-
Notifications
You must be signed in to change notification settings - Fork 694
Frequently Asked Questions
- What is Photon OS?
- How do I get started with Photon OS?
- Can I upgrade my existing Photon OS 1.0 VMs?
- What kind of support comes with Photon OS?
- How can I contribute to Photon OS?
- How is Photon OS patched?
- How does Photon OS relate to Project Lightwave?
- Will VMware continue to support other container host runtime offerings on vSphere?
- How to report a security vulnerability in Photon OS?
- What are the Docker improvements in Photon OS 2.0?
- Why is VMware creating Photon OS?
- Why is VMware open-sourcing Photon OS?
- In what way is Photon OS "optimized for VMware?"
- Why can't I SSH in as root?
- Why isn't netstat working?
- Why do all of my cloned Photon OS instances have the same IP address when using DHCP?
- Why is the yum command not working in a minimal installation?
- How to install all build essentials?
- How to build new package for Photon OS?
- I just booted into freshly installed Photon OS instance, why isn't "docker ps" working?
- What is the difference between Minimal and Full installation?
- What packages are included in Minimal and Full?
- How do I transfer or share files between Photon OS and my host machine?
- Why is the ISO over 2GB, when I hear that Photon OS is a minimal container runtime?
- After updating Kernel rpm, VM fails to boot with Secure Boot?
- How to mitigate BootHole issue in Photon OS?
- Migrate existing rpm repository to packages.vmware.com
- Kernel panic at boot with "Kernel panic - not syncing initramfs file already exists ..."?
A. Photon OS™ is an extensible and lightweight open source Linux container host optimized for cloud-native applications, cloud platforms, and VMware infrastructure. Photon OS provides a secure run-time environment for efficiently running containers. Photon OS supports the most common container formats including Docker, Rocket, and Garden. Photon OS includes a small footprint, yum-compatible, package-based lifecycle management system, and can support an rpm-ostree image-based system versioning.
For an overview, see Introduction to Photon OS.
A. Start by deciding your target platform. Photon OS 3.0 has been certified in public cloud environments - Microsoft Azure (new), Google Compute Engine (GCE), Amazon Elastic Compute Cloud (EC2) - as well as on VMware vSphere, VMware Fusion, VMware Workstation, Raspberry Pi 3. Next, download the latest binary distributions for your target platform. The binaries are hosted on https://bintray.com/vmware/photon/. For download instructions, see Downloading Photon OS. Finally, go to the installation instructions for your target platform, which are listed in the Photon OS Installation Guide.
A. Yes, there is an in-place upgrade path for Photon OS 2.0 implementations. You simply download an upgrade package, run a script, and reboot the VM. See the instructions in Upgrading to Photon OS 3.0.
A. Photon OS is supported through community efforts and direct developer engagement in the communities. Potential users of Photon OS should start with the Photon microsite.
Developers who might want the source code, including those interested in making contributions, should visit the Photon OS Github repository.
A. We welcome community participation in the development of Photon OS and look forward to broad ecosystem engagement around the project. Getting your idea into Photon OS is just a GitHub pull request away. When you submit a pull request, you'll be asked to accept the Contributor License Agreement (CLA).
A. Within a major release, updates will be delivered as package updates. Security updates will be delivered on an as-needed basis. Non-security related updates will happen quarterly, but may not include every, single package update. The focus is on delivering a valid, functional updated stack every quarter.
Photon OS isn't "patched," as a whole - instead, individual packages are updated (potentially, with patches applied to that individual package). For instance, if a package releases a fix for a critical vulnerability, we'll update the package in the Photon OS repository, for critical issues probably within a day or two. At that point, customers get that updated package by running, "tdnf update "
A. Project Lightwave is an open-sourced project that provides enterprise-grade identity and access management services, and can be used to solve key security, governance, and compliance challenges for a variety of use cases within the enterprise. Through integration between Photon OS and Project Lightwave, organizations can enforce security and governance on container workloads, for example, by ensuring only authorized containers are run on authorized hosts, by authorized users. For more information see, Installing and Using Lightwave on Photon OS
For details about Lightwave, see https://github.com/vmware/lightwave.
A. Yes, VMware is committed to delivering an infrastructure for all workloads, and for vSphere to have the largest guest OS support in the industry and support customer choice. Toward those goals, VMware will continue to work with our technology partners to support new Guest Operating Systems and container host runtimes as they come to the market. Open-sourcing Photon OS will enable optimizations and enhancements for container host runtimes on VMware Platform are available as reference implementation for other container host runtimes as well.
A. VMware encourages users who become aware of a security vulnerability in VMware products to contact VMware with details of the vulnerability. VMware has established an email address that should be used for reporting a vulnerability. Please send descriptions of any vulnerabilities found to security@vmware.com. Please include details on the software and hardware configuration of your system so that we can duplicate the issue being reported.
Note: We encourage use of encrypted email. Our public PGP key is found at kb.vmware.com/kb/1055.
VMware hopes that users encountering a new vulnerability will contact us privately as it is in the best interests of our customers that VMware has an opportunity to investigate and confirm a suspected vulnerability before it becomes public knowledge.
In the case of vulnerabilities found in third-party software components used in VMware products, please also notify VMware as described above.
A. It's about workloads - VMware has always positioned our vSphere platform as a secure, highly-performant platform for enterprise applications. With containers, providing an optimized runtime ensures that customers can embrace these new workload technologies without disrupting existing operations. Over time, Photon OS will extend the capabilities of the software-defined data center such as security, identity and resource management to containerized workloads. Organizations can then leverage a single infrastructure architecture for both traditional and cloud-native Apps, and leverage existing investments in tools, skills and technologies. This converged environment will simplify operation and troubleshooting, and ease the adoption of Cloud-Native Apps.
Photon OS can provide a reference implementation for optimizing containers on VMware platforms across compute, network, storage and management. For example, Photon OS can deliver performance through kernel tuning to remove redundant caching between the Linux kernel and the vSphere hypervisor, and advanced security services through network micro-segmentation delivered by VMware NSX™, and more.
From 3.0, Photon OS supports ARM platform in addition to the x86_64 platform, enabling it to become the preferred choice on ARM based IoT devices.
A. Open-sourcing Photon OS encourages discussion, innovation, and collaboration with others in the container ecosystem. In particular, we want to make sure the innovations we introduce to Photon to run containers effectively on VMware are also available to any other container runtime OS. Additionally, VMware is committed to supporting industry and de facto standards, as doing so also supports stronger security, interoperability, and choice for our customers.
A. By default Photon does not permit root login to ssh. To make yourself login as root using SSH set PermitRootLogin yes in /etc/ssh/sshd_config, and restart the sshd deamon.
For more infotmation, see Permitting Root Login with SSH
A. netstat is deprecated, ss or ip (part of iproute2) should be used instead.
For more information, see Use ip
and ss
Commands
A. Photon OS uses the contents of /etc/machine-id to determine the duid that is used for DHCP requests. If you're going to use a Photon OS instance as the base system for cloning to create additional Photon OS instances, you should clear the machine-id with:
echo -n > /etc/machine-id
With this value cleared, systemd will regenerate the machine-id and, as a result, all DHCP requests will contain a unique duid.
A. yum has package dependencies that make the system larger than it needs to be. Photon OS includes tdnf - 'tiny' dandified yum - to provide package management and yum-functionality in a much, much smaller footprint. To install packages from cdrom, mount cdrom using following command:
mount /dev/cdrom /media/cdrom
Then, you can use tdnf to install new packages. For example, to install the vim editor:
tdnf install vim
A. Use the following command to install all build essentials:
curl -L https://git.io/v1boE | xargs -I {} tdnf install -y {}
tdnf -y install createrepo
wget -qO- https://get.docker.com/ | sh
pip3 install docker==2.3.0
A. Assuming you have an Ubuntu development environment, setup and get the latest code pull into /workspace. Let us assume your package name is foo with version 1.0.
cp foo-1.0.tar.gz /workspace/photon/SOURCES
cp foo.spec /workspace/photon/SPECS/foo/
cd /workspace/photon/
sudo make foo
A. Make sure docker daemon is running. By design and default in Photon OS, the docker daemon/engine is not started at boot time. To start the docker daemon for the current session, use the command:
systemctl start docker
To start the docker daemon, on boot, use the command:
systemctl enable docker
A. Minimal is the minimal set of packages for a container runtime, plus cloud-init. Full contains all the packages shipped with ISO.
A. See [Versions] (https://vmware.github.io/photon/assets/files/html/3.0/PhotonOS-versions.html).
See packages_minimal.json as an example
A. ISO includes a repository with all Photon OS packages. When you mount the ISO to a machine and boot to the Photon installer, you'll be able to choose the Photon Minimal installation option and the hypervisor-optimized Linux kernel, which will reduce the storage size.
A. Update bootloader binaries (shim and grub2)
Steps.
- Download bootloader binaries.
> $ wget https://github.com/vmware/photon/raw/3.0/installer/EFI_x86_64/BOOT/bootx64.efi
> $ wget https://github.com/vmware/photon/raw/3.0/installer/EFI_x86_64/BOOT/grubx64.efi
- Mount EFI Special partition (ESP)
If Photon OS 3.0 rev2 release is mounted to /boot/efi, skip this step and go to step (3).
ESP on previous releases can be found by running fdisk;
> $ fdisk -l | grep "grubx64.efi____2. Mount EFI Special partition (ESP)If ESP onEFI System"
> /dev/sda2 10240 26623 16384 8M EFI System
> $ mkdir -p /boot/efi
> $ mount /dev/sda2 /boot/efi
- Copy downloaded binaries to /EFI/Boot folder of ESP, replacing existing ones.
> $ cp bootx64.efi /boot/efi/EFI/Boot
> $ cp grubx64.efi /boot/efi/EFI/Boot
- Check shasum
> $ sha256sum /boot/efi/EFI/Boot/*.efi
> 7f9d7f11e2be2e4b6f9167d0b308865bbecf67ae9d27c7ee8cfb968ba138a4e8 /boot/efi/EFI/Boot/bootx64.efi
> d99da5f2d8c4dfaf93c51e7e3ceccff2e4ba5c95fb7888b5a41450057ec723d9 /boot/efi/EFI/Boot/grubx64.efi
A. Update bootloader binaries and dbx.
Steps:
- Update bootloader binaries, see instructions
- Apply DBX update
$ tdnf install -y dbxtool
$ wget http://uefi.org/sites/default/files/resources/dbxupdate_x64.bin
$ dbxtool -a -f dbxupdate_x64.bin
A. Perform either of the following methods
- Update photon-repos rpm to latest
$ tdnf update photon-repos - Edit the .repo files under /etc/yum.repos.d to point to packages.vmware.com
$ cd /etc/yum.repos.d
$ sed -i 's/dl.bintray.com\/vmware/packages.vmware.com\/photon\/$releasever/g' photon.repo photon-updates.repo photon-extras.repo photon-debuginfo.repo
The artifacts published as part of Photon have been refreshed to point to the new repository location for 3.0 release. The latest ISO and ova can be downloaded from this location.
A. This is a known regression linux-esx of Photon OS 3.0 of the following published versions;
linux-esx-4.19.150-3.ph3
linux-esx-4.19.154-1.ph3
linux-esx-4.19.154-3.ph3
Solution to boot the system from the current state – boot without initrd:
- Reboot
- Go to grub menu
- Press ‘e’
- Remove last 3 lines (if statement with initrd command inside)
- Ctrl+x
System should be successfully booted.
Once booted, there are several ways to fix it. Choose one among below
- Upgrade linux-esx to higher than 4.19.154-3 (if available)
- Downgrade linux-esx to version below 4.19.150-3
- Stay on current kernel, but disable initrd in /boot/grub/grub.cfg
- Home
- Download Photon OS
- User Documentation
- FAQ
- Security Advisories
- Related Information