It’s the community, stupid.

So, given a potentially international audience, the title of this blog entry is a spin of an old US presidential campaign phrase, “It’s the economy, stupid!” But what do I mean by that? Well, in the past week I’ve received a lot of congratulatory remarks about my work on user namespaces in Docker. And that’s been a lot of fun–for my 15 minutes of fame I’ve gotten to know what really popular people feel like when they humblebrag: “oh no, another pageful of Twitter notifications, I don’t have time for this!” Of course it feels great to have accomplished something that was seen as a difficult endeavor with the hope that lots of Docker users will be happy with a long-awaited new feature.

But while I have a few more readers than normal (yeah–my blog has had twice as many views in the last 5 days than the prior 12 months combined!), I thought it would be worth it to step away from the code for a minute and have a (hopefully cliche-free) few words about the power of communities.

First of all, user namespaces didn’t start with me. It started in the Linux kernel, another open source community you might have heard of, and several hands were involved in bringing it to reality over a period of a few years of hard work. Secondly, user namespaces only exist in Docker because, a) support to enable the Go language standard library–yet another open source project–was added by Mrunal Patel and Michael Crosby in the second half of 2014, and b) support to add the capability to the libcontainer project, now part of the Open Container Initiative‘s runC implementation and library, was also added first.

So, you might say “that’s cool, but you did the PR in Docker that got merged.” Sure, but not without significant help from the community. Hopefully if you ask any developer working in a healthy open source community whether they worked alone in a silo, only coming up for air to lob PRs into a GitHub repository, they would say: “absolutely not!”  Communities provide the direction and assistance necessary to make each contributor’s work successful. I got stuck several times during this process, and needed some other eyes, thoughts, and counter-points to make conscious design decisions and changes along the way. We even had Eric Biederman (maintainer/key contributor of user namespaces in Linux) himself drop in on GitHub late in the review cycle and shift our thinking on how we would come up with the user and group ID mapping ranges themselves!

So, here’s my chance to say “Thank you!” to the awesome Docker community. My work was heavily supported and enabled by many members of the community, but I’m going further and doing that horrible thing where I mention people by name with the very real possibility of leaving someone out by accident. But, to keep this from being just talk, here are the people that all are worth thanking for the arrival of user namespaces in Docker:

  • Michael Crosby: Sat on a couch with me at Docker HQ early this year and helped write out a list of steps/goals leading to our initial implementation. He also fixed several important libcontainer bugs along the way to help make the feature ready for merge.
  • Mrunal Patel: Part of the small group that brought the user namespace capability into Go-lang, he provided lots of feedback and direction and debug help during the entire process.
  • Alexandr Morozov: Helped with overall design, fixed several issues, reviewed the code, did testing/provided feedback, and generally helped improve the code quality.
  • Jess Frazelle: Did lots of testing with her own “special class” of containers! She enabled the integration test suite for running against a user-namespaces enabled daemon, set up a special CI target for userns, and generally became a huge fan (apparently including running it on her Linux host directly–and anyone knows that’s a big honor with Jess).
  • Diogo Monica/Nathan McCauley:  The security team at Docker have been huge cheerleaders of this feature and both Diogo and Nathan added their own review and feedback on the design and initial goals and have urged the work forward through the entire process.
  • Madhu Venugopal: Madhu and his team of libnetwork developers re-architected the entire network namespace management code to make it work with the Linux restrictions on namespace ordering/joining when user namespaces are involved. Without this significant rework, we could never have merged user namespaces!

So, why would I belabor this in a lengthy blog post versus a few tweets of thanks? Because, my hope is that if you are looking to get involved in an open source community that you would take my advice to really get involved.  Get on the communication channels–probably IRC, meet the key people in the community, help with bugs that no one wants to work on, clean up the docs if they could use some help. Do whatever is necessary to become a trusted part of the community. What you’ll find out is that when it’s time that you need some help on a difficult bug, PR, or feature request, you’ll find plenty of it in the relationships you’ve already built around you in the community of your choice.  It’s the community, stupid!

Further reading:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *