The writing of this blogpost has been on my personal TODO list for a while, but here it finally is. I spent some of my spare time in 2016 tinkering with different Linux distributions, not just because I still strongly believe that 2017 is The Year of the Linux Desktop but because Freedom of Choice is one of the values I hold most dear. Maybe I just like things to work exactly the way I want them to work. Anyways, back to the topic. The two most interesting distro's I played with were by far NixOS Linux and CoreOS Container Linux. I will start with a description of both, and then conclude with how I think they are related to each other.
NixOS is The Purely Functional Linux Distribution with a unique approach to package and configuration management. Built on top of the Nix package manager, it is completely declarative, makes upgrading systems reliable, and has many other advantages. NixOS has a completely declarative approach to configuration management: you write a specification of the desired configuration of your system in NixOS’s modular language, and NixOS takes care of making it happen. NixOS has atomic upgrades and rollbacks. It’s always safe to try an upgrade or configuration change: if things go wrong, you can always roll back to the previous configuration. Declarative specs and safe upgrades make NixOS a great system for DevOps use. NixOps, the NixOS cloud deployment tool, allows you to provision and manage networks of NixOS machines in environments like Amazon EC2 and VirtualBox.
NixOS promises rollbacks (remember those failing upgrades), user profiles (install software as a user in named environments), install multiple versions of same software, allows upgrading of your system and booting a virtual machine before you actually apply the upgrade, source and binary distribution, etc. It takes a single configuration file to bootstrap your system. It downloads all needed packages and configures software as instructed.
He also wrote a nice blogpost called Getting started with Nix package manager and after that he wrote this related blogpost called Why Puppet/Chef/Ansible aren't good enough (and we can do better). While the NixOS community might have started out smallish, the number of users in
#nixos on Freenode seem to keep on growing and the channel is also pretty active in my opinion, and so is the NixOS Github org. NixOS had two releases in 2016 and was also present at the latest iteration of 33C3.
CoreOS Container Linux
CoreOS Container Linux is a lightweight Linux operating system designed for clustered deployments providing automation, security, and scalability for your most critical applications. CoreOS Container Linux is the leading container operating system, designed to be managed and run at massive scale, with minimal operational overhead. Applications with Container Linux run in containers, providing developer-friendly tools for deploying software. Container Linux runs on nearly any platform whether physical, virtual, or private/public cloud.
CoreOS automates software updates to ensure better security and reliability of machines and containers running in large-scale clusters. Operating system updates and security patches are regularly pushed to CoreOS Container Linux machines without requiring intervention by administrators. When applications are distributed, these automatic updates dramatically improve security without causing service downtime.
The traditional Linux distribution is a one-size-fits-all, general purpose tool. It bundles a large amount of unused software, which adds bloat, increases the security threat surface, and expands the testing matrix required to certify a new release. Microservices require fewer dependencies, and using a more minimal operating system enables your apps to reach hyperscale. Container Linux contracts the boundary of the distribution to include just the essentials: the operating system and basic userland utilities are stripped to their bare minimum and shipped as an integral unit. All other applications and dependencies run inside containers, where they can be consistently managed, updated and distributed. As a user of Container Linux, you have a consistent, secure base to run your applications. CoreOS engineers continuously deliver patches to the OS, keep the container engines up to date and ensure your containers run securely.
Jessie Frazelle is one of the people that is very fanatic on using containers in very diverse scenarios. She has written about Docker Containers on the Desktop, Runc Containers on the Desktop and recently about the Ultimate Linux on the Desktop where she uses CoreOS Container Linux on the desktop.
Matt Bailey is currently writing a book called CoreOS in Action for Manning Publications. That might need some changes though, as today the CoreOS Team announced that their Container orchestration is moving from fleet to Kubernetes. However on CoreOS there are also plenty of other books available.
How do NixOS and CoreOS relate?
Both NixOS and CoreOS try to prevent the user from making manual changes to his operating system. Both firmly believe this task should be solved with automation instead. The time where you manually (ad-hoc) install packages in your operating system all the time is over, as far as they are concerned. However, the way they want to achieve this differs a lot.
NixOS provides you with an excellent way to be declarative about what you want your system to look like. Since NixOS combines this declarative approach with atomic upgrades and rollbacks, the only limit in how far you can rollback in terms of previous configurations is your disk space limit. It is also very nice to not need additional configuration management tools because the distro has been built to not need this from the ground up. While there are currently no books released for NixOS as far as I know, there are quite some blogs, combined with enthousiastic people on
#nixos on Freenode, and of course the excellent documentation.
CoreOS on the other end, wants you to not touch their (bare minimum) operating system at all. There are some options you can configure in the operating system, but the set is very limited, because it is not meant to be a one-size-fits-all distribution; it's strength is that is just includes the essentials to provide a secure base to run your (containerized) applications. CoreOS has automatic security updates (something you can also configure in a lot of other distributions), and is also focussed on keeping container-related tooling secure and up-to-date all the time. In a way, CoreOS is also pretty declarative, because everything that you want to run on top of the operating system, has to run inside a container. There are multiple interesting books around for CoreOS, but since it is still constantly evolving, it might be worth to join
#coreos on Freenode and to read their documentation when you are interested.