Containerized operating system overview
[Editor's Note] With the rise of container technology, especially the rise of Docker, many new Linux distributions for specialized containers have emerged. And the traditional operating system contrast, the use of such a system there are some advantages, this article we compare the mainstream of the five container operating system release version.
- Is there any way to build your own mirror server?
- Take a look at someone else's container application case | @Container conference lecturer at a glance
- Docker network bridging problem
- Containers and real-time resource monitoring essential elements
- Docker basic tutorial mirror building
- [Docker official document] understand Docker
With the rise of container technology, especially the rise of Docker, many new Linux distributions for specialized containers have also emerged. And the traditional operating system contrast, the use of such a system there are some advantages, this article we compare the mainstream of the five container operating system release version.
The use of Linux distributions designed specifically for containers has the following advantages:
- The volume is very small, you only need a minimized OS
- Minimize tool overhead
- Automatic updates
- Most of the default is cluster mode
- Automatically run the Docker service
- Root file system read only
- Rollback auto update (dual partition update mode)
- Stability and safety
I choose 5 different distributions to make a comparison:
Each release version uses cloud-init to initialize the transport instance, and they support different features, so let's look at their cloud-init.
CoreOS is a new Linux distribution that has been redesigned to provide modern infrastructure. The strategies and architectures that affect CoreOS are used by companies such as Google, Facebook, and Twitter to run their services.
The default CoreOS configuration tool is used to run the container and is distributed. The key feature of the container's operating environment is automatically configured on the CoreOS machine. And CoreOS provides automatic system upgrades, which means you do not have to worry about the old version of the problem.
On CoreOS you can use the fleet to use Docker. Fleet is a distributed init system that treats the entire cluster as an init system. You can start the fleet unit with the expanded systemd unit file. With fleet, you can run the distributed container application.
The main advantage of running CoreOS is etcd. Etcd is a distributed key / value store, it is a lot of projects have applications, such as Kubernetes, Cloud Foundry. You can use etcd to do service discovery even more. Moreover, the mainstream cloud service providers have provided CoreOS support.
Project Atomic integrates tools and models based on container applications and service deployments through a reliable operating system platform to provide an end-to-end service architecture that is modern, stable, and secure.
For the Redhat family members Fedora, RHEL and CentOS have their own independent Atomic version. If you are familiar with one of them, you can also use it as an Atomic host. Atomic Host ReadHat uses rpm-ostree to replace yum for managing OS packages and has automatic updates, which means you can roll back to the previous version. And you can also use the rpm-ostree-toolbox to create your own mirror.
One of the great advantages of Project Atomic is RedHat's mature environment. You can use tools like SELinux, Kickstart, Anaconda on the Atomic host
I have tried their quick tutorial , but because the document with the older version of the Atomic so did not run up. I downloaded Fedora Atomic and ran it up successfully.
Snappy Ubuntu Core is a derivative of Ubuntu — a minimized server image with the same library as Ubuntu, but the application is provided through a simpler mechanism. This way is faster and more reliable, and allows us to provide better security for applications and users – that's why we call them "Snappy" applications.
Ubuntu Snappy supports Canonical's AppArmor kernel security system to provide a friendly security solution. This means that Snappy can let you completely isolate both applications. Snappy can be easily extended through a frame like Docker – add a frame to your Snappy after you can run the application on it.
In Snappy all the system and application files are stored in a separate read-only mirror. This means that updating Snappy will be very easy and predictable. Through the incremental management mechanism, Snappy can also ensure that the download of things to minimize. Of course Snappy also provides system and application updates for the rollback mechanism.
Snappy does not include Docker by default, but you can easily install Docker as a framework for running applications – for Docker containers. Installation is very simple:
Snappy install docker
When i tried Docker on Snappy, I could not run any container because of
permission denied error, this bug has been submitted to the launchpad
We started the RancherOS project and we built a minimal version of Linux to run the Docker container perfectly. We want to run Docker directly on the kernel, and then run all the services in the user space as separate containers. In this way, RancherOS does not need an additional mechanism for packet management tools.
In simple terms RancherOS is the operating system of the container. It will run the Docker as PID 1, which means that the Docker is the kernel's first process. Now another interesting thing is that RancherOS runs two Docker services, one for the system (system Docker), one for the user (user Docker), and the user Docker running in the system Docker. System Docker is responsible for initializing all system services, including udev, DHCP and terminals. So RancherOS uses Docker as the init system to manage all system services in a container, rather than systemd, sysvinit, or upstart.
RancherOS uses two Docker services on the grounds that even if you accidentally stop or delete all the containers, your system is still working properly.
Since you have all the stuff running through the Docker container, you will have the latest version of the Docker. You can extend RancherOS by starting additional containers. For example, you can run your own console container to get your favorite console. Because you need to monitor the security vulnerabilities less, the patch naturally hit less, stability has improved.
Since all system services are provided by the container, you do not need a package management tool like apt-get or yum. Even if the kernel and initrd are not containers, RancherOS uses Docker's packaging and publishing mechanism to distribute kernel and initrd updates.
RancherOS can be used as an alternative to embedded systems.
VMware – Photon
Photon is a minimized containerized Host, which is designed to be very lightweight and can be quickly launched on VMware's platform. Photon was designed to run container applications in a virtualized environment.
VMware joins the tide that creates a new release for the container. VMware Photon is a minimized Linux container release optimized for vSphere. Photon supports common containers, including Docker, Rocket and Pivotal Garden container specifications (based on Vmware Warden). In addition, WMware Photon comes with an efficient lifecycle management tool that includes a compatible yum package management tool.
Photon's biggest advantage comes from VMware's Lightwave. Lightwave provides centralized authentication and authorization management. It supports a lot of open standards like LDAP, Kerberos, SAML and OAuth 2.0. In simple terms, Lightwave brings a new layer of container security to your environment. In the top of the chart you can see how Lightwave provides centralized authentication and authorization management.
As the computer science industry in the same reason, there is no universal plaster. Your best choice is usually determined by your project – if you have a greenfield project you may use new technology if you have a brownfield project you may need reliable technology. This does not mean that the two technologies can not be used at the same time. On the other hand, you need to know what you need and what your team is familiar with. And do not forget that these technologies are still in the initial stage, there are still some problems in the production environment can not occur. In addition, these new projects are still in the development stage, the change is still relatively large.
Time will tell us how these new operating systems will affect the server / cloud / data center world. I think the stable system and these new systems will depend on your environment and coexist.
In short, you can say that you have a lot of options to run your Docker infrastructure. And do not forget: you can also run your container on a traditional system — do not need to immediately switch all things.
Docker: A Comparison of Minimalistic Operating Systems (translation: Zhang Xiangjun proofreading: Song Yu)