Container Linux Explained

Container Linux
Logo Size:220px
Logo Alt:Container Linux logo
Developer:CoreOS team, Red Hat
Source Model:Open source
Kernel Type:Monolithic (Linux kernel)
Supported Platforms:x86-64
Family:Linux (based on Gentoo Linux)
Released:[1]
Latest Release Version:2512.3.0[2]
Latest Preview Version:2513.2.0[3] (Beta) /
2514.1.0[4] (Alpha)
Working State:Discontinued[5]
License:Apache License 2.0[6] [7]
Marketing Target:Servers and clusters
Succeeded By:Fedora CoreOS
RHEL CoreOS
Flatcar Container Linux
Website:[8]

Container Linux (formerly CoreOS Linux) is a discontinued open-source lightweight operating system based on the Linux kernel and designed for providing infrastructure for clustered deployments. One of its focuses was scalability. As an operating system, Container Linux provided only the minimal functionality required for deploying applications inside software containers, together with built-in mechanisms for service discovery and configuration sharing.[9] [10] [11] [12] [13]

Container Linux shares foundations with Gentoo Linux,[14] [15] ChromeOS, and ChromiumOS through a common software development kit (SDK). Container Linux adds new functionality and customization to this shared foundation to support server hardware and use cases.[16] CoreOS was developed primarily by Alex Polvi, Brandon Philips, and Michael Marineau, with its major features available as a stable release.[17] [18] [19]

The CoreOS team announced the end-of-life for Container Linux on May 26, 2020, offering Fedora CoreOS,[20] and RHEL CoreOS as its replacement, both based on Red Hat Enterprise Linux.

Overview

Container Linux provides no package manager as a way for distributing payload applications, requiring instead all applications to run inside their containers. Serving as a single control host, a Container Linux instance uses the underlying operating-system-level virtualization features of the Linux kernel to create and configure multiple containers that perform as isolated Linux systems. That way, resource partitioning between containers is performed through multiple isolated userspace instances, instead of using a hypervisor and providing full-fledged virtual machines. This approach relies on the Linux kernel's cgroups and namespaces functionalities,[21] [22] which together provide abilities to limit, account and isolate resource usage (CPU, memory, disk I/O, etc.) for the collections of userspace processes.[23]

Initially, Container Linux exclusively used Docker as a component providing an additional layer of abstraction and interface[24] to the operating-system-level virtualization features of the Linux kernel, as well as providing a standardized format for containers that allows applications to run in different environments. In December 2014, CoreOS released and started to support rkt (initially released as Rocket) as an alternative to Docker, providing through it another standardized format of the application-container images, the related definition of the container runtime environment, and a protocol for discovering and retrieving container images.[25] [26] [27] [28] CoreOS provides rkt as an implementation of the so-called app container (appc) specification that describes the required properties of the application container image (ACI). CoreOS created appc and ACI as an independent committee-steered set of specifications[29] [30] aimed to become part of the vendor- and operating-system-independent Open Container Initiative, or OCI, initially named the Open Container Project (OCP) containerization standard,[31] which was announced in June 2015.[32] [33] [34]

Container Linux uses ebuild scripts from Gentoo Linux for automated compilation of its system components, and uses systemd as its primary init system, with tight integration between systemd and various Container Linux's internal mechanisms.[35]

Updates distribution

Container Linux achieves additional security and reliability of its operating system updates by employing FastPatch as a dual-partition scheme for the read-only part of its installation, meaning that the updates are performed as a whole and installed onto a passive secondary boot partition that becomes active upon a reboot or kexec. This approach avoids possible issues arising from updating only certain parts of the operating system, ensures easy rollbacks to a known-to-be-stable version of the operating system, and allows each boot partition to be signed for additional security.[36] The root partition and its root file system are automatically resized to fill all available disk-space upon reboots; while the root partition provides read-write storage space, the operating system itself is mounted read-only under .[37] [38] [39]

To ensure that only a certain part of the cluster reboots at once when the operating system updates are applied, preserving the resources required for running deployed applications, CoreOS provides locksmith as a reboot manager for Container Linux.[40] Using locksmith, one can select between different update strategies that are determined by how the reboots are performed as the last step in applying updates; for example, one can configure how many cluster members are allowed to reboot simultaneously. Internally, locksmith operates as the daemon that runs on cluster members, while the command-line utility manages configuration parameters.[41] [42] Locksmith is written in the Go language and distributed under the terms of the Apache License 2.0.[43]

The updates distribution system employed by Container Linux is based on Google's open-source Omaha project, which provides a mechanism for rolling out updates and the underlying request–response protocol based on XML.[44] [45] [46] Additionally, CoreOS provides CoreUpdate as a web-based dashboard for the management of cluster-wide updates. Operations available through CoreUpdate include assigning cluster members to different groups that share customized update policies, reviewing cluster-wide breakdowns of Container Linux versions, stopping and restarting updates, and reviewing recorded update logs. CoreUpdate also provides an HTTP-based API that allows its integration into third-party utilities or deployment systems.[47] [48]

Cluster infrastructure

Container Linux provides etcd, a daemon that runs across all computers in a cluster and provides a dynamic configuration registry, allowing various configuration data to be easily and reliably shared between the cluster members. Since the key–value data stored within is automatically distributed and replicated with automated master election and consensus establishment using the Raft algorithm, all changes in stored data are reflected across the entire cluster, while the achieved redundancy prevents failures of single cluster members from causing data loss.[49] Beside the configuration management, also provides service discovery by allowing deployed applications to announce themselves and the services they offer. Communication with is performed through an exposed REST-based API, which internally uses JSON on top of HTTP; the API may be used directly (through or, for example), or indirectly through, which is a specialized command-line utility also supplied by CoreOS.[50] [51] [52] etcd is also used in Kubernetes software.

Container Linux also provides the cluster manager, which controls Container Linux's separate systemd instances at the cluster level. As of 2017, "fleet" is no longer actively developed and is deprecated in favor of Kubernetes.[53] By using, Container Linux creates a distributed init system that ties together separate systemd instances and a cluster-wide deployment; internally, daemon communicates with local instances over D-Bus, and with the deployment through its exposed API. Using allows the deployment of single or multiple containers cluster-wide, with more advanced options including redundancy, failover, deployment to specific cluster members, dependencies between containers, and grouped deployment of containers. A command-line utility called is used to configure and monitor this distributed init system;[54] internally, it communicates with the daemon using a JSON-based API on top of HTTP, which may also be used directly. When used locally on a cluster member, communicates with the local instance over a Unix domain socket; when used from an external host, SSH tunneling is used with authentication provided through public SSH keys.[55] [56] [57] [58] [59]

All of the above-mentioned daemons and command-line utilities (and) are written in the Go language and distributed under the terms of the Apache License 2.0.[60]

Deployment

When running on dedicated hardware, Container Linux can be either permanently installed on local storage, such as a hard disk drive (HDD) or solid-state drive (SSD),[61] or booted remotely over a network using Preboot Execution Environment (PXE) in general, or iPXE as one of its implementations.[62] [63] CoreOS also supports deployments on various hardware virtualization platforms, including Amazon EC2, DigitalOcean, Google Compute Engine, Microsoft Azure, OpenStack, QEMU/KVM, Vagrant and VMware.[64] [65] [66] Container Linux may also be installed on Citrix XenServer, noting that a "template" for CoreOS exists.

Container Linux can also be deployed through its commercial distribution called Tectonic, which additionally integrates Google's Kubernetes as a cluster management utility., Tectonic is planned to be offered as beta software to select customers.[67] [68] Furthermore, CoreOS provides Flannel as a component, implementing an overlay network required primarily for the integration with Kubernetes.[69] [70]

, Container Linux supports only the x86-64 architecture.

Derivatives

Following its acquisition of CoreOS, Inc.[71] in January 2018, Red Hat announced[72] that it would be merging CoreOS Container Linux with Red Hat's Project Atomic to create a new operating system, Red Hat CoreOS, while aligning the upstream Fedora Project open source community around Fedora CoreOS, combining technologies from both predecessors.

On March 6, 2018, Kinvolk GmbH announced[73] Flatcar Container Linux, a derivative of CoreOS Container Linux. This tracks the upstream CoreOS alpha, beta, and stable channel releases, with an experimental Edge release channel added in May 2019.[74]

Reception

LWN.net reviewed CoreOS in 2014:[75]

See also

External links

Notes and References

  1. Web site: October 3, 2013 . coreos/manifest: Release v94.0.0 (Container Linux v94.0.0) . September 22, 2014 . github.com.
  2. Web site: 2020-05-22 . CoreOS Container Linux Release Notes # Stable channel . 2020-05-22 . coreos.com . 2020-11-11 . https://web.archive.org/web/20201111201601/https://coreos.com/releases/#2512.3.0 .
  3. Web site: 2020-05-22 . CoreOS Container Linux Release Notes # Beta channel . 2020-05-22 . coreos.com . 2020-11-11 . https://web.archive.org/web/20201111201601/https://coreos.com/releases/#2513.2.0.
  4. Web site: 2020-05-22 . CoreOS Container Linux Release Notes # Alpha channel . 2020-05-22 . coreos.com . 2020-11-11 . https://web.archive.org/web/20201111201601/https://coreos.com/releases/#2514.1.0.
  5. Web site: End-of-life announcement for CoreOS Container Linux. 2020-08-16. coreos.com. en.
  6. Web site: March 13, 2014 . CoreOS Pilot Agreement . https://web.archive.org/web/20140912161231/https://coreos.com/legal/pilot/ . September 12, 2014 . March 26, 2014 . coreos.com.
  7. Web site: coreos/etcd: etcd/LICENSE at master . July 31, 2013 . March 26, 2014 . github.com.
  8. Web site: 2021-01-21 . CoreOS Container Linux 2514.1.0 Documentation . 2021-01-21 . coreos.com . 2021-01-21 . https://web.archive.org/web/20210121163852/https://coreos.com/os/docs/latest/.
  9. Web site: CoreOS Linux is now Container Linux . 20 December 2016 . coreos.com.
  10. Web site: Brandon Philips: How the CoreOS Linux Distro Uses Cgroups . September 9, 2013 . February 13, 2014 . Libby Clark . . https://web.archive.org/web/20140222051301/http://www.linux.com/news/featured-blogs/200-libby-clark/737364-brandon-philips-how-the-coreos-linux-distro-uses-cgroups . February 22, 2014 .
  11. Linux Hackers Rebuild Internet From Silicon Valley Garage . August 21, 2013 . February 13, 2014 . Cade Metz . Wired.
  12. Web site: CoreOS – a new approach to Linux-based server systems . August 22, 2013 . March 26, 2014 . itnews2day.com . November 29, 2014 . https://web.archive.org/web/20141129021412/http://itnews2day.com/2013/08/22/coreos-linux-based-server-systems/ . dead .
  13. Web site: CoreOS documentation: Using CoreOS . February 13, 2014 . coreos.com . https://web.archive.org/web/20140223040854/https://coreos.com/using-coreos/ . February 23, 2014 .
  14. Web site: Building development images: Updating portage-stable ebuilds from Gentoo . May 24, 2016 . coreos.com . https://web.archive.org/web/20170714053215/https://coreos.com/os/docs/latest/sdk-building-development-images.html#updating-portage-stable-ebuilds-from-gentoo . July 14, 2017 .
  15. Web site: Distributions based on Gentoo . March 25, 2016 . May 24, 2016 . gentoo.org.
  16. Web site: CoreOS: Anatomy of a CoreOS update . July 8, 2014 . July 25, 2014 . Brian Harrington . Rackspace . youtube.com.
  17. Web site: CoreOS Stable Release . July 25, 2014 . August 28, 2014 . Alex Polvi . coreos.com.
  18. Web site: CoreOS Release Notes . August 28, 2014 . coreos.com . November 11, 2020 . https://web.archive.org/web/20201111201601/https://coreos.com/releases/ . dead .
  19. Web site: etcd 2.0 Release – First Major Stable Release . January 28, 2015 . June 14, 2015 . Brandon Philips . coreos.com.
  20. Web site: Fedora CoreOS Documentation :: Fedora Docs Site. 2020-08-16. docs.fedoraproject.org.
  21. Web site: Notes from a container . October 29, 2007 . July 3, 2016 . Jonathan Corbet . LWN.net.
  22. Web site: Control group namespaces . November 19, 2014 . July 3, 2016 . Jake Edge . LWN.net.
  23. Web site: CoreOS documentation: Using Docker with CoreOS . June 14, 2015 . coreos.com . https://web.archive.org/web/20160804005603/https://coreos.com/using-coreos/containers/ . August 4, 2016 .
  24. Web site: Docker 0.9: Introducing execution drivers and libcontainer . March 10, 2014 . January 20, 2015 . docker.com.
  25. Web site: CoreOS Co-Founder Alex Polvi Talks Containers, Rocket vs. Docker, and More . January 30, 2015 . June 14, 2015 . Libby Clark . Linux.com.
  26. Web site: Rocket Containers: How CoreOS Plans To Challenge Docker . February 20, 2015 . June 14, 2015 . Charles Babcock . informationweek.com.
  27. Web site: CoreOS is building a container runtime, rkt . December 1, 2014 . June 14, 2015 . Alex Polvi . coreos.com.
  28. Web site: New etcd, appc, and Rocket releases from CoreOS . February 4, 2015 . June 22, 2015 . Josh Berkus . LWN.net.
  29. Web site: CoreOS Fest and the world of containers, part 1 . May 13, 2015 . June 22, 2015 . Josh Berkus . LWN.net.
  30. Web site: The Rocket containerization system . December 3, 2014 . June 22, 2015 . Nathan Willis . LWN.net.
  31. News: McAllister. Neil. Docker and chums unveil standards org for software containers. Data Centre. The Register. 2015-06-22. 2017-01-19. Announced at the DockerCon conference in San Francisco on Monday, the Open Container Project (OCP) will maintain and develop a common container runtime and image format based in part on code and specs donated by Docker..
  32. News: Docker, CoreOS, Google, Microsoft, Amazon and others come together to develop common container standard . June 22, 2015 . June 24, 2015 . Frederic Lardinois . TechCrunch.
  33. Web site: Industry Leaders Unite to Create Project for Open Container Standards . June 22, 2015 . June 24, 2015 . opencontainers.org . https://web.archive.org/web/20150813223334/https://www.opencontainers.org/pressrelease/ . August 13, 2015 .
  34. Web site: Open Container Project renames, says standard is just weeks away: Linux Foundation, Docker and friends opt for Open Container Initiative . July 22, 2015 . January 29, 2016 . Neil McAllister . The Register.
  35. Web site: CoreOS documentation: Using systemd with CoreOS . February 13, 2014 . coreos.com . https://web.archive.org/web/20140214143636/https://coreos.com/using-coreos/systemd/ . February 14, 2014 .
  36. Web site: CoreOS documentation: Updates & patches . February 27, 2015 . coreos.com . https://web.archive.org/web/20140214150559/https://coreos.com/using-coreos/updates/ . February 14, 2014 .
  37. Web site: Alex Polvi Explains CoreOS . August 28, 2013 . May 7, 2015 . Phil Whelan . activestate.com . https://web.archive.org/web/20150224184727/http://www.activestate.com/blog/2013/08/alex-polvi-explains-coreos . February 24, 2015 .
  38. Web site: CoreOS documentation: Adding disk space to your CoreOS machine . February 27, 2015 . coreos.com.
  39. Web site: Major Update: btrfs, Docker 0.9, add users, writable /etc, and more! . March 27, 2014 . February 27, 2015 . Alex Polvi . coreos.com.
  40. Web site: Simple Introduction to CoreOS with CEO Alex Polvi and CTO Brandon Philips . June 6, 2014 . June 22, 2015 . centurylinklabs.com . https://web.archive.org/web/20150622162656/http://www.centurylinklabs.com/interviews/simple-introduction-to-coreos-with-ceo-alex-polvi-and-cto-brandon-philips/ . June 22, 2015 .
  41. Web site: CoreOS documentation: Update strategies . April 17, 2015 . coreos.com.
  42. Web site: coreos/locksmith: locksmith/README.md at master . February 1, 2015 . April 17, 2015 . github.com.
  43. Web site: coreos/locksmith: locksmith/LICENSE at master . January 19, 2014 . April 17, 2015 . github.com.
  44. Web site: CoreOS Hyperscales Linux By Making It Invisible . February 15, 2015 . June 14, 2015 . Timothy Prickett Morgan . nextplatform.com.
  45. Web site: Omaha – software installer and auto-updater for Windows . October 11, 2014 . code.google.com.
  46. Web site: Omaha Overview . September 23, 2009 . October 11, 2014 . omaha.googlecode.com . https://web.archive.org/web/20090506062328/http://omaha.googlecode.com/svn/wiki/OmahaOverview.html . May 6, 2009 .
  47. Web site: Package omaha . June 24, 2014 . July 4, 2014 . godoc.org.
  48. Web site: CoreOS documentation: CoreUpdate . July 4, 2014 . coreos.com.
  49. Web site: Etcd and fleet . October 22, 2014 . June 22, 2015 . Jonathan Corbet . LWN.net.
  50. Web site: CoreOS documentation: Using etcd with CoreOS . February 13, 2014 . coreos.com.
  51. Web site: CoreOS documentation: Getting started with etcd . February 13, 2014 . coreos.com.
  52. Web site: etcd @ GoSF . January 15, 2014 . February 13, 2014 . Brandon Philips . speakerdeck.com.
  53. Web site: Wood. Josh. Container orchestration: Moving from fleet to Kubernetes. coreos..com. CoreOS.
  54. Web site: How To Use Fleet and Fleetctl to Manage your CoreOS Cluster . September 12, 2014 . June 22, 2015 . Justin Ellingwood . digitalocean.com.
  55. Web site: CoreOS documentation: Launching containers with fleet . April 3, 2014 . coreos.com.
  56. Web site: CoreOS documentation: Using the client . April 3, 2014 . coreos.com.
  57. Web site: coreos/fleet: fleet/README.md at master . February 18, 2014 . April 3, 2014 . github.com.
  58. Web site: coreos/fleet: fleet/Documentation/deployment-and-configuration.md at master (Deploying fleet) . April 14, 2015 . April 17, 2015 . github.com.
  59. Web site: coreos/fleet: fleet/Documentation/api-v1.md (fleet API v1) . October 29, 2014 . April 17, 2015 . github.com.
  60. Web site: coreos/fleet: fleet/LICENSE at master . February 6, 2014 . April 3, 2014 . github.com.
  61. Web site: CoreOS documentation: Installing CoreOS to disk . February 13, 2014 . coreos.com.
  62. Web site: CoreOS documentation: Booting CoreOS via PXE . February 13, 2014 . coreos.com.
  63. Web site: CoreOS documentation: Booting CoreOS via iPXE . February 13, 2014 . coreos.com.
  64. Web site: CoreOS Image Now Available On DigitalOcean . September 5, 2014 . September 5, 2014 . Alex Crawford . coreos.com.
  65. Web site: Google brings futuristic Linux software CoreOS onto its cloud . May 23, 2014 . May 26, 2014 . Jack Clark . The Register.
  66. Web site: CoreOS Now Available On Microsoft Azure . October 20, 2014 . October 22, 2014 . Alex Crawford . coreos.com.
  67. News: CoreOS is bringing Google's Kubernetes to the enterprise . April 6, 2015 . April 29, 2015 . Steven J. Vaughan-Nichols . ZDNet.
  68. CoreOS And Google Make Their Defensive Plays, Is Docker The Victim? . April 6, 2015 . April 29, 2015 . Ben Kepes . Forbes.
  69. Web site: Introducing flannel: An etcd-backed overlay network for containers . August 28, 2014 . June 22, 2015 . Eugene Yakubovich . coreos.com.
  70. Web site: Tutorial on using CoreOS Flannel for Docker . November 2014 . June 22, 2015 . slideshare.net.
  71. Web site: Red Hat pays $250 million for CoreOS, a start-up that sells Google-developed technology. Rosoff. Matt. 2018-01-30. CNBC. en. 2019-06-06.
  72. Web site: Fedora CoreOS, Red Hat CoreOS, and the future of Container Linux CoreOS. coreos.com. 2019-06-06.
  73. Web site: Announcing the Flatcar Linux project Kinvolk. kinvolk.io. March 6, 2018 . 2019-06-06.
  74. Web site: Introducing the Flatcar Linux Edge Channel Kinvolk. kinvolk.io. May 15, 2019 . 2019-06-06.
  75. http://lwn.net/Articles/593928/ CoreOS: A different kind of Linux distribution [LWN.net]