Fedora Project Developers about the beginning the first preliminary version of the new edition of the distribution , which replaced Fedora Atomic Host and CoreOS Container Linux products as a single solution for running environments based on isolated containers.
From CoreOS Container Linux, which in the hands of Red Hat after the purchase of CoreOS, Fedora CoreOS transferred the deployment tools (configuration system at the Ignition boot stage), the atomic update mechanism and the overall philosophy of the product. Packet technology, support for OCI (Open Container Initiative) specifications, and additional container isolation mechanisms based on SELinux have been transferred from Atomic Host. The core of Fedora CoreOS is built from the Fedora repositories using rpm-ostree. Moby (Docker) and podman are declared as supported in Fedora CoreOS runtime for containers. Kubernetes support is planned for container orchestration on top of Fedora CoreOS.
The project is aimed at providing a minimal environment that is atomically updated automatically without the participation of an administrator and unified for mass deployment of server systems designed exclusively for running containers. Fedora CoreOS contains only the minimum set of components sufficient to run isolated containers - the Linux kernel, the systemd system manager, and a set of utility services for connecting via SSH, managing configuration and installing updates.
The system partition is mounted in read-only mode and does not change during operation. passed at the boot stage using the Ignition toolkit (an alternative to Cloud-Init).
Once the system is running, changing the configuration and contents of the /etc directory is not possible, it is only possible to change the settings profile and use it to replace the environment. In general, working with the system resembles working with container images that are not updated in place, but are rebuilt from scratch and launched again.
The system image is indivisible and is formed using the OSTree technology (individual packages cannot be installed in such an environment, you can only rebuild the entire system image by expanding it with new packages using the rpm-ostree toolkit). The update system is based on the use of two system partitions, one of which is active, and the second is used to copy the update; after the update is installed, the partitions change roles.
Three independent branches of Fedora CoreOS are offered:
testing with snapshots based on the current release of Fedora with updates; stable - a stable branch formed after two weeks of testing the testing branch; next is a snapshot of a future release in development. For all three branches, updates are being generated with the elimination of vulnerabilities and serious errors. At the current stage of development, only the testing branch is being formed as part of the preliminary release. The first stable release is planned to be released in 6 months. Support for the CoreOS Container Linux distribution will end 6 months after Fedora CoreOS is stabilized, and support for Fedora Atomic Host is expected to end at the end of November.
After the project stabilizes, sending telemetry will be enabled by default (telemetry is not active in the pre-build yet) using the fedora-coreos-pinger service, which periodically collects and sends non-identifying information about the system to the Fedora project servers, such as the OS version number, cloud platform installation type. There is no information among the transmitted data that can lead to identification. When parsing statistics, only aggregated information is used, which makes it possible to generally judge the nature of the use of Fedora CoreOS. If desired, the user can disable the sending of telemetry or expand the information transmitted by default.
Source: opennet.ru