Red Hat Enterprise Linux 8 has been generally available since May, but we know that many customers cannot upgrade immediately. For this reason, we have released Red Hat Enterprise Linux 7.7 with a set of new container capabilities focusing on updates to container tools and Red Hat Universal Base Image (UBI):
Rootless containers are available as Tech Preview.
RHEL 7 Workstation now includes container tools (Podman, Buildah, and Skopeo).
The golang container image is now available under the Red Hat Universal Base Image End User License Agreement (EULA).
Rootless Containers Tech Preview
We are proud to announce that users of RHEL 7.7 can now use Podman 1.4.4 to find, run, build and share containers as regular users (also called rootless). This builds on the work we did in RHEL 7.6 (A preview of running containers without root in RHEL 7.6).
The new rootless feature can be tested with a fresh installation of RHEL 7.7 or by upgrading from RHEL 7.6. When doing a fresh install, just add a new user ID and the new version of the
shadow-utils package will take care of everything (
/etc/subgid entries). With an upgrade from RHEL 7.6, you will need to add the UID/GID mappings for existing users. For more detailed information, follow the Managing Containers guide in the RHEL 7 documentation.
The tech preview of rootless containers offers only the the VFS driver (no fuse-overlay support). This has the trade-off of better runtime performance at the expense of using more disk space. The VFS driver does not use copy-on-write, so when the container is started it will copy all of the data from lower layers of the container image.
The runtime performance is improved because there is no copy-on-write cost, though it will result in slower start up and can consume quite a bit more disk space. We are currently working on backporting the fuse-overlay capabilities to the 3.10 kernel with an eye towards full fuse-overlay support during the RHEL 7 life cycle.
Container Tools in RHEL Workstation
RHEL 7 Workstation users have access to new tools for finding, running, and building containers. Often vendors deliver software, like compilers, as a container image, and customers need a way to consume this software. Podman, Buildah and Skopeo, native operating system tools for running OCI (Docker compatible) containers are now available with RHEL 7.7 Workstation. These new tools have some restrictions and recommendations:
These container tools are made available for consumption of third party images (compilers, etc.).
They provide the ability to build container images based only on the Red Hat Universal Base image content.
They do not provide access to RHEL Server software packages (RPMs). Containers images which require RPMs from RHEL Server cannot be built on RHEL Workstation.
If users need to build RHEL Server container images, there are two main options:
Upgrade to RHEL 8 Workstation. With RHEL 8 Workstation, Podman, Buildah and Skopeo are capable of building on UBI 8 and consuming RHEL 8 Server RPMs.
If you cannot upgrade to RHEL 8, contact your sales representative or reseller. Using your existing RHEL Workstation subscription, Red Hat can provide you access to RHEL 7 Server for this Workstation use case.
Go Toolset Released with Red Hat Universal Base Image EULA
Red Hat announced Red Hat Universal Base Image (UBI) back in May at Red Hat Summit in Boston. UBI is built for cloud native developers who need a high quality, easy to distribute base image. At release, ubi7 provided developers access to Node.js 8, PHP 7.2, Python 2.7, Python 3.6 and Ruby 2.5.
With the release of RHEL 7.7, UBI 7 will now expand to include Go 1.11.6. The ubi7/go-toolset container image and associated RPMs are now released under the Red Hat Universal Base Image EULA.
Developers can freely use and distribute containerized build environments with Go just like other UBI based container images. Also remember that like any compiled language, Go binaries can always be distributed in scratch images (built with Buildah), or on ubi7/ubi-minimal image to reduce image size. For more information, please see the ubi7/go-toolset repository or the Red Hat Universal Base Image product page.
If your organization isn’t quite ready to upgrade to RHEL 8, check out the new container capabilities we are providing in RHEL 7. From expanded container tools and Red Hat Universal Base Image use cases, to a Tech Preview of rootless, there are a lot of interesting new features. Check out the latest RHEL 7 docs: Managing Containers and Getting Started with Containers.
About the author
Scott McCarty is technical product manager for the container subsystem team, which enables key product capabilities in OpenShift Container Platform and Red Hat Enterprise Linux. Focus areas includes container runtimes, tools, and images. Working closely with engineering teams, at both a product and upstream project level, he combines personal experience with customer and partner feedback to enhance and tailor strategic container features and capabilities.