evaluate_Docker.mdwn

For an overview of the more general problem, see [[blueprint/replace_vagrant]].
For the detailed plans and things to evaluate in Docker, see [[!tails_ticket 7530]].

[[!toc levels=1]]

Availability on target platforms
================================

(as of 20150120)

Primary target platforms:

* Debian Wheezy: no, even in backports; installation is [possible
  using ugly methods](https://docs.docker.com/installation/debian/)
* Debian Jessie: 1.3.3~dfsg1-2
* Debian sid: 1.3.3~dfsg1-2
* Ubuntu 14.04 LTS: 0.9.1, with 1.0.1 available in trusty-updates
* Ubuntu 14.10: 1.2.0

Bonus:

* Arch: 1.4.1

Random notes
============

* Since Docker 0.9, the default execution environment is libcontainer,
  instead of LXC. It now supports e.g. systemd-nspawn, libvirt-lxc,
  libvirt-sandbox, qemu/kvm, in addition to LXC.
* Docker seems to support sharing a directory between the host and
  a container, so on this front, we would not lose anything compared
  to Vagrant.
* Docker supports Linux and OSX.
* According to
  <https://stackoverflow.com/questions/17989306/what-does-docker-add-to-just-plain-lxc>,
  Docker comes with tools to automatically build a container from
  source, version it, and upgrade it incrementally.
* Michael Prokop [gives
  pointers](http://michael-prokop.at/blog/2014/07/23/book-review-the-docker-book/)
  about Docker integration with Jenkins.
* As far as our build system is concerned, we don't care much to
  protect the host system from the build container. The main goal is
  to produce a reliable build environment.
* For security info about Linux containers in general, see the
  [[dedicated blueprint|blueprint/Linux_containers]].
* [overclockix](https://github.com/mbentley/overclockix) uses
  live-build and provides a Dockerfile for easier building.