Container management software vendor Rancher Labs announced the general availability of its RancherOS 1.0 Linux distribution on April 12, providing organizations with a stable, supported operating system option for container deployment.
Rancher Labs emerged from stealth back in September 2014 with the promise of building an enterprise-level platform for managing containers. The core management platform is known simply as “Rancher” and became generally available with a 1.0 release in March 2016.
Beyond just the container management system, Rancher Labs has been working on its own container-optimized Linux operating system, known as RancherOS, which is now at its 1.0 milestone. A full general-purpose Linux distribution has packages and capabilities not needed for containers, thus the need for a container-optimized Linux operating system. Also, a container-optimized operating system can improve security by minimizing the potential attack surface.
Sheng Liang, co-founder and CEO of Rancher Labs, said that with a general-purpose operating system, every application or utility update is in effect an operating system update, with users not sure if they need to reboot the whole system.
“In the RancherOS model, everything outside of the kernel is a container,” Liang told eWEEK. “The container is now a separate protection boundary and update unit.”
The user space components in RancherOS are entirely containerized, according to Liang. The way the system works is that on top of a Linux kernel, RancherOS runs a Docker daemon that exists only for the purpose of running Linux system services.
“One of the system services is the real Docker service for user applications,” he said. “So we don’t use the same system Docker daemon to run user containers, and it’s just a really nice separation of concerns.”
Liang added that user containers can often put additional stress on a Docker daemon. As such, by having a separate Docker service just for user containers, the system can be more stable and potentially provide better overall performance.
More than one Docker service for user containers can also be deployed, providing another possible layer of isolation and control for different applications or even user groups. Going a step further, RancherOS has integrated Security Enhanced Linux (SELinux) control to provide access control and isolation for containers.
Over the course of RancherOS’ development, it has been based on different vendor kernels at various points in time, including Ubuntu and Fedora Linux, Liang said. At this point with RancherOS 1.0, Rancher Labs is now using an upstream Linux kernel.
RancherOS is not the only purpose-built container operating system. Other options in the space include CoreOS’ ContainerLinux and Docker’s Alpine Linux, among others. From Liang’s perspective, at this point in the container management market space, having an optimized Linux operating system is table stakes. He emphasized that Rancher Labs wouldn’t have built RancherOS if there wasn’t a demand from customers to do so.
Although Rancher Labs has built its own Linux distribution, Liang said that with containers the true value of an infrastructure stack isn’t actually at the operating system layer anymore.
“Before Docker, a lot of value of the big Linux distributions was with their software repositories,” he said. “With Docker, users no longer need to get their applications from the operating system distribution repositories; they can just get them from Docker Hub.”
Docker Hub is a central repository for container applications that can be deployed on any Docker host.
“In summary, I really don’t think Linux distributions are as big a deal as they used to be,” Liang said.