The rise of the purpose-built Linux distribution
Recently, several purpose-built distributions have been created specifically to run Linux containers. There seem to be more popping up every day. For our part, in April 2014 at the Red Hat Summit, Red Hat announced its intention to deliver a purpose-built, container-optimized version of Red Hat Enterprise Linux 7 called RHEL Atomic Host. After over a year in the making, we are excited that launch day has finally come!
What's important to know about Red Hat Enterprise Linux Atomic Host, you ask? Well, plenty...but for the sake of this blog, I'll stick to areas I know as a performance engineer:
- RHEL Atomic leverages years of engineering effort that went into RHEL7.
- It uses the same exact kernel as RHEL7.
- Significantly reduced on-disk and in-memory footprint.
- Utilizes OSTree technology for upgrades and rollbacks.
- Optimized device-mapper container storage performance out of the box.
- Optimized container scalability out of the box.
- Includes purpose-built rhel-tools container for system administration tasks
This last bullet requires some clarification. I mentioned that we've significantly reduced the footprint of RHEL Atomic, as compared with full-blown RHEL. In order to do that, some understanding of the intended use-case of Atomic is required, and perhaps some re-thinking of what compute environments may look like in the future.
To put it simply, RHEL Atomic includes only what's necessary to run containers. This means it does not include many of the common utilities that system administrators have grown accustomed to. Which leads us to...
Who moved my cheese?
When Red Hat's performance team first started experimenting with Atomic, it became clear that our needs for low-level debug capabilities were at odds with the stated goal of Atomic to maintain a very small footprint. If you consider your current production environment, most standard-builds do not include full debug capabilities, so this is nothing new. What is new, is that on RHEL you could easily install any debug/tracing/analysis utility, but on Atomic:
-bash-4.2# yum bash: yum: command not found
Woops! What's this now??? If you haven't played with the RHEL Atomic Beta yet, keep the first rule of RHEL Atomic in mind:
You don't install software on RHEL Atomic Host. You build containers on RHEL, or CentOS or Fedora, then run them on Atomic...sysadmin tools are no exception.
This technique greatly reduces the need for the standard set of administration, debug and performance monitoring utilities that you might need on a RHEL host. And this policy led us to a...
Proposal for a "tools-container" for Atomic Host
Born out of necessity (desire to get actual work done while the world was being invented...), came what was originally called the r7perf container, which was introduced back in July of last year. As we continued to reduce the footprint of RHEL Atomic, the need for (and popularity of) a tools-container idea increased to the point where a decision was made that we would create a rhel-tools container and ship it with RHEL Atomic. We'd like to thank Dan Walsh, Colin Walters and Vaclav Pavlin for inventing and building the underlying technologies that the rhel-tools container relies upon (such as --pid=host, --ipc=host, SELinux, etc) and getting those into Docker upstream.
How do I use this thing?
Here's a quick video that shows how to use the rhel-tools container to watch network traffic between containers, using netcat and tcpdump:
For more information, head over to the Red Hat Customer Portal and check out the official rhel-tools documentation.
Summary
While the missing yum on Atomic threw us for a loop, we quickly learned to re-orient our thinking for the brave, new containerized world. As it turns out, if you have a trusted, certified base layer to build upon, most applications, admin tools, benchmarks and even traditional/vertical scaling apps are perfectly content in a container.
Last updated: January 13, 2023