Project Atomic And Multi-Container Application Packaging

Lalatendu MohantySenior Software Engineer @ Red Hat

Topics● Atomic Host● Nulecule● Atomic App● Getting Involved

Atomic Host ● It is not a new GNU/Linux distribution.● Framework to create an OS from RHEL,

CentOS and Fedora.● Optimized for Linux containers.

Why Atomic Host?● Our expectation from an OS is not same

anymore.– Pets vs Cattle.

● Updating and maintaining the system should be

easy.● It needs to be more secure than the traditional

OS

Atomic hosts comprises of

● Rpm-ostree● Cockpit● Kubernets● /usr/bin/atomic● Docker

OSTree“OSTree was born to help implement a continuous

delivery model for operating systems. One can be a lot

more confident in updating systems if one knows that a

reliable rollback system is always available.”

COLIN WALTERS

Senior Software Engineer, Inventor of OSTree

Red Hat

rpm-ostree● Git for operating systems.● Update methods of containers and applied

them to operating system.● No more half way upgraded systems

# yum updatebash: yum: command not found

# atomic host upgradeUpgrade prepared for next boot

# atomic host rollbackSuccessfully reset deployment

Why rpm-ostree?● Atomic host would only run containers.● Atomic update makes more sense for an

immutable system.● Allows reuse of RPMs.● No need to re-invent wheel on packaging.● Option to rollback to previous state (old good

state).

How rpm-ostree works?

● Fiilesystem is read-only except /var and /etc● All data (e.g. containers) are unchanged on

upgrade.● /etc gets updated through a 3-way merge.

/usr/bin/atomic● Coherent entry point : manage host and

containers with the atomic command.● Fill gaps in Linux container implementations.

– e.g. “atomic install foo” can install a container with

its k8s configuration and/or systemd unit file.

– “atomic run” grabs the LABEL “run” with its all

command line details.

– It can serve as metadata for containers for different

use cases

Cockpit● Server manager for administrating Linux servers

via web browser.● Designed to be multi-server● Support for managing containers, Kubernetes.

● http://cockpit-project.org/

Want to try?● ISOs are available for CentOS and Fedora

Atomic Host.● Available in public clouds.● For Vagrant users

– vagrant init fedora/23-atomic-host

– vagrant init centos/atomic-host

Any Questions for Atomic Host?

Website: projectatomic.ioIRC: #atomic on Freenode

Containers are great, but it is not just one container.

In real life applications are composed of multiple

containers (Micro-services?)

But how to define a multi-container application configuration without distributing instructions and

files to the end-user ?

We have docker compose , kubernetes configuration files, but is it enough?

The application also goes through different stage

Metadata changes for each stage.

Nulecule● A specification ● Container technology independent● Provide a simple, flexible way to describe a

multi-container application, including all

dependencies.

Understanding Nulecule● Graph

– Directed acyclic graph to define application

dependencies/components.

Understanding Nulecule● Parametrization

– Values/information for deployment

– Default values (Can be overridden by answers.conf)

– Each component has its own parameters

– Supports variable substitution, regular expression etc

Understanding Nulecule● Answers.conf

– Porvides answers to question defined by prarameters

– Override default values of parameters (e.g. for

different environment)

Understanding Nulecule● Providers

– e.g. Kubernetes, OpenShift, Docker Compose, Mesos,

Docker

– Metadata for orchestrators/providers

A complete Nulecule Spec

Atomic App● Nulecule app installer● At this moment only supports docker run time● It performs all actions required to run the

application by reading the Nulecule spec.– Downloading all required docker images

– Communicating to providers etc

Using Atomic App● As a docker image● Use atomicapp base image to build nulecule-ized

applications● Running a nulecule-ized applications

– $ atomic run projectatomic/helloapache

● Uses /usr/bin/atomic labels– $ grep Run Dockerfile

RUN="docker run -it --rm \${OPT1} --privileged -v `pwd`:/atomicapp -v

/run:/run -v /:/host --net=host --name \${NAME} -e NAME=\${NAME} -e

IMAGE=\${IMAGE} \${IMAGE} -v \${OPT2} run \${OPT3} \${IMAGE}" \

Nulecule-library

Get involved ● https://github.com/projectatomic/nulecule● https://github.com/projectatomic/nulecule-libr

ary● https://github.com/projectatomic/atomicapp● #nulecule on Freenode● Mailing List: container-tools@redhat.com

Reference● http://www.slideshare.net/VavPavl/nulecule

Thank you :-)

Any questions please?

Contact me: @lalatenduM on TwitterlalatenduM on Freenode