Linux distributions for containers
Repo Man
CoreOS and Atomic are two major Linux distributions optimized for containers and available in the enterprise environment. Not only are these distributions hardened accordingly and suitable for providing the run-time environment for Docker containers, but the entire scope of the distribution has been reduced to a minimum, because these hosts are only intended to operate containers, not to activate any other services.
This rather well-intentioned idea causes problems in many environments, however, such as when you need monitoring or backup software, change management tools, or other applications on the system. Unfortunately, it isn't always easy to install the required software packages after the fact. In this article, I explain why this is the case and how to install the required software on your Docker hosts.
An Atomic installation is used as an example. Corresponding operating system images exist for both Red Hat Enterprise Linux and its community variants CentOS and Fedora. I use a Fedora image [1] that serves as the basis for setting up a KVM-based virtual machine that can be made available within a very short span of time using the virt-manager
or virt-install
tools. On top of that, I take a regular Fedora 22 system, generate a custom Atomic software repository, and fill it with the desired packages. Docker hosts can then use this custom repository.
Atomic with a Package Manager
At this point, some readers might already be wondering why all this effort is necessary. After all, it's usual with RPM-based distributions to be able to install software packages from corresponding repositories using a package manager. However, it's different with Atomic, because it has no package manager. Instead, such hosts use completely prefabricated filesystem trees that are loaded onto the local host from a central repository in an atomic operation and then mounted in the existing filesystem.
After customizing the bootloader and rebooting the system, the new filesystem is now available with the applications contained in it. The operating system is read-only and located under /usr
, whereas data that should remain persistent between different OS versions, are under /var
. This data is then integrated into the root file system via corresponding links.
For example, the user's home directory is located on an Atomic host under /var/home
and is linked to /home
. However, the /bin
and /sbin
folders can be found in /usr
and are integrated under /
. The two tools rpm-ostree
and ostree
are used to manage the filesystems.
After installing an Atomic host, you can display the version of the filesystem tree employed and the repository it comes from as follows:
# rpm-ostree status
By creating your own Atomic repository, you can load it with the software packages you want, so they are then available to the Atomic host. As an example, the existing Fedora Atomic repository is to be expanded by the vim
tool and its dependencies. To do this, install the required tools (e.g., rpm-ostree-toolbox
on a regular Fedora system) and clone the corresponding Git repository from the Fedora Atomic Project (Listing 1).
Listing 1
Installing Tools
# dnf install git rpm-ostree-toolbox # mkdir /srv/atomic/ # cd /srv/atomic/ # git clone https://git.fedorahosted.org/cgit/fedora-atomic.git # cd fedora-atomic # git checkout f22
You will find all the relevant files from the Git repository in the fedora-atomic
directory.
The fedora-atomic-docker-host.json
file describes which packages need to be installed from which Yum repository. Instead of altering this file, simply create a new one and include the existing JSON file, so you can identify possible sources of error more quickly.
Putting Vim on Your System
Listing 2 shows an example for expanding the existing Atomic filesystem tree with the vim-enhanced
package. If you want to use packages from other repositories, refer to the corresponding Yum configuration file – which must be in the same directory – using the repos
command. The Fedora repository serves as an example here. Now expand the config.ini
configuration file to include an additional section by creating a new profile to do so (see Listing 3).
Listing 2
Integrating Vim
{ "include": "fedora-atomic-docker-host.json", "packages": ["vim"] }
Listing 3
New Profile
[...] [vim] tree_name = editors ref = %(os_name)s/%(release)s/%(arch)s/%(tree_name)s tree_file = %(os_name)s-vim.json
Finally, you can create a new filesystem tree based on the profile just created and then make this available to your Atomic hosts using the built-in web server. Make sure to use the specified profile name when accessing rpm-ostree-toolbox
in the config.ini
file.
The procedure presented here is just right for testing purposes, because no additional overhead is needed for configuring a web server. In a production environment, it is useful to provide file trees via regular web servers or not to generate any images at all from them. The ostree
tool indicates on which port the built-in web server listens for requests:
# cd /srv/atomic # rpm-ostree-toolbox treecompose -c fedora-atomic/config.ini --ostreerepo /srv/rpm-ostree/fedora-atomic/22/ -p vim # ostree trivial-httpd -p - /srv/rpm-ostree/fedora-atomic/22
Finally, you can introduce the new filesystem tree on the previously configured Atomic instance and verify that it is also available there now:
# ostree remote add f22-custom http://192.168.122.1:36073 --no-gpg-verify # ostree remote list -u f22-custom http://192.168.122.1:36073 fedora-atomic http://dl.fedoraproject.org/pub/fedora/linux/atomic/22/
To switch to the new file tree, you need to perform a rebase
and then restart the system:
# rpm-ostree rebase f22-custom:fedora-atomic/f22/x86_64/vim # systemctl reboot
Once the system has rebooted, calling rpm-ostree
should confirm that the filesystem tree just created is in use and is now available to the Vim editor on the system (Listing 4).
Listing 4
New Filesystem Tree
# rpm-ostree status TIMESTAMP (UTC) VERSION ID OSNAME REFSPEC * 2015-09-30 12:07:07 22 c4421f1bba fedora-atomic f22-custom:fedora-atomic/f22/x86_64/vim 2015-09-30 10:38:37 22 81b569ae55 fedora-atomic f22-custom:fedora-atomic/f22/x86_64/docker-host # rpm -q vim-enhanced vim-enhanced-7.4.640-4.fc22.x86_64
Conclusions
The increasing use of container virtualization is accompanied by an increase in demand for specialized Linux distributions that do without unnecessary ballast. CoreOS and the Red Hat Atomic host are two such distributions that meet these requirements. The tools presented here can be used to customize the base images to your own needs, such as installing additional software.
Infos
- Fedora Atomic images: https://getfedora.org/en/cloud/download/atomic.html