Tiny Docker Operating Systems

Mar 11 2015

In a recent post, The New Minimalist Operating Systems, I briefly described three new OSs designed with Docker in mind.  I also mentioned Boot2Docker, which I considered to be the smallest (23MB) Docker-focused OS at the time.  Less than two weeks later, a new tiny Docker OS has arrived: RancherOS.  If you are interested in what makes these two very minimal OSs tick, read on.

What do we get in the tiny ISO images released by these two projects?

$ tree
├── boot2docker
│   ├── boot
│   │   ├── initrd.img
│   │   ├── isolinux
│   │   │   ├── boot.cat
│   │   │   ├── boot.msg
│   │   │   ├── f2
│   │   │   ├── f3
│   │   │   ├── f4
│   │   │   ├── isolinux.bin
│   │   │   └── isolinux.cfg
│   │   └── vmlinuz64
│   └── version
└── rancheros
    └── boot
        ├── initrd
        ├── isolinux
        │   ├── boot.cat
        │   ├── isolinux.bin
        │   ├── isolinux.cfg
        │   └── ldlinux.c32
        └── vmlinuz

They are both utilizing an ISOLINUX bootloader which loads a Linux kernel (~3MB) and an initial ramdisk (~20MB) into memory and then hands over control to the kernel.  In a typical initrd scenario, the kernel executes /linuxrc from the ramdisk before /sbin/init from the main root filesystem on disk.  Since we don’t have a separate root filesystem, everything (including Docker itself at ~15MB!) needs to fit within the ramdisk.  If we look into the initrd images, we find that they are both based on Busybox, though this is where the similarities end.


In their own words,

“Boot2Docker is a lightweight Linux distribution made specifically to run Docker containers. It runs completely from RAM, is a small ~24MB download and boots in ~5s (YMMV). [ … ] Boot2Docker is currently designed and tuned for development. Using it for any kind of production workloads at this time is highly discouraged.” –https://github.com/boot2docker/boot2docker


Boot2Docker relies on Busybox to provide implementations of both a sysvinit-like init process and essential services such as ntpd.  This is what you would expect to see from a tiny Busybox-based OS.

[email protected]:~$ ps
1 root     init
--- snip ---
103 root     /sbin/udevd --daemon
419 root     /sbin/udevd --daemon
604 root     crond -f -d 8
628 root     /usr/local/sbin/sshd
632 root     /usr/local/sbin/acpid
649 root     /sbin/udhcpc -b -i eth0 -x hostname box -p /var/run/udhcpc.eth0.pid
683 docker   sshd: [email protected]/0
684 docker   -sh
738 root     /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// -H tcp:// --tlsverify --tlscacert=/var/lib/boot2docker/tls/ca.pem --tlscert=/var/lib/boot2docker/tls/server.pem --tlskey=/var/lib/boot2docker/tls/serverkey.pem
744 root     -sh
751 root     /sbin/udevd --daemon
904 root     ntpd -d -n -p pool.ntp.org
933 root     /sbin/getty -l /usr/local/bin/autologin 9600 ttyS0 vt100
934 root     /sbin/getty -l /usr/local/bin/autologin 9600 ttyS1 vt100
935 docker   ps
936 docker   -sh


In their own words,

“When we started the RancherOS project, we set out to build a minimalist Linux distribution that was perfect for running Docker containers. We wanted to run Docker directly on top of the Linux Kernel, and have all user-space Linux services be distributed as Docker containers. By doing this, there would be no need to use a separate software package distribution mechanism for RancherOS itself.” –http://rancher.com/rancher-os/

Rancher-logo-final (1)

RancherOS replaces the Busybox init process with their own written in Go.  This prepares some system mounts and then starts two Docker engines — one for critical services and another for user applications.  The system-docker instance runs containerized versions of services instead of Busybox implementations, and the user interacts with the other docker instance.  The end goal is to have a production-ready system that is composed of Docker containers for all components, whether critical system services or user applications.

[[email protected] ~]$ ps
1 root     docker -d -s overlay -b none --restart=false -H unix:///var/run/system-docker.sock
--- snip ---
98 root     [rancher-sysinit]
204 root     ntpd -d
209 root     rsyslogd -n
220 root     docker -d -s overlay --tlsverify --tlscacert=/etc/docker/tls/ca.pem --tlscert=/etc/docker/tls/server-cert.pem --tlskey=/etc/docker/tls/server-key.pem -H= -H=unix:///var/run/docker.sock -G docker
278 root     respawn -f /etc/respawn.conf
372 rancher  -bash
374 root     /sbin/getty 115200 tty2
376 root     /sbin/getty 115200 tty3
378 root     /sbin/getty 115200 tty4
380 root     /sbin/getty 115200 tty5
382 root     /sbin/getty 115200 tty6
384 root     /usr/sbin/sshd -D
395 rancher  sshd: [email protected]/0
396 rancher  -bash
404 rancher  ps
[[email protected] ~]$ sudo system-docker ps
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS              PORTS               NAMES
dc7cbcf1d4a9        console:latest      "/usr/sbin/console.s   13 hours ago        Up 13 hours                             console
b181a7c1db12        userdocker:latest   "/docker.sh"           13 hours ago        Up 13 hours                             userdocker
24279ffd2a88        syslog:latest       "/syslog.sh"           13 hours ago        Up 13 hours                             syslog
de9645a1b760        ntp:latest          "/ntp.sh"              13 hours ago        Up 13 hours                             ntp

RancherOS is still very much in an alpha state.  The README is transparent about the current limitations and there are dozens of feature improvement issues to peruse.  In other words, now is a great time to get involved in this unique project at an early stage and provide feedback, testing, and patches to help shape it.

Learn More about Docker


4 thoughts on "Tiny Docker Operating Systems"

DockerCon 2022

With over 50 sessions for developers by developers, watch the latest developer news, trends, and announcements from DockerCon 2022. From the keynote to product demos to technical breakout sessions, hacks, and tips & tricks, there’s something for everyone.

Watch Now