An overview of single-purpose Linux distributions
lwn.netThis is one of those things that I've always been too scared to ask so I'm just going to ask it now: Is there a distro designed exclusively for running docker (and perhaps other) containers that also contains a friendly web UI for people who have no idea how docker actually works?
I'm familiar with Proxmox, but it doesn't natively support docker.
OpenSUSE MicroOS is basically built around the idea of an "immutable" (read disincentivized to change) core while the majority of user space runs in a Podman container.
It was originally developed as an absolute minimal distro for running containers on servers, but the immutable desktop movement led them to develop a desktop user-facing variant.
Other ideas that are very similar: Fedora SilverBlue (very similar, more mature) and VanillaOS (based on Flatpak insteak of Podman/Docker, very new)
If you install openSUSE these days during setup you have the option to set up the company as a "transactional server" with this immutable environment. I love that writing to /usr/bin fails with read-only file system. It's implemented as a read-only btrfs snapshot.
I'm sorry what these means?, can you explaine it again whit more details?
It's already well-explained in the linked article:
> OpenSUSE MicroOS has a read-only root file system, using Btrfs. Transactional updates are handled by a SUSE-specific wrapper script around the package manager zypper, transactional-update. This creates a new Btrfs snapshot of the root file system and then performs an update of the system. If the installation was successful, the script marks the new snapshot as the default snapshot. On errors, the snapshot is discarded and the previous one remains as the default. A reboot activates the new snapshot.
My comment above was saying that you don't have to use MicroOS per se to get this. A regular openSUSE install supports the transactional server role that does the same thing as MicroOS.
I think in your original comment maybe there is a slightly confusing typo? Is “company“ supposed to actually be “computer” or something like that?
Don't forget Fedora CoreOS, Fedora's actual container-distro! Silverblue/Kinoite are desktop distributions.
The idea and execution is very similar to MicroOS, both on the desktop and on the server. Immutability isn't as scary as it sounds, highly recommend checking it out.
No webgui though, that has to come from another project...
A small correction: Fedora Silverblue & co is highly Flatpak based, and the VanillaOS 'package manager' is Distrobox under the hood, which is a project for running full linux distros inside podman containers intended for desktop users.
RancherOS if you're looking to use something heavily tested but it's got a few weird features like most of the OS also being in containers. If you want something light to play with and get a vanilla docker experience, your best bet is likely Boot2Docker with Portainer.
The existing RancherOS is no longer being maintained, you probably shouldn't be using it anymore:
https://rancher.com/docs/os/v1.x/en/support/
Rancher is working on a new version.
News to me! Apparently I haven't used it in quite some time.
Hasn't 2.x been released for a long time now?
Really? I loved the original RancherOS, would love to see the new version!
I think I'm confusing Rancher "proper" and RancherOS, sorry.
When I last used Portainer on my home setup, the support for configuration-as-code deployment seemed pretty experimental— basically you could roll out a docker-compose config from a URL or upload as a one-off effort, but IIRC it had no ability to track that URL for changes, or update an already-deployed container set to a new configuration. I think you couldn't even give it a URL requiring authentication maybe?
All of this left me feeling like the devs had different goals than I did as a user.
But the current iteration seems like k8s/helm are first-class features now, so yeah, should definitely look again.
docker-the-company maintained https://github.com/linuxkit/linuxkit when I worked there. I have no idea who maintains it now, but it looks like it is still active (presumably still docker-the-company, since their adopters list [1] lists docker desktop).
[1]: https://github.com/linuxkit/linuxkit/blob/master/ADOPTERS.md
Clear Linux pitches itself as the perfect Docker host: https://clearlinux.org/downloads/containers
Its almost certainly the most performant distro in this huge thread (unless your host is ARM).
Proxmox with native docker support would've been a dream. I know, it's easy to add it on top (since it's basically a layer over debian), but you still wouldn't get the native GUI support and the proxmox features that come with it. I don't know why they are so keen on not adding docker, and only focusing on LXC. LXC is fine, but it's pretty clear that it is far from being as popular or commonly used as Docker.
VMware has a thing that's basically this also: https://vmware.github.io/vic-product/
But I've never quite understood the appeal. Is it about running untrusted containers with VM-level isolation? Or having a familiar GUI for managing and lifecycling them? Something else?
Fundamentally, I worry that mixing VMs and containers is more likely to end up with the worst of both worlds rather than the best— basically you get the slow bootup of starting the kernel every time, but none of the application-level benefits of sharing base layer storage or mounting the same shared volume to multiple containers at once.
Ah the GUI/container integration is more for homelabs/internal networks type of usage, and I agree that it makes little sense in production. Otherwise you are also right that containers should be managed in a very different way from VMs. Especially when the page you linked boasts about offering a similar experience to deploying VMs for sys admins, which might lead to unoptimal usage for both VMs and containers. (But it at least seems to offer docker container support, not the barely used LXCs. So at least it can be useful)
> the page you linked boasts about offering a similar experience to deploying VMs for sys admins, which might lead to unoptimal usage for both VMs and containers. (But it at least seems to offer docker container support, not the barely used LXCs. So at least it can be useful)
Relatively long-lived, potentially multi-process server things is what LXC is for. It makes more sense to run LXC than Docker in that situation anyway. -_-
With Proxmox since it allows you to run a VM you can run any OS with say a recent Docker version. On that OS, you can run a web GUI for Docker, using Docker. For example, Portainer. Nginx reverse proxy and done.
Although personally, I prefer Podman over Docker.
You can run a docker container inside an lxc container. Which would give you the GUI controls over the near docker equivalent.
HypriotOS (for ARM), but it has not been in development since 2019 or 2020.
Proxmox is neat and you can run any OS under the hood including the suggestions mentioned.
You could also go for NixOS and declare you need OCI (e.g. Docker or Podman) in your Nix config.
VMware's Photon OS is largely designed as a container host - I've been using it for a few years now, and it's excellent. The team are really receptive to external contributors too (it's hosted on GitHub)!
Kind of a left-field pic, and def not exclusively for running docker, but TrueNAS Scale offers a nice abstraction for running docker containers, with the simple webui interface you're asking for. I believe it uses K8s under the hood, and it's coupled with NAS software, but this seems maybe the closest to what you're asking for that I've seen.
https://www.truenas.com/docs/scale/scaletutorials/apps/docke...
I was going to suggest this, too. TrueNAS Scale is the quickest and most "it just works" version of bare metal --> docker containers with a web-based UI that I have experienced.
Fedora/RHEL have Cockpit, MicroShift, OKD, OpenShift Local, MiniKube, k3s, MicroK8s, TrueNAS SCALE
I've never used it, but your description made me think of Webmin that I used a long time ago, and apparently the same creators have developed Virtualmin and Cloudmin that give you a web interface for managing Docker images and containers.
https://www.virtualmin.com/documentation/cloudmin/virtualiza...
Closest thing is probably Synology... but it's pretty basic and you need to use the terminal for some advanced things. I don't know how much a GUI helps because there's still a lot of terminology that needs to be understood.
Is this a desktop? Fedora Silverblue
Is this a server? CoreOS
Portainer or Cockpit for web UI
There is also Fedora IoT which contrary to the name is kinda like Silverblue server or really an easy CoreOS. Works very well for containers.
>Fedora Silverblue
Or Fedora Kinoite! IMO KDE is probably a better fit for the root commenter's "I just want a UI" position.
For the UI part cockpit [1] lets you manage containers (amongst many other things). I use it with fedora for my home server and rarely feel the need to drop into the command line in my day to day.
Its paid SW, but I like Unraid OS for this. It supports Dockers, VMS, and of course an easy to manage hard drive array with parity and ssd caching support. Just being able to chuck all your old drives that are laying around, add them to the pool and bring new life to old HW was worth it for me. The docker and VM support are nice extras.
I’m getting a lot of mileage out of Unraid, but am frustrated by their documentation and Docker implementation. While the system is slick for loading community packaged apps, it’s non trivial to load your own images. their docs are mostly just forum threads.
I’m sure it’s actually very straightforward and I’m just an idiot, but I haven’t had much luck.
Not sure if that's what you're looking for but there are Kubernetes distros. And yes, this also includes a relatively nice Web UI. But it's probably not easy to setup.
lol given the plethora of diverse responses you got.. your fear was well founded.
The quick answer is no. But what is a friendly web UI other than a few 10s of hours work on top of the distros mentioned here? There are a few distros that are very close; they just substitute the web ui for the docker cli. I’ve enjoyed RancherOS, and I want to setup Alpine to run in RAM (it can do that) for some super-fast rPi nonsense.
You might look into Umbrel - https://umbrel.com/
I am working on something like it. It's a specialized, immutable Linux os that blends networking, nas and containers.
We found that even with a web GUI, containers are just too complicated for the typical user "that knows nothing about containers".
Even with a GUI, no matter how nice it is, you need to learn about env vars, port mappings, cni networks, bridging, volume mounts, images, tags, host isolation, etc etc..
Our solution is to wrap apps into pre-packaged recipes. Pretty big trade-off of course, but it makes the installation and management completely fool-proof afterwards.
You can see some screen shots in the documentation here:
https://sentinelc.com/docs/user-guides/administration/manage...
Depending on why you are asking, Qubes OS might be relevant for you.
You could argue that Docker Desktop is basically this.
Docker Desktop is essentially an application, doesn't come close to being a OS or distribution.
A VM to run containers is a fairly large part of Docker Desktop...? https://www.docker.com/blog/the-magic-behind-the-scenes-of-d...
It still requires a full underlying Windows or Mac OS, so it's irrelevant to the topic at hand.
They're asking for an OS their computer can boot into natively.
Not a distro, and don’t know how far you can get without knowing much about docker, but you could deploy something like Portainer.
This title feels pretty inaccurate. It's not an overview of single-purpose Linux distributions, it's an overview of a few Linux distributions whose single purpose is to host containers. I got excited to read about weird Linux variants for obscure use cases but this was very vanilla and disappointing.
This isn't container-related like the article, but I recently came upon a specialized Linux in the wild. I bought a compact flash card off Amazon for to use as a drive in a Tandy 1000. I went to partition it and to my surprise it had a few partitions. One was an ext2 one that resembled some sort of root directory. Looking through the files, it appeared it was for a distro called AST Linux that was originally designed to run off compact flash and aimed at managing networked telephones. It also had firmware images for a Cisco SPA232D VOIP Adapter.
I'd love to learn more about how you're using that Tandy 1000!
I'm honestly still trying to figure out what I want to do with it. I got the compact flash to use with a XT-CF-Lite v4. I'm still trying to figure out what DOS I'd like to use. I can get the OEM MSDOS 3.22 installed onto the drive, but that version's max partition size is 32MB, which isn't ideal when the compact flash is 4GB. FreeDOS supports that size and pre-386, but it was a pain to get it on there and is a bit overkill for a computer this old. Right now I'm considering a later MSDOS, but haven't decided on which one.
As far as software goes I'm waiting on finalizing the DOS before exploring games and development, but it was fun was to be able to run this port of Wolfenstein 3D:
https://github.com/jhhoward/WolfensteinCGA
Besides all that I'm thinking of maxing out the RAM (it's 640k now, but can take an additional 128k for video), and maybe adding a real time clock and network card. I do have another Tandy 1000 TX, so I could see how 80's networking worked. That is probably another can of worms though.
if you have a working Windows 95 or 98 you can format /s a disk and copy the same DOS utilities over to it, and boot it just like a newer version of DOS. W95 is easy, W98 was a little trickier, or maybe I'm thinking of Me, I can't remember any more.
Yeah, I used format /s and copying the other files with the DOS 3.20 that came with the computer to install to that version the compact flash. So that would be an easy way to get a newer DOS installed as well, but I don't have a newer DOS or Windows 9x computer. I ended up installing standalone MS-DOS 6.22 on a VM image and writing that to the compact flash.
Interesting article. For folks who need to put together their own distro, especially for embedded applications, Yocto and Buildroot both lower the barrier to rolling your own and getting exactly what you need to something quite reasonable.
Agree, I'm using Yocto to roll an embedded distribution (PrintNanny OS). Combined with swupdate, I now have extraordinarily reliable upgrades using an A/B partition scheme.
The result is way more maintainable than previous iterations of PrintNanny OS images, which used a combination of Ansible and Packer to bake a "golden" image based on Raspberry Pi OS.
+1 for Buildroot!
I haven't done much with Yocto, but I had very good experiences with Buildroot, particularly with getting helpful answers to noob questions I posted on stack overflow. One was answered by Thomas Petazzoni who, I think, is one of the main people behind Buildroot.
I've used both in commercial products and I find Yocto to be more flexible than Buildroot, but the learning curve is less with Buildroot. Still, both get the job done and are reasonably documented and supported, so pick your poison. :>
Yocto does not have a low barrier to entry, at least when it comes to making lots of customizations and then supporting them over time (e.g. upgrades). If you are willing to climb its learning curve, it definitely would be my recommendation for rolling a custom system.
Yeah, it's a bit inscrutable when you're starting out, but once you finally 'get it', it all makes sense and stuff is easy to find in the docs. Buildroot seems easier to start out with, but I like the Yocto features more myself.
Back in the very early aughts I used to carry around to friends houses a binder full of movies also containing a bootable CD with some linux distro that existed explicitly for playing media. I don't recall the name, it's likely long dead.
When whatever movie we wanted to watch failed to play on their computer, likely due to codec problems (it used to be a hassle before VLC) I'd pop the bootable Linux CD in, reboot and bam we were watching the movie. It was great.
Knoppix was great for that. It wasn’t the lack of VLC necessarily that was the problem it was all those proprietary codecs that essentially install anti-cheat rootware that would also DMCA anyone who made open source codecs that could read the media.
Interesting that alpine didn't get mentioned, i thought that was the most common option for a slim Linux running inside containers.
Alpine is a general purpose OS; You can run it as a desktop or server OS on real hardware.
> You can run it as a desktop or server OS on real hardware.
And it literally rocks at that. I would strongly encourage everyone with an old or small pc/laptop/sbc/whatever that is too resource limited to run a "regular" distro, to try Alpine on it. The amount of resources saved thanks to using musl instead of glibc is astounding.
still they do have a strong focus on size reduction, like using musl instead of glibc.
As pmOS folks (and anyone running alpine on their desktop or server) will happily tell you, size reduction is not a goal only relevant to container runtimes.
today i learned about https://en.wikipedia.org/wiki/PostmarketOS - "an operating system primarily for smartphones, based on the Alpine Linux distribution" https://en.wikipedia.org/wiki/PostmarketOS
"Alpine Linux was chosen as the base distribution due to its low storage requirements, making it more suitable for older devices. Excluding the kernel, a base installation takes up approximately 6 MB"
i guess that would also make a more secure phone, one that is less likely to call it's mother ship.
thanks for the tip!
too bad that device support isn't stellar :-( https://wiki.postmarketos.org/wiki/Devices
I ran it on my PinePhone for awhile, and it was really nice interacting with the base system, though I eventually moved to Arch.
FOSDEM talk about Fedora CoreOS, Ubuntu Core, openSUSE MicroOS, and Bottlerocket OS and how they all tackle the single purpose problem in their own way.
There's also FlatcarOS if you want something more like the original CoreOS without the Fedora influences.
Came looking for info on distros like Kali and other assemblages of tools for a particular purpose. Found this.
As a person who only occasionally needs Linux for specific purposes, something I‘d like is a well-supported mainstream distro for lightweight, high performance servers. Think NGINX, routers, local web proxies, that kind of thing.
Something akin to BSD but Linux. Ideally something that supports a two-stage deployment where you compile for the exact target CPU and then the final thing has no extraneous components at all.
Maybe Nix?
> I‘d like a well-supported mainstream distro for lightweight, high performance servers. Think NGINX, routers, local web proxies, that kind of thing.
This might be a shot in the dark, but wouldn't Alpine Linux be a good general purpose candidate for this: https://www.alpinelinux.org/about/
Many use it as a basis for container images, but it also runs pretty well as a regular Linux distro, albeit musl and busybox might present some compatibility challenges in some cases. Regardless, it seems to be pretty lightweight and widely supported, most software that you'd expect is also available and generally there are few surprises.
It does have a somewhat short release lifecycle, though: https://endoflife.date/alpine
You say you need a distro which to me implies you want packages and a repository and updates, installation of packages on the fly, etc. But you also say you want to make a final image with nothing extra except your main apps, which makes me think you don't want a distro.
I'd think about what your goals are and optimize for that use, it's going to be hard to do both the things you mention at once since they are somewhat at odds with each other. IMHO start with Debian, with minimal packages it's very slim yet you have the full power of their packages when necessary.
> You say you need a distro which to me implies you want packages and a repository and updates, installation of packages on the fly, etc. But you also say you want to make a final image with nothing extra except your main apps, which makes me think you don't want a distro.
Isn't this basically what you get when using any minimal install type distro as a base, and also when building Docker images via Nix or similar?
I'm sure nix could do what you're describing (if I read it correctly), although you'd lose the usual benefit of public binary caches, and might need to maintain some patches to cut down features. Gentoo also sounds right; pick the USE flags that describe what you want included, set your CFLAGS to target your CPU, and get a perfectly customized distro.
Why not use BSD though?
Hana Montana Linux is up there with Red Star Linux for my favorite distros
You can always have a vanilla Debian or vanilla Arch install and add things on an as-needed basis and build the OS from scratch, minimizing complexity and have them as single-duty OSes.
Yes but those aren’t single purpose OS’s like the ones described here. These typically come with immutability and a vastly reduced attack surface
It can be if you use the right base OS. NixOS for all its issues checks most of the boxes for building a single purpose OS and the process of actually building one couldn't be easier. The whole process is effectively:
1. Write a config file
2. Run the command that builds the system
3. Test the system
4. (optional) Run the command that bakes the fresh system generated from the config into an image.
5. Deploy using either an image or NixOS's config based deployment tooling.
Shouldn’t nix be able just output an image?
It absolutely can. I made the distinction between generating an image and using the nix specific infra because once you are in the ecosystem, some people prefer to use that tooling. Also there are some fancy things you can do with config based deployment that are generally harder with image based deployments.
The problem with single purpose OSs in my experience is adding stuff to them like kernel modules or drivers is such a pain in the ass that it negates the benefits. I'd rather just configure a general purpose OS to be immutable/have a reduced attack surface.
> since all of the read-only parts of openSUSE MicroOS have now been moved to /usr, the upcoming 4.2.0 release of transactional-update would also be able to apply new snapshots without rebooting
Huge improvement, reboot to activate was a major downside.
But do you update the kernel without rebooting? Previously transactional-update can update the kernel and call dracut to make a new boot image. I suppose this still needs a reboot?
Canonical and Oracle offer updating a running Kernel as a paid service IIRC. One was called Ksplice, i think the one Oracle acquired.
Please be aware that ksplice can only apply small patches to a running kernel. It can't replace the entirety of it with a new version.
No reboots for non-kernel updates would still be a win imho. Because these are rolling releases not point releases, and updates snapshots are pulled daily by default (and therefore daily reboots are/were recommended), so its likely only a small subset of snapshots have a kernel update.
Is there a minimal or custom Linux image suitable for the following scenario? A custom Linux + web app combination:
- a Linux image that can upload to a VPS
- a Linux image including your web app and essential tools (web server, database)
- anything not needed from the Linux image is removed (tools, utilities)
The idea is that a custom Linux image (which includes your pre-installed web app) can be installed to any VPS: pre-configured to be Linux only for your web app. (Note: this a scenario without docker.)
You can create your own.
In the days before Docker what we would use is CentOS with custom scripts using Anaconda[1]. You start with the base system and then add on whatever you need. You can also configure /etc however you need. The output is an ISO of your own custom Linux distribution.
One neat thing about Anaconda is you can add a provision script that runs on initial boot. So if you need to "bake" in your app but leave a certain amount of configuration for install-time, that's the way you do it.
[1] https://access.redhat.com/documentation/en-us/red_hat_enterp...
This article says "subscriber-only content", yet I'm not a subscriber. How am I able to read this article?
At the top of the article it says:
> The following subscription-only content has been made available to you by an LWN subscriber.
Looks like someone with a subscription submitted the link to HN, allowing us to read the article.
Yes, it's always been that way with LWN and the contract is that as a subscriber, you don't take the piss. It seems to work well I think. LWN get's citations - basically internet points for news sites, we all get info/news and crucially LWN gets paid. I think that attitude also gets LWN a lot of kudos because they have somewhat decoupled their subscriber income from their content. Here on HN you are reading LWN subscriber content with their blessing.
I've been a low level subscriber for 20+ years now. I remember when it seemed the financial model came very close to unravelling - 2002ish. Despite that, the apricot coloured site has managed to flourish and continues to flourish.
LWN is quite a phenomenon. Cheers: Jon.
Finnix and other light distros:
I have another type: a my-purposes-only elf/linux distro without all the kludge and bloat of the "other" purposes.
:)
my fave
:)
Weird how they didn't mention openwrt at all