Fedora CoreOS – a smart fedora for Container Linux

Fedora CoreOS is a Linux dis­tri­bu­tion that is used as a container host. It is based on CoreOS Container Linux and is actively developed and dis­trib­uted by the American developer Red Hat. The system thus combines the CoreOS Container Linux system with Fedora Atomic Host solutions. The latter handles such tasks as packaging and SELinux security in­teg­ra­tion.

Red Hat acquired CoreOS in 2018 and developed Fedora CoreOS, an upstream system that is intended to replace the classic Container Linux. One of the developer’s first promises is that Fedora CoreOS can be con­figured in just five minutes.

Fedora CoreOS is a Linux dis­tri­bu­tion optimised to work with Kuber­netes and designed to run con­tain­er­ised workloads. It offers good support with automatic updates and fixes as well as regular security updates.

As a hybrid product of CoreOS and Red Hat, Fedora CoreOS features the best tools from both systems:

• The tool Ignition from Container Linux – used to ma­nip­u­late disks during the boot process via the initial RAM file system to start up Container Linux. In Fedora CoreOS, it is used to boot and configure the Fedora CoreOS images.
• Red Hat’s rpm-ostree – this package man­age­ment system allows you to put together package groups which you can then work with as a single image.

So far, Fedora CoreOS has come across as a lean host system for software con­tain­ers, so basically like Docker or a Docker al­tern­at­ive like OCI. The con­tain­ers can be installed and managed using Podman or Moby, just like classic con­tain­ers. Fedora CoreOS sets itself apart par­tic­u­larly through its stability and security and in strict com­pli­ance with SELinux guidelines.

After a quick, simple, and flexible in­stall­a­tion, Fedora CoreOS can be fully operated without any main­ten­ance. For example, all required security updates are performed auto­mat­ic­ally. The ad­min­is­trat­or nev­er­the­less maintains control allowing them to prevent un­sched­uled system restarts, which could lead to data loss in the worst case. Sticking with this example, they can intervene in these processes to manage restarts centrally for multiple systems.

You can install Fedora CoreOS either directly on the hardware or in a virtual machine, such as VMware, OpenStack, or QEMU. There are also cloud images of Fedora CoreOS for all common providers, including AWS, Microsoft Azure, Google Cloud, and Alibaba Cloud.

When you install Fedora CoreOS on a Linux system, it will run with minimal func­tion­al­ity by default (i.e., only with the ap­plic­a­tions needed for operation). Ignition auto­mat­ic­ally reads the con­fig­ur­a­tion file at first boot and sets up the system. The para­met­ers in this file let Ignition know what the system looks like. Then par­ti­tions are defined, users are created, and rights are assigned; if the con­fig­ur­a­tion file is in a cloud, the in­stall­a­tion en­vir­on­ment is con­figured there. For example, in the case of AWS, the con­fig­ur­a­tion is included with the operating system so that Fedora CoreOS can be installed with just one click.

If you are in­stalling it on your own hardware or hy­per­visor, the con­fig­ur­a­tion is done manually using the command-line tool fcct (Fedora CoreOS Con­fig­ur­a­tion Trans­piler). First, you create a YAML file and format it in JSON. The file is then assigned the extension .fcc (Fedora CoreOS Con­fig­ur­a­tion). In the finished .fcc file, the ad­min­is­trat­or then iden­ti­fies themself with the ap­pro­pri­ate SSH key.

Once the system is running and someone has logged in via the SSH key, the desired con­tain­ers can be installed as normal (e.g., via Podman or Moby). Fedora CoreOS is com­pat­ible with Docker and spe­cific­a­tions set by the Open Container Ini­ti­at­ive. CoreOS can also be run as a single in­stall­a­tion and managed with Kuber­netes.

As with Fedora Atomic Host, Fedora CoreOS is also used as a highly available, secure, flexible container guest system. Even though Fedora CoreOS can be installed in just five minutes, it is by no means re­com­men­ded for beginners. Anyone who has not yet had ex­per­i­ence with Red Hat products will need to have a lot of patience in the beginning.

So, what exactly is Fedora CoreOS used for? Well, it is used in container systems that are intended to operate without any main­ten­ance. This is essential in situ­ations where server services are run in con­tain­ers that can ideally also update them­selves in­de­pend­ently. Common operating systems usually cannot do this. Fedora CoreOS spares ad­min­is­trat­ors from this time-consuming work and even runs best when there is no further in­ter­ven­tion. Fedora CoreOS’s domain is re­pro­du­cible servers, where the operating system con­tinu­ously replaces packages and con­tain­ers with more recent versions.

Back in its day, CoreOS managed to do what Fedora CoreOS is currently able to do, albeit on a small scale. The lean open-source operating system used a Linux kernel and spe­cial­ised in running ap­plic­a­tions in Docker. CoreOS was also capable of running Linux con­tain­ers and dis­trib­ut­ing con­fig­ur­a­tions. CoreOS was released in 2013 and quickly became a success story which cul­min­ated in it being bought by Red Hat for $250 million (around £180 million). On May 26^th, 2020, its status as an in­de­pend­ent project was ter­min­ated, and it is now of­fi­cially only part of Fedora CoreOS.

Fedora CoreOS is a secure, flexible, com­pletely stable system for Container Linux that can be installed in just five minutes and sets itself apart through the following points:

• Everything is con­figured in just a few clicks.
• It has one log-in via SSH and con­tain­ers are installed im­me­di­ately.
• The system basically functions com­pletely in­de­pend­ently.

In com­par­is­on to its pre­de­cessor CoreOS, it has a much wider range of ap­plic­a­tions and thus a far broader audience.

However, not all users see its automatic updates as an advantage. They are concerned that the updates will end up killing processes. That said, each update is checked in a separate process. The current package is first tested in Next Stream, a testing en­vir­on­ment that rep­res­ents the current de­vel­op­ment status of Fedora CoreOS. De­velopers collect all upcoming updates for the operating system in it, run them, and observe the processes. Once it has been de­term­ined that everything is running smoothly, the packages are sent to the Stable Stream, and then Fedora CoreOS retrieves the updates and installs them auto­mat­ic­ally.