Fedora CoreOS – a smart fedora for Container Linux
Fedora CoreOS is a Linux distribution that is used as a container host. It is based on CoreOS Container Linux and is actively developed and distributed by the American developer Red Hat. The system thus combines the CoreOS Container Linux system with Fedora Atomic Host solutions. The latter handles such tasks as packaging and SELinux security integration.
The server operating system Fedora is the direct successor to Red Hat Linux. The fedora is also used in Red Hat’s well-known trademark. The goal of this Linux distribution is to create an operating system that can be used for nearly all applications and target groups. CoreOS Linux is also known as “Container Linux”, not to be confused with Linux containers. Container Linux is a minimal, standalone, open-source operating system.
Red Hat acquired CoreOS in 2018 and developed Fedora CoreOS, an upstream system that is intended to replace the classic Container Linux. One of the developer’s first promises is that Fedora CoreOS can be configured in just five minutes.
What is Fedora CoreOS?
Fedora CoreOS is a Linux distribution optimized to work with Kubernetes and designed to run containerized workloads. It offers good support with automatic updates and fixes as well as regular security updates.
As a hybrid product of CoreOS and Red Hat, Fedora CoreOS features the best tools from both systems:
- The tool Ignition from Container Linux – used to manipulate disks during the boot process via the initial RAM file system to start up Container Linux. In Fedora CoreOS, it is used to boot and configure the Fedora CoreOS images.
- Red Hat’s rpm-ostree – this package management system allows you to put together package groups which you can then work with as a single image.
So far, Fedora CoreOS has come across as a lean host system for software containers, so basically like Docker or a Docker alternative like OCI. The containers can be installed and managed using Podman or Moby, just like classic containers. Fedora CoreOS sets itself apart particularly through its stability and security and in strict compliance with SELinux guidelines.
Red Hat’s rpm-ostree also offers its own protections against attacks as well as against corrupted updates and packages. If worse comes to worst, all steps can be rolled back.
After a quick, simple, and flexible installation, Fedora CoreOS can be fully operated without any maintenance. For example, all required security updates are performed automatically. The administrator nevertheless maintains control allowing them to prevent unscheduled system restarts, which could lead to data loss in the worst case. Sticking with this example, they can intervene in these processes to manage restarts centrally for multiple systems.
Installing Fedora CoreOS
You can install Fedora CoreOS either directly on the hardware or in a virtual machine, such as VMware, OpenStack, or QEMU. There are also cloud images of Fedora CoreOS for all common providers, including AWS, Microsoft Azure, Google Cloud, and Alibaba Cloud.
When you install Fedora CoreOS on a Linux system, it will run with minimal functionality by default (i.e., only with the applications needed for operation). Ignition automatically reads the configuration file at first boot and sets up the system. The parameters in this file let Ignition know what the system looks like. Then partitions are defined, users are created, and rights are assigned; if the configuration file is in a cloud, the installation environment is configured there. For example, in the case of AWS, the configuration is included with the operating system so that Fedora CoreOS can be installed with just one click.
If you are installing it on your own hardware or hypervisor, the configuration is done manually using the command-line tool fcct (Fedora CoreOS Configuration Transpiler). First, you create a YAML file and format it in JSON. The file is then assigned the extension .fcc (Fedora CoreOS Configuration). In the finished .fcc file, the administrator then identifies themself with the appropriate SSH key.
The Ignition file is not just for installation. It is also for configuring Fedora CoreOS. It can define directories and files as well as their contents, even during installation.
Once the system is running and someone has logged in via the SSH key, the desired containers can be installed as normal (e.g., via Podman or Moby). Fedora CoreOS is compatible with Docker and specifications set by the Open Container Initiative. CoreOS can also be run as a single installation and managed with Kubernetes.
What is Fedora CoreOS used for?
As with Fedora Atomic Host, Fedora CoreOS is also used as a highly available, secure, flexible container guest system. Even though Fedora CoreOS can be installed in just five minutes, it is by no means recommended for beginners. Anyone who has not yet had experience with Red Hat products will need to have a lot of patience in the beginning.
So, what exactly is Fedora CoreOS used for? Well, it is used in container systems that are intended to operate without any maintenance. This is essential in situations where server services are run in containers that can ideally also update themselves independently. Common operating systems usually cannot do this. Fedora CoreOS spares administrators from this time-consuming work and even runs best when there is no further intervention. Fedora CoreOS’s domain is reproducible servers, where the operating system continuously replaces packages and containers with more recent versions.
CoreOS: the final overview
Back in its day, CoreOS managed to do what Fedora CoreOS is currently able to do, albeit on a small scale. The lean open-source operating system used a Linux kernel and specialized in running applications in Docker. CoreOS was also capable of running Linux containers and distributing configurations. CoreOS was released in 2013 and quickly became a success story which culminated in it being bought by Red Hat for $250 million. On 26 May 2020, its status as an independent project was terminated, and it is now officially only part of Fedora CoreOS.
Summary of Fedora CoreOS’s advantages
Fedora CoreOS is a secure, flexible, completely stable system for Container Linux that can be installed in just five minutes and sets itself apart through the following points:
- Everything is configured in just a few clicks.
- It has one log-in via SSH and containers are installed immediately.
- The system basically functions completely independently.
In comparison to its predecessor CoreOS, it has a much wider range of applications and thus a far broader audience.
However, not all users see its automatic updates as an advantage. They are concerned that the updates will end up killing processes. That said, each update is checked in a separate process. The current package is first tested in Next Stream, a testing environment that represents the current development status of Fedora CoreOS. Developers collect all upcoming updates for the operating system in it, run them, and observe the processes. Once it has been determined that everything is running smoothly, the packages are sent to the Stable Stream, and then Fedora CoreOS retrieves the updates and installs them automatically.