benjamin gilbert ben breard - blog.openshift.com · fedora coreos •new fedora edition...
TRANSCRIPT
![Page 1: Benjamin Gilbert Ben Breard - blog.openshift.com · Fedora CoreOS •New Fedora edition •Purpose-built OS for running containerized workloads at scale •Philosophy of CoreOS Container](https://reader035.vdocuments.mx/reader035/viewer/2022081521/5e053fde8908c87ff96ac0d8/html5/thumbnails/1.jpg)
Benjamin GilbertFedora CoreOS Technical Lead
Creative Commons BY-SA 4.0
Ben BreardProduct
ManagerOpenShift Commons Briefing - July 25, 2019
![Page 2: Benjamin Gilbert Ben Breard - blog.openshift.com · Fedora CoreOS •New Fedora edition •Purpose-built OS for running containerized workloads at scale •Philosophy of CoreOS Container](https://reader035.vdocuments.mx/reader035/viewer/2022081521/5e053fde8908c87ff96ac0d8/html5/thumbnails/2.jpg)
Fedora CoreOS• New Fedora edition• Purpose-built OS for running containerized
workloads at scale• Philosophy of CoreOS Container Linux• Technology from Fedora Atomic Host
![Page 3: Benjamin Gilbert Ben Breard - blog.openshift.com · Fedora CoreOS •New Fedora edition •Purpose-built OS for running containerized workloads at scale •Philosophy of CoreOS Container](https://reader035.vdocuments.mx/reader035/viewer/2022081521/5e053fde8908c87ff96ac0d8/html5/thumbnails/3.jpg)
Mission“An automatically updating, minimal, monolithic,
container-focused operating system, designed for clusters but also operable standalone, optimized
for Kubernetes but also great without it.”
![Page 4: Benjamin Gilbert Ben Breard - blog.openshift.com · Fedora CoreOS •New Fedora edition •Purpose-built OS for running containerized workloads at scale •Philosophy of CoreOS Container](https://reader035.vdocuments.mx/reader035/viewer/2022081521/5e053fde8908c87ff96ac0d8/html5/thumbnails/4.jpg)
RHEL CoreOS?• RHEL CoreOS is not intended as a standalone OS
• Component of OpenShift• Updates along with OpenShift• Based on RHEL package set
• Fedora CoreOS• Shares some components and tooling with RHEL CoreOS• Standalone OS• Based on Fedora package set
![Page 5: Benjamin Gilbert Ben Breard - blog.openshift.com · Fedora CoreOS •New Fedora edition •Purpose-built OS for running containerized workloads at scale •Philosophy of CoreOS Container](https://reader035.vdocuments.mx/reader035/viewer/2022081521/5e053fde8908c87ff96ac0d8/html5/thumbnails/5.jpg)
Philosophy• Immutable infrastructure
• Customizations entirely in provisioning config• No configuration management: re-provision the node
• User software does not run directly in the host• No interpreters• We will freely update libraries
• OS versions are an implementation detail• Fedora releases are regular updates
![Page 6: Benjamin Gilbert Ben Breard - blog.openshift.com · Fedora CoreOS •New Fedora edition •Purpose-built OS for running containerized workloads at scale •Philosophy of CoreOS Container](https://reader035.vdocuments.mx/reader035/viewer/2022081521/5e053fde8908c87ff96ac0d8/html5/thumbnails/6.jpg)
What is Fedora CoreOS?• Server and cloud distro
• Available in wide variety of clouds• Workloads run in containers
• Reasonably minimal host OS• Image-based distro using rpm-ostree
• "Git for the OS"• OS mounted read-only• Offline atomic updates
• Automatic updates
![Page 7: Benjamin Gilbert Ben Breard - blog.openshift.com · Fedora CoreOS •New Fedora edition •Purpose-built OS for running containerized workloads at scale •Philosophy of CoreOS Container](https://reader035.vdocuments.mx/reader035/viewer/2022081521/5e053fde8908c87ff96ac0d8/html5/thumbnails/7.jpg)
Cloud/virt support• Targets: AWS, Azure, DigitalOcean, GCP,
OpenStack, Packet, QEMU, VirtualBox, VMware• Fedora CoreOS will avoid shipping platform agents
where possible• Afterburn: generic cloud agent providing minimum
required functionality
![Page 8: Benjamin Gilbert Ben Breard - blog.openshift.com · Fedora CoreOS •New Fedora edition •Purpose-built OS for running containerized workloads at scale •Philosophy of CoreOS Container](https://reader035.vdocuments.mx/reader035/viewer/2022081521/5e053fde8908c87ff96ac0d8/html5/thumbnails/8.jpg)
Bare metal support• Install to disk
• Cloud images do not have an installer• Bare metal shouldn’t either• Install script is basically dd
• Live PXE
![Page 9: Benjamin Gilbert Ben Breard - blog.openshift.com · Fedora CoreOS •New Fedora edition •Purpose-built OS for running containerized workloads at scale •Philosophy of CoreOS Container](https://reader035.vdocuments.mx/reader035/viewer/2022081521/5e053fde8908c87ff96ac0d8/html5/thumbnails/9.jpg)
• Latest Fedora base components• Hardware support• Basic administration tools• Container engines: podman, moby• TBD: Kubernetes integration with kubelet, cri-o
What’s in the OS?
![Page 10: Benjamin Gilbert Ben Breard - blog.openshift.com · Fedora CoreOS •New Fedora edition •Purpose-built OS for running containerized workloads at scale •Philosophy of CoreOS Container](https://reader035.vdocuments.mx/reader035/viewer/2022081521/5e053fde8908c87ff96ac0d8/html5/thumbnails/10.jpg)
Ignition: provisioning• Ignition configs: declarative JSON documents
provided via user data• Runs exactly once• Can write files and systemd units, create users and
groups, partition disks, create RAID arrays, format filesystems
• If provisioning fails, so does boot
![Page 11: Benjamin Gilbert Ben Breard - blog.openshift.com · Fedora CoreOS •New Fedora edition •Purpose-built OS for running containerized workloads at scale •Philosophy of CoreOS Container](https://reader035.vdocuments.mx/reader035/viewer/2022081521/5e053fde8908c87ff96ac0d8/html5/thumbnails/11.jpg)
Writing Ignition configs• Ignition configs are unsugared and JSON is not pretty• Fedora CoreOS Config Language
• YAML• Ignition config, plus sugar for common operations
• Converted to Ignition config by Fedora CoreOS Config Transpiler• Transpiler catches common errors at build time
![Page 12: Benjamin Gilbert Ben Breard - blog.openshift.com · Fedora CoreOS •New Fedora edition •Purpose-built OS for running containerized workloads at scale •Philosophy of CoreOS Container](https://reader035.vdocuments.mx/reader035/viewer/2022081521/5e053fde8908c87ff96ac0d8/html5/thumbnails/12.jpg)
Automatic updates• Users shouldn’t have to think about updates• They must be reliable• No breaking changes w/o long deprecation period• How we achieve reliability:
• Automated CI• Managed update rollout• Multiple release streams• Automatic rollback if update doesn’t boot
• With user-specified health checks
![Page 13: Benjamin Gilbert Ben Breard - blog.openshift.com · Fedora CoreOS •New Fedora edition •Purpose-built OS for running containerized workloads at scale •Philosophy of CoreOS Container](https://reader035.vdocuments.mx/reader035/viewer/2022081521/5e053fde8908c87ff96ac0d8/html5/thumbnails/13.jpg)
Update management• New installs
• Public metadata points to the recommended install images• Per-cloud and per-region basis• We can point to a previous release if a regression is found
• Updates• rpm-ostree is driven by a service, Zincati, that requests
permission to update• Updates are rolled out gradually, and can be stopped if
regressions are reported
![Page 14: Benjamin Gilbert Ben Breard - blog.openshift.com · Fedora CoreOS •New Fedora edition •Purpose-built OS for running containerized workloads at scale •Philosophy of CoreOS Container](https://reader035.vdocuments.mx/reader035/viewer/2022081521/5e053fde8908c87ff96ac0d8/html5/thumbnails/14.jpg)
Release streams• testing: snapshot of Fedora N plus updates• stable: testing after it bakes for two weeks• next: extra baking time for Fedora N+1 and new kernels
• Goal: report problems before they promote to stable• Users should run all three in production• Security fixes and bug fixes will be backported to all
streams
![Page 15: Benjamin Gilbert Ben Breard - blog.openshift.com · Fedora CoreOS •New Fedora edition •Purpose-built OS for running containerized workloads at scale •Philosophy of CoreOS Container](https://reader035.vdocuments.mx/reader035/viewer/2022081521/5e053fde8908c87ff96ac0d8/html5/thumbnails/15.jpg)
Update coordination• Nodes can request update permission from a
cluster service• Useful for ensuring an entire cluster doesn't update
simultaneously
![Page 16: Benjamin Gilbert Ben Breard - blog.openshift.com · Fedora CoreOS •New Fedora edition •Purpose-built OS for running containerized workloads at scale •Philosophy of CoreOS Container](https://reader035.vdocuments.mx/reader035/viewer/2022081521/5e053fde8908c87ff96ac0d8/html5/thumbnails/16.jpg)
Telemetry• Fedora CoreOS will report some machine info to
the Fedora project by default• Default set: non-identifying info
• Platform, instance type, OS version• Enhanced set is opt-in
• Hardware and network summary, etc.• Possible to opt-out entirely• Data used only in aggregate; no unique IDs
![Page 17: Benjamin Gilbert Ben Breard - blog.openshift.com · Fedora CoreOS •New Fedora edition •Purpose-built OS for running containerized workloads at scale •Philosophy of CoreOS Container](https://reader035.vdocuments.mx/reader035/viewer/2022081521/5e053fde8908c87ff96ac0d8/html5/thumbnails/17.jpg)
Fedora CoreOS preview• Preview release is available now
• Don’t run in production!• Incompatible changes may occur• Please test and report bugs
• Stable release in ~6 months• Please run in production!
![Page 18: Benjamin Gilbert Ben Breard - blog.openshift.com · Fedora CoreOS •New Fedora edition •Purpose-built OS for running containerized workloads at scale •Philosophy of CoreOS Container](https://reader035.vdocuments.mx/reader035/viewer/2022081521/5e053fde8908c87ff96ac0d8/html5/thumbnails/18.jpg)
Coming soon• next and stable streams• Full set of cloud and virtualization platforms• Multi-arch support• Live PXE and Live CD• Improved network configuration• More FCCT sugar• Functioning telemetry• More docs• OKD integration & design
![Page 19: Benjamin Gilbert Ben Breard - blog.openshift.com · Fedora CoreOS •New Fedora edition •Purpose-built OS for running containerized workloads at scale •Philosophy of CoreOS Container](https://reader035.vdocuments.mx/reader035/viewer/2022081521/5e053fde8908c87ff96ac0d8/html5/thumbnails/19.jpg)
OKD on Fedora CoreOS• Need openshift-installer and MCO changes• kubelet and cri-o are not yet shipped in the OS
• OS components, versioned with the cluster• Cluster control of OS version?• Short term: branch OS, add missing pieces• Medium term: support OKD directly in Fedora
CoreOS
![Page 20: Benjamin Gilbert Ben Breard - blog.openshift.com · Fedora CoreOS •New Fedora edition •Purpose-built OS for running containerized workloads at scale •Philosophy of CoreOS Container](https://reader035.vdocuments.mx/reader035/viewer/2022081521/5e053fde8908c87ff96ac0d8/html5/thumbnails/20.jpg)
Get involved!• Web: getfedora.org/coreos• Issues: github.com/coreos/fedora-coreos-tracker/issues• Forum: discussion.fedoraproject.org/c/server/coreos• Dev list: [email protected]• IRC: freenode #fedora-coreos
Next Commons Briefing on Ignition Deep Divehttps://commons.openshift.org/events.html#event|7885|995
![Page 21: Benjamin Gilbert Ben Breard - blog.openshift.com · Fedora CoreOS •New Fedora edition •Purpose-built OS for running containerized workloads at scale •Philosophy of CoreOS Container](https://reader035.vdocuments.mx/reader035/viewer/2022081521/5e053fde8908c87ff96ac0d8/html5/thumbnails/21.jpg)
Creative Commons BY-SA 4.0
Thank you!