From CoreOS to Nano: Micro OSes strip down for containers

CoreOS, Red Hat, Ubuntu, VMware, Rancher, and Microsoft put unique twists on the stripped-down, container-focused, cloud-scale operating system

There’s an all-out war going on to see which OS will be crowned king of the cloud. And guess what? None of the traditional operating systems is going to win.

Traditional operating systems are not designed for the cloud -- they’re too bloated. As a result, a new breed of super-skinny, minimalist operating systems is emerging to replace them.

Note: We’re going to refer to these minimalist operating systems as micro operating systems. You may have also heard them described as container operating systems, as they are designed to run containers.

To set the scene, the cloud is about three major things -- density, elasticity and security. Obviously the cloud is about lots of things, but these three factors are at the center of cloud computing.

And it’s these three factors that are heralding the death of the traditional operating system in the cloud, and the birth of the micro operating system.

What is a micro operating system?

In a nutshell, a micro operating system is an operating system designed for one thing, and one thing only -- server workloads. There’s no extra fluff included to run things like pretty graphical user interfaces, desktop productivity apps or even server services that aren’t absolutely necessary.

A core tenet of the micro OS is that smaller footprints enable greater densities and greater security. Or put another way, smaller footprints lead to less complexity, fewer vulnerabilities, less patching, fewer reboots shorter boot times... in short, less waste.

And while this all started out in the Linux world, the battle is so hot that it has spilled over into the Windows world. Everyone is vying to be crowned king of the cloud.

In this article we’ll review some of the major and more interesting players in this exciting new space of micro operating systems.

CoreOS

First up, any conversation about modern micro operating systems should probably start with CoreOS, as I think it’s fair to say that it was the first influential micro operating system designed for today’s cloud environments.

At a high level, CoreOS is a stripped-down Linux distro designed to work with containers -- initially using the Docker container engine, but more recently using its own rkt container engine. (Note: rkt is pronounced “rocket.”) Either way, this focus on containers has allowed CoreOS to do away with package managers and a boatload of other fluff, allowing it to weigh in at a respectably small 161MB (current stable version at time of writing).

So CoreOS is small and designed for use with containers. But the CoreOS Linux distro is only a component part of what CoreOS, the company, is trying to achieve. The company’s raison d’etre could be summed up in the following two points:

  • To secure clouds and the Internet
  • To bring Google-esque infrastructure to the masses

On the topic of securing clouds and the Internet, simplifying updates is a massive part of the CoreOS value proposition. OS updates are image-based, meaning that any time updates are required, the entire OS image gets updated. Rather than attempting to update multiple individual packages and services, CoreOS relies on wholesale updates to OS images and containers. This turns out to be a great way to update systems and allows for easier roll-back if required.

On the Google-esque infrastructure side of things, CoreOS offers a suite of services to orchestrate scalable container ecosystems and deliver overlay networks -- technologies such as etcd, fleet, and flannel.

In summary, CoreOS is one of the oldest micro operating systems designed for containers and today’s cloud workloads. It’s respectably small and supports atomic image-based updates.

Project Atomic

Not wanting to get left behind, Red Hat spawned a community project called Project Atomic. The aim of the project being to produce cloud and container optimized versions of Fedora, RHEL, and CentOS:

  • Fedora Atomic Host
  • RHEL Atomic Host
  • CentOS Atomic Host

Fedora Atomic Host is where all the cool bleeding edge stuff happens. RHEL Atomic Host takes what it likes from Fedora Atomic Host and wraps it in an enterprise-class bundle. CentOS Atomic Host is the community supported edition of RHEL Atomic Host.

Similar to CoreOS, Atomic Hosts are container-centric, cloud-optimized 64-bit servers. But the name “Atomic” apparently has nothing to do with the small size of the server. This is just as well, considering the fact that, compared to many of the other micro operating systems, Atomic Hosts are slightly on the heavy side. A quick look at the image sizes for CentOS Atomic Host vary between several hundred megabytes for the compressed version and about one gigabyte for the uncompressed version.

Apparently the name “Atomic” comes from the way updates are performed. Like CoreOS, Atomic Hosts support image-based updates.

In summary, Project Atomic provides cloud and container optimized versions of Fedora Linux, RHEL, and CentOS that leverage the Docker container engine and support image-based updates.

Snappy Ubuntu Core

Right around the time that the world was going cloud crazy, and this new breed of micro operating systems was being born, the guys at Canonical (owners of Ubuntu Linux) were working hard on a minimalist version of Ubuntu for use on mobile phones and tablets. And so the story goes… when Ubuntu realized it needed a micro operating system optimized for clouds and containers, it already had something pretty good to work from.

Cutting a long story short, this is how Snappy Ubuntu Core was born. On the technical side, it’s a stripped down version of Ubuntu Server that weighs in at around 100MB as a compressed image. No surprise, Snappy leverages Docker and supports image-based updates.

We’re starting to see a pattern here.

VMware Project Photon

Being experts at spotting a trend and delivering solid, enterprise-class products, VMware has come to the party with its own micro operating system, codenamed Project Photon. Photon is currently in technology preview with only community support.

Project Photon is a stripped down Linux distro optimized to run on VMware vSphere and leverage the VMware ecosystem for patches and updates and identity-based access management. Install options range from a 260MB “micro” image up to a 1.7GB full installation.

In addition to Docker, Photon works with rkt and Garden containers, the latter being a container format used in Pivotal’s Cloud Foundry. And Photon not only supports image-based updates, but also includes a more traditional, yum-like package manager.

The fact that Project Photon is optimizedto run on vSphere (drivers and a tuned kernel) is great. But the real killer features of Project Photon will be the VMware support and the integrations into the vSphere ecosystem.

If you’re a cautious enterprise that is already a customer of VMware, there may be no better platform to start tinkering with containers on.

RancherOS

OK, and now for a curveball…

Little-known RancherOS (from Rancher Labs) takes all of this cloud and container integration to the next level.

For starters, it weighs in at an insanely small 20MB, which for a cloud-optimized server platform is awesome. But that’s not the cool bit; the cool bit is the way RancherOS integrates Docker.

Let’s step back for a second. CoreOS, Atomic Hosts, Snappy Ubuntu Core, and Project Photon all boot a Linux kernel, start a bunch of system services, and then layer a container runtime on top. RancherOS takes a different approach. After it boots the Linux kernel, it spawns a special Docker instance called system-docker and starts all system services as containers. Yes, you did read that right. With RancherOS, the Linux kernel is bootstrapped and then a system-docker process is spawned. This system-docker process gets PID 1 and is responsible for starting all system-related processes as containers -- things like udev and syslog.

There’s no doubt that RancherOS is an interesting and extremely innovative approach to building cloud-optimized operating systems. Not to mention the fact that it’s the smallest of the micro operating systems we’ve looked at, as well as being the most tightly integrated with a container engine (Docker). I highly recommend you check it out.

Windows Nano Server

Not wanting to let Linux run away with the cloud and container ecosystem, Microsoft recently unveiled its own micro operating system called Windows Nano Server, currently scheduled for general release sometime in 2016.

Realizing that Windows Server Core was a step in the right direction -- but only a small step -- Microsoft is taking minimalism to the next level with Nano Server. Nano is being touted as a much stripped down version of Windows Server, with Microsoft promising “93 percent smaller VHD size, 92 percent fewer critical bulletins, and 80 percent fewer required reboots.”

One factor in realizing this reduction in size is the fact that Nano Server has no GUI. In fact, it doesn’t even have a local CLI or PowerShell prompt -- all management has to be done remotely via WMI or PowerShell Remote or forthcoming Web-based management tools. Package installs and updates are handled through DISM, Microsoft’s image management tool.

We should also expect Nano Server to be optimized for containers -- another technology that Microsoft has announced but is not yet available.

As with all things, the proof will be in the pudding. But Microsoft seems to be throwing everything it can at the cloud and containers.

Lean and mean cloud machines

It seems highly likely that the clouds of the future will be powered by lightweight servers and containerized apps, with micro operating systems and containers taking center stage. With that in mind, let’s look quickly at some of the impact this may have.

First up, the small size of these micro operating systems leads naturally to a smaller attack surface -- less vulnerable code for malicious individuals and software to target. This also means less code to patch and potentially fewer and faster reboots. It should also mean more stable operating systems. After all, a code base of 100MB is a lot easier to maintain and troubleshoot than a code base 10 times the size.

Secondly, image-based updates are also a massive step forward. Gone are the days when updating your OS was a long, complex process involving sequential changes to individual packages and the dreaded potential of the system turning unstablealong the way. Image-based updates allow us to update the entire OS -- and all OS-related packages -- as a single update. This eliminates much of the complexity behind applying updates, as well as massively simplifying the rollback process.

Rollbacks are simplified by having two partitions -- one partition for the updated image, and one for the current known-good configuration. After applying an update, the next time you reboot the OS it will come back up using the updated partition. If problems are encountered, the OS can be rebooted back to the previous known-good partition. Image-based updates not only help simplify updates and rollbacks, they also help in maintaining a consistent state among all machines in a large cluster -- making the process of updating large clusters a lot less daunting.

On the container front, you should consider which container runtimes are supported. At the time of writing, some micro operating systems sit firmly in the Docker camp, whereas others are actively looking to work with both Docker and CoreOS rkt. You should carefully analyze which container runtime is best suited to your business process and your apps.

Finally, look closely at how these new micro operating systems are managed -- it’s a whole new ballgame. Managing RancherOS boils down to managing Docker containers. CoreOS will be happy to manage your OS fleet for you -- think of it as OS-as-a-service. Even in the case of Windows Nano Server -- where all configuration will be done remotely -- the signs point to simpler, more automated ways to handle deployment and configuration. Whether CoreOS manages our operating system for us, or we do it ourselves, we should all have more time to concentrate on our applications.

This story, "From CoreOS to Nano: Micro OSes strip down for containers" was originally published by InfoWorld.

Copyright © 2015 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon