rpm-ostree/fedostree/web/partials/implementation.html
Colin Walters bab1d6ce31 fedostree/web: Split up into separate pages
This is just less overwhelming.
2014-02-12 18:46:09 -05:00

155 lines
7.0 KiB
HTML

<article>
<h1>Implementation</h1>
<h5>/usr/lib/passwd and nss-altfiles</h5>
<p>
A change to
include <a href="https://sourceware.org/bugzilla/show_bug.cgi?id=16142">/usr/lib/passwd</a>
is required; this is implemented currently by
the <tt>nss-altfiles</tt> package. See
also <a href="http://fedorapeople.org/~walters/Use-usr-lib-passwd-for-system-users-if-it-exists.patch">this
patch</a> for shadow-utils.
</p>
<h5>/var should be dynamically populated</h5>
<p>
All RPMs should stop shipping files and directories
in <tt>/var</tt>.
See <a href="https://people.gnome.org/~walters/ostree/doc/layout.html">this
section</a> of the OSTree documentation.
</p>
<p>
RPM should cope with its database living
in <tt>/usr/share/rpm</tt> and being immutable.
</p>
<h5>SELinux support</h5>
<p>OSTree was designed from the very beginning to work with SELinux; it just
needs some bugfixes and integration on the rpm-ostree side.</p>
<h5>Anaconda support</h5>
<p>Anaconda should have an OSTree backend in addition to RPM. A basic UI
that provides a listview of shipped trees and allows picking them would
be quite sufficient initially.</p>
<h5>Dracut</h5>
<p>OSTree, when replicating content from a build server, effectively reverts
the <a href="https://fedoraproject.org/wiki/Features/DracutHostOnly">Dracut
host-only mode</a>. Furthermore, at the moment we hardcode
/etc/machine-id, which is a definite bug that needs to be fixed.
Possibly systemd should support reading the machine ID from the
kernel commandline, as it's the only host-writable area available
in early boot.</p>
<h3>Development area: OSTree Layering</h3>
<p>
This phase would be allowing "layering" of trees. For example,
if one installs the <tt>base/minimal</tt> tree, one could imagine
taking the <tt>strace</tt> package, and computing a new
filesystem tree which is the union of the two.
</p>
<p>
While plain standalone ELF executables would work with no
modification, a generalization of this kind of dynamic layering
implies a higher level above OSTree that is aware of things
like <tt>ldconfig</tt> and <tt>gtk-update-icon-cache</tt> and how
to trigger them when layers are combined
</p>
<p>
Conceptually, this is a step back towards combinatorics. For example,
if libvirt is a layer that could be applied on top of the base server
layer as well as the workstation layer, then there would need to be
some notion of dependencies.
</p>
<h3>Development area: Local package assembly</h3>
<p>
There is absolutely no reason one could not just use the package
manager on the client side to download and assemble packages -
but rather than operating live on your current root, OSTree
allows setting up the chosen tree for the next boot
atomically.
</p>
<p>
The problem is making this sort of thing efficient and scalable;
it would require careful integration of the local OSTree
repository and the package manager caching to operate at a speed
comparable to traditional package management.</p>
<p>There are two primary issues. First, OSTree mandates that the
running tree be immutable, and requires construction of a new
tree. This is just a deep mismatch with how package managers are
built. Second, current package managers are totally unaware of
the existence of the OSTree repository at /ostree/repo which holds
binaries. A naive implementation would just redownload the packages,
which would be quite slow.
</p>
</p>
<h3>Development area: Live updates</h3>
<p>
If one is using OSTree in a model without a separate application
mechanism (as is the case for rpm-ostree), it is potentially
painful to reboot just to upgrade applications.
</p>
<p>
It would be quite easy to do a bind mount of the new /usr over
top of the old. This would avoid some of the problems dpkg/rpm
have in creating an <emphasis>partial</emphasis> view. But even
this model would still break many real world desktop applications
such as Firefox. Few applications handle files from an arbitrary
new version replacing their current ones.
</p>
<p>
Starting from an <emphasis>safe</emphasis> basis, it should be
possible to engineer userspace so that many classes of upgrades
can be applied both live and safely, without race conditions.
</p>
<h3>OSTree example: Bisecting Mesa</h3>
<p>
OSTree allows not just dual booting - one can just as easily have
50 or more trees locally. Suppose that you're tracking Fedora
rawhide, and an upgrade breaks Mesa+GNOME (or sound, or something
else). You can not only easily revert to a last known good tree,
you can use OSTree to download intermediate builds from the build
server and <i>bisect</i> across them. Given the ability to do
local builds from git, automating bisection across source code is
entirely possible as well.
</p>
<h3>OSTree example: Server side fast CI/CD</h3>
<p>
OSTree <b>mandates</b> that operating system updates work entirely
offline. Work that has been prototyped already in
the <a href="https://wiki.gnome.org/Projects/GnomeContinuous">gnome-continuous</a>
codebase then takes updated content from an OSTree repository, and
incrementally updates a cached VM disk image from the host side.
This could allow <i>booting</i> updated systemd RPMs within
minutes after Koji builds. This is fundamentally different from
RPM <tt>%check</tt> as we are booting the tree as it will be
shipped to the user - whereas RPM checks may run in e.g. a RHEL6
kernel.
</p>
<h3>OSTree example: Parallel installing Red Hat Enterprise Linux and Fedora</h3>
<p>
Many contributors to Fedora are also Red Hat engineers working on
Red Hat Enterprise Linux. An example way to use OSTree is to have
EL7 installed in the physical /, and install Fedora in
/ostree/deploy/fedora. One can choose whether or not to share
/home.
</p>
<h3>OSTree example: Trying rawhide safely</h3>
<p>
This is an obvious use case - you can run a stable release, and
periodically try the development release on bare metal with a
great deal of safety, particularly if you choose not to share
/home. In this model, the only major risk is the newer kernel
containing filesystem corrupting bugs.
</p>
<h3>OSTree example: "Recovery partition"</h3>
<p>
You can keep your OS installed in /, manage it with a traditional
package manager, but have a small (e.g. base/minimal) tree
installed via OSTree to use as a "recovery partition" when
something goes wrong. Except unlike traditional recovery
partitions, you can easily delete it if you want space, upgrade it
offline, etc.
</p>
<h3>OSTree example: Reliable safe upgrades of a server cluster</h3>
<p>
OSTree allows taking a "cloud" like approach to a cluster of
traditional servers. Every upgrade is atomic and (relatively)
efficient, and can be served by any plain HTTP server.
</p>
</article>