RancherOS 1.0 Container-Optimized Linux Operating System Debuts

RancherOS

Container management software vendor Rancher Labs announced the general availability of its RancherOS 1.0 Linux distribution on April 12, providing organizations with a stable, supported operating system option for container deployment.

Rancher Labs emerged from stealth back in September 2014 with the promise of building an enterprise-level platform for managing containers. The core management platform is known simply as “Rancher” and became generally available with a 1.0 release in March 2016.

Beyond just the container management system, Rancher Labs has been working on its own container-optimized Linux operating system, known as RancherOS, which is now at its 1.0 milestone. A full general-purpose Linux distribution has packages and capabilities not needed for containers, thus the need for a container-optimized Linux operating system. Also, a container-optimized operating system can improve security by minimizing the potential attack surface.

Sheng Liang, co-founder and CEO of Rancher Labs, said that with a general-purpose operating system, every application or utility update is in effect an operating system update, with users not sure if they need to reboot the whole system.

“In the RancherOS model, everything outside of the kernel is a container,” Liang told eWEEK. “The container is now a separate protection boundary and update unit.”

The user space components in RancherOS are entirely containerized, according to Liang. The way the system works is that on top of a Linux kernel, RancherOS runs a Docker daemon that exists only for the purpose of running Linux system services.

“One of the system services is the real Docker service for user applications,” he said. “So we don’t use the same system Docker daemon to run user containers, and it’s just a really nice separation of concerns.”

Liang added that user containers can often put additional stress on a Docker daemon. As such, by having a separate Docker service just for user containers, the system can be more stable and potentially provide better overall performance.

More than one Docker service for user containers can also be deployed, providing another possible layer of isolation and control for different applications or even user groups. Going a step further, RancherOS has integrated Security Enhanced Linux (SELinux) control to provide access control and isolation for containers.

Over the course of RancherOS’ development, it has been based on different vendor kernels at various points in time, including Ubuntu and Fedora Linux, Liang said. At this point with RancherO

source”indiatoday”