Container Linux (formerly CoreOS Linux) is a discontinued
open-source
Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...
lightweight
operating system
An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs.
Time-sharing operating systems scheduler (computing), schedule tasks for ...
based on the
Linux kernel
The Linux kernel is a Free and open-source software, free and open source Unix-like kernel (operating system), kernel that is used in many computer systems worldwide. The kernel was created by Linus Torvalds in 1991 and was soon adopted as the k ...
and designed for providing infrastructure for
clustered deployments. One of its focuses was
scalability
Scalability is the property of a system to handle a growing amount of work. One definition for software systems specifies that this may be done by adding resources to the system.
In an economic context, a scalable business model implies that ...
. As an operating system, Container Linux provided only the minimal functionality required for deploying applications inside
software containers, together with built-in mechanisms for
service discovery
Service discovery is the process of automatically detecting devices and services on a computer network. It aims to reduce the manual configuration effort required from users and administrators. A service discovery protocol (SDP) is a network pro ...
and configuration sharing.
Container Linux shares foundations with
Gentoo Linux
Gentoo Linux (pronounced ) is a Linux distribution built using the Portage package management system. Unlike a binary software distribution, the source code is compiled locally according to the user's preferences and is often optimized for ...
,
ChromeOS
ChromeOS, sometimes styled as chromeOS and formerly styled as Chrome OS, is an operating system designed and developed by Google. It is derived from the open-source operating system and uses the Google Chrome web browser as its principal user ...
, and
ChromiumOS
ChromiumOS (formerly styled as Chromium OS) is a free and open-source Linux distribution designed for running web applications and browsing the World Wide Web. It is the open-source version of ChromeOS, a Linux distribution made by Google.
Chr ...
through a common
software development kit
A software development kit (SDK) is a collection of software development tools in one installable package. They facilitate the creation of applications by having a compiler, debugger and sometimes a software framework. They are normally specific t ...
(SDK). Container Linux adds new functionality and customization to this shared foundation to support server hardware and use cases.
[ CoreOS was developed primarily by Alex Polvi, Brandon Philips, and Michael Marineau,][ with its major features available as a stable release.
The CoreOS team announced the end-of-life for Container Linux on May 26, 2020,][ offering Fedora CoreOS, and ]RHEL
Red Hat Enterprise Linux (RHEL) is a commercial Linux distribution developed by Red Hat. Red Hat Enterprise Linux is released in server versions for x86-64, Power ISA, ARM64, and IBM Z and a desktop version for x86-64. Fedora Linux and CentOS St ...
CoreOS as its replacement.
Overview
Container Linux provides no package manager
A package manager or package management system is a collection of software tools that automates the process of installing, upgrading, configuring, and removing computer programs for a computer in a consistent manner.
A package manager deals wi ...
as a way for distributing payload applications, requiring instead all applications to run inside their containers. Serving as a single control host, a Container Linux instance uses the underlying operating-system-level virtualization
OS-level virtualization is an operating system (OS) virtualization paradigm in which the kernel allows the existence of multiple isolated user space instances, including containers ( LXC, Solaris Containers, AIX WPARs, HP-UX SRP Containers, ...
features of the Linux kernel to create and configure multiple containers that perform as isolated Linux
Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...
systems. That way, resource
''Resource'' refers to all the materials available in our environment which are Technology, technologically accessible, Economics, economically feasible and Culture, culturally Sustainability, sustainable and help us to satisfy our needs and want ...
partitioning between containers is performed through multiple isolated userspace
A modern computer operating system usually uses virtual memory to provide separate address spaces or regions of a single address space, called user space and kernel space. This separation primarily provides memory protection and hardware prote ...
instances, instead of using a hypervisor
A hypervisor, also known as a virtual machine monitor (VMM) or virtualizer, is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called ...
and providing full-fledged virtual machine
In computing, a virtual machine (VM) is the virtualization or emulator, emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. Their implementations may involve ...
s. This approach relies on the Linux kernel's cgroups
cgroups (abbreviated from control groups) is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, etc.) of a collection of processes.
Engineers at Google started the work on this feature ...
and namespaces
In computing, a namespace is a set of signs (''names'') that are used to identify and refer to objects of various kinds. A namespace ensures that all of a given set of objects have unique names so that they can be easily identified.
Namespaces ...
functionalities, which together provide abilities to limit, account and isolate resource usage ( CPU, memory, disk I/O, etc.) for the collections of userspace processes.
Initially, Container Linux exclusively used Docker as a component providing an additional layer of abstraction and interface to the operating-system-level virtualization features of the Linux kernel, as well as providing a standardized format for containers that allows applications to run in different environments.[ In December 2014, CoreOS released and started to support rkt (initially released as ''Rocket'') as an alternative to Docker, providing through it another standardized format of the application-container images, the related definition of the container ]runtime environment
In computer programming, a runtime system or runtime environment is a sub-system that exists in the computer where a program is created, as well as in the computers where the program is intended to be run. The name comes from the compile time ...
, and a protocol for discovering and retrieving container images. CoreOS provides rkt as an implementation of the so-called ''app container'' (appc) specification that describes the required properties of the ''application container image'' (ACI). CoreOS created appc and ACI as an independent committee-steered set of specifications aimed to become part of the vendor- and operating-system-independent ''Open Container Initiative,'' or OCI, initially named the ''Open Container Project'' (OCP)
containerization standard, which was announced by a group of large tech companies in June 2015.
Container Linux uses ebuild scripts from Gentoo Linux for automated compilation of its system components,[ and uses ]systemd
systemd is a software suite that provides an array of system components for Linux operating systems. The main aim is to unify service configuration and behavior across Linux distributions. Its primary component is a "system and service manage ...
as its primary init
In Unix-based computer operating systems, init (short for ''initialization'') is the first process started during booting of the operating system. Init is a daemon process that continues running until the system is shut down. It is the direc ...
system, with tight integration between systemd and various Container Linux's internal mechanisms.[
]
Updates distribution
Container Linux achieves additional security and reliability of its operating system updates by employing ''FastPatch'' as a dual-partition scheme for the read-only part of its installation, meaning that the updates are performed as a whole and installed onto a passive secondary boot partition that becomes active upon a reboot or kexec
kexec (kernel execute), analogous to the Unix/Linux kernel call Exec (system call), exec, is a mechanism of the Linux kernel that allows booting of a new kernel (operating system), kernel from the currently running one.
Details
Essentially, kexe ...
. This approach avoids possible issues arising from updating only certain parts of the operating system, ensures easy rollbacks to a known-to-be-stable version of the operating system, and allows each boot partition to be signed for additional security. The root partition and its root file system are automatically resized to fill all available disk-space upon reboots; while the root partition provides read-write storage space, the operating system itself is mounted
Mount is often used as part of the name of specific mountains, e.g. Mount Everest.
Mount or Mounts may also refer to:
Places
* Mount, Cornwall, a village in Warleggan parish, England
* Mount, Perranzabuloe, a hamlet in Perranzabuloe parish, Co ...
read-only under .
To ensure that only a certain part of the cluster
may refer to:
Science and technology Astronomy
* Cluster (spacecraft), constellation of four European Space Agency spacecraft
* Cluster II (spacecraft), a European Space Agency mission to study the magnetosphere
* Asteroid cluster, a small ...
reboots at once when the operating system updates are applied, preserving the resources required for running deployed applications, CoreOS provides ''locksmith'' as a reboot
In computing, rebooting is the process by which a running computer system is restarted, either intentionally or unintentionally. Reboots can be either a cold reboot (alternatively known as a hard reboot) in which the power to the system is physi ...
manager for Container Linux. Using locksmith, one can select between different update strategies that are determined by how the reboots are performed as the last step in applying updates; for example, one can configure how many cluster members are allowed to reboot simultaneously. Internally, locksmith operates as the daemon
A demon is a malevolent supernatural being, evil spirit or fiend in religion, occultism, literature, fiction, mythology and folklore.
Demon, daemon or dæmon may also refer to:
Entertainment Fictional entities
* Daemon (G.I. Joe), a character ...
that runs on cluster members, while the command-line utility
A console application or command-line program is a computer program (applications or utilities) designed to be used via a text-only user interface.
A console application can be used with a computer terminal, a system console, or a terminal emu ...
manages configuration parameters. Locksmith is written in the Go language and distributed under the terms of the Apache License 2.0.
The updates distribution system employed by Container Linux is based on Google
Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...
's open-source ''Omaha'' project, which provides a mechanism for rolling out updates and the underlying request–response
In computer science, request–response or request–reply is one of the basic methods computers use to communicate with each other in a network, in which the first computer sends a ''request'' for some data and the second ''responds'' to the req ...
protocol based on XML
Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing data. It defines a set of rules for encoding electronic document, documents in a format that is both human-readable and Machine-r ...
. Additionally, CoreOS provides ''CoreUpdate'' as a web-based dashboard
A dashboard (also called dash, instrument panel or IP, or fascia) is a control panel (engineering), control panel set within the central console of a vehicle, boat, or cockpit of an aircraft or spacecraft. Usually located directly ahead of the ...
for the management of cluster-wide updates. Operations available through CoreUpdate include assigning cluster members to different groups that share customized update policies, reviewing cluster-wide breakdowns of Container Linux versions, stopping and restarting updates, and reviewing recorded update logs. CoreUpdate also provides an HTTP
HTTP (Hypertext Transfer Protocol) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, wher ...
-based API
An application programming interface (API) is a connection between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how to build ...
that allows its integration into third-party utilities or deployment systems.[
]
Cluster infrastructure
Container Linux provides etcd, a daemon that runs across all computers in a cluster and provides a dynamic configuration registry, allowing various configuration data to be easily and reliably shared between the cluster members.[ Since the key–value data stored within is automatically ]distributed Distribution may refer to:
Mathematics
*Distribution (mathematics), generalized functions used to formulate solutions of partial differential equations
*Probability distribution, the probability of a particular value or value range of a varia ...
and replicated with automated master election and consensus establishment using the Raft
A raft is any flat structure for support or transportation over water. It is usually of basic design, characterized by the absence of a hull. Rafts are usually kept afloat by using any combination of buoyant materials such as wood, sealed barre ...
algorithm, all changes in stored data are reflected across the entire cluster, while the achieved redundancy prevents failures of single cluster members from causing data loss. Beside the configuration management, also provides service discovery
Service discovery is the process of automatically detecting devices and services on a computer network. It aims to reduce the manual configuration effort required from users and administrators. A service discovery protocol (SDP) is a network pro ...
by allowing deployed applications to announce themselves and the services they offer. Communication with is performed through an exposed REST
REST (Representational State Transfer) is a software architectural style that was created to describe the design and guide the development of the architecture for the World Wide Web. REST defines a set of constraints for how the architecture of ...
-based API, which internally uses JSON
JSON (JavaScript Object Notation, pronounced or ) is an open standard file format and electronic data interchange, data interchange format that uses Human-readable medium and data, human-readable text to store and transmit data objects consi ...
on top of HTTP; the API may be used directly (through or , for example), or indirectly through , which is a specialized command-line utility also supplied by CoreOS.[ etcd is also used in ]Kubernetes
Kubernetes (), also known as K8s is an open-source software, open-source OS-level virtualization, container orchestration (computing), orchestration system for automating software deployment, scaling, and management. Originally designed by Googl ...
software.
Container Linux also provides the cluster manager, which controls Container Linux's separate systemd instances at the cluster level. As of 2017, "fleet" is no longer actively developed and is deprecated in favor of Kubernetes. By using , Container Linux creates a distributed init system that ties together separate systemd instances and a cluster-wide deployment;[ internally, daemon communicates with local instances over ]D-Bus
D-Bus (short for "Desktop Bus")
is a message-oriented middleware mechanism that allows communication between multiple Process (computing), processes running concurrently on the same machine. D-Bus was developed as part of the freedesktop.org pro ...
, and with the deployment through its exposed API. Using allows the deployment of single or multiple containers
A container is any receptacle or enclosure for holding a product used in storage, packaging, and transportation, including shipping.
Things kept inside of a container are protected on several sides by being inside of its structure. The term ...
cluster-wide, with more advanced options including redundancy, failover
Failover is switching to a redundant or standby computer server, system, hardware component or network upon the failure or abnormal termination of the previously active application, server, system, hardware component, or network in a computer ...
, deployment to specific cluster members, dependencies between containers, and grouped deployment of containers. A command-line utility called is used to configure and monitor this distributed init system; internally, it communicates with the daemon using a JSON-based API on top of HTTP, which may also be used directly. When used locally on a cluster member, communicates with the local instance over a Unix domain socket
A Unix domain socket (UDS), a.k.a. local socket, a.k.a. inter-process communication (IPC) socket, is a communication endpoint for exchanging data between processes executing in the same Unix or Unix-like operating system.
The name, ''Unix domain ...
; when used from an external host, SSH tunnel
In computer networks, a tunneling protocol is a communication protocol which allows for the movement of data from one network to another. They can, for example, allow private network communications to be sent across a public network (such as the I ...
ing is used with authentication provided through public SSH keys.
All of the above-mentioned daemons and command-line utilities (, , and ) are written in the Go language and distributed under the terms of the Apache License 2.0.[
]
Deployment
When running on dedicated hardware, Container Linux can be either permanently installed on local storage, such as a hard disk drive
A hard disk drive (HDD), hard disk, hard drive, or fixed disk is an electro-mechanical data storage device that stores and retrieves digital data using magnetic storage with one or more rigid rapidly rotating hard disk drive platter, pla ...
(HDD) or solid-state drive
A solid-state drive (SSD) is a type of solid-state storage device that uses integrated circuits to store data persistently. It is sometimes called semiconductor storage device, solid-state device, or solid-state disk.
SSDs rely on non- ...
(SSD), or booted remotely over a network using Preboot Execution Environment
In computing, the Preboot eXecution Environment (PXE; often pronounced as ''pixie''), often called PXE boot (''pixie boot''), is a specification describing a standardized client–server environment that boots a software assembly, retrieved ...
(PXE) in general, or iPXE
iPXE is an open-source implementation of the Preboot eXecution Environment (PXE) client software and bootloader, created in 2010 as a fork of gPXE (gPXE was named Etherboot until 2008).[hardware virtualization
Hardware virtualization is the virtualization of computers as complete hardware platforms, certain logical abstractions of their componentry, or only the functionality required to run various operating systems. Virtualization emulates the hardw ...]
platforms, including Amazon EC2
Amazon Elastic Compute Cloud (EC2) is a part of Amazon's cloud-computing platform, Amazon Web Services (AWS), that allows users to rent virtual computers on which to run their own computer applications. EC2 encourages scalable deployment of ap ...
, DigitalOcean
DigitalOcean Holdings, Inc. is an American multinational technology company and cloud service provider. The company is headquartered in New York City, New York, US, with 15 globally distributed data centers. DigitalOcean provides developers, ...
, Google Compute Engine
Google Compute Engine (GCE) is the infrastructure as a service (IaaS) component of Google Cloud Platform which is built on the global infrastructure that runs Google's search engine, Gmail, YouTube and other services. Google Compute Engine enab ...
, Microsoft Azure
Microsoft Azure, or just Azure ( /ˈæʒər, ˈeɪʒər/ ''AZH-ər, AY-zhər'', UK also /ˈæzjʊər, ˈeɪzjʊər/ ''AZ-ure, AY-zure''), is the cloud computing platform developed by Microsoft. It has management, access and development of ...
, OpenStack
OpenStack is a free, open standard cloud computing platform. It is mostly deployed as infrastructure-as-a-service (IaaS) in both public and private clouds where virtual servers and other resources are made available to users. The software pla ...
, QEMU
The Quick Emulator (QEMU) is a free and open-source emulator that uses dynamic binary translation to emulate a computer's processor; that is, it translates the emulated binary codes to an equivalent binary format which is executed by the mach ...
/ KVM, Vagrant
Vagrancy is the condition of wandering homelessness without regular employment or income. Vagrants usually live in poverty and support themselves by travelling while engaging in begging, scavenging, or petty theft. In Western countries, ...
and VMware.[ Container Linux may also be installed on Citrix XenServer, noting that a "template" for CoreOS exists.
Container Linux can also be deployed through its commercial distribution called ''Tectonic'', which additionally integrates Google's ]Kubernetes
Kubernetes (), also known as K8s is an open-source software, open-source OS-level virtualization, container orchestration (computing), orchestration system for automating software deployment, scaling, and management. Originally designed by Googl ...
as a cluster management utility. , Tectonic is planned to be offered as beta software
The software release life cycle is the process of developing, testing, and distributing a software product (e.g., an operating system). It typically consists of several stages, such as pre-alpha, alpha, beta, and release candidate, before the fi ...
to select customers.[ Furthermore, CoreOS provides ''Flannel'' as a component, implementing an ]overlay network
An overlay network is a logical computer network that is protocol layering, layered on top of a physical network. The concept of overlay networking is distinct from the traditional model of OSI model, OSI layered networks, and almost always assum ...
required primarily for the integration with Kubernetes.[
, Container Linux supports only the ]x86-64
x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit extension of the x86 instruction set architecture, instruction set. It was announced in 1999 and first available in the AMD Opteron family in 2003. It introduces two new ope ...
architecture.[
]
Derivatives
Following its acquisition of CoreOS, Inc. in January 2018, Red Hat announced that it would be merging CoreOS Container Linux with Red Hat's Project Atomic to create a new operating system, Red Hat CoreOS, while aligning the upstream Fedora Project open source community around Fedora CoreOS, combining technologies from both predecessors.
On March 6, 2018, Kinvolk GmbH announce
Flatcar Container Linux
a derivative of CoreOS Container Linux. This tracks the upstream CoreOS alpha, beta, and stable channel releases, with an experimental Edge release channel added in May 2019.
Reception
LWN.net reviewed CoreOS in 2014:CoreOS: A different kind of Linux distribution [LWN.net]
/ref>
See also
* Application virtualization
Application virtualization is a software technology that encapsulates computer programs from the underlying operating system on which they are executed. A fully virtualized application is not installed in the traditional sense, although it is sti ...
software technology that encapsulates application software from the operating system on which it is executed
* Comparison of application virtualization software
Application virtualization software refers to both application virtual machines and software responsible for implementing them. Application virtual machines are typically used to allow application bytecode to run portably on many different comput ...
various portable and scripting language virtual machines
* Comparison of platform virtualization software
Platform virtualization software, specifically emulators and hypervisors, are software packages that emulate the whole physical computer machine, often providing multiple virtual machines on one physical platform. The table below compares basic ...
various emulators and hypervisors, which emulate the whole physical computers
* LXC
Linux Containers (LXC) is an operating system-level virtualization method for running multiple isolated Linux systems (containers) on a control host using a single Linux kernel.
The Linux kernel provides the cgroups functionality that allows l ...
(Linux Containers) an environment for running multiple isolated Linux systems (containers) on a single Linux control host
* Operating-system-level virtualization implementations based on operating system kernel's support for multiple isolated userspace instances
* Software as a service
Software as a service (SaaS ) is a cloud computing service model where the provider offers use of application software to a client and manages all needed physical and software resources. SaaS is usually accessed via a web application. Unlike o ...
(SaaS) a software licensing and delivery model that hosts the software centrally and licenses it on a subscription basis
* Virtualization
In computing, virtualization (abbreviated v12n) is a series of technologies that allows dividing of physical computing resources into a series of virtual machines, operating systems, processes or containers.
Virtualization began in the 1960s wit ...
a general concept of providing virtual versions of computer hardware platforms, operating systems, storage devices, etc.
References
External links
* Official and GitHub
GitHub () is a Proprietary software, proprietary developer platform that allows developers to create, store, manage, and share their code. It uses Git to provide distributed version control and GitHub itself provides access control, bug trackin ...
source code repositories: , , , and
*
First glimpse at CoreOS
September 3, 2013, by Sébastien Han
CoreOS: Linux for the cloud and the datacenter
ZDNet, July 2, 2014, by Steven J. Vaughan-Nichols
What's CoreOS? An existential threat to Linux vendors
''InfoWorld
''InfoWorld'' (''IW'') is an American information technology media business. Founded in 1978, it began as a monthly magazine. In 2007, it transitioned to a Web-only publication. Its parent company is International Data Group, and its sister pu ...
'', October 9, 2014, by Matt Asay
Understanding CoreOS distributed architecture
March 4, 2015, a talk to Alex Polvi by Aaron Delp and Brian Gracely
CoreOS fleet architecture
August 26, 2014, by Brian Waldon et al.
May 23, 2014
CoreOS moves from Btrfs to Ext4 + OverlayFS
Phoronix
Phoronix Test Suite (PTS) is a free and open-source benchmark software for Linux and other operating systems.
The Phoronix Test Suite, developed by Michael Larabel and Matthew Tippett, has been endorsed by sites such as Linux.com, LinuxPlanet ...
, January 18, 2015, by Michael Larabel
Containers and persistent data
LWN.net, May 28, 2015, by Josh Berkus
{{Linux containers
Linux distributions
Enterprise Linux distributions
Linux containerization
Containerization software
Red Hat software
Software using the Apache license
Virtualization software for Linux