Five Things Going on with Red Hat’s Project Atomic
There are more than 30 GitHub repositories under Project Atomic nameplate. Some are primarily Red Hat open source projects and others with a wider community based on the Linux, Docker, Kubernetes stack.
The projects include the Atomic command-line interface, patches to Docker, public Ansible playbooks, Atomic builder bundle and more. The OS upgrade OSTree project, for example, grew out of Gnome and has a growing community.
Red Hat software engineer Colin Walters and Project Atomic community lead Josh Berkus recently discussed the direction the open source work is taking, emphasizing that these projects are separate from Red Hat’s commercial products.
“What has been a real challenge for us is maintaining a lot of different streams. In these communities, we’re still maintaining the RPM model while with Project Atomic, we’re trying to drive heavily toward containerization. I see one of our bigger challenges is maintaining two ways to do things. It’s tricky,” said Walters.
“We’re trying to build on the base we have. In the Fedora and CentOS communities, there are people who maintain the base infrastructure, like the kernel and userspace. We’re delivering new ways to deliver and manage it. It’s just a challenge to do it two ways.”
Among the Project Atomic focus:
Quest for immutable infrastructure: The project is trying to implement immutable infrastructure at the operating system level. One of the benefits of containerization of application is that rather than deploy and configure in the traditional way, at the application level with containers you can configure, then deploy.
“The configuration system becomes a big bottleneck in terms of your speed of deployment and your ability to manage a large infrastructure and distribute your team,” Berkus explained.
“So the immutable infrastructure idea is what you can … design the container image along with the orchestration system so that when the container is deployed, it will start up with the correct configuration and all the bits it needs to do so.
“Ops people will say they don’t want to do that just for user applications, they want to do it for the whole infrastructure. So can we configure, then deploy the base OS as well? That’s a key part of the idea of Atomic Host is that by having this OSTree-based distribution, that post-deployment of the OS, you’re not doing configuration, or you’re doing a tiny amount of configuration. Deployment is sort of a single on-switch operation.”
It’s pressing forward with the idea of system containers with members of the OpenSUSE project and others.
The idea is that you need special containers that will probably need a lot of privileges on the host system that aren’t going to be managed by your general container manager because it needs to start when the system starts. If, for example, you have software-defined-networking, then the container for that needs to be fundamental to the system, Berkus said.
“We have systems containers available, but we’re still trying to evolve that because we’re still trying to develop a specification for systems containers that’s going to be accepted by many Linux distributions, not just Red Hat distributions,” he said.
Atomic Workstation: Atomic Host actually comes in Fedora and CentOS versions, and some early adopters in the Fedora community are using it as their desktop. These developers want to run Fedora Rawhide, which is the daily build. In the past, running it on a laptop could cause myriad problems, including making wi-fi completely stop working.
“With Atomic Host’s ability to do binary Atomic update and rollback, you can put your laptop on Fedora and work on the current version because you can always roll it back to a previous version,” Berkus said.
“If you look at the ecosystem, there’s this divide between package-based systems like yum and the image-type systems used in Chromebooks and ChromeOS and those sort of things. We aimed from the beginning to be a hybrid image and package system,” Walters said.
“It’s different from what CoreOS and Chromebooks do. People will run Debian or Fedora’s roots inside their Chromebook. We’ve been working on a model where you can replicate a base, add packages on top and still have most things in containers. In our most recent release, we’ve been enhancing the layered package work.
“I’m really happy with this because not everything can be easily containerized. For example, PAM (pluggable authentication) modules or things that hook into the operating system at a low level, the kernel module, I think the package layering has worked really well.”
Continuous Integration Version of CentOS Atomic Host: This version recently made public allows you to revert to the stable version fairly easily.
“As we’re talking about system containers and some of our new development work, we have a public continuous delivery track, and I think it’s been pretty useful for developers. We’re working on expanding that to use containers as well – containerizing Kubernetes itself as well and some of our other features. We really want to do a continuous delivery-type model too,” Walters said.
Internet of Things: They hadn’t expected the demand for the Atomic OS from Internet of Things vendors.
“If you’re a vendor and you’re pushing security updates to a remote device for which you have a limited pipeline and no console and no physical access to that device, you need that update to either work or not work. You can’t have it partially deploy because there’s no way to troubleshoot it,” Berkus explained.
“We don’t have an official ARM port for Atomic Host, but somebody’s going to build one on their own because they want it. … That’s a use case that’s not being well served. And if that kind of sub-community takes off, we’ll probably do another spin of Atomic Host that stripped-down requirements because, for example, those users don’t necessarily want Kubernetes, which is built into the existing Atomic Host because they’re not doing a cluster, they’re doing a single device.”