Atomic Host exists in at least two versions: one based on Fedora and one on RHEL/CentOS. In both cases, it’s a lightweight version of the OS built to run containerized applications.
Only the /etc and /var directories are writable and the yum/dnf commands missing. OS upgrades are … atomic (atomic host upgrade) but can be rolled back (atomic host rollback) based on the hybrid image/package system called rpm-ostree.
More details are available in this Red Hat article about the Differences between RHEL Server and RHEL Atomic Host.
Install an Atomic Host image from the CentOS website in a VM or a physical server.
Since the Atomic Host 7.2.4 release, two versions of the Docker service are included in the operating system: docker and docker-latest. You can switch between the two versions but only one can run at any time (see details here).
All the default storage configuration details are defined in the /usr/lib/docker-storage-setup/docker-storage-setup file (respectively /usr/lib/docker-latest-storage-setup/docker-latest-storage-setupif you go for thedocker-latestversion). If you want to change any settings (create a new volume, change the filesystem on a new volume, etc), write them into the /etc/sysconfig/docker-storage-setup (respectively /etc/sysconfig/docker-lastest-storage-setup) to override the default options (see details here or here).
If you use a proxy to access the Internet, you need three additional steps:
- To allow OS upgrades, you have to set the proxy configuration as follows:
- #echo “proxy=http://…” >> /etc/ostree/remotes.d/centos-atomic-host.conf
- To allow access to external registries, you also have to assign the proper proxy configuration as follows:
- #**echo “HTTP_PROXY=http://…” >> /etc/sysconfig/docker **
- **# echo “HTTPS_PROXY=http://…” >> /etc/sysconfig/docker **
- # systemctl restart docker
- To allow time synchronization, you have to define your NTP configuration in the /etc/chrony.conf file and specify the time zone (for example:# timedatectl set-timezone America/New_York).
By default, you get access to the docker.io registry. If you installed an RHEL Atomic Host and already registered your instance, you can get access to the Red Hat registry at registry.access.redhat.com by uncommenting the following line in the /etc/sysconfig/docker file:
In case you require access to other registries, add an –add-registry option with the requested registry url in the ADD_REGISTRY variable but don’t forget that order matters.
Restart the Docker daemon:
# systemctl restart Docker
Check the new status:
# docker info | grep "^Registries:" Registries: registry.access.redhat.com (secure), docker.io (secure)
Now, you can search for containers with the docker search command.
By default, containers logs are stored in journald (–log-driver=journald) on the host system but you can change this setting in the /etc/sysconfig/docker file through the OPTIONS environment variable (see more details here).
To better manage your Atomic Host, you need to install Cockpit.
# atomic install rhel7/cockpit-ws
Note: You can alternatively type: # docker pull rhel7/cockpit-ws
To make it persistent, create the /etc/systemd/system/cockpitws.service unit file (see details here):
[Unit] Description=Cockpit Web Interface Requires=docker.service After=docker.service [Service] Restart=on-failure RestartSec=10 ExecStart=/usr/bin/docker run --rm --privileged --pid host \ -v /:/host --name %p docker.io/rhel7/cockpit-ws \ /container/atomic-run --local-ssh ExecStop=-/usr/bin/docker stop -t 2 %p [Install] WantedBy=multi-user.target
Note: If you need to run the cockpit service on a port different from 9090, after –local-ssh in the unit file, add the –port option and the new port number.
Start the cockpitws service:
# systemctl daemon-reload # systemctl enable cockpitws.service # systemctl start cockpitws.service
Note: If you get an error message like ‘Failed to execute operation: Access denied‘, check the syntax in your unit file (see details here).
Point your browser at the ip address of your VM/server, port 9090.
There are several ways to handle volumes with Docker.
With the -v /path syntax, you ask Docker to create a volume and mount it under /path inside the container. You don’t control the size of the volume.
With the -v /path1:/path2, you ask Docker to share the /path1 directory on the host and mount it under /path2 inside the container. If you run several containers with the same syntax, they will share the same space on the host.
Atomic Host provides another solution through a Docker lvm plugin that allows you to store your volumes on the host with a size defined through lvm (see more details here). With the -v vol:/pathsyntax, you askDocker to create a volume from a logical volume called vol and mount it under /path. This way, you can control the size of the volume and several containers using the same path (but a different volume name) will not share the same space on the host.
Edit the /etc/docker/docker-lvm-plugin file and add the name of a volume group (here we use the default volume group atomicos):
Restart the Docker daemon:
# systemctl restart docker
You can now create a persistent volume (here lvtest of 1GB):
# docker volume create -d lvm --name lvtest --opt size=1G
Note: The -d lvm option means use the device driver lvm.
Then, you can create a centos container called test and mount the persistent volume (here under /opt):
# docker run -it --name test -v lvtest:/opt centos bash
Note: Docker pulls the centos image (if it isn’t already available) before running the container.
A forum is available at http://ask.projectatomic.io/en/questions/ with many questions answered.
Scott Lowe’s blog‘s got two interesting articles about Atomic Host customizations:
The project Atomic provides system containers. They are special containers that containerize services that are needed to be run before a container runtime, like the upstream docker daemon, is running. You can find them in the Atomic System Containers repository.
When running the atomic host upgrade command, you can get this error message: no space left on device. In this case, follow this tutorial: can’t upgrade – no space left on device.
Chris Collins wrote an article about an Ansible role used for RHEL Atomic Host. Dan Walsh from RedHat explained how Linux containers evolved. Jeremy Eder from RedHat described how to juggle backing disks for docker on RHEL7, using atomic storage migrate.
The RedHat Container Support Policy is available here.