As you know, I’m all about installing Atomic on bare metal using kickstarts. And one of the things which has changed with Fedora Atomic 26 is some of the tags and locations you need for your kickstarts. You’ll find that your old kickstarts no longer work.
Building the Next Generation Container OS
Use immutable infrastructure to deploy and scale your containerized applications. Project Atomic builds OSes, tools, and containers for cloud native platforms.
Buildah, a different way to build containers, is now available for testing.
Atomic Host
Atomic Host provides "immutable infrastructure" for deploying to hundreds or thousands of servers in your private or public cloud. Available in Fedora Atomic Host, CentOS Atomic Host, and Red Hat Atomic Host editions depending on your platform and support needs.
To balance the need between long-term stability and new features, we are providing different releases of Atomic Host for you to choose from.
Container Registries
You can get your containerized applications from the CentOS Container Pipeline and the Fedora Layered Image Build Service
Trusted container content from the projects you already trust.
Container Tools
Tools from our team help you create, deploy, manage, and secure containers.
Compose applications with Kompose
Pull and move images with Skopeo
Deploy using Kubernetes and CRI-O
Manage container hosts with Cockpit
Community News
Unprivileged containers with bwrap-oci and bubblewrap
The introduction of user namespaces in the Linux kernel has opened the doors to running containers as default user logins via e.g. ssh or desktop. On Fedora, bwrap-oci lets you make use of this feature, as I will demonstrate.
The concept behind user namespaces is quite simple: UIDs and GIDs in a user namespace are converted to a different set in the parent namespace, so that an application thinks it’s executed as root while instead a non-privileged user is running it. User namespaces are not limited to altering an application’s UID/GID mappings, a user can keep capabilities in the new namespace and together with other namespaces perform privileged operations there that are unprivileged in the parent namespace. For example, an application with a new network namespace can create firewall rules that only affect its namespace. This offers extra security since the container is limited to the user that is running it, so even if something goes wrong the process has no more privileges than the user who runs it (unless things go very wrong!).
Fedora Atomic 26 Released
Fedora Atomic 26 is now generally available. This contains updated package versions to match all of the content in Fedora Server 26, as well as updates to the container platforms. While we release updates every 2 weeks, this release contains a collection of major improvements including:
- latest rpm-ostree with improvements in package layering
- default to Overlay2 filesystem for better container storage
- Docker version 1.13.1
- Latest versions of Cockpit and Atomic CLI
We’re all very excited about the steps forward Atomic Host is taking with this major release. We hope you’re just as excited to try them. Read on for information about software, upgrading, and more.
Cockpit 145 with Machines and Terminal improvements
Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from versions 144 and 145.
Fedora Atomic July 5 Release
A new Fedora Atomic Host update is available via an OSTree commit:
Commit: ce555fa89da934e6eef23764fb40e8333234b8b60b6f688222247c958e5ebd5b
Version: 25.154
IMPORTANT: This release of Fedora 25 Atomic Host will be our final release based on Fedora 25. We will start releasing Fedora 26-based Atomic Hosts from this point forward.
Information about Fedora Atomic Host upgrade policy can be found in Fedora Magazine.
» View older news
Ready to try Atomic?