www.huawei.com

Security Level:

HUAWEI TECHNOLOGIES CO., LTD.

OCI, where are we and where are we going

Author/ Email: Qiang Huang/h.Huangqiang@Huawei.com

Version: V0.5(20160928)

HUAWEI TECHNOLOGIES CO., LTD. 华为保密信息，未经授权禁止扩散 Page 2

Contents:

What is OCI

OCI governance

OCI projects

OCI values/benefits

OCI milestones

HUAWEI TECHNOLOGIES CO., LTD. 华为保密信息，未经授权禁止扩散 Page 3

Who am I

Qiang Huang

Software engineer work for Huawei

6 years developing experience in container area (cgroup, namespace, LXC, CRIU,

Docker, OCI, etc..)

OCI TDC maintainer

Runtime-spec maintainer

Runc maintainer

Github: @hqhq

HUAWEI TECHNOLOGIES CO., LTD. 华为保密信息，未经授权禁止扩散 Page 4

What is OCI

Open Container Initiative

A lightweight, open governance structure (project).

Formed under the auspices of the Linux Foundation.

For the express purpose of creating open industry standards around container formats

and runtime.

HUAWEI TECHNOLOGIES CO., LTD. 华为保密信息，未经授权禁止扩散 Page 5

Mission of the OCI

The mission of the OCI is to promote and promulgate a set of common, minimal,

open standards and specifications around container technology.

We do

provides an open source technical community within which industry participants may

easily contribute to

building a vendor-neutral, portable and open specification for image and runtime

We don’t

do not seek to be a marketing organization

not to create a complete stack

strive to avoid standardizing technical areas undergoing innovation and debate

HUAWEI TECHNOLOGIES CO., LTD. 华为保密信息，未经授权禁止扩散 Page 6

Membership

OCI Members

Technical Developer Community (TDC)

Technical Oversight Board (TOB)

Trademark Board

HUAWEI TECHNOLOGIES CO., LTD. 华为保密信息，未经授权禁止扩散 Page 7

Trademark Board

be composed of one representative appointed by each OCI Member

Responsibilities

creating the OCI trademarks associated with OCI Projects

creating a certification program to define “OCI Certified Solution”

approving the use of OCI funds for specific trademark

organizing and directing marketing initiatives

…

HUAWEI TECHNOLOGIES CO., LTD. 华为保密信息，未经授权禁止扩散 Page 8

Technical Developer Community (TDC)

open to any developer, end user or subject matter expert that chooses to

participate in the activities of OCI

scope of work

Creating and maintaining formal specifications for container image formats and

runtime

Creating and maintaining test tools that shall serve as the testing functions for

achieving certification as an OCI Certified Solution

Attempting to harmonize the OCI Specifications with other proposed standards

…

HUAWEI TECHNOLOGIES CO., LTD. 华为保密信息，未经授权禁止扩散 Page 9

Technical Oversight Board (TOB)

responsible for managing conflicts or disagreements and any cross-project or

high-level issues that cannot be resolved in the TDC or OCI Projects

responsible for adding, removing or reorganizing OCI Projects

all operations should be public

composed of nine individuals with one TOB chair

Any issues that cannot be resolved by the TOB shall be referred to The Linux

Foundation Executive Director for mediation

HUAWEI TECHNOLOGIES CO., LTD. 华为保密信息，未经授权禁止扩散 Page 10

OCI Projects

The Initial OCI Projects

Specification (“OCI Specification”)

Runtime (“runc”)

Now

Runtime-spec

Image-spec

RunC

Runtime-tools

Image-tools

HUAWEI TECHNOLOGIES CO., LTD. 华为保密信息，未经授权禁止扩散 Page 11

OCI Projects – Runtime-spec

defines the requirements for launching an application as a container

defines the configuration of a container that can be interpreted by runtime

implementations

defines the stardand runtime behaviors and expressions of a container

key source files

bundle.md

config.md/config-linux.md/config-solaris.md/config-xxx.md

runtime.md/runtime-linux.md/runtime-xxx.md

HUAWEI TECHNOLOGIES CO., LTD. 华为保密信息，未经授权禁止扩散 Page 12

OCI Projects – Image-spec

The goal of this specification is to enable the creation of interoperable tools for

building, transporting, and preparing a container image to run

Based on Docker image spec v2.2

Defines how to create an OCI image, and output

An image manifest

A filesystem serialization

An image configuration

HUAWEI TECHNOLOGIES CO., LTD. 华为保密信息，未经授权禁止扩散 Page 13

OCI Projects – RunC

Runc is a CLI tool for spawning and running containers according to the OCI

specification

an implementation of runtime-spec

a runtime engine

Based on libcontainer and donated by Docker Inc.

How Docker uses runC on 1.11.0+

HUAWEI TECHNOLOGIES CO., LTD. 华为保密信息，未经授权禁止扩散 Page 14

OCI Projects - Ocitools

Collection of tools for working with the OCI runtime specification and OCI image

format specification

Runtime-tools

Generating an OCI runtime spec configuration files

Validating an OCI bundle

Testing OCI runtimes

Image-tools

Validating an OCI image

Unpacking an OCI image to a bundle

To be added.

HUAWEI TECHNOLOGIES CO., LTD. 华为保密信息，未经授权禁止扩散 Page 15

OCI Values

Composable

Portable

Secure

Decentralized

Open

Minimalist

Backward compatible

HUAWEI TECHNOLOGIES CO., LTD. 华为保密信息，未经授权禁止扩散 Page 16

Why do we need OCI

Same reason as we need a standardized shipping container

Can be used across different modes of transport

Store and transport materials and products efficiently and securely

…

OCI

not bound to higher level constructs such as a particular client or

orchestration stack

not tightly associated with any particular commercial vendor or

project

portable across a wide variety of operating systems, hardware, CPU

architectures, public clouds, etc

HUAWEI TECHNOLOGIES CO., LTD. 华为保密信息，未经授权禁止扩散 Page 17

Who should care about OCI

Who builds containers

Image developers

Bundle authors

Who stores or ships containers

Registry/Hub vendors

Who manages or hosts containers

Orchestration vendors

Operating system/public clouds providers

Who runs containers

Runtime engine authors

Participants in container ecosystem

HUAWEI TECHNOLOGIES CO., LTD. 华为保密信息，未经授权禁止扩散 Page 18

How does OCI benefit users

Won’t locked into any technology vendor for the long run

Choose the best tools to build the best applications

The industry focus on innovating and competing at the levels that

truly make a difference

HUAWEI TECHNOLOGIES CO., LTD. 华为保密信息，未经授权禁止扩散 Page 19

OCI milestones

Runtime-spec

1.0.0-rc2 now

1.0.0 this year

Image-spec

0.5.0 now

1.0.0 this year

runC

1.0.0-rc1 now

1.0.0 this year

HUAWEI TECHNOLOGIES CO., LTD. 华为保密信息，未经授权禁止扩散 Page 20

Website

https://www.opencontainers.org/

https://github.com/opencontainers/

Any tests, reviews and contributions would be

more than welcome!

Thank you www.huawei.com

Copyright© 2011 Huawei Technologies Co., Ltd. All Rights Reserved.

The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results,

future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those

expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an

acceptance. Huawei may change the information at any time without notice.