Fedora Atomic setup?

[KRDucky 1]

Would anyone be so kind as to show/write how to setup an Emby server using Fedora Atomic? I am fixing to upgrade my system to the new AMD Ryzen 5 2400G and plan to transition Fedora Atomic. Fedora Atomic includes the os-tree system along with live updates which is a nice touch.

 

--From Fedora: "Atomic Host from Project Atomic is a lightweight, immutable platform, designed with the sole purpose of running containerized applications."

https://getfedora.org/en/atomic/

 

I want to run my application stack in containers. All pulling from my library data pool. (LVM2 array)

 

My stack is usually, Emby - Sonarr - Sabnzbdplus - Cockpit - Organizr - SFTP server

 

As the AMD Zen architecture has a good memory cryptography solution that seems to eliminate the vulnerability to VMs and containers running on an AMD platform, I figured it would be a good idea to containerize my server's services. 

 

Does anyone have a walkthrough or guide for how to accomplish this on Fedora Atomic?

[Luke 36999]

Hi, so I'm guessing our regular Fedora install won't suffice?

[KRDucky 1]

Hi, so I'm guessing our regular Fedora install won't suffice?

i dont think so. Plus, I think the regular install is for Fedora 25. While we are on 27 and 28 is due shortly. Fedora Atomic is "the Next Generation Container OS". So similar to Docker I guess.

Using Atomic, I can administer and control the entire server with Cockpit. I can do the same using Docker containers through Cockpit but Atomic containers are more tightly integrated.

Just to clarify, the Atomic container is built using a Docker container. So you start with a Docker container and build an Atomic container from it.  - https://github.com/projectatomic/buildah

 

An example of how using an Atomic container is potentially better than a straight Docker container: https://github.com/projectatomic/bubblewrap

Many container runtime tools like systemd-nspawn, docker, etc. focus on providing infrastructure for system administrators and orchestration tools (e.g. Kubernetes) to run containers.

These tools are not suitable to give to unprivileged users, because it is trivial to turn such access into to a fully privileged root shell on the host.

Bubblewrap works by creating a new, completely empty, mount namespace where the root is on a tmpfs that is invisible from the host, and will be automatically cleaned up when the last process exits.

[KRDucky 1]

Fedora Atomic:

It's literally a tree representation of the bootable OS, similar to how a git repository is a merkle tree of source code.

The ostree rolls forward as the operating system is updated, so when I push out the daily Fedora updates, a new ostree is generated with those stable updates applied. But for users of Atomic Host, Instead of installing a bunch RPM packages, one does a "pull" and all the updates are applied in one transaction. Again, similar to a git fetch/pull. The ostree can also roll backwards, say for example something breaks, it's trivial to go back to know-good state.

 

Fedora Atomic is the immutable image version of Fedora. It works best for running Kubernetes and Docker cause all other software is run in containers. It is distributed as images that can run in VMs. The immutable image means updates are applied by updating the whole image.

 

There is even a workstation version aka desktop version instead of server. All the software that runs on it is containerized and distributed as flatpaks.

[Luke 36999]

So would our Docker install be an option?

[KRDucky 1]

theoretically yes. And if I can figure out the method, Ill post a guide. But im kinda hoping someone else has already tried it.

[Luke 36999]

@@fc7 may know.