Image mode is a new approach to build, deploy, and manage Red Hat Enterprise Linux using bootable containers. In a previous blog post, we shared a bootable containers guide from the Fedora community to help you get started.
An important attribute of a bootable container is its immutability. An immutable operating system follows a different paradigm than traditional package-based systems. Immutability by default means security by design. Once deployed, the entire filesystem, with the exception of /etc and /var, is mounted read-only. This means that not even the root user has write privileges. Updates to the system are applied by downloading a new version of the bootable container image from a container registry, and then rebooting into the new state. It's a different way of approaching updates than using a package manager to update the system at runtime. It forces you to be intentional about changes to the operating system and gives you full state control.
Debugging an immutable OS
Production systems usually don't ship with debugging tools to keep the footprint as small as possible. On a traditional package-based system, you can use dnf
to install strace for debugging purposes, but that doesn't exactly work in image mode. It's not sustainable to rebuild and reboot a bootable container image with debugging tools. Instead, you need a means to use debugging tools at runtime. Fortunately, there are two options.
Option 1: bootc usr-overlay
The bootc tool is the heart of Image Mode for RHEL and the core technology that enables OCI containers to encompass complete operating systems. Among other things, bootc
is responsible for updating the operating system. It has a number of useful features for managing state and performing rollbacks. Additionally, it has functionality that's useful when debugging a system.
Suppose you want to install the strace command to help you debug some processes. You can use the bootc tool to temporarily unlock the operating system image by creating a transient writable overlayfs layer on /usr that gets discarded on reboot.
Open a terminal on the host system, and run the bootc
command:
bootc usr-overlay
Now /usr is writable for root until the next reboot, which allows you to use dnf install strace for installation, just as you would on a traditional system.
Option 2: Toolbx
Image mode for RHEL is preinstalled with a development and troubleshooting tool called Toolbx. The command is available in the toolbox RPM, which we discussed in a previous article. It's particularly useful for installing troubleshooting tools at runtime without rebuilding the container image and then rebooting. For similar reasons, it is already popular on operating systems like Fedora CoreOS and Silverblue, which both have a similar design.
Toolbx enables you to use interactive command-line environments for software development, and troubleshooting the host operating system without having to install software on the host. It's built on top of Podman and other standard container technologies from OCI.
Toolbx environments have seamless access to the user’s home directory, Wayland and X11 sockets, networking (including Avahi), removable devices (like USB drives), systemd journal, SSH agent, D-Bus, ulimits, /dev, the udev database, and so on.
Toolbx installs software at runtime on immutable systems by providing a fully mutable container. In this container, you can install your favorite development and troubleshooting tools, editors, and SDKs. For example, it’s possible to do a dnf install -y strace without affecting the host operating system, and yet inspect the processes running on the host.
The Toolbx environment is based on an OCI image. On Red Hat Enterprise Linux, it defaults to the toolbox image from registry.access.redhat.com. This image is used to create a Toolbx container that offers the interactive command-line environment.
To get started, create a new container:
toolbox create
Then enter the environment:
toolbox enter
This presents an interactive command-line environment that looks and feels just like the one on the host operating system. The Toolbx commands are self-documenting. When you type an incomplete command, Toolbx provides documentation on what it expects next.
Toolbx can be used for a lot more than just strace. Everything from Ansible to Nmap to journalctl is possible, and it can be used both as your usual login UID and root. For more use cases and detailed examples, refer to the official Toolbx documentation.
More about bootable containers
If you're interested in bootable containers, we recommend taking a look at the upstream Getting Started Guide and Valentin's presentation on YouTube.
저자 소개
Preethi Thomas is an Engineering Manager for the containers team at Red Hat. She has been a manager for over three years. Prior to becoming a manager, she was a Quality Engineer at Red Hat. She is passionate about open source software, software quality, and open management practices and has rich experience working with upstream communities and projects. She is also highly passionate about Diversity and Inclusion and actively participates in outreach activities.
Principal Software Engineer at Red Hat, working on Fedora Silverblue and Workstation, GNOME, and Red Hat Enterprise Linux.
유사한 검색 결과
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
오리지널 쇼
엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리
제품
- Red Hat Enterprise Linux
- Red Hat OpenShift Enterprise
- Red Hat Ansible Automation Platform
- 클라우드 서비스
- 모든 제품 보기
툴
체험, 구매 & 영업
커뮤니케이션
Red Hat 소개
Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.