Introducing RancherOS: Running Docker in production and at scale
For users looking for a lightweight version of Linux to run Docker containers, Rancher has announced the launch of RancherOS, which runs all system services as Docker containers. It’s the latest release in a string of available minimalist distros.
The team over at Rancher have launched RancherOS, a new open source project that delivers a minimalist Linux distribution for running Docker in production and at scale. Darren Shepherd has called it the smallest, easiest and first operating system to fully embrace Docker, and to “run all system services as Docker containers”.
Everything is a container
With Rancher being a Docker orchestration product, it makes sense that the crew behind Rancher would get their hands and heads busy creating an operating system. The need for such a system comes from Rancher wanting their entire orchestration stack to be packaged by and run in Docker – not just the application they were initially managing.
After originally having a difficult time, Docker 1.5 paved the way for sufficient control of the PID, IPC, network namespaces and capabilities. Shepherd explains that absolutely everything they run is container-ish:
This means it is now possible to run systems oriented processes within Docker containers. In RancherOS we run absolutely everything in a container, including system services such as udev, DHCP, ntp, syslog, and cloud-init.
Shepherd explains that since the core purpose of RancherOS is to run Docker, the release schedule of the two will be closely aligned. A limitation that RancherOS is set to overcome is the difficultly for Linux distributions to keep up with Docker releases, which seem to happen every couple of months.
Having calibrated their releases with the latest Docker features and bug fixes, Rancher claims that their OS can be immediately used in production environments. Production workloads benefit from the project’s small footprint and fewer patches, since it has fewer systems to monitor for security vulnerabilities.
But something’s missing…
While the majority of minimalist distros might share certain qualities, RancherOS operates purposefully without
systemd. Shepherd noticed errors in his previous development of Stampede.io when testing real world failure scenarios, which ran on a distribution that heavily leveraged
Thus, Rancher found that they didn’t need
systemd to run Docker, nor any other supervisor to sit at PID 1, with Docker being sufficient in itself:
What we have done with RancherOS is run what we call “System Docker” as PID 1. All containers providing core system services are run from System Docker, which also launches another Docker daemon which we call “User Docker” under which we run user containers.
Although Shepherd had tried previously to get the
systemd and Docker issues resolved, he had come to terms with the fact that the two architectures were incompatible, despite efforts to communicate with teams from both parties.
Peter Salvatore recently looked at tiny Docker operating systems and was happy to plug RancherOS in order to get more contributors to the project.
He says that while the README is transparent about the current limitations and feature improvement issues, now is a great time to get involved by providing feedback, testing, and patches to help shape it.