Project Atomic is pleased to announce the release of the Atomic Developer Bundle (ADB) 1.7.1, a Vagrant box that provides a ready-to-use development environment for container based applications. With the ADB, developers can dive right into producing complex, multi-container applications. The ADB is available for Microsoft Windows, Apple OS X, and Linux distributions.

The 1.7.1 release is primarily a bug fix and enhancement release.

Since Atomic App has released version 0.4.2, I decided it was past time to make the atomic-site into an Atomic App instead of using a shell script that wraps Docker to test it. The new setup is a big improvement, and a useful guide to “Nuleculizing” your own apps.

As you know, the purpose of Atomic App and Nulecule is to give you a provider-agnostic way to specify multi-container applications and orchestration metadata that stays with the application image(s). Eventually, this will allow for single-command deploys of even large, scalable apps involving many containers. For now, it enables us get rid of some hackish shell scripting around Docker in our atomic-site test setup.

I believe SELinux is the best security measure we currently have for controlling access between standard Docker containers. Of course, I might be biased.

All of the security separation measures are nice, and should be enabled for security in depth, but SELinux policy prevents a lot of break out situations where the other security mechanisms fail. With SELinux on Docker, we write policy that says that the container process running as svirt_lxc_net_t can only read/write svirt_sandbox_file_t by default (there are some booleans to allow it to write to network shared storage, if required, like for NFS). This means that if a process from a Docker container broke out of the container, it would only be able to write to files/directories labeled svirt_sandbox_file_t. We take advantage of Multi-Category Security (MCS) separation to ensure that the processes running in the container can only write to svirt_sandbox_file_t files with the same MCS Label: s0.

We’ve now released 0.4.3 of Atomic App!

This will probably be our last release before 1.0.0.

With this release, we’ve re-factored our logging formatter making it easier to decipher between information, debug, warnings, and errors.

Version 0.0.3 of the vagrant-service-manager plugin has been released by Project Atomic.

The vagrant-service-manager plugin works in conjunction with the Atomic Developer Bundle (ADB) to provide a Linux container development environment. The plugin is used to display the configuration information of services present in ADB. This plugin replaces the previously released vagrant-adbinfo plugin.

The plugin displays the configuration details for the Docker and other container-related services running inside of the ADB. This information can be used by a CLI client, such as docker or oc, or by an IDE, such as Eclipse, to interact with the ADB.

The CentOS Atomic SIG has released new images and an updated filesystem tree for CentOS Atomic Host. This includes a patched glibc and a refreshed set of Kubernetes packages, among other updates. All users running CentOS Atomic Host in production should update as soon as possible.

An updated version of CentOS Atomic Host (version 7.20160224) is now available for download. CentOS Atomic Host is a lean operating system designed to run Docker containers, built from standard CentOS 7 RPMs, and tracking the component versions included in Red Hat Enterprise Linux Atomic Host.

Project Atomic will be participating in Google Summer of Code for the first time this year. So if you are a student, consider spending your summer (or winter in the Southern hemisphere) hacking on container technology. If you know a student, encourage them to apply.

We are participating as part of Fedora, so specifically we’re looking for work on any or all of the projects which are part of Fedora Atomic Host. We have a list of ideas on our GSOC Page, and more detail on the Fedora GSOC Ideas wiki page. But, of course, you may have even better ideas for an interesting project!

The atomic verify command checks whether there is a newer image available remotely and scans through all layers to see if any of the layers, which are base images themselves, have a new version available. If the tool finds an out-of-date image, it will report as such. The command attempts to reach out the registry where the image has been downloaded from to understand if the local image is outdated.

Currently, atomic verify relies on a Docker patch that Red Hat is carrying called remote repository inspection. It adds a new REST route that basically returns docker inspect-like information about a given image as found in the remote registry the image is hosted. We need this feature because atomic verify uses LABEL(s)—and in particular the Version LABEL—to check whether the local image needs to be updated. For more information about labels, see the projectatomic/ContainerApplicationGenericLabels.

We’ve now released 0.4.2 of Atomic App!

As we get closer to 1.0.0, we are focusing on testing and bug fixes before our grand release.

The changes to atomicapp in this week’s release are:

Features:

• Meta data is now an optional requirement when building Nuleculized applications

Project Atomic is pleased to announce the release of the Atomic Developer Bundle (ADB) 1.7.0, a Vagrant box that provides a ready-to-use development environment for container applications. With the ADB, developers can dive right into producing complex, multi-container applications. The ADB is useful on Microsoft Windows, Apple’s OS X, and Linux distributions.

The 1.7.0 release adds several new features, including:

• OpenShift is now managed as a systemd unit file with full functionality (start/stop/restart), making it a single step to set up OpenShift on one machine. This will help application developers who want to develop and test applications on OpenShift on their laptop or workstation.
• The new SCCLI command-line tool to can help users move between Kubernetes and OpenShift setup.
• A new vagrant plugin, vagrant-service-manager, that manages the services inside of the ADB. This plugin is recommended for use with the ADB and fully replaces vagrant-adbinfo.

This release also includes many smaller changes and bugfixes, which are detailed in the release comments.