Review: VMware’s Photon OS shines for Docker containers

Optimized for the VMware hypervisor, Photon OS is an easy-to-use container OS with all the advantages of virtual hardware

With the Photon open source project, VMware hopes to build a community around the practice of running containerized applications in virtual environments. Photon is an umbrella term for multiple projects that include ways to deploy containers on a VM, using Photon OS, as well as ways to deploy containers as VMs on VMware infrastructure.

Photon OS is a small-footprint Linux container host designed to run on virtual machines and tuned for VMware hypervisors. VMware has certainly embraced the Docker movement in a big way, and not just on VMware. You can run Photon OS on other hypervisors including Google Compute Engine and Amazon EC2. However, you cannot install Photon OS on a physical server.

Photon OS does not make assumptions about the container toolset, although Docker is installed by default. Administrators can layer container management tools of their choice over the base OS using the Photon package manager.

Photon OS system administration

On Photon OS, package management is done with TDNF (Tiny Dandified Yum), an open source VMware creation that offers DNF compatible package management without the large Python footprint of Yum.

VMware provides its own Yum-compatible repositories for managing packages, and signs packages with GPG (GNU Privacy Guard) signatures. This helps make the system secure by default. Signature verification happens automatically, so there are no extra steps required by system administrators or scripts. The Photon OS repositories are “curated,” so do not expect to find every package out there available for download.

Because Photon OS 1.0 Revision 2 is packaged with an older version of Docker, the first thing I wanted to do was try an update. This went flawlessly, and in a matter of a minute, all my containers were running on the latest version of Docker.

Photon OS uses the Systemd init system, so administrators will have to learn that flavor of system management if they have not already. Security is a focus, and the system includes SE Linux to enhance container isolation. A firewall (iptables) is turned on by default, and packets from external interfaces (except SSH traffic) are dropped, so administrators will need to add rules to permit traffic from the outside world.

Mostly this default security did not get in the way, except when making a mandatory change to the root password from the clean install. Any mistake throws the user out of the shell and back into a login prompt. This part could have been a bit more user friendly.

Photon OS installation and configuration

I installed Photon OS using the downloadable virtual machine. As you might expect, this was painless on my VMware Workstation Pro setup. The system detected the download, asked if I wanted to accept the hardware parameters, and booted right away. Photon OS is also available as an ISO, and as images for the Amazon and Google clouds. After logging in as root and configuring passwordless logins, I was off and running.

The minimal install, like other container Linux hosts, contains nearly nothing, not even sudo, though it does include SSH. Administrators deploying fleets of Photon OS VMs will want to script the setup, and for that Photon OS uses Cloud-Init, a set of Python scripts and utilities to make cloud deployment and configuration easier.

Even for an OS for Docker containers, setting up Photon OS was about as easy as it gets. It seems that getting Nginx running in a container is the “Hello world” for Docker. Here it is on Photon OS:

# systemctl start docker
# systemctl enable docker
# docker run –d –p 80:80 vmwarecna/nginx

Photon OS storage and networking

Thanks to running in a virtualized hardware environment, storage devices appear like normal hardware, and standard file system operations are available in Photon OS.  You can add a new (virtual) disk to the machine, and mount it where it is needed, just like any other disk. The Photon OS file system includes Btrfs and Ext4. The default root file system is Ext4. Examples of Btrfs are few and Ext4 seems to predominate.

Remote storage is handled by Photon NFS utilities. None of the other container-oriented Linuxes I’ve used (Alpine, RancherOS, CoreOS, and Atomic Host) included instructions for NFS, so I was glad to see that VMware documented the practice. NFS is still alive and kicking in enterprise environments, and I expect that mounting NFS drives will be a common use case for Photon OS users.

The only unusual storage option in Photon OS is the choice of read-only or read-write file systems, but this really depends on the use case, and I was glad to have the choice.

Networking in Photon OS uses the iproute2 utilities, although the traditional ipconfig and netstat commands are included. Photon OS installations do not include any container network configuration by default, but many popular configurations are documented: Docker, Rocket, DCOS, etc. From a networking perspective, Photon OS is just like any other flavor of Linux and there were no surprises.

Photon OS upgrades and downgrades

Like Red Hat’s Atomic Host, Photon OS uses rpm-ostree as a hybrid image/package management system, with its own OSTree server. Understanding rpm-ostree command sets, terminology, and best practices will take administrators some time. In addition to learning a new set of commands to learn, administrators will need to be aware of read-only directories and ensure that applications do not write files into them. For example, the /usr directory is read-only when using rpm-ostree. The rpm-ostree profile is an install-time option, so users can select from TDNF or rpm-ostree for package management. The documentation is good on this topic.

When developing Photon OS, VMware was able to strip all sorts of legacy modules from the Linux kernel. Since VMware controls the entire hardware and OS stack, it was also able to tune buffers, time accounting, and compile flags to eliminate redundancies between the container runtime and hypervisor. For organizations with an investment in VMware virtualization, the Photon project should be at the top of the list to investigate.

Join the newsletter!

Error: Please check your email address.

More about AmazonGoogleISOLinuxRed HatSSH

Show Comments
[]