@@ -23,3 +23,5 @@ Thatcher Peskens <thatcher@dotcloud.com>

 Walter Stanish <walter@pratyeka.org>

 <daniel@gasienica.ch> <dgasienica@zynga.com>

 Roberto Hashioka <roberto_hashioka@hotmail.com>

+Konstantin Pelykh <kpelykh@zettaset.com>

+David Sissitka <me@dsissitka.com>

@@ -4,12 +4,15 @@

 # For a list of active project maintainers, see the MAINTAINERS file.

 #

 Al Tobey <al@ooyala.com>

+Alex Gaynor <alex.gaynor@gmail.com>

 Alexey Shamrin <shamrin@gmail.com>

 Andrea Luzzardi <aluzzardi@gmail.com>

 Andreas Tiefenthaler <at@an-ti.eu>

 Andrew Munsell <andrew@wizardapps.net>

+Andrews Medina <andrewsmedina@gmail.com>

 Andy Rothfusz <github@metaliveblog.com>

 Andy Smith <github@anarkystic.com>

+Anthony Bishopric <git@anthonybishopric.com>

 Antony Messerli <amesserl@rackspace.com>

 Barry Allard <barry.allard@gmail.com>

 Brandon Liu <bdon@bdon.org>

@@ -23,17 +26,23 @@ Daniel Gasienica <daniel@gasienica.ch>

 Daniel Mizyrycki <daniel.mizyrycki@dotcloud.com>

 Daniel Robinson <gottagetmac@gmail.com>

 Daniel Von Fange <daniel@leancoder.com>

+Daniel YC Lin <dlin.tw@gmail.com>

+David Calavera <david.calavera@gmail.com>

+David Sissitka <me@dsissitka.com>

 Dominik Honnef <dominik@honnef.co>

 Don Spaulding <donspauldingii@gmail.com>

 Dr Nic Williams <drnicwilliams@gmail.com>

 Elias Probst <mail@eliasprobst.eu>

 Eric Hanchrow <ehanchrow@ine.com>

-Evan Wies <evan@neomantra.net>

 Eric Myhre <hash@exultant.us>

+Erno Hopearuoho <erno.hopearuoho@gmail.com>

+Evan Wies <evan@neomantra.net>

 ezbercih <cem.ezberci@gmail.com>

+Fabrizio Regini <freegenie@gmail.com>

 Flavio Castelli <fcastelli@suse.com>

 Francisco Souza <f@souza.cc>

 Frederick F. Kautz IV <fkautz@alumni.cmu.edu>

+Gabriel Monroy <gabriel@opdemand.com>

 Gareth Rushgrove <gareth@morethanseven.net>

 Guillaume J. Charmes <guillaume.charmes@dotcloud.com>

 Harley Laue <losinggeneration@gmail.com>

@@ -41,6 +50,7 @@ Hunter Blanks <hunter@twilio.com>

 Jeff Lindsay <progrium@gmail.com>

 Jeremy Grosser <jeremy@synack.me>

 Joffrey F <joffrey@dotcloud.com>

+Johan Euphrosine <proppy@google.com>

 John Costa <john.costa@gmail.com>

 Jon Wedaman <jweede@gmail.com>

 Jonas Pfenniger <jonas@pfenniger.name>

@@ -48,40 +58,54 @@ Jonathan Rudenberg <jonathan@titanous.com>

 Joseph Anthony Pasquale Holsten <joseph@josephholsten.com>

 Julien Barbier <write0@gmail.com>

 Jérôme Petazzoni <jerome.petazzoni@dotcloud.com>

+Karan Lyons <karan@karanlyons.com>

+Keli Hu <dev@keli.hu>

 Ken Cochrane <kencochrane@gmail.com>

 Kevin J. Lynagh <kevin@keminglabs.com>

 kim0 <email.ahmedkamal@googlemail.com>

+Kimbro Staken <kstaken@kstaken.com>

 Kiran Gangadharan <kiran.daredevil@gmail.com>

+Konstantin Pelykh <kpelykh@zettaset.com>

 Louis Opter <kalessin@kalessin.fr>

+Marco Hennings <marco.hennings@freiheit.com>

 Marcus Farkas <toothlessgear@finitebox.com>

 Mark McGranaghan <mmcgrana@gmail.com>

 Maxim Treskin <zerthurd@gmail.com>

 meejah <meejah@meejah.ca>

 Michael Crosby <crosby.michael@gmail.com>

+Mike Gaffney <mike@uberu.com>

 Mikhail Sobolev <mss@mawhrin.net>

+Nan Monnand Deng <monnand@gmail.com>

 Nate Jones <nate@endot.org>

 Nelson Chen <crazysim@gmail.com>

 Niall O'Higgins <niallo@unworkable.org>

+Nick Stenning <nick.stenning@digital.cabinet-office.gov.uk>

+Nick Stinemates <nick@stinemates.org>

 odk- <github@odkurzacz.org>

 Paul Bowsher <pbowsher@globalpersonals.co.uk>

 Paul Hammond <paul@paulhammond.org>

 Phil Spitler <pspitler@gmail.com>

 Piotr Bogdan <ppbogdan@gmail.com>

 Renato Riccieri Santos Zannon <renato.riccieri@gmail.com>

+Rhys Hiltner <rhys@twitch.tv>

 Robert Obryk <robryk@gmail.com>

 Roberto Hashioka <roberto_hashioka@hotmail.com>

+Ryan Fowler <rwfowler@gmail.com>

 Sam Alba <sam.alba@gmail.com>

 Sam J Sharpe <sam.sharpe@digital.cabinet-office.gov.uk>

 Shawn Siefkas <shawn.siefkas@meredith.com>

 Silas Sewell <silas@sewell.org>

 Solomon Hykes <solomon@dotcloud.com>

 Sridhar Ratnakumar <sridharr@activestate.com>

+Stefan Praszalowicz <stefan@greplin.com>

 Thatcher Peskens <thatcher@dotcloud.com>

 Thomas Bikeev <thomas.bikeev@mac.com>

 Thomas Hansen <thomas.hansen@gmail.com>

 Tianon Gravi <admwiggin@gmail.com>

 Tim Terhorst <mynamewastaken+git@gmail.com>

 Tobias Bieniek <Tobias.Bieniek@gmx.de>

+Tobias Schwab <tobias.schwab@dynport.de>

+Tom Hulihan <hulihan.tom159@gmail.com>

 unclejack <unclejacksons@gmail.com>

 Victor Vieux <victor.vieux@dotcloud.com>

 Vivek Agarwal <me@vivek.im>

@@ -11,7 +11,7 @@ BUILD_DIR := $(CURDIR)/.gopath

 GOPATH ?= $(BUILD_DIR)

 export GOPATH

-GO_OPTIONS ?=

+GO_OPTIONS ?= -a -ldflags='-w -d'

 ifeq ($(VERBOSE), 1)

 GO_OPTIONS += -v

 endif

@@ -80,10 +80,10 @@ test:

 	tar --exclude=${BUILD_SRC} -cz . | tar -xz -C ${BUILD_PATH}

 	GOPATH=${CURDIR}/${BUILD_SRC} go get -d

 	# Do the test

-	sudo -E GOPATH=${CURDIR}/${BUILD_SRC} go test ${GO_OPTIONS}

+	sudo -E GOPATH=${CURDIR}/${BUILD_SRC} CGO_ENABLED=0 go test ${GO_OPTIONS}

 testall: all

-	@(cd $(DOCKER_DIR); sudo -E go test ./... $(GO_OPTIONS))

+	@(cd $(DOCKER_DIR); CGO_ENABLED=0 sudo -E go test ./... $(GO_OPTIONS))

 fmt:

 	@gofmt -s -l -w .

@@ -1,80 +1,129 @@

 Docker: the Linux container engine

 ==================================

-Docker is an open-source engine which automates the deployment of applications as highly portable, self-sufficient containers.

+Docker is an open-source engine which automates the deployment of

+applications as highly portable, self-sufficient containers.

-Docker containers are both *hardware-agnostic* and *platform-agnostic*. This means that they can run anywhere, from your

-laptop to the largest EC2 compute instance and everything in between - and they don't require that you use a particular

-language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases

-and backend services without depending on a particular stack or provider.

+Docker containers are both *hardware-agnostic* and

+*platform-agnostic*. This means that they can run anywhere, from your

+laptop to the largest EC2 compute instance and everything in between -

+and they don't require that you use a particular language, framework

+or packaging system. That makes them great building blocks for

+deploying and scaling web apps, databases and backend services without

+depending on a particular stack or provider.

-Docker is an open-source implementation of the deployment engine which powers [dotCloud](http://dotcloud.com), a popular Platform-as-a-Service.

-It benefits directly from the experience accumulated over several years of large-scale operation and support of hundreds of thousands

-of applications and databases.

+Docker is an open-source implementation of the deployment engine which

+powers [dotCloud](http://dotcloud.com), a popular

+Platform-as-a-Service.  It benefits directly from the experience

+accumulated over several years of large-scale operation and support of

+hundreds of thousands of applications and databases.

-![Docker L](docs/sources/concepts/images/lego_docker.jpg "Docker")

+![Docker L](docs/sources/concepts/images/dockerlogo-h.png "Docker")

 ## Better than VMs

-A common method for distributing applications and sandbox their execution is to use virtual machines, or VMs. Typical VM formats

-are VMWare's vmdk, Oracle Virtualbox's vdi, and Amazon EC2's ami. In theory these formats should allow every developer to

-automatically package their application into a "machine" for easy distribution and deployment. In practice, that almost never

-happens, for a few reasons:

-

-  * *Size*: VMs are very large which makes them impractical to store and transfer.

-  * *Performance*: running VMs consumes significant CPU and memory, which makes them impractical in many scenarios, for example local development of multi-tier applications, and

-    large-scale deployment of cpu and memory-intensive applications on large numbers of machines.

-  * *Portability*: competing VM environments don't play well with each other. Although conversion tools do exist, they are limited and add even more overhead.

-  * *Hardware-centric*: VMs were designed with machine operators in mind, not software developers. As a result, they offer very limited tooling for what developers need most:

-    building, testing and running their software. For example, VMs offer no facilities for application versioning, monitoring, configuration, logging or service discovery.

-

-By contrast, Docker relies on a different sandboxing method known as *containerization*. Unlike traditional virtualization,

-containerization takes place at the kernel level. Most modern operating system kernels now support the primitives necessary

-for containerization, including Linux with [openvz](http://openvz.org), [vserver](http://linux-vserver.org) and more recently [lxc](http://lxc.sourceforge.net),

-    Solaris with [zones](http://docs.oracle.com/cd/E26502_01/html/E29024/preface-1.html#scrolltoc) and FreeBSD with [Jails](http://www.freebsd.org/doc/handbook/jails.html).

-

-Docker builds on top of these low-level primitives to offer developers a portable format and runtime environment that solves

-all 4 problems. Docker containers are small (and their transfer can be optimized with layers), they have basically zero memory and cpu overhead,

-they are completely portable and are designed from the ground up with an application-centric design.

-

-The best part: because docker operates at the OS level, it can still be run inside a VM!

+A common method for distributing applications and sandbox their

+execution is to use virtual machines, or VMs. Typical VM formats are

+VMWare's vmdk, Oracle Virtualbox's vdi, and Amazon EC2's ami. In

+theory these formats should allow every developer to automatically

+package their application into a "machine" for easy distribution and

+deployment. In practice, that almost never happens, for a few reasons:

+

+  * *Size*: VMs are very large which makes them impractical to store

+     and transfer.

+  * *Performance*: running VMs consumes significant CPU and memory,

+    which makes them impractical in many scenarios, for example local

+    development of multi-tier applications, and large-scale deployment

+    of cpu and memory-intensive applications on large numbers of

+    machines.

+  * *Portability*: competing VM environments don't play well with each

+     other. Although conversion tools do exist, they are limited and

+     add even more overhead.

+  * *Hardware-centric*: VMs were designed with machine operators in

+    mind, not software developers. As a result, they offer very

+    limited tooling for what developers need most: building, testing

+    and running their software. For example, VMs offer no facilities

+    for application versioning, monitoring, configuration, logging or

+    service discovery.

+

+By contrast, Docker relies on a different sandboxing method known as

+*containerization*. Unlike traditional virtualization,

+containerization takes place at the kernel level. Most modern

+operating system kernels now support the primitives necessary for

+containerization, including Linux with [openvz](http://openvz.org),

+[vserver](http://linux-vserver.org) and more recently

+[lxc](http://lxc.sourceforge.net), Solaris with

+[zones](http://docs.oracle.com/cd/E26502_01/html/E29024/preface-1.html#scrolltoc)

+and FreeBSD with

+[Jails](http://www.freebsd.org/doc/handbook/jails.html).

+

+Docker builds on top of these low-level primitives to offer developers

+a portable format and runtime environment that solves all 4

+problems. Docker containers are small (and their transfer can be

+optimized with layers), they have basically zero memory and cpu

+overhead, they are completely portable and are designed from the

+ground up with an application-centric design.

+

+The best part: because ``docker`` operates at the OS level, it can

+still be run inside a VM!

 ## Plays well with others

-Docker does not require that you buy into a particular programming language, framework, packaging system or configuration language.

+Docker does not require that you buy into a particular programming

+language, framework, packaging system or configuration language.

-Is your application a unix process? Does it use files, tcp connections, environment variables, standard unix streams and command-line

-arguments as inputs and outputs? Then docker can run it.

+Is your application a Unix process? Does it use files, tcp

+connections, environment variables, standard Unix streams and

+command-line arguments as inputs and outputs? Then ``docker`` can run

+it.

-Can your application's build be expressed as a sequence of such commands? Then docker can build it.

+Can your application's build be expressed as a sequence of such

+commands? Then ``docker`` can build it.

 ## Escape dependency hell

-A common problem for developers is the difficulty of managing all their application's dependencies in a simple and automated way.

+A common problem for developers is the difficulty of managing all

+their application's dependencies in a simple and automated way.

 This is usually difficult for several reasons:

-  * *Cross-platform dependencies*. Modern applications often depend on a combination of system libraries and binaries, language-specific packages, framework-specific modules,

-    internal components developed for another project, etc. These dependencies live in different "worlds" and require different tools - these tools typically don't work

-    well with each other, requiring awkward custom integrations.

-

-  * Conflicting dependencies. Different applications may depend on different versions of the same dependency. Packaging tools handle these situations with various degrees of ease -

-    but they all handle them in different and incompatible ways, which again forces the developer to do extra work.

+  * *Cross-platform dependencies*. Modern applications often depend on

+    a combination of system libraries and binaries, language-specific

+    packages, framework-specific modules, internal components

+    developed for another project, etc. These dependencies live in

+    different "worlds" and require different tools - these tools

+    typically don't work well with each other, requiring awkward

+    custom integrations.

+

+  * Conflicting dependencies. Different applications may depend on

+    different versions of the same dependency. Packaging tools handle

+    these situations with various degrees of ease - but they all

+    handle them in different and incompatible ways, which again forces

+    the developer to do extra work.

-  * Custom dependencies. A developer may need to prepare a custom version of their application's dependency. Some packaging systems can handle custom versions of a dependency,

-    others can't - and all of them handle it differently.

+  * Custom dependencies. A developer may need to prepare a custom

+    version of their application's dependency. Some packaging systems

+    can handle custom versions of a dependency, others can't - and all

+    of them handle it differently.

-Docker solves dependency hell by giving the developer a simple way to express *all* their application's dependencies in one place,

-and streamline the process of assembling them. If this makes you think of [XKCD 927](http://xkcd.com/927/), don't worry. Docker doesn't

-*replace* your favorite packaging systems. It simply orchestrates their use in a simple and repeatable way. How does it do that? With layers.

+Docker solves dependency hell by giving the developer a simple way to

+express *all* their application's dependencies in one place, and

+streamline the process of assembling them. If this makes you think of

+[XKCD 927](http://xkcd.com/927/), don't worry. Docker doesn't

+*replace* your favorite packaging systems. It simply orchestrates

+their use in a simple and repeatable way. How does it do that? With

+layers.

-Docker defines a build as running a sequence of unix commands, one after the other, in the same container. Build commands modify the contents of the container

-(usually by installing new files on the filesystem), the next command modifies it some more, etc. Since each build command inherits the result of the previous

-commands, the *order* in which the commands are executed expresses *dependencies*.

+Docker defines a build as running a sequence of Unix commands, one

+after the other, in the same container. Build commands modify the

+contents of the container (usually by installing new files on the

+filesystem), the next command modifies it some more, etc. Since each

+build command inherits the result of the previous commands, the

+*order* in which the commands are executed expresses *dependencies*.

-Here's a typical docker build process:

+Here's a typical Docker build process:

 ```bash

 from ubuntu:12.10

@@ -87,7 +136,8 @@ run curl -L https://github.com/shykes/helloflask/archive/master.tar.gz | tar -xz

 run cd helloflask-master && pip install -r requirements.txt

 ```

-Note that Docker doesn't care *how* dependencies are built - as long as they can be built by running a unix command in a container.

+Note that Docker doesn't care *how* dependencies are built - as long

+as they can be built by running a Unix command in a container.

 Install instructions

@@ -103,8 +153,9 @@ curl get.docker.io | sudo sh -x

 Binary installs

 ----------------

-Docker supports the following binary installation methods.

-Note that some methods are community contributions and not yet officially supported.

+Docker supports the following binary installation methods.  Note that

+some methods are community contributions and not yet officially

+supported.

 * [Ubuntu 12.04 and 12.10 (officially supported)](http://docs.docker.io/en/latest/installation/ubuntulinux/)

 * [Arch Linux](http://docs.docker.io/en/latest/installation/archlinux/)

@@ -115,15 +166,15 @@ Note that some methods are community contributions and not yet officially suppor

 Installing from source

 ----------------------

-1. Make sure you have a [Go language](http://golang.org/doc/install) compiler and [git](http://git-scm.com) installed.

-

+1. Make sure you have a [Go language](http://golang.org/doc/install)

+compiler >= 1.1 and [git](http://git-scm.com) installed.

 2. Checkout the source code

    ```bash

    git clone http://github.com/dotcloud/docker

    ```

-3. Build the docker binary

+3. Build the ``docker`` binary

    ```bash

    cd docker

@@ -134,17 +185,20 @@ Installing from source

 Usage examples

 ==============

-First run the docker daemon

+First run the ``docker`` daemon

+-------------------------------

-All the examples assume your machine is running the docker daemon. To run the docker daemon in the background, simply type:

+All the examples assume your machine is running the ``docker``

+daemon. To run the ``docker`` daemon in the background, simply type:

 ```bash

 # On a production system you want this running in an init script

 sudo docker -d &

 ```

-Now you can run docker in client mode: all commands will be forwarded to the docker daemon, so the client can run from any account.

+Now you can run ``docker`` in client mode: all commands will be

+forwarded to the ``docker`` daemon, so the client can run from any

+account.

 ```bash

 # Now you can run docker commands from any account.

@@ -152,7 +206,7 @@ docker help

 ```

-Throwaway shell in a base ubuntu image

+Throwaway shell in a base Ubuntu image

 --------------------------------------

 ```bash

@@ -202,7 +256,8 @@ docker commit -m "Installed curl" $CONTAINER $USER/betterbase

 docker push $USER/betterbase

 ```

-A list of publicly available images is [available here](https://github.com/dotcloud/docker/wiki/Public-docker-images).

+A list of publicly available images is [available

+here](https://github.com/dotcloud/docker/wiki/Public-docker-images).

 Expose a service on a TCP port

 ------------------------------

@@ -229,32 +284,40 @@ Under the hood

 Under the hood, Docker is built on the following components:

-

-* The [cgroup](http://blog.dotcloud.com/kernel-secrets-from-the-paas-garage-part-24-c) and [namespacing](http://blog.dotcloud.com/under-the-hood-linux-kernels-on-dotcloud-part) capabilities of the Linux kernel;

-

-* [AUFS](http://aufs.sourceforge.net/aufs.html), a powerful union filesystem with copy-on-write capabilities;

-

+* The

+  [cgroup](http://blog.dotcloud.com/kernel-secrets-from-the-paas-garage-part-24-c)

+  and

+  [namespacing](http://blog.dotcloud.com/under-the-hood-linux-kernels-on-dotcloud-part)

+  capabilities of the Linux kernel;

+* [AUFS](http://aufs.sourceforge.net/aufs.html), a powerful union

+  filesystem with copy-on-write capabilities;

 * The [Go](http://golang.org) programming language;

-

-* [lxc](http://lxc.sourceforge.net/), a set of convenience scripts to simplify the creation of linux containers.

+* [lxc](http://lxc.sourceforge.net/), a set of convenience scripts to

+  simplify the creation of Linux containers.

 Contributing to Docker

 ======================

-Want to hack on Docker? Awesome! There are instructions to get you started on the website: http://docs.docker.io/en/latest/contributing/contributing/

+Want to hack on Docker? Awesome! There are instructions to get you

+started on the website:

+http://docs.docker.io/en/latest/contributing/contributing/

-They are probably not perfect, please let us know if anything feels wrong or incomplete.

+They are probably not perfect, please let us know if anything feels

+wrong or incomplete.

 Note

 ----

-We also keep the documentation in this repository. The website documentation is generated using sphinx using these sources.

-Please find it under docs/sources/ and read more about it https://github.com/dotcloud/docker/tree/master/docs/README.md

+We also keep the documentation in this repository. The website

+documentation is generated using Sphinx using these sources.  Please

+find it under docs/sources/ and read more about it

+https://github.com/dotcloud/docker/tree/master/docs/README.md

-Please feel free to fix / update the documentation and send us pull requests. More tutorials are also welcome.

+Please feel free to fix / update the documentation and send us pull

+requests. More tutorials are also welcome.

 Setting up a dev environment

@@ -289,93 +352,104 @@ Run the `go install` command (above) to recompile docker.

 What is a Standard Container?

 =============================

-Docker defines a unit of software delivery called a Standard Container. The goal of a Standard Container is to encapsulate a software component and all its dependencies in

-a format that is self-describing and portable, so that any compliant runtime can run it without extra dependencies, regardless of the underlying machine and the contents of the container.

+Docker defines a unit of software delivery called a Standard

+Container. The goal of a Standard Container is to encapsulate a

+software component and all its dependencies in a format that is

+self-describing and portable, so that any compliant runtime can run it

+without extra dependencies, regardless of the underlying machine and

+the contents of the container.

-The spec for Standard Containers is currently a work in progress, but it is very straightforward. It mostly defines 1) an image format, 2) a set of standard operations, and 3) an execution environment.

+The spec for Standard Containers is currently a work in progress, but

+it is very straightforward. It mostly defines 1) an image format, 2) a

+set of standard operations, and 3) an execution environment.

-A great analogy for this is the shipping container. Just like how Standard Containers are a fundamental unit of software delivery, shipping containers (http://bricks.argz.com/ins/7823-1/12) are a fundamental unit of physical delivery.

+A great analogy for this is the shipping container. Just like how

+Standard Containers are a fundamental unit of software delivery,

+shipping containers are a fundamental unit of physical delivery.

 ### 1. STANDARD OPERATIONS

-Just like shipping containers, Standard Containers define a set of STANDARD OPERATIONS. Shipping containers can be lifted, stacked, locked, loaded, unloaded and labelled. Similarly, standard containers can be started, stopped, copied, snapshotted, downloaded, uploaded and tagged.

+Just like shipping containers, Standard Containers define a set of

+STANDARD OPERATIONS. Shipping containers can be lifted, stacked,

+locked, loaded, unloaded and labelled. Similarly, Standard Containers

+can be started, stopped, copied, snapshotted, downloaded, uploaded and

+tagged.

 ### 2. CONTENT-AGNOSTIC

-Just like shipping containers, Standard Containers are CONTENT-AGNOSTIC: all standard operations have the same effect regardless of the contents. A shipping container will be stacked in exactly the same way whether it contains Vietnamese powder coffee or spare Maserati parts. Similarly, Standard Containers are started or uploaded in the same way whether they contain a postgres database, a php application with its dependencies and application server, or Java build artifacts.

+Just like shipping containers, Standard Containers are

+CONTENT-AGNOSTIC: all standard operations have the same effect

+regardless of the contents. A shipping container will be stacked in

+exactly the same way whether it contains Vietnamese powder coffee or

+spare Maserati parts. Similarly, Standard Containers are started or

+uploaded in the same way whether they contain a postgres database, a

+php application with its dependencies and application server, or Java

+build artifacts.

 ### 3. INFRASTRUCTURE-AGNOSTIC

-Both types of containers are INFRASTRUCTURE-AGNOSTIC: they can be transported to thousands of facilities around the world, and manipulated by a wide variety of equipment. A shipping container can be packed in a factory in Ukraine, transported by truck to the nearest routing center, stacked onto a train, loaded into a German boat by an Australian-built crane, stored in a warehouse at a US facility, etc. Similarly, a standard container can be bundled on my laptop, uploaded to S3, downloaded, run and snapshotted by a build server at Equinix in Virginia, uploaded to 10 staging servers in a home-made Openstack cluster, then sent to 30 production instances across 3 EC2 regions.

+Both types of containers are INFRASTRUCTURE-AGNOSTIC: they can be

+transported to thousands of facilities around the world, and

+manipulated by a wide variety of equipment. A shipping container can

+be packed in a factory in Ukraine, transported by truck to the nearest

+routing center, stacked onto a train, loaded into a German boat by an

+Australian-built crane, stored in a warehouse at a US facility,

+etc. Similarly, a standard container can be bundled on my laptop,

+uploaded to S3, downloaded, run and snapshotted by a build server at

+Equinix in Virginia, uploaded to 10 staging servers in a home-made

+Openstack cluster, then sent to 30 production instances across 3 EC2

+regions.

 ### 4. DESIGNED FOR AUTOMATION

-Because they offer the same standard operations regardless of content and infrastructure, Standard Containers, just like their physical counterpart, are extremely well-suited for automation. In fact, you could say automation is their secret weapon.

-

-Many things that once required time-consuming and error-prone human effort can now be programmed. Before shipping containers, a bag of powder coffee was hauled, dragged, dropped, rolled and stacked by 10 different people in 10 different locations by the time it reached its destination. 1 out of 50 disappeared. 1 out of 20 was damaged. The process was slow, inefficient and cost a fortune - and was entirely different depending on the facility and the type of goods.

-

-Similarly, before Standard Containers, by the time a software component ran in production, it had been individually built, configured, bundled, documented, patched, vendored, templated, tweaked and instrumented by 10 different people on 10 different computers. Builds failed, libraries conflicted, mirrors crashed, post-it notes were lost, logs were misplaced, cluster updates were half-broken. The process was slow, inefficient and cost a fortune - and was entirely different depending on the language and infrastructure provider.

+Because they offer the same standard operations regardless of content

+and infrastructure, Standard Containers, just like their physical

+counterparts, are extremely well-suited for automation. In fact, you

+could say automation is their secret weapon.

+

+Many things that once required time-consuming and error-prone human

+effort can now be programmed. Before shipping containers, a bag of

+powder coffee was hauled, dragged, dropped, rolled and stacked by 10

+different people in 10 different locations by the time it reached its

+destination. 1 out of 50 disappeared. 1 out of 20 was damaged. The

+process was slow, inefficient and cost a fortune - and was entirely

+different depending on the facility and the type of goods.

+

+Similarly, before Standard Containers, by the time a software

+component ran in production, it had been individually built,

+configured, bundled, documented, patched, vendored, templated, tweaked

+and instrumented by 10 different people on 10 different

+computers. Builds failed, libraries conflicted, mirrors crashed,

+post-it notes were lost, logs were misplaced, cluster updates were

+half-broken. The process was slow, inefficient and cost a fortune -

+and was entirely different depending on the language and

+infrastructure provider.

 ### 5. INDUSTRIAL-GRADE DELIVERY

-There are 17 million shipping containers in existence, packed with every physical good imaginable. Every single one of them can be loaded onto the same boats, by the same cranes, in the same facilities, and sent anywhere in the World with incredible efficiency. It is embarrassing to think that a 30 ton shipment of coffee can safely travel half-way across the World in *less time* than it takes a software team to deliver its code from one datacenter to another sitting 10 miles away.

-

-With Standard Containers we can put an end to that embarrassment, by making INDUSTRIAL-GRADE DELIVERY of software a reality.

-

-

-

-

-Standard Container Specification

-

-(TODO)

-

-### Image format

-

-

-### Standard operations

-

-* Copy

-* Run

-* Stop

-* Wait

-* Commit

-* Attach standard streams

-* List filesystem changes

-* ...

-

-### Execution environment

-

-#### Root filesystem

-

-#### Environment variables

-

-#### Process arguments

-

-#### Networking

-

-#### Process namespacing

-

-#### Resource limits

-

-#### Process monitoring

-

-#### Logging

-

-#### Signals

+There are 17 million shipping containers in existence, packed with

+every physical good imaginable. Every single one of them can be loaded

+onto the same boats, by the same cranes, in the same facilities, and

+sent anywhere in the World with incredible efficiency. It is

+embarrassing to think that a 30 ton shipment of coffee can safely

+travel half-way across the World in *less time* than it takes a

+software team to deliver its code from one datacenter to another

+sitting 10 miles away.

-#### Pseudo-terminal allocation

+With Standard Containers we can put an end to that embarrassment, by

+making INDUSTRIAL-GRADE DELIVERY of software a reality.

-#### Security

 ### Legal

-Transfers of Docker shall be in accordance with applicable export controls of any country and all other applicable

-legal requirements.  Docker shall not be distributed or downloaded to or in Cuba, Iran, North Korea, Sudan or Syria

-and shall not be distributed or downloaded to any person on the Denied Persons List administered by the U.S.

+Transfers of Docker shall be in accordance with applicable export

+controls of any country and all other applicable legal requirements.

+Docker shall not be distributed or downloaded to or in Cuba, Iran,

+North Korea, Sudan or Syria and shall not be distributed or downloaded

+to any person on the Denied Persons List administered by the U.S.

 Department of Commerce.

@@ -20,6 +20,8 @@ Vagrant::Config.run do |config|

     pkg_cmd = "apt-get update -qq; apt-get install -q -y python-software-properties; " \

       "add-apt-repository -y ppa:dotcloud/lxc-docker; apt-get update -qq; " \

       "apt-get install -q -y lxc-docker; "

+    # Listen on all interfaces so that the daemon is accessible from the host

+    pkg_cmd << "sed -i -E 's|    /usr/bin/docker -d|    /usr/bin/docker -d -H 0.0.0.0|' /etc/init/docker.conf;"

     # Add X.org Ubuntu backported 3.8 kernel

     pkg_cmd << "add-apt-repository -y ppa:ubuntu-x-swat/r-lts-backport; " \

       "apt-get update -qq; apt-get install -q -y linux-image-3.8.0-19-generic; "

@@ -81,54 +81,15 @@ func getBoolParam(value string) (bool, error) {

 	return ret, nil

 }

-func getAuth(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {

-	if version > 1.1 {

-		w.WriteHeader(http.StatusNotFound)

-		return nil

-	}

-	authConfig, err := auth.LoadConfig(srv.runtime.root)

-	if err != nil {

-		if err != auth.ErrConfigFileMissing {

-			return err

-		}

-		authConfig = &auth.AuthConfig{}

-	}

-	b, err := json.Marshal(&auth.AuthConfig{Username: authConfig.Username, Email: authConfig.Email})

-	if err != nil {

-		return err

-	}

-	writeJSON(w, b)

-	return nil

-}

-

 func postAuth(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {

 	authConfig := &auth.AuthConfig{}

 	err := json.NewDecoder(r.Body).Decode(authConfig)

 	if err != nil {

 		return err

 	}

-	status := ""

-	if version > 1.1 {

-		status, err = auth.Login(authConfig, false)

-		if err != nil {

-			return err

-		}

-	} else {

-		localAuthConfig, err := auth.LoadConfig(srv.runtime.root)

-		if err != nil {

-			if err != auth.ErrConfigFileMissing {

-				return err

-			}

-		}

-		if authConfig.Username == localAuthConfig.Username {

-			authConfig.Password = localAuthConfig.Password

-		}

-

-		newAuthConfig := auth.NewAuthConfig(authConfig.Username, authConfig.Password, authConfig.Email, srv.runtime.root)

-		status, err = auth.Login(newAuthConfig, true)

-		if err != nil {

-			return err

-		}

+	status, err := auth.Login(authConfig)

+	if err != nil {

+		return err

 	}

 	if status != "" {

 		b, err := json.Marshal(&APIAuth{Status: status})

@@ -217,6 +178,64 @@ func getInfo(srv *Server, version float64, w http.ResponseWriter, r *http.Reques

 	return nil

 }

+func getEvents(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {

+	sendEvent := func(wf *utils.WriteFlusher, event *utils.JSONMessage) error {

+		b, err := json.Marshal(event)

+		if err != nil {

+			return fmt.Errorf("JSON error")

+		}

+		_, err = wf.Write(b)

+		if err != nil {

+			// On error, evict the listener

+			utils.Debugf("%s", err)

+			srv.Lock()

+			delete(srv.listeners, r.RemoteAddr)

+			srv.Unlock()

+			return err

+		}

+		return nil

+	}

+

+	if err := parseForm(r); err != nil {

+		return err

+	}

+	listener := make(chan utils.JSONMessage)

+	srv.Lock()

+	srv.listeners[r.RemoteAddr] = listener

+	srv.Unlock()

+	since, err := strconv.ParseInt(r.Form.Get("since"), 10, 0)

+	if err != nil {

+		since = 0

+	}

+	w.Header().Set("Content-Type", "application/json")

+	wf := utils.NewWriteFlusher(w)

+	if since != 0 {

+		// If since, send previous events that happened after the timestamp

+		for _, event := range srv.events {

+			if event.Time >= since {

+				err := sendEvent(wf, &event)

+				if err != nil && err.Error() == "JSON error" {

+					continue

+				}

+				if err != nil {

+					return err

+				}

+			}

+		}

+	}

+	for {

+		event := <-listener

+		err := sendEvent(wf, &event)

+		if err != nil && err.Error() == "JSON error" {

+			continue

+		}

+		if err != nil {

+			return err

+		}

+	}

+	return nil

+}

+

 func getImagesHistory(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {

 	if vars == nil {

 		return fmt.Errorf("Missing parameter")

@@ -436,16 +455,8 @@ func postImagesInsert(srv *Server, version float64, w http.ResponseWriter, r *ht

 func postImagesPush(srv *Server, version float64, w http.ResponseWriter, r *http.Request, vars map[string]string) error {

 	authConfig := &auth.AuthConfig{}

-	if version > 1.1 {

-		if err := json.NewDecoder(r.Body).Decode(authConfig); err != nil {

-			return err

-		}

-	} else {

-		localAuthConfig, err := auth.LoadConfig(srv.runtime.root)

-		if err != nil && err != auth.ErrConfigFileMissing {

-			return err

-		}

-		authConfig = localAuthConfig

+	if err := json.NewDecoder(r.Body).Decode(authConfig); err != nil {

+		return err

 	}

 	if err := parseForm(r); err != nil {

 		return err

@@ -861,9 +872,9 @@ func createRouter(srv *Server, logging bool) (*mux.Router, error) {

 	m := map[string]map[string]func(*Server, float64, http.ResponseWriter, *http.Request, map[string]string) error{

 		"GET": {

-			"/auth":                         getAuth,

-			"/version":                      getVersion,

+			"/events":                       getEvents,

 			"/info":                         getInfo,

+			"/version":                      getVersion,

 			"/images/json":                  getImagesJSON,

 			"/images/viz":                   getImagesViz,

 			"/images/search":                getImagesSearch,

@@ -17,13 +17,16 @@ type APIImages struct {

 }

 type APIInfo struct {

-	Debug       bool

-	Containers  int

-	Images      int

-	NFd         int  `json:",omitempty"`

-	NGoroutines int  `json:",omitempty"`

-	MemoryLimit bool `json:",omitempty"`

-	SwapLimit   bool `json:",omitempty"`

+	Debug           bool

+	Containers      int

+	Images          int

+	NFd             int    `json:",omitempty"`

+	NGoroutines     int    `json:",omitempty"`

+	MemoryLimit     bool   `json:",omitempty"`

+	SwapLimit       bool   `json:",omitempty"`

+	LXCVersion      string `json:",omitempty"`

+	NEventsListener int    `json:",omitempty"`

+	KernelVersion   string `json:",omitempty"`

 }

 type APITop struct {

@@ -89,6 +89,44 @@ func TestGetInfo(t *testing.T) {

 	}

 }

+func TestGetEvents(t *testing.T) {

+	runtime := mkRuntime(t)

+	srv := &Server{

+		runtime:   runtime,

+		events:    make([]utils.JSONMessage, 0, 64),

+		listeners: make(map[string]chan utils.JSONMessage),

+	}

+

+	srv.LogEvent("fakeaction", "fakeid")

+	srv.LogEvent("fakeaction2", "fakeid")

+

+	req, err := http.NewRequest("GET", "/events?since=1", nil)

+	if err != nil {

+		t.Fatal(err)

+	}

+

+	r := httptest.NewRecorder()

+	setTimeout(t, "", 500*time.Millisecond, func() {

+		if err := getEvents(srv, APIVERSION, r, req, nil); err != nil {

+			t.Fatal(err)

+		}

+	})

+

+	dec := json.NewDecoder(r.Body)

+	for i := 0; i < 2; i++ {

+		var jm utils.JSONMessage

+		if err := dec.Decode(&jm); err == io.EOF {

+			break

+		} else if err != nil {

+			t.Fatal(err)

+		}

+		if jm != srv.events[i] {

+			t.Fatalf("Event received it different than expected")

+		}

+	}

+

+}

+

 func TestGetImagesJSON(t *testing.T) {

 	runtime := mkRuntime(t)

 	defer nuke(runtime)

@@ -866,6 +904,12 @@ func TestPostContainersAttach(t *testing.T) {

 	stdin, stdinPipe := io.Pipe()

 	stdout, stdoutPipe := io.Pipe()

+	// Try to avoid the timeoout in destroy. Best effort, don't check error

+	defer func() {

+		closeWrap(stdin, stdinPipe, stdout, stdoutPipe)

+		container.Kill()

+	}()

+

 	// Attach to it

 	c1 := make(chan struct{})

 	go func() {