In a recent post, The New Minimalist Operating Systems, I briefly described three new OSs designed with Docker in mind. I also mentioned Boot2Docker, which I considered to be the smallest (23MB) Docker-focused OS at the time. Less than two weeks later, a new tiny Docker OS has arrived: RancherOS. If you are interested in what makes these two very minimal OSs tick, read on.
What do we get in the tiny ISO images released by these two projects?
$ tree . ├── boot2docker │ ├── boot │ │ ├── initrd.img │ │ ├── isolinux │ │ │ ├── boot.cat │ │ │ ├── boot.msg │ │ │ ├── f2 │ │ │ ├── f3 │ │ │ ├── f4 │ │ │ ├── isolinux.bin │ │ │ └── isolinux.cfg │ │ └── vmlinuz64 │ └── version └── rancheros └── boot ├── initrd ├── isolinux │ ├── boot.cat │ ├── isolinux.bin │ ├── isolinux.cfg │ └── ldlinux.c32 └── vmlinuz
They are both utilizing an ISOLINUX bootloader which loads a Linux kernel (~3MB) and an initial ramdisk (~20MB) into memory and then hands over control to the kernel. In a typical initrd scenario, the kernel executes
/linuxrc from the ramdisk before
/sbin/init from the main root filesystem on disk. Since we don’t have a separate root filesystem, everything (including Docker itself at ~15MB!) needs to fit within the ramdisk. If we look into the initrd images, we find that they are both based on Busybox, though this is where the similarities end.
In their own words,
“Boot2Docker is a lightweight Linux distribution made specifically to run Docker containers. It runs completely from RAM, is a small ~24MB download and boots in ~5s (YMMV). [ … ] Boot2Docker is currently designed and tuned for development. Using it for any kind of production workloads at this time is highly discouraged.” –https://github.com/boot2docker/boot2docker
Boot2Docker relies on Busybox to provide implementations of both a sysvinit-like init process and essential services such as
ntpd. This is what you would expect to see from a tiny Busybox-based OS.
docker@boot2docker:~$ ps PID USER COMMAND 1 root init --- snip --- 103 root /sbin/udevd --daemon 419 root /sbin/udevd --daemon 604 root crond -f -d 8 628 root /usr/local/sbin/sshd 632 root /usr/local/sbin/acpid 649 root /sbin/udhcpc -b -i eth0 -x hostname box -p /var/run/udhcpc.eth0.pid 683 docker sshd: docker@pts/0 684 docker -sh 738 root /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// -H tcp://0.0.0.0:2376 --tlsverify --tlscacert=/var/lib/boot2docker/tls/ca.pem --tlscert=/var/lib/boot2docker/tls/server.pem --tlskey=/var/lib/boot2docker/tls/serverkey.pem 744 root -sh 751 root /sbin/udevd --daemon 904 root ntpd -d -n -p pool.ntp.org 933 root /sbin/getty -l /usr/local/bin/autologin 9600 ttyS0 vt100 934 root /sbin/getty -l /usr/local/bin/autologin 9600 ttyS1 vt100 935 docker ps 936 docker -sh
In their own words,
“When we started the RancherOS project, we set out to build a minimalist Linux distribution that was perfect for running Docker containers. We wanted to run Docker directly on top of the Linux Kernel, and have all user-space Linux services be distributed as Docker containers. By doing this, there would be no need to use a separate software package distribution mechanism for RancherOS itself.” –http://rancher.com/rancher-os/
RancherOS replaces the Busybox init process with their own written in Go. This prepares some system mounts and then starts two Docker engines — one for critical services and another for user applications. The
system-docker instance runs containerized versions of services instead of Busybox implementations, and the user interacts with the other
docker instance. The end goal is to have a production-ready system that is composed of Docker containers for all components, whether critical system services or user applications.
[rancher@rancher ~]$ ps PID USER COMMAND 1 root docker -d -s overlay -b none --restart=false -H unix:///var/run/system-docker.sock --- snip --- 98 root [rancher-sysinit] 204 root ntpd -d 209 root rsyslogd -n 220 root docker -d -s overlay --tlsverify --tlscacert=/etc/docker/tls/ca.pem --tlscert=/etc/docker/tls/server-cert.pem --tlskey=/etc/docker/tls/server-key.pem -H=0.0.0.0:2376 -H=unix:///var/run/docker.sock -G docker 278 root respawn -f /etc/respawn.conf 372 rancher -bash 374 root /sbin/getty 115200 tty2 376 root /sbin/getty 115200 tty3 378 root /sbin/getty 115200 tty4 380 root /sbin/getty 115200 tty5 382 root /sbin/getty 115200 tty6 384 root /usr/sbin/sshd -D 395 rancher sshd: rancher@pts/0 396 rancher -bash 404 rancher ps [rancher@rancher ~]$ sudo system-docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES dc7cbcf1d4a9 console:latest "/usr/sbin/console.s 13 hours ago Up 13 hours console b181a7c1db12 userdocker:latest "/docker.sh" 13 hours ago Up 13 hours userdocker 24279ffd2a88 syslog:latest "/syslog.sh" 13 hours ago Up 13 hours syslog de9645a1b760 ntp:latest "/ntp.sh" 13 hours ago Up 13 hours ntp
RancherOS is still very much in an alpha state. The README is transparent about the current limitations and there are dozens of feature improvement issues to peruse. In other words, now is a great time to get involved in this unique project at an early stage and provide feedback, testing, and patches to help shape it.