Chapter 1. Installing RHEL Atomic Host

1.1. Overview

Red Hat Enterprise Linux Atomic host is a variation of Red Hat Enterprise Linux 7 optimized to run Linux containers in the Docker format. It has been modified to be light-weight and efficient, making it a particularly optimal operating system to use as a docker run-time system for cloud environments.

Red Hat Enterprise Linux Atomic Host uses SELinux to provide strong safeguards in multi-tenant environments, and provides the ability to perform atomic upgrades and rollbacks, enabling quicker and easier maintenance with less downtime. Red Hat Enterprise Linux Atomic Host uses the same upstream projects delivered via the same RPM packaging as Red Hat Enterprise Linux 7.

Red Hat Enterprise Linux Atomic Host is pre-installed with the following tools to support Linux containers:

  • docker
  • Kubernetes

Red Hat Enterprise Linux Atomic Host makes use of the following technologies:

  • OSTree and rpm-OSTree - These projects provide atomic upgrades and the ability to roll back upgrades.
  • systemd - The powerful new init system for Linux systems that enables faster boot times and easier system orchestration.
  • SELinux - Enabled by default to provide complete multi-tenant security. You’ll also find Integrity Measurement Architecture (IMA), audit and libwrap available from systemd.

IMPORTANT: Red Hat Enterprise Linux Atomic Host is not managed in the same way that other Red Hat Enterprise Linux 7 variants are managed. Specifically:

  • You do not use yum to upgrade the system.
  • There are only two writable directories for local system configuration: /etc/ and /var/. The /usr/ directory is mounted read-only. Other directories are symlinks to a writable location. For example, the /home/ directory is a symlink to the /var/home/ directory.
  • The default partitioning dedicates most of the available space for the containers, using direct LVM instead of the default loopback.
  • RHEL Atomic Host provides a choice between docker and docker-latest, but Red Hat does not support running both docker and docker-latest on the same machine at the same time.

User and Host specific data should be stored only in the /var/ directory. Only configuration files in the /etc/ directory should be modified.

1.2. System Requirements

Red Hat Enterprise Linux Atomic Host should run on any computer or cloud environment that supports 64-bit Red Hat Enterprise Linux systems. The most recent list of supported hardware can be found in the Red Hat Hardware Compatibility List. Also see Red Hat Enterprise Linux technology capabilities and limits for general information about system requirements.

Keep in mind that though Atomic Host can run on bare metal, it is particularly suited for running in cloud environments where its size and efficiency as a container run-time environment are particularly useful.

1.3. Installing and Registering RHEL Atomic Host

Red Hat Enterprise Linux Atomic Host comes in several different forms. Those forms include:

  • A DVD ISO installation image you can use for traditional bare metal or VM installs by launching an installer and selecting options (disk formatting, language, network configuration, user accounts, and so on).
  • A variety of cloud and virtualization environment images that you can configure using cloud-init. These cloud images include those made to run on Red Hat Enterprise Virtualization, OpenStack, VMware, KVM, AWS, Microsoft Hyper-V and others.

All images are available from the Download RHEL Atomic Host page (the ISO images aren’t delivered with every version, so you may need to look at earlier versions). To learn about different ways of installing RHEL Atomic Host, the following document describes how to install for different environments using both cloud and traditional ISO images:

Installing RHEL Atomic Host in Virtualized Environments

Once your Atomic Host system is installed and running, you should enable software updates by registering your Red Hat Enterprise Linux Atomic Host system. This is done with the subscription-manager command as described below. If your system is located on a network that requires the use of an HTTP proxy, please see the Red Hat Knowledge Base Article on configuring subscription manager to use an HTTP proxy. The --name= option may be included if you wish to provide an easy to remember name to be used when reviewing subscription records.

$ sudo subscription-manager register --username=<username> --auto-attach

NOTE: Red Hat Enterprise Linux Atomic Host works only with Red Hat Subscription Manager (RHSM). Red Hat Enterprise Linux Atomic Host does not work with the older RHN subscription model.

Red Hat Enterprise Linux Atomic Host registers two product IDs. The first is Product ID 271, Red Hat Enterprise Linux Atomic Host. The second is Product ID 69, Red Hat Enterprise Linux Server. They both use the same entitlement. A properly registered system will display both IDs as is shown below:

$ sudo subscription-manager list
+-------------------------------------------+
    Installed Product Status
+-------------------------------------------+
Product Name:   Red Hat Enterprise Linux Atomic Host
Product ID:     271
Version:        7
Arch:           x86_64
Status:         Subscribed
Status Details:
Starts:         02/27/2015
Ends:           02/26/2016

Product Name:   Red Hat Enterprise Linux Server
Product ID:     69
Version:        7.1
Arch:           x86_64
Status:         Subscribed
Status Details:
Starts:         02/27/2015
Ends:           02/26/2016

The subscription-manager command is also documented in section 3.2. Registering from the Command Line of the Red Hat Subscription Management guide.

1.4. Configuring RHEL Atomic Host

Red Hat Enterprise Linux Atomic Host is configured in a manner similar to Red Hat Enterprise Linux 7, using the configuration files in the /etc/ directory. Red Hat Enterprise Linux Atomic Host is a minimal server product without a desktop. This means that the graphical configuration tools found in the GUI are not available.

1.4.1. Managing User Accounts

Currently, some system users that in Red Hat Enterprise Linux 7 would be listed in the /etc/passwd file have been relocated into the read-only /usr/lib/passwd file. Because applications on Red Hat Enterprise Linux Atomic Host are run inside of Linux containers, this will not affect deployment. The traditional user management tools, such as useradd, will write locally added users to the /etc/passwd file as expected.

1.4.2. Configuring Networking

If you did not configure networking during the installation you may configure it post-installation using the nmcli tool. The following commands create a network connection called atomic, set up a host name and then activate that connection.

# nmcli con add type ethernet con-name atomic ifname eth0
# nmcli con modify atomic ipv4.dhcp-hostname atomic ipv6.dhcp-hostname atomic
# nmcli con up atomic

For more details on how to use the nmcli tool, see Section 2.3.2. Connecting to a Network Using nmcli in the Red Hat Enterprise Linux 7 Networking Guide.

For more information on configuring Red Hat Enterprise Linux 7, see the Red Hat Enterprise Linux 7 System Administrator’s Guide.

1.5. Upgrading and Downgrading Installations

RHEL Atomic Host uses rpm-OSTree, an open source tool, to manage bootable, immutable, versioned file system trees made of RPM content. In comparison to other variants of Red Hat Enterprise Linux 7 which use yum and have a traditional package management model, RHEL Atomic Host uses OSTree and is upgraded by preparing a new operating system root, and making it the default for the next boot.

1.5.1. Upgrading to a New Version

To perform an upgrade, execute the following commands:

$ sudo atomic host upgrade
$ sudo systemctl reboot

If you are using a system that requires an HTTP proxy, the proxy is configured with an environment variable. To configure the environment variable, use a command similar to the following one:

$ sudo env http_proxy=http://proxy.example.com:port/ atomic host upgrade

1.5.2. Rolling Back to a Previous Version

To revert to a previous installation of Red Hat Enterprise Linux Atomic Host, execute the following commands:

$ sudo atomic host rollback
$ sudo systemctl reboot

Two versions of Red Hat Enterprise Linux Atomic Host are available on the system after the initial upgrade. One is the currently running version. The other is either a new version recently installed from an upgrade or the version that was in place prior to the last upgrade.

Important

Configuration is preserved across updates, but is only forward-preserved. This means that if you make a configuration change and then later roll back to a previous version, the configuration change you made is reverted.

Note

Running the atomic host upgrade command will replace the non-running version of Red Hat Enterprise Linux Atomic Host. This version will also be configured to be used during the next boot.

To determine which version of the operating system is running, execute the following command.

$ sudo atomic host status

The output that includes the hash name of the directory in the /ostree/deploy/rhel-atomic-host/ directory looks like this:

$ sudo atomic host status
  TIMESTAMP (UTC)         VERSION   ID             OSNAME               REFSPEC
* 2015-05-07 19:00:48     7.1.2     203dd666d3     rhel-atomic-host     rhel-atomic-host:rhel-atomic-host/7/x86_64/standard
  2015-04-02 20:14:06     7.1.1-1   21bd99f9f3     rhel-atomic-host     rhel-atomic-host:rhel-atomic-host/7/x86_64/standard

This fictional sample output shows that version 7.1.1-1 will be booted into on the next restart. The version to be booted on the next restart is printed first.

This fictional sample also shows that version 7.1.2 is the currently running version. The currently running version is marked with an asterisk (*).

This output was created just after the atomic host upgrade command was executed, and that means that a new version has been staged to be applied at the next restart.