Slashdot Mirror

← Back to Stories (view on slashdot.org)

Red Hat Strips Down For Docker

Posted by timothy on from the wearing-or-not-wearing-dockers dept.

angry tapir writes Reacting to the surging popularity of the Docker virtualization technology, Red Hat has customized a version of its Linux distribution to run Docker containers. The Red Hat Enterprise Linux 7 Atomic Host strips away all the utilities residing in the stock distribution of Red Hat Enterprise Linux (RHEL) that aren't needed to run Docker containers. Removing unneeded components saves on storage space, and reduces the time needed for updating and booting up. It also provides fewer potential entry points for attackers. (Product page is here.)

44 comments

  1. I know! by Anonymous Coward · · Score: 4, Funny

    I know I know! They also took out the Linux kernel, leaving only systemd.

    1. Re:I know! by Zarjazz · · Score: 1

      "Removing unneeded components .." like systemd .. oh damn, someone beat me to that joke already.

    2. Re:I know! by Anonymous Coward · · Score: 0

      I know I know! They also took out the Linux kernel, leaving only systemd.

      The kernel is actually not needed in a container, so that would be reasonable.

  2. you can leave your hat on by turkeydance · · Score: 2, Funny

    https://www.youtube.com/watch?...

  3. Centos by Anonymous Coward · · Score: 0

    I hope centos team will compile this version

  4. Re:Question by RightwingNutjob · · Score: 1

    No, but it'll get virtualization capability sooner or later. Which might not be bad, you'd be able to run a VM of a distro without systemd.

  5. Re:Question by Anonymous Coward · · Score: 0

    First time I've heard systemD is "poorly coded". Most people have religious arguments against its philosophy, not the code itself.

  6. Containers.. by BrookHarty · · Score: 4, Informative

    I've been using debian vservers in the past, and now lxc. RedHat 7 and its LXC integration is amazing. I use KVM as my hypervisor of choice, so I'm already using virtual machine manager, so now I can manage my LXC hosts with VMM, its really a nice touch.

    What really interests me is LXD. LXC containers in a real isolated container that I can just move. Right now, I'm stuck to zipping and moving LXC's directories if I want to move them. I tend to use OS containers stripped down, because I want app/tcp/ssh/nrpe installed, so I can make sure the service is alarmed, and I use ssh for remote management.

    Docker tends to be aimed at enterprise usage, if you have lots of single applications appliances, you can roll out and tear down, docker is a great idea.
    That is a different use case, so I don't need docker, but docker is built on LXC, so I get that added benefits from support from Redhat. (and Centos7 support)

    I'm running an IT shop, so my servers run for years, and I need to be able to manage, and support them. LXC containers is the perfect middle ground for me. LXD is the only thing I'm missing, moving file based containers.

    So, I'm happy docker is pushing technology, because the stack it runs on is also benefiting from it.

    BTW, I wish Redhat would support LXC VM's on its REHV (ovirt) platform, then I could consolidate even more VM's into single VM's. Guests with bridges with macs are filtered due to IP spoofing rules. Kinda silly when RedHat pushes LXC on 7, but doesn't test LXC on its Visualization platform.

    1. Re:Containers.. by drinkypoo · · Score: 1

      I'm using WebVirtMgr for KVMs (libvirt) but it doesn't do LXCs, though libvirt does. Proxmox does both, but I don't want to pay for it (at my scale, it doesn't make sense) ... what else is out there, something which can handle both KVMs and LXCs and hopefully LXDs even, although if I want that I'll probably just use a KVM

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:Containers.. by Anonymous Coward · · Score: 0

      Bingo!

    3. Re:Containers.. by Anonymous Coward · · Score: 0

      "That is a different use case, so I don't need docker, but docker is built on LXC, so I get that added benefits from support from Redhat. (and Centos7 support)"

      Incorrect, Docker is no longer built on LXC. http://www.infoq.com/news/2014/03/docker_0_9

    4. Re:Containers.. by Lennie · · Score: 1

      I don't think Docker is aimed at the enterprise, it's aimed at making it easier to deploy applications.

      Let's take a really complicated cloud application,.... the OpenStack services.

      Docker can used to deploy Openstack in 3 min.:

      https://www.youtube.com/watch?...

      --
      New things are always on the horizon
  7. Re:Question by Anonymous Coward · · Score: 0

    you really haven't been reading much about it then have you....

  8. stripped out systemd? by Anonymous Coward · · Score: 0

    Did they strip it back down to a sane bare bones Unix?

  9. Re:Question by Anonymous Coward · · Score: 0

    Docker is the reason systemd is being pushed from RedHat. They need systemd to make Docker containers work. RedHat really doesn't care beans about what systemd does or doesn't do for the system admin (or user), they just have to have it.

    So when they say stripped down RHEL what they're really saying is systemd and Docker. If it's needed for Docker and it doesn't already exist in systemd, then it will be added to systemd at all costs.

    What are we going to be left with when the shiny wears off Docker and next year's flavour of the day comes along?

  10. define terms in article summary by iggymanz · · Score: 0

    not everyone knows Docker is yet another piece of cloud wankery

    1. Re:define terms in article summary by Anonymous Coward · · Score: 0

      i like bare metal and i get a better deal than virtual

    2. Re:define terms in article summary by solios · · Score: 1, Interesting

      Indeed. I'm too busy struggling to stay almost not quite embarrassingly behind on front-end buzzword compliance, and now this? I'd have no idea what it was if I wasn't friends with a devops specialist. Ditto Chef, Hadoop, and a few other extremely specific buzzword compliant "concepts" tech writers whisper about in worshipful tones.

      I kinda miss the era in which a general computing proficiency was possible. Specialization used to be for insects.

    3. Re:define terms in article summary by Tom · · Score: 1

      I kinda miss the era in which a general computing proficiency was possible. Specialization used to be for insects.

      It still is. But when you have millions of people working in IT, instead of thousands, there's space for insects. Doesn't mean you have to become one.

      To any new technology that people worship I say: Give me one hour on the Internet, then I'll know what I need to know about it and you can worry about the implementation details if you like it so much.

      --
      Assorted stuff I do sometimes: Lemuria.org
    4. Re:define terms in article summary by Anonymous Coward · · Score: 2, Interesting

      Funny thing is, most people working in the DevOps field are generalists (myself included). People with a mix of infra and development backgrounds, with a broad range of skills across multiple disciplines, and maybe one or two "deep" skills. I spent years bouncing between system administration and development and couldn't make my mind up which direction I wanted to take because everything was interesting and I wanted to play with ALL the things. Then DevOps became more than an obscure buzzword and I found my home :)

      Docker isn't perfect, there's still a few issues that they need to address, but the idea of running version controlled micro services in portable, lightweight containers seems like the way of the future.

      I'd be interested to see which distro can get their image down to the smallest (functional) size. Strip the OS down to just the absolute minimum required to boot it up, then leave it upto the docker image creators to decide what services to enable. It's a great way to minimize attack vectors, keep image size down and make the container nice and lightweight.

    5. Re:define terms in article summary by Tom · · Score: 3, Insightful

      I'd be interested to see which distro can get their image down to the smallest (functional) size.

      LFS, of course. Or any other non-distro approach. What do you need a distro for if all you want is the kernel and basic system functions? It's not so difficult to start with zero and get to a shell prompt. Been there, done that.

      The really interesting approach would be to have a deployment distro - a way to add packages to such an image from outside, without having all the packaging crap and its dependencies on the image itself.

      I think what you really want is a build system that can install to the image.

      --
      Assorted stuff I do sometimes: Lemuria.org
    6. Re:define terms in article summary by solios · · Score: 1

      That's a fair point.

      Still, there's plenty of room for the /. editors to pad the copy with a brief explanation of whatever the thing is - like how 2/3 of any article about North Korea or the Iranian nuclear program is boilerplate that people who follow the subject have read dozens of times already. The people who know what the thing is skip over those parts and newbies don't have to go somewhere else for an explanation.

    7. Re:define terms in article summary by Gazzonyx · · Score: 1

      [...]

      I'd be interested to see which distro can get their image down to the smallest (functional) size. Strip the OS down to just the absolute minimum required to boot it up, then leave it upto the docker image creators to decide what services to enable. It's a great way to minimize attack vectors, keep image size down and make the container nice and lightweight.

      A few years ago for a special purposed built box, I gutted a Slackware install, modified the disk scheduler in the kernel and removed every driver and every module that my hardware didn't use. My memory is a foggy on the numbers, but I believe the install itself was under a handful of GB (with my development tool chain and libraries) and booted to run level 3 using somewhere between 64-128 MB RAM (I think it was actually in the 32 MB range, but that sounds too small for me to be confident about it) and part of that was actually dedicated to the readahead daemon.

      Granted I'd never do that again, but it was a fun summer project to build a server rack when I was just out of college. These days I don't flinch to throw hardware at a problem if I think it's going to take up my valuable time and it will scale for whatever values of "N" I'm expecting to be reasonable.

      --

      If I mod you up, it doesn't necessarily mean I agree with what you've said, sorry.

  11. Re:Containers with Juju! by Bruzer · · Score: 2

    Juju is able to orchestrate both LXC and KVM on several different cloud environments. Juju employs a slightly different paradigm than Docker, building on top of cloud images rather than an image based workflow. It surprises me that Docker gets so much attention in this space. I have used both and still prefer Juju for the flexibility. With Juju I am able to nest LXC inside Amazon instances or use LXC on my laptop to make it appear as cloud environment.

    A quick google search turns up a document on this very subject (not written by me):
    https://insights.ubuntu.com/wp...

    --
    "Tempt not a desperate man" - Willy S.
  12. Re:Docker you say? by Anonymous Coward · · Score: 0

    NSFW!!!! NSFW!!!! NSFW!!!!

    Less whitespace and/or less repetition.

  13. Re:Systemd is tearing apart the Linux community. by Anonymous Coward · · Score: 0, Insightful

    "warring factions"

    No. Every major distro has moved to Systemd. There's no war -- Systemd won, because distro developers (you know, people who actually know their stuff) have chosen to use it. All that's left is a few crybabies on Slashdot who constantly report how they're moving 50,000 servers over to OpenBSD, but never actually do it.

    There's no war here -- just a few sad losers. Try going outside or something.

  14. Re: Systemd is tearing apart the Linux community. by sce7mjm · · Score: 2

    I suggest most sysadmins not wanting systemd haven't upgraded their distribution to the systemd one. So there's a fair chance that your wrong.

    Most sensible sysadmins will be testing their systems to either use systemd and cope with the change or attempting to coerce their distribution to operate without it, before they role out the upgrade.

    Systemd may have won with the sheep, blindly following.

    I tried a dist upgrade from Wheezy to jessie on a VPS and it failed (would not boot). I had to roll back the image.

    Plenty of people looking for a reliable upgrade path like Debian used to have but are wary of what trouble this adoption could cause.

    The exodus probably hasn't even begun. However systemd could prove to be reliable in the long term and the majority might end up using it on desktops and servers, but that hasn't happened yet.

  15. Re: Systemd is tearing apart the Linux community. by Anonymous Coward · · Score: 0

    So you failed to upgrade to Testing and the conclusion you made from that is that systemd doesn't work? I wonder what Debian has done to break systemd so hard. Fedora has been using it in production for almost four years now, and it's fine.

  16. Re:Question by igloo-x · · Score: 0

    What are we going to be left with when the shiny wears off Docker and next year's flavour of the day comes along?

    Something better.

    As is generally the case with progress.

  17. Re: Systemd is tearing apart the Linux community. by Anonymous Coward · · Score: 0

    My best bet would be that he upgraded OpenVZ based VPS, which until recently wasn't providing kernel APIs needed by Debian's systemd version to work. Fortunately OpenVZ guys patched it, though logind still fails under that virtualization (not that it is a big issue, as it doesn't have much use in most VPS based scenarios anyway). Also you can't combine systemd and OpenVZ as host kernel, which is a little bit more painful. All this is about their 2.6.32 based kernel. They wrote about opening development model and give access to 3.x branch this month or so, so let's hope we'll get stable version of it soon.

  18. eh? by coofercat · · Score: 2

    I don't get it... what's the for? is it for the host running the containers, or for the containers themselves?

    I set up a bit of Docker goodness at work because I needed to do some stuff in RHEL5, 6 and 7 sort of simultaneously. I found getting the base image of a RHEL system into a container to be annoyingly hard - first of all, you somehow have to know what all the bajillions of 'base' packages are that you're going to need. Then you make your container and spin it up to a bash prompt. Great - all looking good, right? Wrong. For any other packages you want to install you need an RPM repo, only Redhat give you a satellite - for which you need a client license. You'll need one of those for every container you ever create - that can't be right, can it?

    Maybe I'm completely missing the Chosen Path here, but getting Dockers up and going in an enterprise setting seems remarkably fiddly. That said, being able to spin up a considerably smaller container would be very welcome. I'm not so sure having a stripped down host to run them on necessarily excites me all that much, but whatever it takes to get the bloat out of distributions is fine with me.

    1. Re:eh? by Anonymous Coward · · Score: 0

      I haven't even done as much as you with Docker, but my impression of the use case is lots of small identical containers so you can scale easily. Doesn't fit what I need to do, but I can see how some would find it very handy.

    2. Re:eh? by Anonymous Coward · · Score: 0

      Just don't use redhat?

  19. Re: Systemd is tearing apart the Linux community. by Anonymous Coward · · Score: 0

    This brings back bad memories. I generally stay far away from OpenVZ and anything else that requires a hacked kernel.

  20. Re: Systemd is tearing apart the Linux community. by sce7mjm · · Score: 1

    As I said in my post that you managed to misinterpret.
    I was TESTING the dist upgrade to Jessie since jessie had been frozen.

    Since the VPS was not booting I was unable to get a console up to do any investigation. This was on XEN by the way. So perhaps the particular config had an issue.

    I have in the past used dist upgrade as a test to testing squeeze and testing wheezy when appropriate to spot problems that might arise, and report if not seen in the wild already. This is how open source type software gets developed and kinda works...

    There seems to have been a definite change in attitude across Debian and probably other distro's.
    When issues get raised responses are often "your doing it wrong" or "you can configure it to get the old behaviour back" rather than the more helpful response of "check out this bug and it's temporary solution, this should be fixed by the time the release candidate comes out..."
    I can expect this attitude from the authors of software since I can choose not to use it, however packagers and distributions seem to be taking this stance as well, which means potentially accept the new package and the new way of doing things or become a second class citizen of the distribution or leave.

    Perhaps it will all get sorted and perhaps I'll try jessie again and see if I can get it to boot and do some investigation as to how much change there has been, perhaps I can live with systemd. However I am not about to decide that this is the future without testing it...

    In the mean time it is wheezy until security support stops and keep testing in the mean time.

  21. Re: Systemd is tearing apart the Linux community. by iggymanz · · Score: 1

    wrong, systemd in Federa is pure buggy garbage, avoid it in production systems. playing with a thing as desktop proves nothing