
itself.
So
you
you,
don't
run
it
yourself.
A
You
comment
to
system
demon
to
run
it.
So
by
default
we
don't
demonize
and
that
seed
falls
and
procreate,
and
we
have
also
and
utility
for
making
my
own
points
easy.
It
looks
like
this.
You
just
say
what
you
want
to
mount
and
we
have
strongly
typed
all
the
parameters,
the
important
thing
about
this
straight
and
like
not
very
important,
but
it
just
comment
out
quick.
A
If
we
do
something
like
this,
we
want
just
to
create
a
bind.
Mount
point
like
I
entered
us,
alias
in
folder
Y
for
the
folder
weeks
of
folder
X.
Usually
you
want
to
report
some
nice
error
and
you
do
format
all
that
stuff.
It's
quite
good.
It's
long,
but
may
be
good
enough.
You
can
sing
like
can
mind
x
to
y
no
such
file
or
directory
what
directory
is
non-existing
actually
any
of
them.
A
So
what
we
done?
Okay,
so
here
is
bear
mount.
It
means
just
call
the
mounts,
call
and
return
IRR,
and
if
you
call
mount
you
skip
all
that
formatting
things
and
you
get
nice
roar
like
okay,
we
couldn't
mount,
we
have
author
or
like
no
such
file
or
directory,
and
then
we
check
if
source
target
source
directory
exists
or
Target
or
exists,
and
we
also
show
that
mount
bind
was
run
by
super
user.
A
So
that's
about
error
reporting
some
short
to-do
list,
because
we
had
not
much
tools
in
rust.
When
we
started,
we
use
a
busy
box
for
doing
some
system
level
stuff.
We
stopped
use
it
using
it
for
unpacking
packages
few
versions
ago.
Now
we
we
also
want
to
use
Tokyo
to
download
files
instead
of
just
busy
box
W.
Yet
I
think
total
record
system
is
already
ready
for
that,
but
we
had
no
time
to
implement
actually
to
integrate
it.
Also,
we
have
some
network
stuff.
Mostly
it
used.
Not.
A
A
For
all
that
networks,
things
we
use
IP
and
IP
tables
and
bridge
control
from
the
busy
box,
or
in
fact
we
want
them
all
to
be
right,
imitating
Russ
just
to
have
less
dependencies
on
the
external
things
like.
We
now
bundle
busy
boxes,
part
of
Vargas
installation,
oh
okay,
it
was
short.
Do
we
have
time
yeah,
sorry.
A
Okay,
so
I'll
tell
you
a
little
bit
about
deployment,
everybody
asks
so,
okay,
what
is
great,
how
to
deploy
it,
and
we
have
some
tools.
I
would
say
they
are
not
ready
for
production
like
for
everyone.
We
are
running
them
in
production
for
almost
a
year,
but
it's
easy
because
they
are
tools
so
litres
does
container
stuff.
We'd
use
the
same
crates
as
vodka,
but
basically
it's
very
simple
supervisor.
It
doesn't
do
like
dark
pools,
no
downloading
images,
whatever
crazy
stuff.
It's
very
simple.
A
It's
five
K
lines,
of
course,
but
mostly
because
there
are
a
lot
of
things
in
configuration
to
handle,
it
would
be
even
more
simple
if
there
were
no
configuration
like
and
the
core
thing
about
Jesus
is
that
it
samples
some
security
limitations.
I,
don't
have
time
to
speak
about
it
a
lot,
so
we
have
control
which
does
monitoring,
did
centralize
it.
This
is
needed
because
to
schedule
to
do
some
scheduling,
you
need
to
have
reliable
source
of
metrics,
and
it's
very
fast.
A
Basically,
that's
it.
It
also
provides
aggregated
metric
for
cluster
wide
scheduling
in
in
a
way
where
you
still
don't
need
a
central
server.
You
can
ask
actually
any
control
instance
for
the
Mattocks
and
we
have
a
cluster
white
scheduling.
It's
a
kind
of
the
same
like
I
know,
I
can't
compare
with
kubernetes,
because
kubernetes
is
set
of
a
lot
of
tools
and
it
does
like
all
the
work.
I
need
it
on
top
of
control
and
liters,
and
it
scriptable
is
lower
code
and,
let's
eat.
Probably
we
don't
have
time
for
questions.