Frequently Asked Questions

How is the new Container-Optimized OS different from the previous container-vm?

Container-Optimized OS serves much the same purpose as container-vm, but is more secure, has better update support, and is based on Chromium OS instead of Debian.

Will container-vm be deprecated?

Yes, we want to retire container-vm and replace it with Container-Optimized Image.

How does Container-Optimized OS compare to other container OSes on the market?

Container-Optimized OS is similar in that it is also lean, stripped down, and designed for running containers, but is intended to be used only on Google Cloud Platform, primarily for supporting various Google services.

Will other container-centric operating systems continue to be available?

Yes, other container-centric operating systems will continue to work as they do currently. No changes or preferences are being made.

How can I view the source code of Container-Optimized OS?

For information on viewing and contributing to the Container-Optimized OS source code, see Accessing and contributing to source.

Can I use Container-Optimized OS outside of GCP?

Container-Optimized OS is designed specifically for the Google Cloud Platform and we do not test or support it outside GCP.

What container runtimes does Container-Optimized OS support?

Currently the only container runtime that has been tested is Docker. systemd-nspawn is also available but has not been thoroughly tested.

What should I do to switch from my current OS to Container-Optimized OS?

If your workload is already containerized, you can start using Container-Optimized OS right away by creating Compute Engine instances and selecting "Container-Optimized OS" as the OS.

What is the software package manager for Container-Optimized OS?

Container-Optimized OS does not support traditional package managers like apt-get or yum in the host environment by design. For example, users cannot run apt-get or yum to install htop, under /usr/bin of the host. This design prevents updating individual software packages in the root filesystem independent of other packages. In order to update a particular package, the entire OS image needs to be updated, either by using the built-in auto-update feature, or by tearing down the instance and recreating it with a newer image.

Note that if a container is built on top of another OS distribution, the corresponding package manager can be used freely inside the container, e.g., apt-get works just fine inside a container built on top of a Debian container image.

How do I run my favorite debugging and development tools?

See the Debugging using toolbox How-to guide for information on how to install debugging and other tools on Container-Optimized OS.

Are there persistent writable directories in Container-Optimized OS?

Yes, home directories are writable. Also, the system-wide /mnt/stateful_partition is writable.

Where are Docker and Kubelet logs?

Container-Optimized OS uses the systemd-journald service to collect system logs, so Docker and Kubelet logs are in /var/log/journal. You can also run journalctl to view the logs.

For instances running as part of a Kubernetes Engine cluster, Docker and Kubelet logs are also automatically exported to Stackdriver logging; logs for Docker, Kubelet, and kube-proxy are available in Stackdriver under GCE VM Instance when using the Google Cloud Platform Console.

Can I run startup scripts?

Yes. A startup script is specified through the metadata server, using the startup-script metadata key. You can use the gcloud command-line tool, the API, or the Cloud Platform Console to provide a startup script. Please refer to Running Startup Scripts for details.

How do I format and mount a local SSD?

You can attach local SSDs only when you create them as part of a new instance. Create a new instance with one or more local SSDs, and then format and mount the local SSD devices. On Container-Optimized OSs, the /mnt directory is read-only, so you must mount the local SSD at the /mnt/disks directory.

How do I enable/disable a systemd service?

To start the service specified in the hello.service file:

$ sudo systemctl start hello.service

To stop the above service:

$ sudo systemctl stop hello.service

How do I configure host firewalls?

See the How-to guide for Configuring the host firewall.

How do I change the time zone?

The default time zone of Container-Optimized OS is UTC0. Create a symbolic link to your desired time zone as in the following example:

$ sudo rm /etc/localtime
$ sudo ln -s /usr/share/zoneinfo/US/Pacific /etc/localtime

Note that /etc is stateless, so the timezone will be reset to the default (UTC0) every reboot.

How do I disable auto updates from the command line?

There are two ways:

  1. Disabling through instance metadata key cos-update-strategy (the preferred way):

    --metadata cos-update-strategy=update_disabled

2 Disabling through systemctl on the instance as shown below:

$ sudo systemctl stop update-engine
$ sudo systemctl mask update-engine

How do I select my release channel and switch it later?

You select your release channel at instance create time.

Switching channels is not supported yet. If you need to use a different channel than the one your instance is currently using, create a new instance on the channel that you want to use.

How do I run tools not built in to Container-Optimized OS

You can run tools like ping, the gcloud command-line tool, pstree, htop, emacs and more using the CoreOS toolbox utility, which is pre-installed in Container-Optimized OS at /usr/bin/toolbox. See Debugging with toolbox for more information.

Was this page helpful? Let us know how we did:

Send feedback about...

Container-Optimized OS