Practical Technology

for practical people.

June 22, 2017
by sjvn01
0 comments

The What, Why and Wow! Behind the CoreOS Container Linux

The usual debate over server Linux distributions begins with:

Do you use a Red Hat Enterprise Linux (RHEL)-based distribution, such as CentOS or Fedora; a Debian-based Linux like Ubuntu; or SUSE?

But now, CoreOS Container Linux joins the fracas. CoreOS, recently offered by Linode on its servers, takes an entirely different approach than its more conventional, elder siblings.

So, you may be asking yourself: “Why should I bother, when there are so many other solid Linux distros?” Well, I’ll let Greg Kroah-Hartman, the kernel maintainer for the Linux-stable branch and CoreOS advisor, start the conversation:

(CoreOS) handles distro updates (based on the ChromeOS code) combined with Docker and potentially checkpoint/restore, (which) means that you might be able to update the distro under your application without stopping/starting the process/container. I’ve seen it happen in testing, and it’s scary [good].”
And that assessment came when CoreOS was in alpha. Back then, CoreOS was being developed in?—?believe it or not?—?a Silicon Valley garage. While CoreOS is no Apple or HPE, it’s grown considerably in the last four years.

When I checked in on them at 2017’s CoreOS Fest in San Francisco, CoreOS had support from Google Cloud, IBM, Amazon Web Services, and Microsoft. The project itself now has over a thousand contributors. They think they’re on to something good, and I agree.

Why? Because, CoreOS is a lightweight Linux designed from the get-go for running containers. It started as a Docker platform, but over time CoreOS has taken its own path to containers. It now supports both its own take on containers, rkt (pronounced rocket), and Docker.

Unlike most Linux distributions, CoreOS doesn’t have a package manager. Instead it takes a page from Google’s ChromeOS and automates software updates to ensure better security and reliability of machines and containers running on clusters. Both operating system updates and security patches are regularly pushed to CoreOS Container Linux machines without sysadmin intervention.

You control how often patches are pushed using CoreUpdate, with its web-based interface. This enables you to control when your machines update, and how quickly an update is rolled out across your cluster.

Specifically, CoreOS does this with the the distributed configuration service etcd. This is an open-source, distributed key value store based on YAML. Etcd provides shared configuration and service discovery for Container Linux clusters.

This service runs on each machine in a cluster. When one server goes down, say to update, it handles the leader election so that the overall Linux system and containerized applications keep running as each server is updated.

To handle cluster management, CoreOS used to use fleet. This ties together systemd and etcd into a distributed init system. While fleet is still around, CoreOS has joined etcd with Kubernetes container orchestration to form an even more powerful management tool.

CoreOS also enables you to declaratively customize other operating system specifications, such as network configuration, user accounts, and systemd units, with cloud-config.

Put it all together and you have a Linux that’s constantly self-updating to the latest patches while giving you full control over its configuration from individual systems to thousand of container instances. Or, as CoreOS puts it, “You’ll never have to run Chef on every machine in order to change a single config value ever again.”

Let’s say you want to expand your DevOps control even further. CoreOS helps you there, too, by making it easy to deploy Kubernetes.

So, what does all this mean? CoreOS is built from the ground-up to make it easy to deploy, manage and run containers. Yes, other Linux distributions, such as the Red Hat family with Project Atomic, also enable you to do this, but for these distributions, it’s an add-on. CoreOS was designed from day one for containers.

If you foresee using containers in your business?—?and you’d better because Docker and containers are fast becoming The Way to develop and run business applications?—?then you must consider CoreOS Container Linux, no matter whether you’re running on bare-metal, virtual machines, or the cloud.

A version of this story was first published by Linode.

April 14, 2017
by sjvn01
0 comments

Big Linux bug, low security concerns

This Linux/Android bug sure sounded bad.

The National Institute of Standards and Technology (NIST) and Symantec announced a LinuxKernel ipv4/udp.c bug that made the LinuxKernel 4.4 and earlier vulnerable to remote code-execution. In turn, an attacker could exploit this issue to execute arbitrary code. Worse still, even failed exploits might cause denial-of-service attacks.

There’s only one problem with this analysis and the resulting uproar: It’s wrong.

Big Linux bug, low security concerns. More>

April 14, 2017
by sjvn01
0 comments

Ubuntu 17.04: The bittersweet Linux release

It’s been a heck of a month for Canonical, Ubuntu Linux’s parent company.

The company dropped its smartphone and tablet plans. This, in turn, ended to its plans to make Unity its universal default interface. Instead, Gnome will become Ubuntu’s once and future desktop. Days later, long-time CEO Jane Silber resigned in favor of the company’s founder Mark Shuttleworth.

Despite all that, Canonical hit its mark for delivering the latest release of its flagship operating system: Ubuntu 17.04.

Ubuntu 17.04: The bittersweet Linux release. More>

April 12, 2017
by sjvn01
0 comments

Where does the Ubuntu Linux desktop go from here?

Seven years ago, Canonical moved the Ubuntu Linux desktop from the Gnome 3.x interface to its own Unity front-end. By the release of Ubuntu 11.10, Unity had become Ubuntu’s default desktop. Even in these early days, Unity was meant to be more. The dream was for Unity to become a universal interface for PCs, smartphones, and tablets. It was a dream destined not to come true.

Where does the Ubuntu Linux desktop go from here? More>

April 10, 2017
by sjvn01
0 comments

Can YouTube TV, Sling TV, and Sony PlayStation Vue survive the death of net neutrality?

The good news for cord-cutters is that last week YouTube TV softly launched in New York, Los Angeles, San Francisco, and Chicago. So, another success story for cord-cutters, as pricey cable companies are given more competition, right? Right? Think again.

Can YouTube TV, Sling TV, and Sony PlayStation Vue survive the death of net neutrality? More>

April 6, 2017
by sjvn01
0 comments

How to Use—and Why You Need—Let’s Encrypt More Than Ever

Want a quick and easy way to add Secure-Socket Layer/Transport Layer Security (SSL/TLS) to your website? You should. Google penalizes your site’s PageRank if you don’t have it. If you have an e-commerce site, there’s even worse news. Chrome web browser users will find your payment pages marked unsafe. That’s one way to close your business down in a hurry.

There are many ways to add an SSL certificate to your website. The easiest and cheapest way is with the Internet Security Research Group’s (ISRG) Let’s Encrypt project.

How to Use—and Why You Need—Let’s Encrypt More Than Ever. More>