We're pleased to announce that Red Hat Enterprise Linux Atomic Host 7.4 is now generally available. Red Hat Enterprise Linux Atomic Host is a lightweight, container-optimized version of Red Hat Enterprise Linux. Red Hat Enterprise Linux Atomic Host couples the flexible, modular capabilities of Linux containers with the reliability and security of Red Hat Enterprise Linux in a reduced footprint, to decrease the attack surface and provide only the packages needed to light up hardware and run containers. Here's a look at some of the major changes in 7.4.
OverlayFS now fully supported with SELinux
After being introduced in Red Hat Enterprise Linux 7.1 as a technology preview, OverlayFS is now fully supported in Red Hat Enterprise Linux 7.4 and Red Hat Enterprise Linux Atomic Host 7.4 when used with docker as the docker graph driver under the conditions described in the release notes.
As the name implies, OverlayFS is a type of file system that allows users to overlay a file system on top of another file system. When changes are made to a file, they are stored in the "upper" file system and the "lower" file system remains unchanged. This is used for Linux containers to allow writes to container images, which may be shared among multiple running containers. This will also convey performance benefits when using OverlayFS, particularly for container builds. Red Hat recommends using the overlay2 graph driver with Linux containers.
With 7.4, OverlayFS now has SELinux support and is fully supported as a graph driver for Linux containers. Note that OverlayFS is still only supported with XFS as the underlying file system, and is not supported for persistent storage for containers. Persistent storage for containers should still be placed on non-OverlayFS volumes to be supported.
LiveFS brings updates without reboot
We introduced package layering with rpm-ostree in Atomic Host with 7.3, and the 7.4 release brings this to fully supported. Package layering allows you to add packages that aren't part of the original install to the system permanently. This is useful for adding diagnostic tools, monitoring tools, or packages that add support for hardware.
Previously, using the atomic host install and atomic host uninstall commands (aka package layering) with Atomic Host required a reboot to take effect. In this release, we're delivering LiveFS functionality to allow users to let package changes take effect without a reboot. This is currently in technology preview stage with 7.4, and a reboot is still required for rpm-ostree updates (kernel & user space).
Namespace support
With Red Hat Enterprise Linux 7.4 and Red Hat Enterprise Linux Atomic Host 7.4, we now offer user namespaces with Linux containers. This means that processes inside a container have their own namespace that maps to unprivileged namespaces outside the container. So a root user in the container does not map to the root user outside the container.
Package signing, Container Health Index, and more
Red Hat's work on Linux containers goes far beyond RHEL Atomic Host. We are constantly working to improve the end-to-end delivery of Linux containers from the base image, to the host platform, to orchestration and more. In addition to the new features present in RHEL Atomic Host 7.4, here's a few noteworthy improvements beyond RHEL and RHEL Atomic Host for Linux containers.
In May, we announced the addition of the Container Health Index to the Red Hat Container Catalog. The Container Health Index is an easy-to-understand grade (A to F) detailing how images should be consumed and evaluated for production systems, based in part on the age and impact of unapplied security errata across all components of a container.
Last week, we delivered signing for all Red Hat images in the Container Catalog. As Aaron Weitekamp wrote last week, "customers can now configure a Red Hat Enterprise Linux host to cryptographically verify that images have come from Red Hat when they are pulled onto the system. This is a significant step in advancing the security of container hosts, providing assurance of provenance and integrity and enabling non-repudiation." Be sure to check out Aaron's post for the full details on using and verifying the signatures in your environment.
As you can see, there's a lot of container goodness in Red Hat Enterprise Linux Atomic Host 7.4. Watch this blog in the next few weeks for more details on using some of the new features in 7.4.
저자 소개
Joe Brockmeier is the editorial director of the Red Hat Blog. He also acts as Vice President of Marketing & Publicity for the Apache Software Foundation.
Brockmeier joined Red Hat in 2013 as part of the Open Source and Standards (OSAS) group, now the Open Source Program Office (OSPO). Prior to Red Hat, Brockmeier worked for Citrix on the Apache OpenStack project, and was the first OpenSUSE community manager for Novell between 2008-2010.
He also has an extensive history in the tech press and publishing, having been editor-in-chief of Linux Magazine, editorial director of Linux.com, and a contributor to LWN.net, ZDNet, UnixReview.com, and many others.
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
오리지널 쇼
엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리
제품
- Red Hat Enterprise Linux
- Red Hat OpenShift Enterprise
- Red Hat Ansible Automation Platform
- 클라우드 서비스
- 모든 제품 보기
툴
체험, 구매 & 영업
커뮤니케이션
Red Hat 소개
Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.