Container Linux (formerly CoreOS Linux) is a discontinued

open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized so ...

lightweight

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ef ...

based on the

Linux kernel The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU ...

and designed for providing infrastructure to clustered deployments, while focusing on automation, ease of application deployment, security, reliability and

scalability Scalability is the property of a system to handle a growing amount of work by adding resources to the system. In an economic context, a scalable business model implies that a company can increase sales given increased resources. For example, a ...

. As an operating system, Container Linux provided only the minimal functionality required for deploying applications inside

software container OS-level virtualization is an operating system (OS) paradigm in which the kernel allows the existence of multiple isolated user space instances, called ''containers'' (LXC, Solaris containers, Docker, Podman), ''zones'' (Solaris containers), ''v ...

s, together with built-in mechanisms for

service discovery Service discovery is the process of automatically detecting devices and services on a computer network. This reduces the need for manual configuration by users and administrators. A service discovery protocol (SDP) is a network protocol that he ...

and configuration sharing. Container Linux shares foundations with

Gentoo Linux Gentoo Linux (pronounced ) is a Linux distribution built using the Portage package management system. Unlike a binary software distribution, the source code is compiled locally according to the user's preferences and is often optimized for th ...

ChromeOS ChromeOS, sometimes stylized as chromeOS and formerly styled as Chrome OS, is a Linux-based operating system designed by Google. It is derived from the open-source ChromiumOS and uses the Google Chrome web browser as its principal user interfa ...

, and ChromiumOS through a common

software development kit A software development kit (SDK) is a collection of software development tools in one installable package. They facilitate the creation of applications by having a compiler, debugger and sometimes a software framework. They are normally specific ...

(SDK). Container Linux adds new functionality and customization to this shared foundation to support server hardware and use cases. CoreOS was developed primarily by Alex Polvi, Brandon Philips and Michael Marineau, with its major features available as a

stable release A stable is a building in which livestock, especially horses, are kept. It most commonly means a building that is divided into separate stalls for individual animals and livestock. There are many different types of stables in use today; the ...

. The CoreOS team announced the end-of-life for Container Linux on May 26, 2020, offering

Fedora CoreOS Fedora Linux is a Linux distribution developed by the Fedora Project. Fedora contains software distributed under various free and open-source licenses and aims to be on the leading edge of open-source technologies. Fedora is the upstream source ...

, and RHEL CoreOS as its replacement, both based on

Red Hat Red Hat, Inc. is an American software company that provides open source software products to enterprises. Founded in 1993, Red Hat has its corporate headquarters in Raleigh, North Carolina, with other offices worldwide. Red Hat has become a ...

Overview

Container Linux provides no

package manager A package manager or package-management system is a collection of software tools that automates the process of installing, upgrading, configuring, and removing computer programs for a computer in a consistent manner. A package manager deals wi ...

as a way for distributing payload applications, requiring instead all applications to run inside their containers. Serving as a single control host, a Container Linux instance uses the underlying

operating-system-level virtualization OS-level virtualization is an operating system (OS) paradigm in which the kernel allows the existence of multiple isolated user space instances, called ''containers'' (LXC, Solaris containers, Docker, Podman), ''zones'' (Solaris containers), '' ...

features of the Linux kernel to create and configure multiple containers that perform as isolated

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, whi ...

systems. That way,

resource Resource refers to all the materials available in our environment which are technologically accessible, economically feasible and culturally sustainable and help us to satisfy our needs and wants. Resources can broadly be classified upon thei ...

partitioning between containers is performed through multiple isolated

userspace A modern computer operating system usually segregates virtual memory into user space and kernel space. Primarily, this separation serves to provide memory protection and hardware protection from malicious or errant software behaviour. Kerne ...

instances, instead of using a

hypervisor A hypervisor (also known as a virtual machine monitor, VMM, or virtualizer) is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called ...

and providing full-fledged

virtual machine In computing, a virtual machine (VM) is the virtualization/ emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized h ...

s. This approach relies on the Linux kernel's

cgroups cgroups (abbreviated from control groups) is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, network, etc.) of a collection of processes. Engineers at Google started the work on this ...

and

namespaces In computing, a namespace is a set of signs (''names'') that are used to identify and refer to objects of various kinds. A namespace ensures that all of a given set of objects have unique names so that they can be easily identified. Namespaces ...

functionalities, which together provide abilities to limit, account and isolate resource usage (

CPU A central processing unit (CPU), also called a central processor, main processor or just processor, is the electronic circuitry that executes instructions comprising a computer program. The CPU performs basic arithmetic, logic, controlling, a ...

, memory, disk I/O, etc.) for the collections of userspace

processes A process is a series or set of activities that interact to produce a result; it may occur once-only or be recurrent or periodic. Things called a process include: Business and management *Business process, activities that produce a specific se ...

. Initially, Container Linux exclusively used Docker as a component providing an additional layer of abstraction and

interface Interface or interfacing may refer to: Academic journals * ''Interface'' (journal), by the Electrochemical Society * '' Interface, Journal of Applied Linguistics'', now merged with ''ITL International Journal of Applied Linguistics'' * '' Int ...

to the operating-system-level virtualization features of the Linux kernel, as well as providing a standardized format for containers that allows applications to run in different environments. In December 2014, CoreOS released and started to support ''rkt'' (initially released as ''Rocket'') as an alternative to Docker, providing through it another standardized format of the application-container images, the related definition of the container

runtime environment In computer programming, a runtime system or runtime environment is a sub-system that exists both in the computer where a program is created, as well as in the computers where the program is intended to be run. The name comes from the compile ...

, and a

protocol Protocol may refer to: Sociology and politics * Protocol (politics), a formal agreement between nation states * Protocol (diplomacy), the etiquette of diplomacy and affairs of state * Etiquette, a code of personal behavior Science and technology ...

for discovering and retrieving container images. CoreOS provides rkt as an implementation of the so-called ''app container'' (appc) specification that describes required properties of the ''application container image'' (ACI). CoreOS created appc and ACI as an independent committee-steered set of specifications aimed to become part of the vendor- and operating-system-independent ''Open Container Initiative,'' or OCI, initially named the ''Open Container Project'' (OCP) containerization standard, which was announced in June 2015. Container Linux uses

ebuild Portage is a package management system originally created for and used by Gentoo Linux and also by ChromeOS, Calculate, Sabayon, and Funtoo Linux among others. Portage is based on the concept of ports collections. Gentoo is sometimes referred ...

scripts from Gentoo Linux for automated compilation of its system components, and uses

systemd systemd is a software suite that provides an array of system components for Linux operating systems. Its main aim is to unify service configuration and behavior across Linux distributions; Its primary component is a "system and service manag ...

as its primary

init In Unix-based computer operating systems, init (short for ''initialization'') is the first process started during booting of the computer system. Init is a daemon process that continues running until the system is shut down. It is the direc ...

system with tight integration between systemd and various Container Linux's internal mechanisms.

Updates distribution

Container Linux achieves additional security and reliability of its operating system updates by employing ''FastPatch'' as a dual-partition scheme for the read-only part of its installation, meaning that the updates are performed as a whole and installed onto a passive secondary boot partition that becomes active upon a reboot or

kexec kexec, abbreviated from ''kernel execute'' and analogous to the Unix/Linux kernel call '' exec'', is a mechanism of the Linux kernel that allows booting of a new kernel from the currently running one. Essentially, kexec skips the bootloader stag ...

. This approach avoids possible issues arising from updating only certain parts of the operating system, ensures easy rollbacks to a known-to-be-stable version of the operating system, and allows each boot partition to be signed for additional security. The root partition and its

root file system In a computer file system, and primarily used in the Unix and Unix-like operating systems, the root directory is the first or top-most directory in a hierarchy. It can be likened to the trunk of a tree, as the starting point where all branche ...

are automatically resized to fill all available disk-space upon reboots; while the root partition provides read-write storage space, the operating system itself is

mounted Mount is often used as part of the name of specific mountains, e.g. Mount Everest. Mount or Mounts may also refer to: Places * Mount, Cornwall, a village in Warleggan parish, England * Mount, Perranzabuloe, a hamlet in Perranzabuloe parish, Co ...

read-only under . To ensure that only a certain part of the

cluster may refer to: Science and technology Astronomy * Cluster (spacecraft), constellation of four European Space Agency spacecraft * Asteroid cluster, a small asteroid family * Cluster II (spacecraft), a European Space Agency mission to study th ...

reboots at once when the operating system updates are applied, preserving that way the resources required for running deployed applications, CoreOS provides ''locksmith'' as a

reboot In computing, rebooting is the process by which a running computer system is restarted, either intentionally or unintentionally. Reboots can be either a cold reboot (alternatively known as a hard reboot) in which the power to the system is physi ...

manager for Container Linux. Using locksmith, one can select between different update strategies that are determined by how the reboots are performed as the last step in applying updates; for example, one can configure how many cluster members are allowed to reboot simultaneously. Internally, locksmith operates as the

daemon Daimon or Daemon (Ancient Greek: , "god", "godlike", "power", "fate") originally referred to a lesser deity or guiding spirit such as the daimons of ancient Greek religion and Greek mythology, mythology and of later Hellenistic religion and Hell ...

that runs on cluster members, while the

command-line A command-line interpreter or command-line processor uses a command-line interface (CLI) to receive commands from a user in the form of lines of text. This provides a means of setting parameters for the environment, invoking executables and pro ...

utility manages configuration parameters. Locksmith is written in the Go language and distributed under the terms of the Apache License 2.0. The updates distribution system employed by Container Linux is based on

Google Google LLC () is an American Multinational corporation, multinational technology company focusing on Search Engine, search engine technology, online advertising, cloud computing, software, computer software, quantum computing, e-commerce, ar ...

's open-source ''Omaha'' project, which provides a mechanism for rolling out updates and the underlying

request–response In computer science, request–response or request–reply is one of the basic methods computers use to communicate with each other in a network, in which the first computer sends a ''request'' for some data and the second ''responds'' to the requ ...

protocol based on

XML Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing arbitrary data. It defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. T ...

. Additionally, CoreOS provides ''CoreUpdate'' as a web-based

dashboard For business applications, see Dashboard (business). A dashboard (also called dash, instrument panel (IP), or fascia) is a control panel set within the central console of a vehicle or small aircraft. Usually located directly ahead of the drive ...

for the management of cluster-wide updates. Operations available through CoreUpdate include assigning cluster members to different groups that share customized update policies, reviewing cluster-wide breakdowns of Container Linux versions, stopping and restarting updates, and reviewing recorded update logs. CoreUpdate also provides a

HTTP The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide We ...

-based API that allows its integration into third-party utilities or deployment systems.

Cluster infrastructure

Container Linux provides etcd, a daemon that runs across all computers in a cluster and provides a dynamic configuration registry, allowing various configuration data to be easily and reliably shared between the cluster members. Since the key–value data stored within is automatically

distributed Distribution may refer to: Mathematics *Distribution (mathematics), generalized functions used to formulate solutions of partial differential equations *Probability distribution, the probability of a particular value or value range of a varia ...

and replicated with automated master election and consensus establishment using the

Raft A raft is any flat structure for support or transportation over water. It is usually of basic design, characterized by the absence of a hull. Rafts are usually kept afloat by using any combination of buoyant materials such as wood, sealed barrels ...

algorithm, all changes in stored data are reflected across the entire cluster, while the achieved redundancy prevents failures of single cluster members from causing data loss. Beside the configuration management, also provides

by allowing deployed applications to announce themselves and the services they offer. Communication with is performed through an exposed

REST Rest or REST may refer to: Relief from activity * Sleep ** Bed rest * Kneeling * Lying (position) * Sitting * Squatting position Structural support * Structural support ** Rest (cue sports) ** Armrest ** Headrest ** Footrest Arts and enter ...

-based API, which internally uses

JSON JSON (JavaScript Object Notation, pronounced ; also ) is an open standard file format and data interchange format that uses human-readable text to store and transmit data objects consisting of attribute–value pairs and arrays (or other se ...

on top of HTTP; the API may be used directly (through or , for example), or indirectly through , which is a specialized command-line utility also supplied by CoreOS. Etcd is also used in

Kubernetes Kubernetes (, commonly stylized as K8s) is an open-source container orchestration system for automating software deployment, scaling, and management. Google originally designed Kubernetes, but the Cloud Native Computing Foundation now maintains ...

software. Container Linux also provides the cluster manager which controls Container Linux's separate systemd instances at the cluster level. As of 2017 "fleet" is no longer actively developed and is deprecated in favor of

. By using , Container Linux creates a distributed init system that ties together separate systemd instances and a cluster-wide deployment; internally, daemon communicates with local instances over

D-Bus In computing, D-Bus (short for "Desktop Bus") is a message-oriented middleware mechanism that allows communication between multiple processes running concurrently on the same machine. D-Bus was developed as part of the freedesktop.org project ...

, and with the deployment through its exposed API. Using allows the deployment of single or multiple

containers A container is any receptacle or enclosure for holding a product used in storage, packaging, and transportation, including shipping. Things kept inside of a container are protected on several sides by being inside of its structure. The ter ...

cluster-wide, with more advanced options including redundancy,

failover Failover is switching to a redundant or standby computer server, system, hardware component or network upon the failure or abnormal termination of the previously active application, server, system, hardware component, or network in a computer net ...

, deployment to specific cluster members, dependencies between containers, and grouped deployment of containers. A command-line utility called is used to configure and monitor this distributed init system; internally, it communicates with the daemon using a JSON-based API on top of HTTP, which may also be used directly. When used locally on a cluster member, communicates with the local instance over a

Unix domain socket A Unix domain socket aka UDS or IPC socket (inter-process communication socket) is a data communications endpoint for exchanging data between processes executing on the same host operating system. It is also referred to by its address family AF_UN ...

; when used from an external host, SSH tunneling is used with authentication provided through public SSH keys. All of the above-mentioned daemons and command-line utilities (, , and ) are written in the Go language and distributed under the terms of the Apache License 2.0.

Deployment

When running on dedicated hardware, Container Linux can be either permanently installed to local storage, such as a

hard disk drive A hard disk drive (HDD), hard disk, hard drive, or fixed disk is an electro-mechanical data storage device that stores and retrieves digital data using magnetic storage with one or more rigid rapidly rotating platters coated with mag ...

(HDD) or

solid-state drive A solid-state drive (SSD) is a solid-state storage device that uses integrated circuit assemblies to store data persistently, typically using flash memory, and functioning as secondary storage in the hierarchy of computer storage. It is a ...

(SSD), or booted remotely over a network using

Preboot Execution Environment In computing, the Preboot eXecution Environment, PXE (most often pronounced as ''pixie'', often called PXE Boot/''pixie boot''.) specification describes a standardized client–server environment that boots a software assembly, retrieved from ...

(PXE) in general, or iPXE as one of its implementations. CoreOS also supports deployments on various

hardware virtualization Hardware virtualization is the virtualization of computers as complete hardware platforms, certain logical abstractions of their componentry, or only the functionality required to run various operating systems. Virtualization hides the physica ...

platforms, including

Amazon EC2 Amazon Elastic Compute Cloud (EC2) is a part of Amazon.com's cloud-computing platform, Amazon Web Services (AWS), that allows users to rent virtual computers on which to run their own computer applications. EC2 encourages scalable deployment of ...

DigitalOcean DigitalOcean Holdings, Inc. () is an American multinational technology company and cloud service provider. The company is headquartered in New York City, New York, USA, with 15 globally distributed data centers worldwide. DigitalOcean provide ...

Google Compute Engine Google Compute Engine (GCE) is the Infrastructure as a Service (IaaS) component of Google Cloud Platform which is built on the global infrastructure that runs Google's search engine, Gmail, YouTube and other services. Google Compute Engine ...

Microsoft Azure Microsoft Azure, often referred to as Azure ( , ), is a cloud computing platform operated by Microsoft for application management via around the world-distributed data centers. Microsoft Azure has multiple capabilities such as software as a ...

OpenStack OpenStack is a free, open standard cloud computing platform. It is mostly deployed as infrastructure-as-a-service (IaaS) in both public and private clouds where virtual servers and other resources are made available to users. The software pl ...

QEMU QEMU is a free and open-source emulator (Quick EMUlator). It emulates the machine's central processing unit, processor through dynamic binary translation and provides a set of different hardware and device models for the machine, enabling it t ...

/ KVM,

Vagrant Vagrancy is the condition of homelessness without regular employment or income. Vagrants (also known as bums, vagabonds, rogues, tramps or drifters) usually live in poverty and support themselves by begging, scavenging, petty theft, temporar ...

and

VMware VMware, Inc. is an American cloud computing and virtualization technology company with headquarters in Palo Alto, California. VMware was the first commercially successful company to virtualize the x86 architecture. VMware's desktop software ru ...

. Container Linux may also be installed on Citrix XenServer, noting that a "template" for CoreOS exists. Container Linux can also be deployed through its commercial distribution called ''Tectonic'', which additionally integrates Google's

as a cluster management utility. , Tectonic is planned to be offered as

beta software A software release life cycle is the sum of the stages of development and maturity for a piece of computer software ranging from its initial development to its eventual release, and including updated versions of the released version to help impro ...

to select customers. Furthermore, CoreOS provides ''Flannel'' as a component implementing an

overlay network An overlay network is a computer network that is layered on top of another network. Structure Nodes in the overlay network can be thought of as being connected by virtual or logical links, each of which corresponds to a path, perhaps through ...

required primarily for the integration with Kubernetes. , Container Linux supports only the

x86-64 x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit version of the x86 instruction set, first released in 1999. It introduced two new modes of operation, 64-bit mode and compatibility mode, along with a new 4-level paging ...

architecture.

Derivatives

Following its acquisition of CoreOS, Inc. in January 2018, Red Hat announced that it would be merging CoreOS Container Linux with Red Hat's Project Atomic, to create a new operating system, Red Hat CoreOS, while aligning the upstream Fedora Project open source community around Fedora CoreOS, combining technologies from both predecessors. On March 6, 2018, Kinvolk GmbH announce
Flatcar Container Linux
a derivative of CoreOS Container Linux. This tracks the upstream CoreOS alpha/beta/stable channel releases, with an experimental Edge release channel added in May 2019.

Reception

LWN.net reviewed CoreOS in 2014:CoreOS: A different kind of Linux distribution [LWN.net]
/ref>

References

External links

* Official and

GitHub GitHub, Inc. () is an Internet hosting service for software development and version control using Git. It provides the distributed version control of Git plus access control, bug tracking, software feature requests, task management, cont ...

source code repositories: , , , and *
First glimpse at CoreOS
September 3, 2013, by Sébastien Han
CoreOS: Linux for the cloud and the datacenter

ZDNet ZDNET is a business technology news website owned and operated by Red Ventures. The brand was founded on April 1, 1991, as a general interest technology portal from Ziff Davis and evolved into an enterprise IT-focused online publication. H ...

, July 2, 2014, by Steven J. Vaughan-Nichols
What's CoreOS? An existential threat to Linux vendors
''

InfoWorld ''InfoWorld'' (abbreviated IW) is an information technology media business. Founded in 1978, it began as a monthly magazine. In 2007, it transitioned to a web-only publication. Its parent company today is International Data Group, and its siste ...

'', October 9, 2014, by Matt Asay
Understanding CoreOS distributed architecture
March 4, 2015, a talk to Alex Polvi by Aaron Delp and Brian Gracely
CoreOS fleet architecture
August 26, 2014, by Brian Waldon et al.

May 23, 2014
CoreOS moves from Btrfs to Ext4 + OverlayFS

Phoronix Phoronix Test Suite (PTS) is a free and open-source benchmark software for Linux and other operating systems which is developed by Michael Larabel and Matthew Tippett. The Phoronix Test Suite has been endorsed by sites such as Linux.com, Linu ...

, January 18, 2015, by Michael Larabel
Containers and persistent data
LWN.net, May 28, 2015, by Josh Berkus {{Linux containers Linux distributions Enterprise Linux distributions Linux containerization Containerization software Operating systems based on the Linux kernel Red Hat software Software using the Apache license Virtualization software for Linux X86-64 operating systems