Fedora Project Developers about the stabilization of the distribution and its readiness for wide use. Fedora CoreOS is being promoted as a single solution for running isolated container environments, replacing Fedora Atomic Host and CoreOS Container Linux products. Support for the CoreOS Container Linux distribution will end in 6 months, with Fedora Atomic Host expected to end support at the end of November.
Fedora CoreOS aims to provide a minimal environment that is atomically updatable without administrator intervention and unified for mass deployment of server systems dedicated solely to running containers. The distribution provides only a minimal set of components sufficient to run isolated containers - the Linux kernel, the systemd system manager, and a set of utility services for connecting via SSH, managing configuration and installing updates.
The system partition is mounted in read-only mode and does not change during operation. transmitted at the stage of loading using the toolkit (alternative to Cloud-Init). Once the system is running, changing the configuration and contents of the /etc directory is not possible, it is only possible to change the settings profile and use it to replace the environment. In general, working with the system resembles working with container images that are not updated in place, but are rebuilt from scratch and launched again.
The system image is indivisible and is formed using the OSTree technology (individual packages cannot be installed in such an environment, you can only rebuild the entire system image by expanding it with new packages using the rpm-ostree toolkit). The update system is based on the use of two system partitions, one of which is active, and the second is used to copy the update; after the update is installed, the partitions change roles.
From the CoreOS Container Linux distribution, which in the hands of Red Hat after buying CoreOS, the Fedora CoreOS project borrowed the configuration tool at the boot stage (Ignition), the atomic update mechanism, and the overall product philosophy. Packet technology, support for OCI (Open Container Initiative) specifications, and additional container isolation mechanisms based on SELinux have been transferred from Atomic Host. To orchestrate containers on top of Fedora CoreOS, in the future it is planned to provide integration with Kubernetes (including based on ).
The stuffing of the first stable release of Fedora CoreOS is formed on the basis of repositories using the rpm-ostree package.
The composition includes the Linux 5.4 kernel, the systemd 243 system manager, the Ignition 2.1 toolkit. Container runtime provides support for Moby 18.09 (Docker) and podman 1.7. Support for cgroups v1 is enabled by default for compatibility, but cgroups v2 can optionally be enabled. Possibility implemented on various platforms including regular servers, QEMU, OpenStack, VMware, AWS, Alibaba, Azure and GCP. The provided iso image can be run in live mode by loading into RAM. Network boot via PXE (netboot) is supported.
Three independent branches of Fedora CoreOS are offered, for which updates are being generated to eliminate vulnerabilities and serious bugs:
- testing with snapshots based on the current release of Fedora with updates;
- stable - a stable branch formed after two weeks of testing the testing branch;
- next - a snapshot of a future release in development (only in the plans so far).
Of plans for the future, mentioned in Fedora CoreOS sending telemetry using a service , which periodically collects and sends non-identifying information about the system to the Fedora Project servers, such as OS version number, cloud platform installation type. There is no information among the transmitted data that can lead to identification. When parsing statistics, only aggregated information is used, which makes it possible to generally judge the nature of the use of Fedora CoreOS. If desired, the user will be able to disable the sending of telemetry or expand the information transmitted by default.
Source: opennet.ru