Last week, the CentOS Atomic SIG released an updated version of CentOS Atomic Host (tree version 7.20160818), featuring support for rpm-ostree package layering.

CentOS Atomic Host is available as a VirtualBox or libvirt-formatted Vagrant box; or as an installable ISO, qcow2, or Amazon Machine image. Check out the CentOS wiki for download links and installation instructions, or read on to learn more about what’s new in this release.

CentOS Atomic Host includes these core component versions:

  • docker-1.10.3-46.el7.centos.10.x86_64
  • kubernetes-1.2.0-0.13.gitec7364b.el7.x86_64
  • kernel-3.10.0-327.28.2.el7.x86_64
  • atomic-1.10.5-7.el7.x86_64
  • flannel-0.5.3-9.el7.x86_64
  • ostree-2016.7-2.atomic.el7.x86_64
  • etcd-2.3.7-2.el7.x86_64
  • cloud-init-0.7.5-10.el7.centos.1.x86_64

Package Layering

Using the command rpm-ostree pkg-add, it’s now possible to layer new packages into an installed image that persist across reboots and upgrades, a topic that Jonathan Lebon covered in some detail in a post last month.

For instance, if I wanted to install ansible on an atomic host:

# rpm-ostree pkg-add epel-release
# reboot
# rpm-ostree pkg-add ansible
# reboot
# ansible --version
  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrides

I first installed the epel-release package because ansible lives in EPEL. The intermediate reboot was required to boot into the new EPEL-i-fied tree. I could have instead added the repo file for EPEL in my /etc/yum.repos.d/ directory, and skipped the extra install and reboot operations. To learn about the work going on to make package layering more live, check out this issue.

There are limitations to package layering. For instance, I’ve written in the past about running oVirt’s guest agent (which is not part of the standard atomic host image) in a docker container. Package layering won’t work for this scenario, because installing packages which contain files owned by users other than root is currently not supported:

# rpm-ostree pkg-add ovirt-guest-agent-common
notice: pkg-add is a preview command and subject to change.

Downloading metadata: [================================================] 100%
Resolving dependencies... done
Will download: 3 packages (209.2 kB)

  Downloading from epel: [=============================================] 100%

  Downloading from base: [=============================================] 100%

Importing: [===================                                        ]  33%
error: Unpacking ovirt-guest-agent-common-1.0.12-3.el7.noarch: Non-root ownership currently unsupported: path "/var/log/ovirt-guest-agent" marked as ovirtagent:ovirtagent)

CentOS Atomic Host Alpha

While it’s not yet possible to pkg-add packages with files owned by users other than root on the current CentOS Atomic Host release, the host’s Alpha stream includes a newer version of rpm-ostree that works just fine with these sorts of packages.

Apart from its newer rpm-ostree version, the Alpha release of CentOS Atomic Host now features a much slimmer package list, as the project begins to move toward containerization or package layering for system components such as kubernetes, flannel, and etcd.