Last week, the CentOS Atomic SIG released an updated version of CentOS Atomic Host (tree version 7.20160818), featuring support for rpm-ostree package layering.
CentOS Atomic Host is available as a VirtualBox or libvirt-formatted Vagrant box; or as an installable ISO, qcow2, or Amazon Machine image. Check out the CentOS wiki for download links and installation instructions, or read on to learn more about what’s new in this release.
CentOS Atomic Host includes these core component versions:
Using the command rpm-ostree pkg-add, it’s now possible to layer new packages into an installed image that persist across reboots and upgrades, a topic that Jonathan Lebon covered in some detail in a post last month.
For instance, if I wanted to install ansible on an atomic host:
# rpm-ostree pkg-add epel-release # reboot # rpm-ostree pkg-add ansible # reboot # ansible --version ansible 188.8.131.52 config file = /etc/ansible/ansible.cfg configured module search path = Default w/o overrides
I first installed the
epel-release package because ansible lives in EPEL. The intermediate reboot was required to boot into the new EPEL-i-fied tree. I could have instead added the repo file for EPEL in my
/etc/yum.repos.d/ directory, and skipped the extra install and reboot operations. To learn about the work going on to make package layering more
live, check out this issue.
There are limitations to package layering. For instance, I’ve written in the past about running oVirt’s guest agent (which is not part of the standard atomic host image) in a docker container. Package layering won’t work for this scenario, because installing packages which contain files owned by users other than root is currently not supported:
# rpm-ostree pkg-add ovirt-guest-agent-common notice: pkg-add is a preview command and subject to change. Downloading metadata: [================================================] 100% Resolving dependencies... done Will download: 3 packages (209.2 kB) Downloading from epel: [=============================================] 100% Downloading from base: [=============================================] 100% Importing: [=================== ] 33% error: Unpacking ovirt-guest-agent-common-1.0.12-3.el7.noarch: Non-root ownership currently unsupported: path "/var/log/ovirt-guest-agent" marked as ovirtagent:ovirtagent)
CentOS Atomic Host Alpha
While it’s not yet possible to pkg-add packages with files owned by users other than root on the current CentOS Atomic Host release, the host’s Alpha stream includes a newer version of rpm-ostree that works just fine with these sorts of packages.
Apart from its newer rpm-ostree version, the Alpha release of CentOS Atomic Host now features a much slimmer package list, as the project begins to move toward containerization or package layering for system components such as kubernetes, flannel, and etcd.