Red Hat’s Enterprise Linux Atomic Host 7.1 release is generally available today, providing users with the promise of a more secure and optimized operating system for Docker containers. The Atomic Host release comes alongside the Red Hat Enterprise Linux 7.1, which also debuts today.
Red Hat first announced its Project Atomic effort in April 2014 as part of a broad push into the Docker Linux container space. While Docker is supported on the main Red Hat Enterprise Linux 7 operating system edition, that OS is a general-purpose system and is not as tightly optimized for Docker as is Atomic Host.
Subhendu Ghosh, senior technology product manager at Red Hat, explained that a lot has happened since the initial announcement of Project Atomic. One of the big shifts has been Red Hat’s embrace of the Google-led Kubernetes open-source project for container orchestration. Red Hat has embraced Kubernetes for its container offerings, and the company is now the second-largest contributor in the community after Google, Ghosh said.
“Red Hat Enterprise Linux Atomic Host includes Kubernetes as the orchestration engine for multi-container, multi-host applications, managing the launch, state and communication for each container and host,” Ghosh told eWEEK. “In terms of changes, Kubernetes superseded geard for orchestration, which was demoed at Red Hat Summit in April 2014.”
Red Hat is also leveraging Kubernetes as a core part of its upcoming OpenShift 3 platform-as-a-service (PaaS) release.
OpenShift 3 builds on the work Red Hat has done on RHEL 7 and RHEL Atomic Host with regards to Kubernetes, Ghosh said.
“The bottom line is that we don’t see any of the work on Kubernetes, Docker, or Red Hat Enterprise Linux Atomic Host as being unique to OpenShift or Red Hat Enterprise Linux,” Ghosh said. “They are becoming intertwined, and the engineering teams are co-mingled.”
By using Kubernetes as the orchestration engine across Red Hat’s platforms, the company is targeting full application portability and mobility when it comes to containerized applications, Ghosh said.
Security
Another development that Red Hat has advanced for Atomic Host is improved security controls with the introduction of what Red Hat refers to as “super-privileged” containers. Ghosh explained that the super-privileged containers allow users to deploy system services as containers and then run those service containers with privileged access to the host system, as well as other containers on the same host. Docker containers run on top of the host operating system, which is where the need for the super-privilege containers has emerged.
“Red Hat Enterprise Linux Atomic Host’s image design does not allow the run time addition of any content at the host level,” Ghosh said. “A number of our customers, however, expressed use cases for debug and performance tools in the form of hardware and system agents that need to interact at the host level.”
Ghosh explained that super-privileged containers enable all the privileges needed by applications that must access the host.
Red Hat has also been working on improving storage management for container hosts. Ghosh noted that Red Hat Enterprise Linux Atomic Host now uses thin provisioning for the disk space used for container images.
System updating and rollback capabilities are also integrated into Atomic Host. Ghosh explained that that “atomic” updating in the RHEL Atomic Host is achieved via OSTree, which Red Hat started developing in 2012.
“It uses a Git-like method to deploy the operating system onto a disk and allows the co-location of multiple aggregate file systems,” Ghosh explained. “Via OSTree, we will make updates available frequently, delivering bug fixes as well as implementing new features.”
The idea of incremental transactional updates and rollback capability is also something that Red Hat’s Linux rival Canonical has been pursuing with its Snappy Ubuntu Linux efforts.
Red Hat Docker-Centric Atomic Host Linux Distro Debuts
Docker
While Red Hat Atomic Host is an optimized host for Docker containers, the new release doesn’t quite yet include the latest technologies from the upstream open-source Docker project. Docker 1.5 was released Feb. 10, but that’s not the version of Docker that Red Hat Atomic Host currently includes. Docker 1.5 includes a number of important new capabilities such as improved IPv6 support, security improvements and a statistics API for container visibility.
“The version of the Docker engine in Red Hat Enterprise Linux Atomic Host is 1.4.1,” Ghosh said. “Docker 1.5 was not available in time for this release, but we plan to make Docker 1.5 features available in an update release in a few weeks.”
The upstream Docker project has also been active in recent weeks with the launch of the Docker Machine, Swarm and Compose efforts which entered public beta Feb. 26. Docker Machine is a technology that enables the Docker Engine—the application virtualization piece of Docker—to be quickly deployed on any server. Docker Swarm provides Docker container clustering capabilities, and Docker Compose enables multiple containers to be pulled together to run a single logical application.
“At this time, Red Hat Enterprise Linux does not support Machine, Swarm or Compose, although we are reviewing the capabilities of these frameworks with our customers and keeping an eye on activities and progress within upstream projects,” Ghosh said. “We made a strategic decision for Kubernetes as our orchestration engine across our platform portfolio to enable enterprise container portability.”
Red Hat Enterprise Linux 7.1
Alongside the Red Hat Atomic Host launch, Red Hat Enterprise Linux 7.1 is generally available today. Red Hat Enterprise Linux 7.1 first entered public beta in December 2014 and includes new security features.
Among the features is a new security certificate authority as part of the identity management system. Support for two-factor authentication has also been improved in the new release as well.
Ghosh noted that Docker can also run on Red Hat Enterprise Linux 7.1; however, the benefit of Red Hat Enterprise Linux Atomic Host is that it’s optimized purely for running containers out of the box.
“From storage tuning to kernel settings, everything about Atomic Host is centered on the container from the get-go,” Ghosh said, “as opposed to Red Hat Enterprise Linux 7.1, which provides general support for Linux containers while remaining flexible enough to support other infrastructure needs.”
Another benefit of Red Hat Enterprise Linux Atomic Host for Linux container deployments is that, as a minimal footprint container host, it contains significantly fewer packages that must be managed and updated, Ghosh said.
Red Hat sells its platform product on an enterprise subscription model basis.
“Red Hat Enterprise Linux Atomic Host is a deployment option for most Red Hat Enterprise Linux Server subscriptions and is not a stand-alone offering,” Ghosh said. “Customers can choose to deploy via RPMs [Red Hat Package Manager files] if they want the full control and flexibility of a Red Hat Enterprise Linux 7 installation, or they can deploy Atomic Host to take advantage of Linux containers.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.