CD2H gitForager

projectatomic/atomic-system-containers

Name: atomic-system-containers

Owner: Project Atomic

Description: Collection of system containers images

Created: 2016-03-21 08:27:39.0

Updated: 2018-05-07 16:53:27.0

Pushed: 2018-05-07 16:53:25.0

Homepage:

Size: 294

Language: Shell

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

System Containers

As part of our effort to reduce the number of packages that are shipped with the Atomic Host image, we faced the problem of how to containerize services that are needed to be run before a container runtime, like the upstream docker daemon, is running. The result: system containers: a way to run containers in production using read only images.

A system container is a container that is executed out of an systemd unit file early in boot, using runc. The specified IMAGE must be a system image already fetched. If it is not already present, atomic will attempt to fetch it assuming it is an oci image. Installing a system container consists of checking it the image by default under /var/lib/containers/atomic/ and generating the configuration files for runc and systemd. OSTree and runc are required for this feature to be available.

System containers use different technologies:

We use the atomic tool to install system containers.
Labels can influence how the atomic tool uses a system container
Specific files are required to be part of a valid system image
For storage system containers do not need to use COW File systems, since they are in production. We default to using OSTree for storage of the container images.
The atomic tool does not use upstream docker to pull the container images, instead we use the Skopeo tool to pull images from a container registry.
When you atomic install a system container the tool will look for a systemd unit file template in /exports directory and will create a systemd unit file to run the container on the host.
The unit files uses runc to create and run the containers.
systemd manages the lifecycle of the container.

To use system containers you must have Atomic CLI version 1.12 or later and the ostree utility installed.

For more information on system containers see:

Basic usage
http://www.projectatomic.io/blog/2016/09/intro-to-system-containers
http://www.projectatomic.io/blog/2017/06/creating-system-containers/
http://www.projectatomic.io/blog/2017/09/running-kubernetes-on-fedora-atomic-26/

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.