Skip to content

Frequently Asked Questions

Siju Maliakkal edited this page Jun 21, 2021 · 38 revisions

Photon OS Frequently Asked Questions


Q. What is Photon OS?

A. Photon OS™ is an extensible and lightweight open source Linux container host optimized for cloud-native applications, cloud platforms, and VMware infrastructure. Photon OS provides a secure run-time environment for efficiently running containers. Photon OS supports the most common container formats including Docker, Rocket, and Garden. Photon OS includes a small footprint, yum-compatible, package-based lifecycle management system, and can support an rpm-ostree image-based system versioning.

For an overview, see Introduction to Photon OS.

Q. How do I get started with Photon OS?

A. Start by deciding your target platform. Photon OS 3.0 has been certified in public cloud environments - Microsoft Azure (new), Google Compute Engine (GCE), Amazon Elastic Compute Cloud (EC2) - as well as on VMware vSphere, VMware Fusion, VMware Workstation, Raspberry Pi 3. Next, download the latest binary distributions for your target platform. The binaries are hosted on https://bintray.com/vmware/photon/. For download instructions, see Downloading Photon OS. Finally, go to the installation instructions for your target platform, which are listed in the Photon OS Installation Guide.

Q. Can I upgrade my existing Photon OS 2.0 VMs?

A. Yes, there is an in-place upgrade path for Photon OS 2.0 implementations. You simply download an upgrade package, run a script, and reboot the VM. See the instructions in Upgrading to Photon OS 3.0.

Q. What kind of support comes with Photon OS?

A. Photon OS is supported through community efforts and direct developer engagement in the communities. Potential users of Photon OS should start with the Photon microsite.

Developers who might want the source code, including those interested in making contributions, should visit the Photon OS Github repository.

Q. How can I contribute to Photon OS?

A. We welcome community participation in the development of Photon OS and look forward to broad ecosystem engagement around the project. Getting your idea into Photon OS is just a GitHub pull request away. When you submit a pull request, you'll be asked to accept the Contributor License Agreement (CLA).

Q. How is Photon OS patched?

A. Within a major release, updates will be delivered as package updates. Security updates will be delivered on an as-needed basis. Non-security related updates will happen quarterly, but may not include every, single package update. The focus is on delivering a valid, functional updated stack every quarter.

Photon OS isn't "patched," as a whole - instead, individual packages are updated (potentially, with patches applied to that individual package). For instance, if a package releases a fix for a critical vulnerability, we'll update the package in the Photon OS repository, for critical issues probably within a day or two. At that point, customers get that updated package by running, "tdnf update "

Q. How does Photon OS relate to Project Lightwave?

A. Project Lightwave is an open-sourced project that provides enterprise-grade identity and access management services, and can be used to solve key security, governance, and compliance challenges for a variety of use cases within the enterprise. Through integration between Photon OS and Project Lightwave, organizations can enforce security and governance on container workloads, for example, by ensuring only authorized containers are run on authorized hosts, by authorized users. For more information see, Installing and Using Lightwave on Photon OS

For details about Lightwave, see https://github.com/vmware/lightwave.

Q. Will VMware continue to support other container host runtime offerings on vSphere?

A. Yes, VMware is committed to delivering an infrastructure for all workloads, and for vSphere to have the largest guest OS support in the industry and support customer choice. Toward those goals, VMware will continue to work with our technology partners to support new Guest Operating Systems and container host runtimes as they come to the market. Open-sourcing Photon OS will enable optimizations and enhancements for container host runtimes on VMware Platform are available as reference implementation for other container host runtimes as well.

Q. How to report a security vulnerability in Photon OS?

A. VMware encourages users who become aware of a security vulnerability in VMware products to contact VMware with details of the vulnerability. VMware has established an email address that should be used for reporting a vulnerability. Please send descriptions of any vulnerabilities found to security@vmware.com. Please include details on the software and hardware configuration of your system so that we can duplicate the issue being reported.

Note: We encourage use of encrypted email. Our public PGP key is found at kb.vmware.com/kb/1055.

VMware hopes that users encountering a new vulnerability will contact us privately as it is in the best interests of our customers that VMware has an opportunity to investigate and confirm a suspected vulnerability before it becomes public knowledge.

In the case of vulnerabilities found in third-party software components used in VMware products, please also notify VMware as described above.

Q. Why is VMware creating Photon OS?

A. It's about workloads - VMware has always positioned our vSphere platform as a secure, highly-performant platform for enterprise applications. With containers, providing an optimized runtime ensures that customers can embrace these new workload technologies without disrupting existing operations. Over time, Photon OS will extend the capabilities of the software-defined data center such as security, identity and resource management to containerized workloads. Organizations can then leverage a single infrastructure architecture for both traditional and cloud-native Apps, and leverage existing investments in tools, skills and technologies. This converged environment will simplify operation and troubleshooting, and ease the adoption of Cloud-Native Apps.

Photon OS can provide a reference implementation for optimizing containers on VMware platforms across compute, network, storage and management. For example, Photon OS can deliver performance through kernel tuning to remove redundant caching between the Linux kernel and the vSphere hypervisor, and advanced security services through network micro-segmentation delivered by VMware NSX™, and more.

Does Photon OS support ARM platform?

From 3.0, Photon OS supports ARM platform in addition to the x86_64 platform, enabling it to become the preferred choice on ARM based IoT devices.

Q. Why is VMware open-sourcing Photon OS?

A. Open-sourcing Photon OS encourages discussion, innovation, and collaboration with others in the container ecosystem. In particular, we want to make sure the innovations we introduce to Photon to run containers effectively on VMware are also available to any other container runtime OS. Additionally, VMware is committed to supporting industry and de facto standards, as doing so also supports stronger security, interoperability, and choice for our customers.

Q. Why can't I SSH in as root?

A. By default Photon does not permit root login to ssh. To make yourself login as root using SSH set PermitRootLogin yes in /etc/ssh/sshd_config, and restart the sshd deamon.

For more infotmation, see Permitting Root Login with SSH

Q. Why is netstat not working?

A. netstat is deprecated, ss or ip (part of iproute2) should be used instead.

For more information, see Use ip and ss Commands

Q. Why do all of my cloned Photon OS instances have the same IP address when using DHCP?

A. Photon OS uses the contents of /etc/machine-id to determine the duid that is used for DHCP requests. If you're going to use a Photon OS instance as the base system for cloning to create additional Photon OS instances, you should clear the machine-id with:

    echo -n > /etc/machine-id

With this value cleared, systemd will regenerate the machine-id and, as a result, all DHCP requests will contain a unique duid.

Q. Why is the yum command not working in a minimal installation?

A. yum has package dependencies that make the system larger than it needs to be. Photon OS includes tdnf - 'tiny' dandified yum - to provide package management and yum-functionality in a much, much smaller footprint. To install packages from cdrom, mount cdrom using following command:

     mount /dev/cdrom /media/cdrom

Then, you can use tdnf to install new packages. For example, to install the vim editor:

     tdnf install vim

Q. How to install all build essentials?

A. Use the following command to install all build essentials:

curl -L https://git.io/v1boE | xargs -I {} tdnf install -y {}
tdnf -y install createrepo
wget -qO- https://get.docker.com/ | sh
pip3 install docker==2.3.0

Q. How to build new package for Photon OS??

A. Assuming you have an Ubuntu development environment, setup and get the latest code pull into /workspace. Let us assume your package name is foo with version 1.0.

    cp foo-1.0.tar.gz /workspace/photon/SOURCES
    cp foo.spec /workspace/photon/SPECS/foo/
    cd /workspace/photon/
    sudo make foo

Q. I just booted into freshly installed Photon OS instance, why isn't "docker ps" working?

A. Make sure docker daemon is running. By design and default in Photon OS, the docker daemon/engine is not started at boot time. To start the docker daemon for the current session, use the command:

    systemctl start docker

To start the docker daemon, on boot, use the command:

    systemctl enable docker

Q. What is the difference between Minimal and Full installation?

A. Minimal is the minimal set of packages for a container runtime, plus cloud-init. Full contains all the packages shipped with ISO.

Q. What packages are included in Minimal and Full?

A. See [Versions] (https://vmware.github.io/photon/assets/files/html/3.0/PhotonOS-versions.html).

See packages_minimal.json as an example

Q. Why is the ISO over 2GB, when I hear that Photon OS is a minimal container runtime?

A. ISO includes a repository with all Photon OS packages. When you mount the ISO to a machine and boot to the Photon installer, you'll be able to choose the Photon Minimal installation option and the hypervisor-optimized Linux kernel, which will reduce the storage size.

Q. After updating Kernel rpm, VM fails to boot with Secure Boot?

A. Update bootloader binaries (shim and grub2)
Steps.

  1. Download bootloader binaries.
> $ wget https://github.com/vmware/photon/raw/3.0/installer/EFI_x86_64/BOOT/bootx64.efi
> $ wget https://github.com/vmware/photon/raw/3.0/installer/EFI_x86_64/BOOT/grubx64.efi
  1. Mount EFI Special partition (ESP)
    If Photon OS 3.0 rev2 release is mounted to /boot/efi, skip this step and go to step (3).
    ESP on previous releases can be found by running fdisk;
> $ fdisk -l | grep "grubx64.efi____2. Mount EFI Special partition (ESP)If ESP onEFI System"
> /dev/sda2 10240 26623 16384 8M EFI System
> $ mkdir -p /boot/efi
> $ mount /dev/sda2 /boot/efi
  1. Copy downloaded binaries to /EFI/Boot folder of ESP, replacing existing ones.
> $ cp bootx64.efi /boot/efi/EFI/Boot
> $ cp grubx64.efi /boot/efi/EFI/Boot
  1. Check shasum
> $ sha256sum /boot/efi/EFI/Boot/*.efi
> 7f9d7f11e2be2e4b6f9167d0b308865bbecf67ae9d27c7ee8cfb968ba138a4e8 /boot/efi/EFI/Boot/bootx64.efi
> d99da5f2d8c4dfaf93c51e7e3ceccff2e4ba5c95fb7888b5a41450057ec723d9 /boot/efi/EFI/Boot/grubx64.efi

Q. How to mitigate BootHole issue in Photon OS?

A. Update bootloader binaries and dbx.
Steps:

  1. Update bootloader binaries, see instructions
  2. Apply DBX update
    $ tdnf install -y dbxtool
    $ wget http://uefi.org/sites/default/files/resources/dbxupdate_x64.bin
    $ dbxtool -a -f dbxupdate_x64.bin

Q. Migrate existing rpm repository to packages.vmware.com

A. Perform either of the following methods

  1. Update photon-repos rpm to latest
    $ tdnf update photon-repos
  2. Edit the .repo files under /etc/yum.repos.d to point to packages.vmware.com
    $ cd /etc/yum.repos.d
    $ sed -i 's/dl.bintray.com\/vmware/packages.vmware.com\/photon\/$releasever/g' photon.repo photon-updates.repo photon-extras.repo photon-debuginfo.repo

The artifacts published as part of Photon have been refreshed to point to the new repository location for 3.0 release. The latest ISO and ova can be downloaded from this location.

Q. Kernel panic at boot with Kernel panic - not syncing initramfs file already exists ..."?

A. This is a known regression linux-esx of Photon OS 3.0 of the following published versions;
linux-esx-4.19.150-3.ph3
linux-esx-4.19.154-1.ph3
linux-esx-4.19.154-3.ph3

Solution to boot the system from the current state – boot without initrd:

  1. Reboot
  2. Go to grub menu
  3. Press ‘e’
  4. Remove last 3 lines (if statement with initrd command inside)
  5. Ctrl+x

System should be successfully booted.

Once booted, there are several ways to fix it. Choose one among below

  1. Upgrade linux-esx to higher than 4.19.154-3 (if available)
  2. Downgrade linux-esx to version below 4.19.150-3
  3. Stay on current kernel, but disable initrd in /boot/grub/grub.cfg
Clone this wiki locally