Juan Manuel Rey bio photo

Juan Manuel Rey

Unix Geek. Sysadmin by heart turned cloud architect. Working for Microsoft.

Twitter Google+ LinkedIn Github Stackoverflow

Welcome to the Atomic Series! In this new series of articles I will discuss the different part of the Project Atomic ecosystem starting with the Atomic Host in this first part. I sincerely hope you like it found it helpful. The planned posts, for now are:

  • Part 1 - Introduction to Atomic Host
  • Part 2 - Atomic Clusters
  • Part 3 - Atomic Registry

In the future I am planning to write more posts around Atomic but without numbering.

What is Project Atomic?

Project Atomic is the name of the community, sponsored by Red Hat, that encompass a set of Open Source projects geared towards creating of a new family of operating systems and infrastructure to run container-based workloads.

The basic building block of the project is the Atomic Host, a lightweight container operating system, however the project also serves as the umbrella of projects like rpm-ostree, Atomic Registry, Atomic App or Cockpit which are also components of Openshift Origin, the upstream of Red Hat Openshift Container Platform. Project Atomic includes the upstream work on Docker and Kubernetes communities.

What is Atomic Host

Atomic Host is a lightweight container optimized operating system designed to be immutable, currently available as Fedora and CentOS flavors, is also the upstream of Red Hat Enterprise Linux Atomic Host. It is very important to understand that Atomic Host is not a new Linux distribution but it is built on the foundation of Fedora, CentOS and Red Hat Enterprise Linux.

It differs from traditional operating systems, which by the way can also run containers, in that it is optimized to run and managing containers. Every application is run and managed as a container in Atomic Host.

Besides of the container optimized host it provides tools like rpm-ostree, Docker, Kubernetes, Cockpit and the Atomic command line tools. Currently the only components that come installed in Atomic, besides of the Fedora, CentOS or RHEL base images, are the Atomic command line, Docker and Kubernetes; however there are plans to implement Kubernetes as containers in the future as well.

rpm-ostree

Based on OSTree, the first thing you have to know about rpm-ostree is that it is not a package management system like yum, dnf or apt. Instead rpm-ostree is an open source tool to manage bootable, immutable, versioned filesystem trees. The main idea behind rpm-ostree is to use a client-server architecture to keep Linux hosts updated and in sync with the latest packages in a reliable manner.

Check current status

[fedora@atomic-01 ~]$ sudo rpm-ostree status
  TIMESTAMP (UTC)         VERSION   ID             OSNAME            REFSPEC
* 2016-06-15 09:57:04     24.39     2c7d41e8a6     fedora-atomic     fedora-atomic:fedora-atomic/24/x86_64/docker-host
[fedora@atomic-01 ~]$
[fedora@fed-atomic-01 ~]$ sudo rpm-ostree status -p
============================================================
  * DEFAULT ON BOOT
----------------------------------------
  version    24.39
  timestamp  2016-06-15 09:57:04
  id         2c7d41e8a67931fe21bc92100c59cff8a94c2df5a0e6a1b75957bda141601481.0
  osname     fedora-atomic
  refspec    fedora-atomic:fedora-atomic/24/x86_64/docker-host
============================================================
[fedora@fed-atomic-01 ~]$

Upgrade the system

The upgrade option allows you also to preview the changes, display the current version, etc.

[fedora@fed-atomic-01 ~]$ sudo rpm-ostree upgrade --help
Usage:
  rpm-ostree upgrade [OPTION...] - Perform a system upgrade

Help Options:
  -h, --help            Show help options

Application Options:
  --os=OSNAME           Operate on provided OSNAME
  -r, --reboot          Initiate a reboot after an upgrade is prepared
  --allow-downgrade     Permit deployment of chronologically older trees
  --preview             Just preview package differences
  --check               Just check if an upgrade is available
  --sysroot=SYSROOT     Use system root SYSROOT (default: /)
  --peer                Force a peer-to-peer connection instead of using the system message bus
  --version             Print version information and exit

[fedora@fed-atomic-01 ~]$
[fedora@fed-atomic-01 ~]$ sudo rpm-ostree upgrade --version
rpm-ostree 2015.11
  +compose
[fedora@fed-atomic-01 ~]$

Performing the upgrade is a simple rpm-ostree upgrade.

[fedora@fed-atomic-01 ~]$ sudo rpm-ostree upgrade
Updating from: fedora-atomic:fedora-atomic/24/x86_64/docker-host

2061 metadata, 9718 content objects fetched; 354168 KiB transferred in 551 seconds
Copying /etc changes: 20 modified, 0 removed, 46 added
Transaction complete; bootconfig swap: yes deployment count change: 1
[fedora@fed-atomic-01 ~]$

After the upgrade reboot the host and verify the new tree is in use.

[fedora@fed-atomic-01 ~]$ sudo rpm-ostree status
State: idle
Deployments:
● fedora-atomic:fedora-atomic/24/x86_64/docker-host
       Version: 24.81 (2016-11-14 20:46:13)
        Commit: 49dd9520a7c537ced9c846c2e2f47643b5f52a22768d944b6d8c1108da38f39e
        OSName: fedora-atomic

  fedora-atomic:fedora-atomic/24/x86_64/docker-host
       Version: 24.39 (2016-06-15 09:57:04)
        Commit: 2c7d41e8a67931fe21bc92100c59cff8a94c2df5a0e6a1b75957bda141601481
        OSName: fedora-atomic
[fedora@fed-atomic-01 ~]$

Rollback an upgrade

[fedora@fed-atomic-01 ~]$ sudo rpm-ostree rollback
Moving '2c7d41e8a67931fe21bc92100c59cff8a94c2df5a0e6a1b75957bda141601481.0' to be first deployment
Transaction complete; bootconfig swap: yes deployment count change: 0
Changed:
  NetworkManager 1:1.2.4-3.fc24 -> 1:1.2.2-1.fc24
  NetworkManager-libnm 1:1.2.4-3.fc24 -> 1:1.2.2-1.fc24
  atomic 1.13.1-3.git5dfcaa9.fc24 -> 1.8-5.gitcc5997a.fc24
  audit 2.6.7-1.fc24 -> 2.5.2-1.fc24
  audit-libs 2.6.7-1.fc24 -> 2.5.2-1.fc24
  audit-libs-python 2.6.7-1.fc24 -> 2.5.2-1.fc24
  audit-libs-python3 2.6.7-1.fc24 -> 2.5.2-1.fc24
  bash 4.3.42-7.fc24 -> 4.3.42-5.fc24
  bash-completion 1:2.4-1.fc24 -> 1:2.3-1.fc24
  bind99-libs 9.9.9-2.P3.fc24 -> 9.9.9-1.P1.fc24
  bind99-license 9.9.9-2.P3.fc24 -> 9.9.9-1.P1.fc24
  boost-iostreams 1.60.0-7.fc24 -> 1.60.0-5.fc24
  boost-program-options 1.60.0-7.fc24 -> 1.60.0-5.fc24
  boost-random 1.60.0-7.fc24 -> 1.60.0-5.fc24
  boost-regex 1.60.0-7.fc24 -> 1.60.0-5.fc24
  boost-system 1.60.0-7.fc24 -> 1.60.0-5.fc24
  boost-thread 1.60.0-7.fc24 -> 1.60.0-5.fc24
  ca-certificates 2016.2.10-1.0.fc24 -> 2016.2.7-1.0.fc24
  ceph-common 1:10.2.2-2.fc24 -> 1:10.2.0-2.fc24
  checkpolicy 2.5-6.fc24 -> 2.5-2.fc24
  chkconfig 1.8-1.fc24 -> 1.7-2.fc24
  cockpit-bridge 0.117-1.fc24 -> 0.103-1.fc24
  cockpit-docker 0.117-1.fc24 -> 0.103-1.fc24
  cockpit-networkmanager 0.117-1.fc24 -> 0.103-1.fc24
  cockpit-ostree 0.117-1.fc24 -> 0.103-1.fc24
  cockpit-shell 0.117-1.fc24 -> 0.103-1.fc24
  coreutils 8.25-7.fc24 -> 8.25-5.fc24
  coreutils-common 8.25-7.fc24 -> 8.25-5.fc24
  cronie 1.5.1-2.fc24 -> 1.5.0-4.fc24
  cronie-anacron 1.5.1-2.fc24 -> 1.5.0-4.fc24
  cryptsetup 1.7.2-1.fc24 -> 1.7.1-1.fc24
  cryptsetup-libs 1.7.2-1.fc24 -> 1.7.1-1.fc24
  curl 7.47.1-9.fc24 -> 7.47.1-4.fc24
  dbus 1:1.11.6-1.fc24 -> 1:1.11.2-1.fc24
  dbus-glib 0.108-1.fc24 -> 0.106-1.fc24
  dbus-libs 1:1.11.6-1.fc24 -> 1:1.11.2-1.fc24
  device-mapper 1.02.122-2.fc24 -> 1.02.122-1.fc24
  device-mapper-event 1.02.122-2.fc24 -> 1.02.122-1.fc24
  device-mapper-event-libs 1.02.122-2.fc24 -> 1.02.122-1.fc24
  device-mapper-libs 1.02.122-2.fc24 -> 1.02.122-1.fc24
  device-mapper-persistent-data 0.6.3-1.fc24 -> 0.6.2-0.1.rc6.fc24
  dhcp-client 12:4.3.4-3.fc24 -> 12:4.3.4-2.fc24
  dhcp-common 12:4.3.4-3.fc24 -> 12:4.3.4-2.fc24
  dhcp-libs 12:4.3.4-3.fc24 -> 12:4.3.4-2.fc24
  dnsmasq 2.76-1.fc24 -> 2.75-4.fc24
  docker 2:1.10.3-54.gite03ddb8.fc24 -> 2:1.10.3-9.git667d6d1.fc24
  docker-v1.10-migrator 2:1.10.3-54.gite03ddb8.fc24 -> 2:1.10.3-9.git667d6d1.fc24
  dracut 044-21.fc24 -> 044-18.git20160108.fc24
  dracut-config-generic 044-21.fc24 -> 044-18.git20160108.fc24
  dracut-live 044-21.fc24 -> 044-18.git20160108.fc24
  dracut-network 044-21.fc24 -> 044-18.git20160108.fc24
  efibootmgr 14-3.fc24 -> 0.12-3.fc24
  efivar-libs 30-4.fc24 -> 0.23-1.fc24
  elfutils-default-yama-scope 0.167-1.fc24 -> 0.166-2.fc24
  elfutils-libelf 0.167-1.fc24 -> 0.166-2.fc24
  elfutils-libs 0.167-1.fc24 -> 0.166-2.fc24
  emacs-filesystem 1:25.1-2.fc24 -> 1:25.0.94-1.fc24
  etcd 2.3.3-1.fc24 -> 2.2.5-5.fc24
  expat 2.1.1-2.fc24 -> 2.1.1-1.fc24
  fedora-release 24-2 -> 24-1
  fedora-repos 24-3 -> 24-1
  findutils 1:4.6.0-7.fc24 -> 1:4.6.0-3.fc24
  flannel 0.5.5-6.fc24 -> 0.5.5-5.fc24
  fuse-libs 2.9.7-1.fc24 -> 2.9.4-4.fc24
  gawk 4.1.3-8.fc24 -> 4.1.3-3.fc24
  gettext 0.19.8.1-2.fc24 -> 0.19.7-4.fc24
  gettext-libs 0.19.8.1-2.fc24 -> 0.19.7-4.fc24
  glib2 2.48.2-1.fc24 -> 2.48.1-1.fc24
  glibc 2.23.1-11.fc24 -> 2.23.1-7.fc24
  glibc-all-langpacks 2.23.1-11.fc24 -> 2.23.1-7.fc24
  glibc-common 2.23.1-11.fc24 -> 2.23.1-7.fc24
  glusterfs 3.8.5-1.fc24 -> 3.8.0-0.2.rc2.fc24
  glusterfs-client-xlators 3.8.5-1.fc24 -> 3.8.0-0.2.rc2.fc24
  glusterfs-fuse 3.8.5-1.fc24 -> 3.8.0-0.2.rc2.fc24
  glusterfs-libs 3.8.5-1.fc24 -> 3.8.0-0.2.rc2.fc24
  gmp 1:6.1.1-1.fc24 -> 1:6.1.0-2.fc24
  gnupg2 2.1.13-2.fc24 -> 2.1.11-3.fc24
  gnutls 3.4.16-1.fc24 -> 3.4.12-1.fc24
  gpgme 1.6.0-3.fc24 -> 1.4.3-7.fc24
  gssproxy 0.5.1-3.fc24 -> 0.5.0-4.fc24
  guile 5:2.0.13-1.fc24 -> 5:2.0.11-9.fc24
  info 6.1-3.fc24 -> 6.1-2.fc24
  ipcalc 0.1.8-1.fc24 -> 0.1.6-2.fc24
  iputils 20160308-3.fc24 -> 20160308-2.fc24
  json-glib 1.2.2-1.fc24 -> 1.2.0-1.fc24
  kernel 4.8.6-201.fc24 -> 4.5.5-300.fc24
  kernel-core 4.8.6-201.fc24 -> 4.5.5-300.fc24
  kernel-modules 4.8.6-201.fc24 -> 4.5.5-300.fc24
  krb5-libs 1.14.4-4.fc24 -> 1.14.1-6.fc24
  kubernetes 1.2.0-0.26.git4a3f9c5.fc24 -> 1.2.0-0.20.git4a3f9c5.fc24
  kubernetes-client 1.2.0-0.26.git4a3f9c5.fc24 -> 1.2.0-0.20.git4a3f9c5.fc24
  kubernetes-master 1.2.0-0.26.git4a3f9c5.fc24 -> 1.2.0-0.20.git4a3f9c5.fc24
  kubernetes-node 1.2.0-0.26.git4a3f9c5.fc24 -> 1.2.0-0.20.git4a3f9c5.fc24
  libarchive 3.2.2-1.fc24 -> 3.1.2-17.fc24
  libassuan 2.4.3-1.fc24 -> 2.4.2-2.fc24
  libbasicobjects 0.1.1-29.fc24 -> 0.1.1-28.fc24
  libblkid 2.28.2-1.fc24 -> 2.28-2.fc24
  libcap-ng 0.7.8-1.fc24 -> 0.7.7-4.fc24
  libcephfs1 1:10.2.2-2.fc24 -> 1:10.2.0-2.fc24
  libcollection 0.7.0-29.fc24 -> 0.7.0-28.fc24
  libcurl 7.47.1-9.fc24 -> 7.47.1-4.fc24
  libfdisk 2.28.2-1.fc24 -> 2.28-2.fc24
  libgcc 6.2.1-2.fc24 -> 6.1.1-2.fc24
  libgcrypt 1.6.6-1.fc24 -> 1.6.4-2.fc24
  libgomp 6.2.1-2.fc24 -> 6.1.1-2.fc24
  libgpg-error 1.24-1.fc24 -> 1.21-2.fc24
  libicu 56.1-5.fc24 -> 56.1-4.fc24
  libidn 1.33-1.fc24 -> 1.32-2.fc24
  libini_config 1.3.0-29.fc24 -> 1.2.0-28.fc24
  libksba 1.3.5-1.fc24 -> 1.3.4-1.fc24
  libmnl 1.0.4-1.fc24 -> 1.0.3-11.fc24
  libmount 2.28.2-1.fc24 -> 2.28-2.fc24
  libnfsidmap 0.26-6.rc4.fc24 -> 0.26-4.2.fc24
  libnl3 3.2.28-3.fc24 -> 3.2.27-3.fc24
  libpath_utils 0.2.1-29.fc24 -> 0.2.1-28.fc24
  libpng 2:1.6.26-1.fc24 -> 2:1.6.21-2.fc24
  libpsl 0.13.0-3.fc24 -> 0.13.0-1.fc24
  librados2 1:10.2.2-2.fc24 -> 1:10.2.0-2.fc24
  libradosstriper1 1:10.2.2-2.fc24 -> 1:10.2.0-2.fc24
  librbd1 1:10.2.2-2.fc24 -> 1:10.2.0-2.fc24
  libref_array 0.1.5-29.fc24 -> 0.1.5-28.fc24
  librgw2 1:10.2.2-2.fc24 -> 1:10.2.0-2.fc24
  libselinux 2.5-9.fc24 -> 2.5-3.fc24
  libselinux-python 2.5-9.fc24 -> 2.5-3.fc24
  libselinux-python3 2.5-9.fc24 -> 2.5-3.fc24
  libselinux-utils 2.5-9.fc24 -> 2.5-3.fc24
  libsemanage 2.5-5.fc24 -> 2.5-2.fc24
  libsemanage-python 2.5-5.fc24 -> 2.5-2.fc24
  libsemanage-python3 2.5-5.fc24 -> 2.5-2.fc24
  libsepol 2.5-8.fc24 -> 2.5-3.fc24
  libsmartcols 2.28.2-1.fc24 -> 2.28-2.fc24
  libsolv 0.6.24-1.fc24 -> 0.6.20-3.fc24
  libsss_idmap 1.14.2-1.fc24 -> 1.13.4-3.fc24
  libsss_nss_idmap 1.14.2-1.fc24 -> 1.13.4-3.fc24
  libsss_sudo 1.14.2-1.fc24 -> 1.13.4-3.fc24
  libstdc++ 6.2.1-2.fc24 -> 6.1.1-2.fc24
  libtasn1 4.9-1.fc24 -> 4.8-1.fc24
  libtool-ltdl 2.4.6-12.fc24 -> 2.4.6-11.fc24
  libuuid 2.28.2-1.fc24 -> 2.28-2.fc24
  libxkbcommon 0.6.1-1.fc24 -> 0.5.0-4.fc24
  linux-firmware 20160923-68.git42ad5367.fc24 -> 20160526-65.git80d463be.fc24
  lua 5.3.3-2.fc24 -> 5.3.2-3.fc24
  lvm2 2.02.150-2.fc24 -> 2.02.150-1.fc24
  lvm2-libs 2.02.150-2.fc24 -> 2.02.150-1.fc24
  mokutil 1:0.3.0-2.fc24 -> 1:0.2.0-4.fc24
  ncurses 6.0-6.20160709.fc24 -> 6.0-5.20160116.fc24
  ncurses-base 6.0-6.20160709.fc24 -> 6.0-5.20160116.fc24
  ncurses-libs 6.0-6.20160709.fc24 -> 6.0-5.20160116.fc24
  nettle 3.2-3.fc24 -> 3.2-2.fc24
  nfs-utils 1:1.3.4-1.rc2.fc24 -> 1:1.3.3-8.rc5.fc24
  nspr 4.13.1-1.fc24 -> 4.12.0-1.fc24
  nss 3.27.0-1.2.fc24 -> 3.23.0-1.2.fc24
  nss-softokn 3.27.0-1.0.fc24 -> 3.23.0-1.0.fc24
  nss-softokn-freebl 3.27.0-1.0.fc24 -> 3.23.0-1.0.fc24
  nss-sysinit 3.27.0-1.2.fc24 -> 3.23.0-1.2.fc24
  nss-tools 3.27.0-1.2.fc24 -> 3.23.0-1.2.fc24
  nss-util 3.27.0-1.0.fc24 -> 3.23.0-1.0.fc24
  oci-register-machine 0-2.4.git352a2a2.fc24 -> 0-1.1.git7d4ce65.fc24
  openssh 7.2p2-13.fc24 -> 7.2p2-6.fc24
  openssh-clients 7.2p2-13.fc24 -> 7.2p2-6.fc24
  openssh-server 7.2p2-13.fc24 -> 7.2p2-6.fc24
  openssl 1:1.0.2j-1.fc24 -> 1:1.0.2h-1.fc24
  openssl-libs 1:1.0.2j-1.fc24 -> 1:1.0.2h-1.fc24
  ostree 2016.12-1.fc24 -> 2016.5-3.fc24
  ostree-grub2 2016.12-1.fc24 -> 2016.5-3.fc24
  pcre 8.39-6.fc24 -> 8.38-11.fc24
  policycoreutils 2.5-13.fc24 -> 2.5-5.fc24
  policycoreutils-python 2.5-13.fc24 -> 2.5-5.fc24
  policycoreutils-python-utils 2.5-13.fc24 -> 2.5-5.fc24
  policycoreutils-python3 2.5-13.fc24 -> 2.5-5.fc24
  python 2.7.12-6.fc24 -> 2.7.11-4.fc24
  python-cephfs 1:10.2.2-2.fc24 -> 1:10.2.0-2.fc24
  python-libs 2.7.12-6.fc24 -> 2.7.11-4.fc24
  python-rados 1:10.2.2-2.fc24 -> 1:10.2.0-2.fc24
  python-rbd 1:10.2.2-2.fc24 -> 1:10.2.0-2.fc24
  python2-pysocks 1.5.6-4.fc24 -> 1.5.6-3.fc24
  python3 3.5.2-3.fc24 -> 3.5.1-7.fc24
  python3-jinja2 2.8-7.fc24 -> 2.8-5.fc24
  python3-libs 3.5.2-3.fc24 -> 3.5.1-7.fc24
  python3-pyserial 3.1.1-1.fc24 -> 2.7-5.fc24
  python3-pysocks 1.5.6-4.fc24 -> 1.5.6-3.fc24
  python3-requests 2.10.0-2.fc24 -> 2.10.0-1.fc24
  python3-sssdconfig 1.14.2-1.fc24 -> 1.13.4-3.fc24
  python3-urllib3 1.15.1-3.fc24 -> 1.15.1-1.fc24
  rpcbind 0.2.3-11.rc1.fc24 -> 0.2.3-10.rc1.fc24
  rpm-ostree 2016.11-1.fc24 -> 2015.11-2.fc24
  runc 1:0.1.1-3.git57b9972.fc24 -> 1:0.0.9-0.3.git94dc520.fc24
  screen 4.4.0-4.fc24 -> 4.3.1-4.fc24
  selinux-policy 3.13.1-191.20.fc24 -> 3.13.1-190.fc24
  selinux-policy-targeted 3.13.1-191.20.fc24 -> 3.13.1-190.fc24
  skopeo 0.1.14-5.git550a480.fc24 -> 0.1.11-1.fc24
  sqlite 3.13.0-1.fc24 -> 3.11.0-3.fc24
  sqlite-libs 3.13.0-1.fc24 -> 3.11.0-3.fc24
  sssd-client 1.14.2-1.fc24 -> 1.13.4-3.fc24
  strace 4.14-1.fc24 -> 4.11.0.163.9720-2.fc24
  sudo 1.8.18p1-1.fc24 -> 1.8.16-3.fc24
  system-python-libs 3.5.2-3.fc24 -> 3.5.1-7.fc24
  systemd 229-16.fc24 -> 229-8.fc24
  systemd-container 229-16.fc24 -> 229-8.fc24
  systemd-libs 229-16.fc24 -> 229-8.fc24
  systemd-udev 229-16.fc24 -> 229-8.fc24
  tzdata 2016i-1.fc24 -> 2016d-1.fc24
  util-linux 2.28.2-1.fc24 -> 2.28-2.fc24
  vim-minimal 2:7.4.1868-1.fc24 -> 2:7.4.1718-1.fc24
  xfsprogs 4.5.0-2.fc24 -> 4.5.0-1.fc24
Removed:
  bubblewrap-0.1.3-2.fc24.x86_64
  container-selinux-2:1.10.3-54.gite03ddb8.fc24.x86_64
  docker-common-2:1.10.3-54.gite03ddb8.fc24.x86_64
  fedora-release-atomichost-24-2.noarch
  fuse-2.9.7-1.fc24.x86_64
  gobject-introspection-1.48.0-1.fc24.x86_64
  libev-4.20-2.fc24.x86_64
  libreport-filesystem-2.7.2-1.fc24.x86_64
  libsigsegv-2.10-10.fc24.x86_64
  libverto-libev-0.2.6-6.fc24.x86_64
  mdadm-3.4-2.fc24.x86_64
  mpfr-3.1.5-1.fc24.x86_64
  nss-pem-1.0.2-2.fc24.x86_64
  python2-requests-2.10.0-2.fc24.noarch
  python2-urllib3-1.15.1-3.fc24.noarch
  python3-dateutil-1:2.5.2-2.fc24.noarch
  python3-gobject-base-3.20.1-1.fc24.x86_64
  skopeo-containers-0.1.14-5.git550a480.fc24.x86_64
Added:
  GeoIP-1.6.9-2.fc24.x86_64
  GeoIP-GeoLite-data-2016.05-1.fc24.noarch
  docker-selinux-2:1.10.3-9.git667d6d1.fc24.x86_64
  gnupg2-smime-2.1.11-3.fc24.x86_64
  hawkey-0.6.3-2.fc24.x86_64
  libhif-0.2.2-4.fc24.x86_64
  libsecret-0.18.5-1.fc24.x86_64
  libtalloc-2.1.6-1.fc24.x86_64
  libtevent-0.9.28-1.fc24.x86_64
  libusb-1:0.1.5-7.fc24.x86_64
  libusbx-1.0.21-0.1.git448584a.fc24.x86_64
  libverto-tevent-0.2.6-6.fc24.x86_64
  pinentry-0.9.7-2.fc24.x86_64
  python-requests-2.10.0-1.fc24.noarch
  python-urllib3-1.15.1-1.fc24.noarch
  Run "systemctl reboot" to start a reboot
[fedora@fed-atomic-01 ~]$

Reboot the host and verify it is using the previous tree version.

[fedora@fed-atomic-01 ~]$ sudo rpm-ostree status
  TIMESTAMP (UTC)         VERSION   ID             OSNAME            REFSPEC
* 2016-06-15 09:57:04     24.39     2c7d41e8a6     fedora-atomic     fedora-atomic:fedora-atomic/24/x86_64/docker-host
  2016-11-14 20:46:13     24.81     49dd9520a7     fedora-atomic     fedora-atomic:fedora-atomic/24/x86_64/docker-host
[fedora@fed-atomic-01 ~]$ sudo rpm-ostree status -p
============================================================
  * DEFAULT ON BOOT
----------------------------------------
  version    24.39
  timestamp  2016-06-15 09:57:04
  id         2c7d41e8a67931fe21bc92100c59cff8a94c2df5a0e6a1b75957bda141601481.0
  osname     fedora-atomic
  refspec    fedora-atomic:fedora-atomic/24/x86_64/docker-host
============================================================
    NON-DEFAULT ROLLBACK TARGET
----------------------------------------
  version    24.81
  timestamp  2016-11-14 20:46:13
  id         49dd9520a7c537ced9c846c2e2f47643b5f52a22768d944b6d8c1108da38f39e.0
  osname     fedora-atomic
  refspec    fedora-atomic:fedora-atomic/24/x86_64/docker-host
============================================================
[fedora@fed-atomic-01 ~]$

Atomic command line

Atomic includes a new cli called atomic, provides a coherent entry point to manage Atomic Hosts. Under the hood atomic command is a wrapper that allows an administrator to perform container and host maintenance operations using a unified interface.

usage: atomic [-h] [-v] [--debug] [-y]
              {containers,diff,help,images,host,info,install,mount,pull,push,upload,run,scan,sign,stop,storage,migrate,top,trust,uninstall,unmount,umount,update,verify,version}
              ...

Atomic Management Tool

positional arguments:
  {containers,diff,help,images,host,info,install,mount,pull,push,upload,run,scan,sign,stop,storage,migrate,top,trust,uninstall,unmount,umount,update,verify,version}
                        commands
    containers          operate on containers
    diff                Show differences between two container images, file
                        diff or RPMS.
    images              operate on images
    host                execute Atomic host commands
    install             execute container image install method
    mount               mount container image to a specified directory
    pull                pull latest image from a repository
    push (upload)       push latest image to repository
    run                 execute container image run method
    scan                scan an image or container for CVEs
    sign                Sign an image
    stop                execute container image stop method
    storage (migrate)   manage container storage
    top                 Show top-like stats about processes running in
                        containers
    trust               Manage system container trust policy
    uninstall           execute container image uninstall method
    unmount (umount)    unmount container image
    update              pull latest container image from repository

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         show atomic version and exit
  --debug               show debug messages
  -y, --assumeyes       automatically answer yes for all questions
[fedora@fed-atomic-01 ~]$

Container operations

atomic can be used for container management operations in several ways, at first sight it looks like a sot of wrapper for dockerto perform many operations like run, stop, list images, etc, however for an atomic run operation it will grab the run LABEL and execute it with no need for the user to pass any parameters. atomic implements the command install which instead of jst importing the container image in the host with its corresponding Kubernetes configuration or Systemd unit file.

[fedora@fed-atomic-01 ~]$ sudo atomic run alpine sh
Trying docker.io/library/alpine:latest
Uploading blob sha256:baa5d63471ead618ff91ddfacf1e2c81bf0612bfeb1daf00eb0843a41fbfade3
 0 B / 1.25 KB [---------------------------------------------------------------]
Uploading blob sha256:3690ec4760f95690944da86dc4496148a63d85c9e3100669a318110092f6862f
 0 B / 2.21 MB [---------------------------------------------------------------]
Uploading manifest to image destination
Storing signatures
 2.21 MB / 2.21 MB [===========================================================]docker run -t -i --name alpine alpine sh
/ #

atomic also allows to manage the installed Docker images.

[fedora@fed-atomic-01 ~]$ sudo atomic images list
   REPOSITORY             TAG      IMAGE ID       CREATED            VIRTUAL SIZE   TYPE
>  docker.io/nginx        latest   05a60462f8ba   2016-11-08 23:41   181.44 MB      Docker
>  docker.io/cockpit/ws   latest   0c8d8b92a26e   2016-11-02 19:14   532.96 MB      Docker
>  docker.io/alpine       latest   baa5d63471ea   2016-10-18 22:31   4.8 MB         Docker

[fedora@fed-atomic-01 ~]$
[fedora@fed-atomic-01 ~]$ sudo atomic images info 0c8d8b92a26e
Image Name: 0c8d8b92a26e
RUN: /usr/bin/docker run -d --privileged --pid=host -v /:/host IMAGE /container/atomic-run --local-ssh
UNINSTALL: /usr/bin/docker run -ti --rm --privileged -v /:/host IMAGE /container/atomic-uninstall
INSTALL: /usr/bin/docker run -ti --rm --privileged -v /:/host IMAGE /container/atomic-install
[fedora@fed-atomic-01 ~]$

Host operations

For host related operation atomic acts as a wrapper for rpm-ostree allowing the same kind of operations.

[fedora@fed-atomic-01 ~]$ sudo atomic host -h
usage: atomic host [-h]
                   {rollback,status,upgrade,rebase,deploy,unlock,install,uninstall}
                   ...

positional arguments:
  {rollback,status,upgrade,rebase,deploy,unlock,install,uninstall}
                        host commands
    rollback            switch to alternate installed tree at next boot
    status              list information about all deployments
    upgrade             upgrade to the latest Atomic tree if one is available
    rebase              Download and deploy a new origin refspec
    deploy              deploy a specific commit
    unlock              Make the current deployment mutable (for development
                        or a hotfix)
    install             Install a (layered) RPM package
    uninstall           Remove a layered RPM package

optional arguments:
  -h, --help            show this help message and exit
[fedora@fed-atomic-01 ~]$

Cockpit

Cockpit is a remote management interface of Linux hosts, I have written before about Cockpit here, here and here. In an Atomic Host, Cockpit can be used to manage docker containers and Kubernetes clusters.

To use Cockpit in Atomic is as simple as sudo atomic run cockpit/ws.

[fedora@fed-atomic-01 ~]$ sudo atomic install cockpit/ws
Using default tag: latest
Trying to pull repository docker.io/cockpit/ws ...
latest: Pulling from docker.io/cockpit/ws

c46df4a5b63b: Pull complete
99ef0b2c8485: Pull complete
59a5aa6b0031: Pull complete
5951d07fb748: Pull complete
5f76b08ca3d3: Pull complete
29128c9a04f7: Pull complete
681bb27149fa: Pull complete
078f3e279249: Pull complete
080f6c78b22e: Pull complete
d174142110f6: Pull complete
2599a2377eca: Pull complete
Digest: sha256:b208b4e05c625837890345f816402f1e08ecc99fb569c29dca876e822dab4dbf
Status: Downloaded newer image for docker.io/cockpit/ws:latest
/usr/bin/docker run -ti --rm --privileged -v /:/host cockpit/ws /container/atomic-install
+ sed -e /pam_selinux/d -e /pam_sepermit/d /etc/pam.d/cockpit
+ mkdir -p /host/etc/cockpit/ws-certs.d
+ chmod 755 /host/etc/cockpit/ws-certs.d
+ chown root:root /host/etc/cockpit/ws-certs.d
+ mkdir -p /host/var/lib/cockpit
+ chmod 775 /host/var/lib/cockpit
+ chown root:wheel /host/var/lib/cockpit
+ /bin/mount --bind /host/etc/cockpit /etc/cockpit
+ /usr/sbin/remotectl certificate --ensure
[fedora@fed-atomic-01 ~]$
[fedora@fed-atomic-01 ~]$ sudo atomic run cockpit/ws
/usr/bin/docker run -d --privileged --pid=host -v /:/host cockpit/ws /container/atomic-run --local-ssh
/usr/bin/docker run -d --privileged --pid=host -v /:/host cockpit/ws /container/atomic-run --local-ssh
5b300986736c4c4085d2c2c898ad3873f94236c0dd35e6689d2d83e2ff52a568
[fedora@fed-atomic-01 ~]$
[fedora@fed-atomic-01 ~]$ sudo docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
5b300986736c        cockpit/ws          "/container/atomic-ru"   13 seconds ago      Up 13 seconds                           backstabbing_yonath
[fedora@fed-atomic-01 ~]$

As you can see even the management applications in Atomic are run as containers.

Hope this article has been helpful to many of you to initiate into Atomic Hosts. Stay tuned for the next part of the series.

– Juanma