Managing RHEL Atomic Hosts

In this article, I will explain you, how to register RHEL atomic host with Red hat Network and how to update atomic host using Red hat subscription manager.

Note: Before Starting, please make sure you must have a valid Red Hat Network username and password to an account with an available Red Hat Enterprise Linux Atomic Host entitlement to download and update atomic hosts.

Importaint:
The RHEL Atomic Host server must have network connectivity to both subscription.rhn.redhat.com:443 and cdn.redhat.com:443

Register RHEL Atomic Host with RHN:

Step 1:

Open terminal and login with root user.

Enter below command to register with RHN.

bash-4.2# subscription-manager register
Username: rhn-username
Password: rhn-password
The system has been registered with ID: af27f5ed-4f79-46ba-bf37-2e478b83e45b

After successful registration, execute below command to check available list of product for your account.

bash-4.2# subscription-manager list

+——————————————-+
Installed Product Status
+——————————————-+
Product Name: Red Hat Enterprise Linux Atomic Host
Product ID: 271
Version: 7
Arch: x86_64
Status: Not Subscribed
Status Details: Not supported by a valid subscription.
Starts:
Ends:

Step 2:

Execute below command to check available subscription pool and identify pool id for RHEL Atomic Host product.

bash-4.2# subscription-manager list –available | less
…Output omitted…
Subscription Name: Red Hat Employee Subscription
Provides: Red Hat Enterprise Linux Atomic Host
Red Hat Enterprise Linux Atomic Host Beta
Red Hat Enterprise Linux Atomic Host HTB
…Output omitted…
Pool ID: 1234f9843e3d687a013e3ddd3a66ffff

Step 3:

Copy pool id, which we got in previous command output and attach pool to subscribe for update.

bash-4.2# subscription-manager attach –pool=1234f9843e3d687a013e3ddd3a66ffff
Successfully attached a subscription for: Red Hat Employee Subscription

Step 4: Ensure Status of subscription Manager.

bash-4.2# subscription-manager list

+——————————————-+
Installed Product Status
+——————————————-+
Product Name: Red Hat Enterprise Linux Atomic Host
Product ID: 271
Version: 7
Arch: x86_64
Status: Subscribed
Status Details:
Starts: 04/23/2017
Ends: 12/31/2021

Once a RHEL Atomic Host is installed, registered, and subscribed with Red Hat Network, it is a good practice to upgrade the RHEL Atomic bits to run the latest OSTree available. RHEL Atomic uses atomic host command to manage file system OSTrees that are downloaded from cdn.redhat.com. The atomic host command is the utility that downloads and manages these file system OSTrees.The atomic host command invokes the rpm-ostree command in background.

Step 5: Check the atomic host status with atomic host and rpm-ostree commands

bash-4.2# atomic host status
TIMESTAMP (UTC) VERSION ID OSNAME REFSPEC
* 2015-02-05 14:52:09 7.1.0 9d04d17969 rhel-atomic-host rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard

bash-4.2# rpm-ostree status -p
============================================================
* DEFAULT ON BOOT
—————————————-
version 7.1.0
timestamp 2015-02-05 14:52:09
id 9d04d179695a81a0764916360fc35f64f0de04ffee80bbf9bca66af038541cd4.0
osname rhel-atomic-host
refspec rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard
============================================================

The id value in the output of atomic host status and rpm-ostree status is an abbreviated version of the value provided in the output of rpm-ostree status -p. The unabbreviated id value can be used to identify the directory that contains the actual files in the OSTree.

-bash-4.2# ls /ostree/deploy/rhel-atomic-host/deploy/9d04d179695a81a0764916360fc35f64f0de04ffee80bbf9bca66af038541cd4.0
bin dev home lib64 mnt ostree root sbin sys tmp var
boot etc lib media opt proc run srv sysroot usr

Upgradation of RHEL Atomic Host:

Step 1:
Assuming the RHEL Atomic Host is properly registered and subscribed to Red Hat Network, upgrading is accomplished by running the atomic host upgrade command.

bash-4.2# atomic host upgrade
Updating from: rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard

613 metadata, 3173 content objects fetched; 122756 KiB transferred in 338 seconds
Copying /etc changes: 10 modified, 4 removed, 36 added
Transaction complete; bootconfig swap: yes deployment count change: 1
Changed:
NetworkManager-1:0.9.9.1-29.git20140326.4dba720.el7_0.x86_64
NetworkManager-glib-1:0.9.9.1-29.git20140326.4dba720.el7_0.x86_64
docker-1.3.2-4.el7.x86_64
dracut-033-161.el7_0.173.x86_64
gnutls-3.1.18-10.el7_0.x86_64
kernel-3.10.0-123.13.1.el7.x86_64
kubernetes-0.6-4.0.git993ef88.el7.x86_64
…Output omitted…

After the atomic host upgrade command successfully runs, a new OSTree should be available for use.

Step 2: Check the host status.

bash-4.2# atomic host status
TIMESTAMP (UTC) VERSION ID OSNAME REFSPEC
2015-02-06 14:52:09 7.1.1 8d04d17868 rhel-atomic-host rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard
* 2015-02-05 14:52:09 7.1.0 9d04d17969 rhel-atomic-host rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard

Star in front of output showing cureent selected older version of RHEL Atomic Host software i.e 7.1.0 , Reboot the system to boot with new updated RHEL Atomic Host.

Step 3:
bash-4.2# systemctl reboot

Check the host status

bash-4.2# atomic host status
TIMESTAMP (UTC) VERSION ID OSNAME REFSPEC
* 2015-02-06 14:52:09 7.1.1 8d04d17868 rhel-atomic-host rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard
2015-02-05 14:52:09 7.1.0 dcf0c846ff rhel-atomic-host rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard

So here we upgraded our RHEL Atomic Host using Red hat Network.

Step 4:

In case you need to revert back up gradation use below command, this will rollback to your older version of RHEL Atomic Host i.e 7.1.0

bash-4.2# atomic host rollback
Moving ‘dcf0c846ff87f251d48439f6c90948f1183654a9b9d46b28c3f5e0f42c1ddf8e.0’ to be first deployment
Transaction complete; bootconfig swap: yes deployment count change: 0
…Output omitted…
Successfully reset deployment order; run “systemctl reboot” to start a reboot
bash-4.2# atomic host status
TIMESTAMP (UTC) VERSION ID OSNAME REFSPEC
2015-02-05 14:52:09 7.1.0 dcf0c846ff rhel-atomic-host rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard
* 2015-02-06 14:52:09 7.1.1 8d04d17868 rhel-atomic-host rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard

Note:
The yum and rpm commands cannot be used to upgrade software on a RHEL Atomic Host. yum is not installed. rpm should only be used for queries since the only writable directories in RHEL Atomic Host are /etc and /var.

In this way, you can manage your RHEL Atomic Host using RHN.

Introduction to RHEL Atomic Host

Docker:

Docker is an open-source project that automates the deployment of applications inside software containers.
Docker packaging model used to package applications inside container and run isolated from each other as an virtual machine.
Docker containerized environment based on Linux kernel features like namespace, cgroups and SElinux. These are describes as:

Kernel Namespace:

Kernel namespace is isolated virtual environment under base linux kernel which has following features.

1) PID: Used for process isolation.
2) mount: Provides each container as separate isolated file system.
3) IPC: Each container have separate shared memory regions, semaphores sets and message queues.
4) net: Used for managing network interfaces, routing tables, firewall rules.
5) UTS: Used for isolating kernel and version numbers. Setting host name and domain name will not affect the rest of the system.

Cgroup:

Cgroup allow the Docker containerized environment to share available hardware resources to containers and set up limits and constraints.

for more visit: https://sysadmincasts.com/episodes/14-introduction-to-linux-control-groups-cgroups

SElinux:

SElinux policies are used to protect RHEL Atomic host from containers and also protect containers from each other. it provides two from of security protection namely Type enforcement and Multi-Category security (MCS) separation.
Containers are light weight as compared to virtual machines, they basically reduce the cost as compared to hyperviser based virtual machines. Container has only application related packages and dependencies and minimal operating system software included.

for more visit: https://www.docker.com/what-docker

RHEL Atomic Host:

Red Hat Enterprise Linux Atomic host is red hat variant, designed to run docker and provide containerized environment for applications. RHEL Atomic host pre-installed with minimal packages, usually it comes with below packages-

1) Docker Utility
2) Docker daemon
3) Kubernetes (container orchestrator)
4) systemd
5) rpm os-tree
6) RHEL-7 based kernel which supports namespace, cgroups and SElinux

Note:

– It has only two writable directories namely- /etc and /var
– yum command not used to install packages in RHEL Atomic host.
– /usr mounted read only, and /usr/local is symbolic link to the /var/usr/local
– No firewalld daemon is available, it has only iptables for packet filtering.
– No iSCSI client or initiator installed.

Container Images and Registry:

Container images are read only which can upload and downloaded from public or private image registry. Container images are used to build container. Docker utility are used to pull or push these images from registry. RHEL atomic host by default configured to use below mentioned public image registry. Additionally administrator can configure there own private image registry to store container images.

– Docker Hub (registry.hub.docker.com)
– Red hat Public Registry (registry.access.redhat.com)

Installation of RHEL Atomic host:

RHEL Atomic installation media

RHEL Atomic Host is available in a different variant:

1) .qcow2 image that can be used with OpenStack or KVM.
2) .ova images that can be used with RHEV or VMware.
3) .vhd image that can be used with Hyper-V.
4) iso image that can be used for a bare-metal hardware or virtual guest installation.

Download the installation ISO or a virtual machine image from the Red Hat Customer Portal. Below is the link.

https://access.redhat.com/downloads

Select the Red Hat Enterprise Linux link from the list of products. Then select Red Hat Enterprise Linux Atomic Host from the Product Variant pull-down menu. Click the Installation Media Download button to download the .iso installation media for RHEL Atomic Host.

RHEL Atomic installation using ISO:

Below are minimum installation requirements

System must have a minimum of 2 GB of RAM.
It should also have a minimum of 8 GB of disk space, 3 GB for RHEL Atomic, and the remaining space for container storage.

For bare-metal installations, burn the ISO image to media and boot the system. Alternatively, the installation media can also be published over the network and a PXE installation can be initiated.

Steps 1: Select the Install RHEL Atomic Host 7 menu item so it is highlighted, then press Enter to launch the installer.

Step 2: Select language from Menu list.

Step 3: After language selection, the installation summary hub is the next screen displayed. Date and time, keyboard, and language can be optionally configured from this screen.

Step 4: Select disk for installation as destination.

Step 5: Configuring network and host name during installation is recommended. Make sure to enable the network interfaces and configure them using DHCP or static network configuration. When a RHEL Atomic installation is performed using PXE, the network and host name will be configured by default.

Step 6: Select Next from screen, installation will started.

Step 7: Set root password and additional you can create user during installation.

Step 8: System will reboot after installation, log in with root user and perform system checks.

a) Check docker daemon is running or not

#systemctl status docker.service -l

b) See available container images from registry

#docker images

In this way you can install RHEL Atomic host on virtual environment or on any bare metal hardware.

Overview of Red Hat Openshift Enterprise

 

Openshift is a container platform developed by Red Hat to deploy, develop and run applications.
It is designed using upstream community project Openshit Origin. Openshift Origin basically provides an open source application container platform. All source code for the Origin project is available under the Apache License (Version 2.0) on GitHub.

Openshift Origin used in OpenShift Online, OpenShift Dedicated, and OpenShift Container Platform which are different software products by Red Hat. It is Built around a core of Docker container packaging and Kubernetes container cluster management, Origin is augmented by application lifecycle management functionality and DevOps tooling.

OpenShift Online is Red Hat’s public cloud application development and hosting service.
OpenShift Dedicated is Red Hat’s managed private cluster offering, built around a core of application containers powered by Docker, with orchestration and management provided by Kubernetes, on a foundation of Red Hat Enterprise Linux.
OpenShift Container Platform (formerly known as OpenShift Enterprise) is Red Hat’s on-premise private platform as a service product, built around a core of application containers powered by Docker, with orchestration and management provided by Kubernetes, on a foundation of Red Hat Enterprise Linux.

If you do not have to manage your own data center then you can use OpenShift Online by Red Hat, a public cloud platform provided by Red Hat.

openshift1

Openshift Enterprise builds on other different opensource project such as Atomic, Docker, and Kubernetes. Openshift services provide additional authentication, security, scheduling, networking, storage, and application life-cycle management over standard Kubernetes orchestration.

Applications are running as a container inside Openshift Enterprise with isolated from each other on single operating system. Containers has some benefits over Virtual Machines. As container are light weight virtual machines with minimal operating system packages and application dependencies installed. Each container has separate storage and network isolation. This leads to deploy applications rapidly inside the container.

Following diagram shows software stack included in Openshift Enterprise Product.

OpenShift_v3_Stack_Final_0

From above diagram starting from bottom,
1) Base Operating System (Red Hat Enterprise Linux).

2) Docker: A container platform service.

3) Kubernetes: It is Orchestration tool designed and developed by Google and written in Go programming language. It used to manage the deployment of containers using templates.

4) Containerized Service: fulfill many PaaS infrastructure functions such as networking and authorization. Some of them run all the time, while others are started on demand. Run times and xPaaS are base container images ready for use by developers, each preconfigured with a particular runtime language or database.

5) DevOps tools and user experience: Openshift provides Web and CLI management tools for developers and system administrators, allowing the configuration and monitoring of both applications and Openshift services and resources.

In upcoming articles, I will demonstrate you, how to install and configure Openshift Enterprise on Red Hat Enterprise Linux.