Since the ascent of docker there is a need for an operating system that is lighter as well as secure. The docker container is dependent only on few set of kernel features whose size is around few MB. So if you are hosting a micro apps inside a container and the container is hosted on a full featured OS then it is most likely that the container is not using all the features of the OS and other services. These useless services and features of monolithic OS from the point of view of container will unnecessarily overhead CPU and memory consumption apart from maintenance and security issues. The OS that is stripped from everything that is not necessary for running a docker container is termed as container specific OS/minimalist OS. Although the term 'minimalist OS' is not new as stripped down operating systems have long been embedded in electronic systems and we have also minimal OS based on linux. We can term this minimal OS as micro or skinny OS designed specifically for docker containers. In this article we will look at few popular container specific OS, currently trying to get a niche share of the market segment.
1. Core OS
"CoreOS is designed for security, consistency, and reliability. Instead of installing packages via yum or apt, CoreOS uses Linux containers to manage your services at a higher level of abstraction. A single service’s code and all dependencies are packaged within a container that can be run on one or many CoreOS machines." --https://coreos.com/using-coreos/
CoreOS is designed for running only containers. It has its own container format called 'Rocket' but supports docker as well. In CoreOS, container run-time is automatically configured for each machine and OS update is done like updating chrome web browser. When a new component is released CoreOS is automatically updated. CoreOS uses docker with 'fleet' which is a distributed init system to manage entire cluster as a single unit. But the wide spread use of kubernetes has forced CoreOS to remove fleet from Container Linux on February 1, 2018. Rather CoreOS will use Kubernetes and Tectonic for cluster orchestration and management.
2. Project atomic
"Project Atomic integrates the tools and patterns of container-based application and service deployment with trusted operating system platforms to deliver an end-to-end hosting architecture that’s modern, reliable, and secure." --http://www.projectatomic.io/
Atomic has releases for each flavor of Red hat- Fedora, RHEL and CentOS. In atomic releases, red hat replaced the yum with rpm-ostree to manage update. This enables you to rollback updates to a previous tree. The benefit of using atomic is the stability of Red Hat environment. If you are familiar with any Red Hat version then you can easily use the tools like selinux, kickstart , anaconda etc. in atomic also. This container specific OS has 200 binaries as compared to nearly 6500 applications in RHEL 7 and size is little more than 300MB. It is not as small as you can put it on an embedded device.
3. Ubuntu snappy core
"Snappy Ubuntu Core is a new rendition of Ubuntu with transactional updates – a minimal server image with the same libraries as today’s Ubuntu, but applications are provided through a simpler mechanism. The Snappy approach is faster, more reliable, and lets us provide stronger security guarantees for apps and users…" --https://developer.ubuntu.com/en/snappy/
Snappy ubuntu core is the result of experienced gained from the effort of creating a tiny yet robust operating system for mobile devices. Snappy uses transactional, image-based delta updates for system and application, transmitting only differences which results in a small downloads and ensures updates can be rolled back easily. In addition snappy supports AppArmor kernel security system thereby lets you isolate the applications from one another completely. Snappy does not come shipped with docker but you can easily install it as a framework to run apps above it.
4. Rancher OS
"RancherOS is the smallest, easiest way to run containers at scale in production, and includes only the services needed to run Docker. By removing unneeded libraries, and running the latest version of Docker by default, RancherOS reduces the hassle with updating, patching, and maintaining your container host operating system. Containers on RancherOS boot in seconds, making it easy for teams to move and scale quickly." --http://rancher.com/rancher-os/
The core approach of RancherOS is different from the others. RancherOS can be considered as OS made of docker. In RancherOS, first process that is started by the kernel is the system level docker daemon with PID 1. Now why system level docker daemon ? Because In RancherOS, first process that is started by the kernel is the system level docker daemon with PID 1. RancherOS runs two docker daemons one is the system docker and another is the user docker which runs above system docker. Rancher uses docker as an init system instead of systemd, sysvinit or upstart. In RancherOS, you always get the latest version of docker and since all system services are accomplished through docker containers there is no need for any package management tools like yum or apt-get. Since the size of RancherOS is around 20MB it can be considered as a solution for embedded and IOT devices.
5. Vmware photon
VMware Photon Platform is an enterprise cloud infrastructure platform that enables IT to deliver on-demand tools and services developers need to build and run container-based, cloud-native applications while retaining security, control and performance of their datacenters. --http://www.vmware.com/in/products/photon-platform.html
In 2007, Mendel Rosenblum, chief scientist and co-founder of virtualization vendor VMware said, today's modern operating system is destined for the dustbin and preached the virtues of virtualization. The new container specific OS meant for container technology did flourished the market but not the virtualization as he expected. To protect the business, VMware was forced to bring 'photon' a minimal OS which runs only on VMware vSphere and VMware vCloud Air. Photon supports containers like Docker, rocket and the Pivotal Garden container specifications which is based on Vmware Warden.
As the new container specific OS are hitting the market by gloating their product, there are few issues associated with the OS because it is still in nascent stage and these issues will eventually removed in the future releases. Like the earlier OS war between Microsoft-Linux-MAC, the new camps are forming for another skinny OS war. The main opponents are Red Hat/Docker in one side and VMware/CoreOS in another side. At the moment, Google is sitting on the fence with its kubernetes, knowing that they can run their containers in other OS too and are working on that direction to make money on public cloud.