SlideShare a Scribd company logo
1 of 24
Download to read offline
Immutable Image-Based
Operating Systems
Presented by
Drew Moseley
Technical Solutions Architect
Toradex
WHAT WE’LL
COVER TODAY…
• Definitions
• Architecture
• Benefits
• Desktop Distro
• Embedded OS Architecture
• Demo(?)
AGENDA
WHAT WE DO
RELIABLEAND EASY-TO-USE EMBEDDED
SOLUTIONS FOR YOU
Arm® System on Modules
Reliable
Long-Term Maintenance
Scalable
From Stock
Production-Ready Software
Yocto-Based Linux
Windows Embedded Compact
Development Tools
Long-Term Maintenance
Ease-of-Use
Support
Ecosystem
Definitions
• Immutable1: not capable of or susceptibleto change
› Critical portions of the system are "read-only"
› Updates are performed with only well-defined mechanisms
› User data stored separately
› Applications generally use a different mechanism
1
https://www.merriam-webster.com/dictionary/immutable
2
https://www.merriam-webster.com/dictionary/image
• Image2: exact likeness
› Updating the entire "Operating System"
› Updating individual packages or applications "not supported"
3
https://www.merriam-webster.com/dictionary/atomic
• Atomic3: of, relating to, or concerned with atoms
› Incapable of being subdivided
› No chance of partially installed updates
Other names: Layered OS, Reprovisionable, Anti-hysteresis
Sidebar: Pets vs Cattle
• Coined by Randy Bias1
› Originally from Enterprise Computing
Space
• Desktop/Server:
› Pets - Individual laptops
› Cattle - Servers managed as code
• In Embedded:
› Pets - Weekend projects,
home automation
› Cattle - Large fleets of identical devices.
1 http://cloudscaling.com/blog/cloud-computing/the-history-of-pets-vs-cattle/
Conceptual Architecture
System
Operating System
(Image v1)
Bootloader
Kernel/DTB/Initramfs
"OS" Packages
User Data
User Applications
Conceptual Architecture
System
Operating System
(Image v2)
Bootloader
Kernel/DTB/Initramfs
"OS" Packages
User Data
User Applications
Operating System
(Image v2)
Bootloader
Kernel/DTB/Initramfs
"OS" Packages
Benefits
• Atomic versioning and updates of critical system components
› No more `apt --fix-missing --install` or related commands
• User components separately managed
› Better isolation of dependencies (ie containers)
› Fewer conflicts based on OS installed package versions
• Reproducibility
› The OS image is deterministic
› No configuration drift
• Better testing
› Exactly matching software on test and productiondevices
• Rollback capability
• More secure? Arguable
Drawbacks
• New/unfamiliar workflows
• Less flexible than traditional distros
• Do all your applications run in the
sandbox?
• Reboot required for any updates
› Mitigated by the app packaging system
• Is it really appropriate for desktop/laptop
use?
Technologies and Concepts
• libostree (https://ostreedev.github.io/ostree/)
› "Git for filesystems"
› Content-addressable objectstorage + hard links
• Multiple partitions
› Usually mounted read-only
› Symlinks for mutable config files
• Btrfs snapshots
• Declarative configuration
• Layering: https://coreos.github.io/rpm-ostree/
WHAT IS libostree?
"libostree is both a shared library and suite of command line tools
that combines a “git-like” model for committing and downloading
bootable filesystem trees, along with a layer for deploying them and
managing the bootloader configuration." 1
"git-like"
model
bootable
filesystem
trees
Bootloader
configuratio
n
1 https://github.com/ostreedev/ostree#libostree
OSTree BASICS
• File-based (!)
• Relies on non-root mount/“bind-mount”
- Normally the root of a file system is mounted as “the root”
- Linux allows to bind mount a subdirectory
• Initramfs mounts OSTree
- Pivot into bind mount/sub-directory
• Hardlinks are used to speed-up deployment and
minimize space usage
Source: https://medium.com/@1154_75881/what-is-the-difference-between-a-hard-link-and-a-symbolic-link-14db61df7707
Libostree filesystem layout
(Simplified)
"File system based on the copy-on-write principle
using B-trees, developed at Oracle since 2007"1
• Declared stable in Linux in 2013
• Subvolumes
• Atomically writable snapshots
• Cloning (multiple inodes pointing to the same
disk blocks)
BTRFS Snapshots
1
https://en.wikipedia.org/wiki/Btrfs
Applications
Containers: https://www.docker.com/ or https://podman.io/
Flatpak: https://www.flatpak.org/
Appimage: https://appimage.org/
Snaps: https://snapcraft.io/
Bundled with dependencies
"Distro-independent" Linux packages
Sandboxed from the host OS and other packages
Torizon Demo
Universal Blue
Based on Fedora Silverblue
"Cloud Native Linux Desktop Model"
• Base images generated by OCI containers
o RPM-OSTree
o BTRFS (snapshots?)
o Applications normally use Flatpak
Distrobox (https://distrobox.it/)
Linuxbrew (https://docs.brew.sh/Homebrew-on-Linux)
Many variants:
• Bluefin: GNOME Desktop
• Bluefin-DX: Bluefin + Cloud developer tools
• Built-in GPU drivers
Universal Blue Demo
NixOS
Reproducible
Declarative
Reliable
Package Manager
or
Full blown OS
VanillaOS
• Ubuntu Desktop based
• Dual A-B partitions
Survey of available systems
Desktop/Server
• Debian: Endless OS
• Ubuntu: VanillaOS
• Fedora: Silverblue
• Universal Blue
• NixOS
• GNU Guix
• Clear Linux
• Fedora CoreOS
• openSUSE Aeon (Gnome)
• openSUSE Kalpa (KDE)
• Flatcar Linux
• Bottlerocket OS
• Talos Linux (k8s)
• ChromeOS
Embedded
• Torizon
• Ubuntu Core
• Linux microPlatform
• BalenaOS
• SteamOS
References
• https://github.com/castrojo/awesome-immutable
• https://discord.gg/N4mswFw6ds
• https://blog.verbum.org/2020/08/22/immutable-%E2%86%92-reprovisionable-anti-hysteresis/
• https://www.torizon.io/
• https://www.torizon.io/open-source-community
• https://universal-blue.org/
THANK YOU
FOR YOUR INTEREST
www.toradex.com | www.torizon.io | developer.toradex.com
community.toradex.com | labs.toradex.com

More Related Content

Similar to Immutable Image-Based Operating Systems - EW2024.pdf

Windows_Installation.pptx
Windows_Installation.pptxWindows_Installation.pptx
Windows_Installation.pptxLearyJohn
 
Protecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxProtecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxGiuseppe Paterno'
 
Puppet Camp Charlotte 2015: Managing middleware with Puppet
Puppet Camp Charlotte 2015: Managing middleware with PuppetPuppet Camp Charlotte 2015: Managing middleware with Puppet
Puppet Camp Charlotte 2015: Managing middleware with PuppetPuppet
 
Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)MongoDB
 
GraphTour - Workday: Tracking activity with Neo4j (English Version)
GraphTour - Workday: Tracking activity with Neo4j (English Version)GraphTour - Workday: Tracking activity with Neo4j (English Version)
GraphTour - Workday: Tracking activity with Neo4j (English Version)Neo4j
 
Presentation desktops for the cloud the view rollout
Presentation   desktops for the cloud the view rolloutPresentation   desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutxKinAnx
 
Presentation desktops for the cloud the view rollout
Presentation   desktops for the cloud the view rolloutPresentation   desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutsolarisyourep
 
Poking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And ProfitPoking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And Profitssusera432ea1
 
Puppet & Perforce: Versioning Everything for Deployments
Puppet & Perforce: Versioning Everything for DeploymentsPuppet & Perforce: Versioning Everything for Deployments
Puppet & Perforce: Versioning Everything for DeploymentsPerforce
 
Package management and creation in Gentoo Linux
Package management and creation in Gentoo LinuxPackage management and creation in Gentoo Linux
Package management and creation in Gentoo LinuxDonnie Berkholz
 
Deployment Strategy
Deployment StrategyDeployment Strategy
Deployment StrategyMongoDB
 
Ch1Ch2Sept10.pdf
Ch1Ch2Sept10.pdfCh1Ch2Sept10.pdf
Ch1Ch2Sept10.pdfSamSami69
 
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...Gaetano Giunta
 
Operating system components
Operating system componentsOperating system components
Operating system componentsSyed Zaid Irshad
 
How to Build a Compute Cluster
How to Build a Compute ClusterHow to Build a Compute Cluster
How to Build a Compute ClusterRamsay Key
 
Building Embedded Linux Systems Introduction
Building Embedded Linux Systems IntroductionBuilding Embedded Linux Systems Introduction
Building Embedded Linux Systems IntroductionSherif Mousa
 
Eclipse plug in development
Eclipse plug in developmentEclipse plug in development
Eclipse plug in developmentMartin Toshev
 
Extension Library - Viagra for XPages
Extension Library - Viagra for XPagesExtension Library - Viagra for XPages
Extension Library - Viagra for XPagesUlrich Krause
 
Selecting And Protecting The Right Sharepoint Backup Targets Sps Michigan
Selecting And Protecting The Right Sharepoint Backup Targets Sps MichiganSelecting And Protecting The Right Sharepoint Backup Targets Sps Michigan
Selecting And Protecting The Right Sharepoint Backup Targets Sps MichiganChristopher Bunn
 

Similar to Immutable Image-Based Operating Systems - EW2024.pdf (20)

Windows_Installation.pptx
Windows_Installation.pptxWindows_Installation.pptx
Windows_Installation.pptx
 
Protecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxProtecting confidential files using SE-Linux
Protecting confidential files using SE-Linux
 
Puppet Camp Charlotte 2015: Managing middleware with Puppet
Puppet Camp Charlotte 2015: Managing middleware with PuppetPuppet Camp Charlotte 2015: Managing middleware with Puppet
Puppet Camp Charlotte 2015: Managing middleware with Puppet
 
Deploying PHP apps on the cloud
Deploying PHP apps on the cloudDeploying PHP apps on the cloud
Deploying PHP apps on the cloud
 
Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)
 
GraphTour - Workday: Tracking activity with Neo4j (English Version)
GraphTour - Workday: Tracking activity with Neo4j (English Version)GraphTour - Workday: Tracking activity with Neo4j (English Version)
GraphTour - Workday: Tracking activity with Neo4j (English Version)
 
Presentation desktops for the cloud the view rollout
Presentation   desktops for the cloud the view rolloutPresentation   desktops for the cloud the view rollout
Presentation desktops for the cloud the view rollout
 
Presentation desktops for the cloud the view rollout
Presentation   desktops for the cloud the view rolloutPresentation   desktops for the cloud the view rollout
Presentation desktops for the cloud the view rollout
 
Poking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And ProfitPoking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And Profit
 
Puppet & Perforce: Versioning Everything for Deployments
Puppet & Perforce: Versioning Everything for DeploymentsPuppet & Perforce: Versioning Everything for Deployments
Puppet & Perforce: Versioning Everything for Deployments
 
Package management and creation in Gentoo Linux
Package management and creation in Gentoo LinuxPackage management and creation in Gentoo Linux
Package management and creation in Gentoo Linux
 
Deployment Strategy
Deployment StrategyDeployment Strategy
Deployment Strategy
 
Ch1Ch2Sept10.pdf
Ch1Ch2Sept10.pdfCh1Ch2Sept10.pdf
Ch1Ch2Sept10.pdf
 
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
 
Operating system components
Operating system componentsOperating system components
Operating system components
 
How to Build a Compute Cluster
How to Build a Compute ClusterHow to Build a Compute Cluster
How to Build a Compute Cluster
 
Building Embedded Linux Systems Introduction
Building Embedded Linux Systems IntroductionBuilding Embedded Linux Systems Introduction
Building Embedded Linux Systems Introduction
 
Eclipse plug in development
Eclipse plug in developmentEclipse plug in development
Eclipse plug in development
 
Extension Library - Viagra for XPages
Extension Library - Viagra for XPagesExtension Library - Viagra for XPages
Extension Library - Viagra for XPages
 
Selecting And Protecting The Right Sharepoint Backup Targets Sps Michigan
Selecting And Protecting The Right Sharepoint Backup Targets Sps MichiganSelecting And Protecting The Right Sharepoint Backup Targets Sps Michigan
Selecting And Protecting The Right Sharepoint Backup Targets Sps Michigan
 

Recently uploaded

analog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptxanalog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptxKarpagam Institute of Teechnology
 
"United Nations Park" Site Visit Report.
"United Nations Park" Site  Visit Report."United Nations Park" Site  Visit Report.
"United Nations Park" Site Visit Report.MdManikurRahman
 
Performance enhancement of machine learning algorithm for breast cancer diagn...
Performance enhancement of machine learning algorithm for breast cancer diagn...Performance enhancement of machine learning algorithm for breast cancer diagn...
Performance enhancement of machine learning algorithm for breast cancer diagn...IJECEIAES
 
Final DBMS Manual (2).pdf final lab manual
Final DBMS Manual (2).pdf final lab manualFinal DBMS Manual (2).pdf final lab manual
Final DBMS Manual (2).pdf final lab manualBalamuruganV28
 
AI in Healthcare Innovative use cases and applications.pdf
AI in Healthcare Innovative use cases and applications.pdfAI in Healthcare Innovative use cases and applications.pdf
AI in Healthcare Innovative use cases and applications.pdfmahaffeycheryld
 
Raashid final report on Embedded Systems
Raashid final report on Embedded SystemsRaashid final report on Embedded Systems
Raashid final report on Embedded SystemsRaashidFaiyazSheikh
 
Passive Air Cooling System and Solar Water Heater.ppt
Passive Air Cooling System and Solar Water Heater.pptPassive Air Cooling System and Solar Water Heater.ppt
Passive Air Cooling System and Solar Water Heater.pptamrabdallah9
 
Seizure stage detection of epileptic seizure using convolutional neural networks
Seizure stage detection of epileptic seizure using convolutional neural networksSeizure stage detection of epileptic seizure using convolutional neural networks
Seizure stage detection of epileptic seizure using convolutional neural networksIJECEIAES
 
Research Methodolgy & Intellectual Property Rights Series 2
Research Methodolgy & Intellectual Property Rights Series 2Research Methodolgy & Intellectual Property Rights Series 2
Research Methodolgy & Intellectual Property Rights Series 2T.D. Shashikala
 
Worksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptxWorksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptxMustafa Ahmed
 
Dynamo Scripts for Task IDs and Space Naming.pptx
Dynamo Scripts for Task IDs and Space Naming.pptxDynamo Scripts for Task IDs and Space Naming.pptx
Dynamo Scripts for Task IDs and Space Naming.pptxMustafa Ahmed
 
8th International Conference on Soft Computing, Mathematics and Control (SMC ...
8th International Conference on Soft Computing, Mathematics and Control (SMC ...8th International Conference on Soft Computing, Mathematics and Control (SMC ...
8th International Conference on Soft Computing, Mathematics and Control (SMC ...josephjonse
 
Microkernel in Operating System | Operating System
Microkernel in Operating System | Operating SystemMicrokernel in Operating System | Operating System
Microkernel in Operating System | Operating SystemSampad Kar
 
CLOUD COMPUTING SERVICES - Cloud Reference Modal
CLOUD COMPUTING SERVICES - Cloud Reference ModalCLOUD COMPUTING SERVICES - Cloud Reference Modal
CLOUD COMPUTING SERVICES - Cloud Reference ModalSwarnaSLcse
 
Introduction to Artificial Intelligence and History of AI
Introduction to Artificial Intelligence and History of AIIntroduction to Artificial Intelligence and History of AI
Introduction to Artificial Intelligence and History of AISheetal Jain
 
Basics of Relay for Engineering Students
Basics of Relay for Engineering StudentsBasics of Relay for Engineering Students
Basics of Relay for Engineering Studentskannan348865
 
5G and 6G refer to generations of mobile network technology, each representin...
5G and 6G refer to generations of mobile network technology, each representin...5G and 6G refer to generations of mobile network technology, each representin...
5G and 6G refer to generations of mobile network technology, each representin...archanaece3
 
electrical installation and maintenance.
electrical installation and maintenance.electrical installation and maintenance.
electrical installation and maintenance.benjamincojr
 
Filters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility ApplicationsFilters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility ApplicationsMathias Magdowski
 
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...drjose256
 

Recently uploaded (20)

analog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptxanalog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptx
 
"United Nations Park" Site Visit Report.
"United Nations Park" Site  Visit Report."United Nations Park" Site  Visit Report.
"United Nations Park" Site Visit Report.
 
Performance enhancement of machine learning algorithm for breast cancer diagn...
Performance enhancement of machine learning algorithm for breast cancer diagn...Performance enhancement of machine learning algorithm for breast cancer diagn...
Performance enhancement of machine learning algorithm for breast cancer diagn...
 
Final DBMS Manual (2).pdf final lab manual
Final DBMS Manual (2).pdf final lab manualFinal DBMS Manual (2).pdf final lab manual
Final DBMS Manual (2).pdf final lab manual
 
AI in Healthcare Innovative use cases and applications.pdf
AI in Healthcare Innovative use cases and applications.pdfAI in Healthcare Innovative use cases and applications.pdf
AI in Healthcare Innovative use cases and applications.pdf
 
Raashid final report on Embedded Systems
Raashid final report on Embedded SystemsRaashid final report on Embedded Systems
Raashid final report on Embedded Systems
 
Passive Air Cooling System and Solar Water Heater.ppt
Passive Air Cooling System and Solar Water Heater.pptPassive Air Cooling System and Solar Water Heater.ppt
Passive Air Cooling System and Solar Water Heater.ppt
 
Seizure stage detection of epileptic seizure using convolutional neural networks
Seizure stage detection of epileptic seizure using convolutional neural networksSeizure stage detection of epileptic seizure using convolutional neural networks
Seizure stage detection of epileptic seizure using convolutional neural networks
 
Research Methodolgy & Intellectual Property Rights Series 2
Research Methodolgy & Intellectual Property Rights Series 2Research Methodolgy & Intellectual Property Rights Series 2
Research Methodolgy & Intellectual Property Rights Series 2
 
Worksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptxWorksharing and 3D Modeling with Revit.pptx
Worksharing and 3D Modeling with Revit.pptx
 
Dynamo Scripts for Task IDs and Space Naming.pptx
Dynamo Scripts for Task IDs and Space Naming.pptxDynamo Scripts for Task IDs and Space Naming.pptx
Dynamo Scripts for Task IDs and Space Naming.pptx
 
8th International Conference on Soft Computing, Mathematics and Control (SMC ...
8th International Conference on Soft Computing, Mathematics and Control (SMC ...8th International Conference on Soft Computing, Mathematics and Control (SMC ...
8th International Conference on Soft Computing, Mathematics and Control (SMC ...
 
Microkernel in Operating System | Operating System
Microkernel in Operating System | Operating SystemMicrokernel in Operating System | Operating System
Microkernel in Operating System | Operating System
 
CLOUD COMPUTING SERVICES - Cloud Reference Modal
CLOUD COMPUTING SERVICES - Cloud Reference ModalCLOUD COMPUTING SERVICES - Cloud Reference Modal
CLOUD COMPUTING SERVICES - Cloud Reference Modal
 
Introduction to Artificial Intelligence and History of AI
Introduction to Artificial Intelligence and History of AIIntroduction to Artificial Intelligence and History of AI
Introduction to Artificial Intelligence and History of AI
 
Basics of Relay for Engineering Students
Basics of Relay for Engineering StudentsBasics of Relay for Engineering Students
Basics of Relay for Engineering Students
 
5G and 6G refer to generations of mobile network technology, each representin...
5G and 6G refer to generations of mobile network technology, each representin...5G and 6G refer to generations of mobile network technology, each representin...
5G and 6G refer to generations of mobile network technology, each representin...
 
electrical installation and maintenance.
electrical installation and maintenance.electrical installation and maintenance.
electrical installation and maintenance.
 
Filters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility ApplicationsFilters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility Applications
 
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
Tembisa Central Terminating Pills +27838792658 PHOMOLONG Top Abortion Pills F...
 

Immutable Image-Based Operating Systems - EW2024.pdf

  • 1. Immutable Image-Based Operating Systems Presented by Drew Moseley Technical Solutions Architect Toradex
  • 2. WHAT WE’LL COVER TODAY… • Definitions • Architecture • Benefits • Desktop Distro • Embedded OS Architecture • Demo(?) AGENDA
  • 3. WHAT WE DO RELIABLEAND EASY-TO-USE EMBEDDED SOLUTIONS FOR YOU Arm® System on Modules Reliable Long-Term Maintenance Scalable From Stock Production-Ready Software Yocto-Based Linux Windows Embedded Compact Development Tools Long-Term Maintenance Ease-of-Use Support Ecosystem
  • 4. Definitions • Immutable1: not capable of or susceptibleto change › Critical portions of the system are "read-only" › Updates are performed with only well-defined mechanisms › User data stored separately › Applications generally use a different mechanism 1 https://www.merriam-webster.com/dictionary/immutable 2 https://www.merriam-webster.com/dictionary/image • Image2: exact likeness › Updating the entire "Operating System" › Updating individual packages or applications "not supported" 3 https://www.merriam-webster.com/dictionary/atomic • Atomic3: of, relating to, or concerned with atoms › Incapable of being subdivided › No chance of partially installed updates Other names: Layered OS, Reprovisionable, Anti-hysteresis
  • 5. Sidebar: Pets vs Cattle • Coined by Randy Bias1 › Originally from Enterprise Computing Space • Desktop/Server: › Pets - Individual laptops › Cattle - Servers managed as code • In Embedded: › Pets - Weekend projects, home automation › Cattle - Large fleets of identical devices. 1 http://cloudscaling.com/blog/cloud-computing/the-history-of-pets-vs-cattle/
  • 6. Conceptual Architecture System Operating System (Image v1) Bootloader Kernel/DTB/Initramfs "OS" Packages User Data User Applications
  • 7. Conceptual Architecture System Operating System (Image v2) Bootloader Kernel/DTB/Initramfs "OS" Packages User Data User Applications Operating System (Image v2) Bootloader Kernel/DTB/Initramfs "OS" Packages
  • 8. Benefits • Atomic versioning and updates of critical system components › No more `apt --fix-missing --install` or related commands • User components separately managed › Better isolation of dependencies (ie containers) › Fewer conflicts based on OS installed package versions • Reproducibility › The OS image is deterministic › No configuration drift • Better testing › Exactly matching software on test and productiondevices • Rollback capability • More secure? Arguable
  • 9. Drawbacks • New/unfamiliar workflows • Less flexible than traditional distros • Do all your applications run in the sandbox? • Reboot required for any updates › Mitigated by the app packaging system • Is it really appropriate for desktop/laptop use?
  • 10. Technologies and Concepts • libostree (https://ostreedev.github.io/ostree/) › "Git for filesystems" › Content-addressable objectstorage + hard links • Multiple partitions › Usually mounted read-only › Symlinks for mutable config files • Btrfs snapshots • Declarative configuration • Layering: https://coreos.github.io/rpm-ostree/
  • 11. WHAT IS libostree? "libostree is both a shared library and suite of command line tools that combines a “git-like” model for committing and downloading bootable filesystem trees, along with a layer for deploying them and managing the bootloader configuration." 1 "git-like" model bootable filesystem trees Bootloader configuratio n 1 https://github.com/ostreedev/ostree#libostree
  • 12. OSTree BASICS • File-based (!) • Relies on non-root mount/“bind-mount” - Normally the root of a file system is mounted as “the root” - Linux allows to bind mount a subdirectory • Initramfs mounts OSTree - Pivot into bind mount/sub-directory • Hardlinks are used to speed-up deployment and minimize space usage Source: https://medium.com/@1154_75881/what-is-the-difference-between-a-hard-link-and-a-symbolic-link-14db61df7707
  • 14. "File system based on the copy-on-write principle using B-trees, developed at Oracle since 2007"1 • Declared stable in Linux in 2013 • Subvolumes • Atomically writable snapshots • Cloning (multiple inodes pointing to the same disk blocks) BTRFS Snapshots 1 https://en.wikipedia.org/wiki/Btrfs
  • 15. Applications Containers: https://www.docker.com/ or https://podman.io/ Flatpak: https://www.flatpak.org/ Appimage: https://appimage.org/ Snaps: https://snapcraft.io/ Bundled with dependencies "Distro-independent" Linux packages Sandboxed from the host OS and other packages
  • 16.
  • 18. Universal Blue Based on Fedora Silverblue "Cloud Native Linux Desktop Model" • Base images generated by OCI containers o RPM-OSTree o BTRFS (snapshots?) o Applications normally use Flatpak Distrobox (https://distrobox.it/) Linuxbrew (https://docs.brew.sh/Homebrew-on-Linux) Many variants: • Bluefin: GNOME Desktop • Bluefin-DX: Bluefin + Cloud developer tools • Built-in GPU drivers
  • 21. VanillaOS • Ubuntu Desktop based • Dual A-B partitions
  • 22. Survey of available systems Desktop/Server • Debian: Endless OS • Ubuntu: VanillaOS • Fedora: Silverblue • Universal Blue • NixOS • GNU Guix • Clear Linux • Fedora CoreOS • openSUSE Aeon (Gnome) • openSUSE Kalpa (KDE) • Flatcar Linux • Bottlerocket OS • Talos Linux (k8s) • ChromeOS Embedded • Torizon • Ubuntu Core • Linux microPlatform • BalenaOS • SteamOS
  • 23. References • https://github.com/castrojo/awesome-immutable • https://discord.gg/N4mswFw6ds • https://blog.verbum.org/2020/08/22/immutable-%E2%86%92-reprovisionable-anti-hysteresis/ • https://www.torizon.io/ • https://www.torizon.io/open-source-community • https://universal-blue.org/
  • 24. THANK YOU FOR YOUR INTEREST www.toradex.com | www.torizon.io | developer.toradex.com community.toradex.com | labs.toradex.com