Stateless Systems, Factory Reset, Golden Master Systems and systemd LinuxCon Europe, Duesseldorf

October 2014

Stateless Systems, Factory Reset, Golden Master Systems and systemd The procedure to bring a system back into the state that is was shipped in.

Factory Reset?

Stateless Systems, Factory Reset, Golden Master Systems and systemd Factory Reset? The procedure to bring a system back into the state that is was shipped in.

Stateless Systems, Factory Reset, Golden Master Systems and systemd A system where every single boot-up is as if a factory reset was just completed.

Stateless System?

Stateless Systems, Factory Reset, Golden Master Systems and systemd Stateless System? A system where every single boot-up is as if a factory reset was just completed.

Stateless Systems, Factory Reset, Golden Master Systems and systemd The same image is usually shared between a multitude of systems.

Golden Master? The one master image a factory reset returns the state to.

Stateless Systems, Factory Reset, Golden Master Systems and systemd Golden Master? The one master image a factory reset returns the state to. The same image is usually shared between a multitude of systems.

Stateless Systems, Factory Reset, Golden Master Systems and systemd Containers, servers, laptops/desktops/tablets, mobile, embedded Verifiable setups Apps

Where do you want this?

Stateless Systems, Factory Reset, Golden Master Systems and systemd servers, laptops/desktops/tablets, mobile, embedded Verifiable setups Apps

Where do you want this? Containers,

Stateless Systems, Factory Reset, Golden Master Systems and systemd laptops/desktops/tablets, mobile, embedded Verifiable setups Apps

Where do you want this? Containers, servers,

Stateless Systems, Factory Reset, Golden Master Systems and systemd mobile, embedded Verifiable setups Apps

Where do you want this? Containers, servers, laptops/desktops/tablets,

Stateless Systems, Factory Reset, Golden Master Systems and systemd embedded Verifiable setups Apps

Where do you want this? Containers, servers, laptops/desktops/tablets, mobile,

Stateless Systems, Factory Reset, Golden Master Systems and systemd Verifiable setups Apps

Where do you want this? Containers, servers, laptops/desktops/tablets, mobile, embedded

Stateless Systems, Factory Reset, Golden Master Systems and systemd Apps

Where do you want this? Containers, servers, laptops/desktops/tablets, mobile, embedded Verifiable setups

Stateless Systems, Factory Reset, Golden Master Systems and systemd Where do you want this? Containers, servers, laptops/desktops/tablets, mobile, embedded Verifiable setups Apps

Stateless Systems, Factory Reset, Golden Master Systems and systemd Tons of prior art: Android, ChromeOS, CoreOS, virtualization infrastructure, and many embedded systems

Stateless Systems, Factory Reset, Golden Master Systems and systemd Right in the OS itself.

Our goal with working on this in the systemd context: to solve this in a modular and generic way, for all usecases

Stateless Systems, Factory Reset, Golden Master Systems and systemd Our goal with working on this in the systemd context: to solve this in a modular and generic way, for all usecases Right in the OS itself.

Stateless Systems, Factory Reset, Golden Master Systems and systemd /etc: configuration /var: state /usr: vendor OS resources (after the /usr merge)

Let’s seperate state from OS resources!

Stateless Systems, Factory Reset, Golden Master Systems and systemd /var: state /usr: vendor OS resources (after the /usr merge)

Let’s seperate state from OS resources! /etc: configuration

Stateless Systems, Factory Reset, Golden Master Systems and systemd /usr: vendor OS resources (after the /usr merge)

Let’s seperate state from OS resources! /etc: configuration /var: state

Stateless Systems, Factory Reset, Golden Master Systems and systemd (after the /usr merge)

Let’s seperate state from OS resources! /etc: configuration /var: state /usr: vendor OS resources

Stateless Systems, Factory Reset, Golden Master Systems and systemd Let’s seperate state from OS resources! /etc: configuration /var: state /usr: vendor OS resources (after the /usr merge)

Stateless Systems, Factory Reset, Golden Master Systems and systemd Flushing /etc, /var, just keeping /usr: full factory reset Flushing just /var, keeping /usr and /etc: keeping settings, but dropping collected state

Stateless Systems, Factory Reset, Golden Master Systems and systemd Mostly just works, just a few more tmpfiles rules

Booting with /var empty?

Stateless Systems, Factory Reset, Golden Master Systems and systemd Booting with /var empty? Mostly just works, just a few more tmpfiles rules

Stateless Systems, Factory Reset, Golden Master Systems and systemd Booting with /var empty? Mostly just works, just a few more tmpfiles rules

Stateless Systems, Factory Reset, Golden Master Systems and systemd d /var 0755 - - -

L /var/run - - - - ../run

d /var/log 0755 - - - f /var/log/wtmp 0664 root utmp - f /var/log/btmp 0600 root utmp -

d /var/cache 0755 - - -

d /var/lib 0755 - - - d /var/spool 0755 - - -

What’s tmpfiles again?

Stateless Systems, Factory Reset, Golden Master Systems and systemd What’s tmpfiles again? d /var 0755 - - -

L /var/run - - - - ../run d /var/log 0755 - - - f /var/log/wtmp 0664 root utmp - f /var/log/btmp 0600 root utmp - d /var/cache 0755 - - - d /var/lib 0755 - - - d /var/spool 0755 - - -

Stateless Systems, Factory Reset, Golden Master Systems and systemd More complex Software is more allergic if configuration files in /etc are missing User database! Core OS components shipped by systemd are fixed Exception in the core OS: dbus, PAM

Booting with /etc empty?

Stateless Systems, Factory Reset, Golden Master Systems and systemd Software is more allergic if configuration files in /etc are missing User database! Core OS components shipped by systemd are fixed Exception in the core OS: dbus, PAM

Booting with /etc empty? More complex

Stateless Systems, Factory Reset, Golden Master Systems and systemd User database! Core OS components shipped by systemd are fixed Exception in the core OS: dbus, PAM

Booting with /etc empty? More complex Software is more allergic if configuration files in /etc are missing

Stateless Systems, Factory Reset, Golden Master Systems and systemd Core OS components shipped by systemd are fixed Exception in the core OS: dbus, PAM

Booting with /etc empty? More complex Software is more allergic if configuration files in /etc are missing User database!

Stateless Systems, Factory Reset, Golden Master Systems and systemd Exception in the core OS: dbus, PAM

Booting with /etc empty? More complex Software is more allergic if configuration files in /etc are missing User database! Core OS components shipped by systemd are fixed

Stateless Systems, Factory Reset, Golden Master Systems and systemd Booting with /etc empty? More complex Software is more allergic if configuration files in /etc are missing User database! Core OS components shipped by systemd are fixed Exception in the core OS: dbus, PAM

Stateless Systems, Factory Reset, Golden Master Systems and systemd tmpfiles to the rescue:

C /etc/pam.d C /etc/nsswitch.conf

Introducing: /usr/share/factory/etc

Stateless Systems, Factory Reset, Golden Master Systems and systemd sysusers to the rescue: u root 0 "Super User" /root u nobody 65534 "Nobody" - g adm - - - g wheel - - - g kmem - - - g lock - - - g tty 5 - - g utmp - - - g audio - - - g cdrom - - - g dialout - - - g disk - - - g input - - - g lp - - - g tape - - - g video - - - g users - - -

Stateless Systems, Factory Reset, Golden Master Systems and systemd systemd-nspawn –volatile=state -b -D /srv/mycontainer systemd-nspawn –volatile=yes -b -D /srv/mycontainer

systemd-nspawn –volatile=no -b -D /srv/mycontainer

Stateless Systems, Factory Reset, Golden Master Systems and systemd systemd-nspawn –volatile=yes -b -D /srv/mycontainer

systemd-nspawn –volatile=no -b -D /srv/mycontainer systemd-nspawn –volatile=state -b -D /srv/mycontainer

Stateless Systems, Factory Reset, Golden Master Systems and systemd systemd-nspawn –volatile=no -b -D /srv/mycontainer systemd-nspawn –volatile=state -b -D /srv/mycontainer systemd-nspawn –volatile=yes -b -D /srv/mycontainer

Stateless Systems, Factory Reset, Golden Master Systems and systemd /usr can be updated offline On next boot, /etc and /var are updated ConditionNeedsUpdate= ldconfig, sysusers, udev hwdb, . . . All atomic

Updating

Stateless Systems, Factory Reset, Golden Master Systems and systemd On next boot, /etc and /var are updated ConditionNeedsUpdate= ldconfig, sysusers, udev hwdb, . . . All atomic

Updating /usr can be updated offline

Stateless Systems, Factory Reset, Golden Master Systems and systemd ConditionNeedsUpdate= ldconfig, sysusers, udev hwdb, . . . All atomic

Updating /usr can be updated offline On next boot, /etc and /var are updated

Stateless Systems, Factory Reset, Golden Master Systems and systemd ldconfig, sysusers, udev hwdb, . . . All atomic

Updating /usr can be updated offline On next boot, /etc and /var are updated ConditionNeedsUpdate=

Stateless Systems, Factory Reset, Golden Master Systems and systemd All atomic

Updating /usr can be updated offline On next boot, /etc and /var are updated ConditionNeedsUpdate= ldconfig, sysusers, udev hwdb, . . .

Stateless Systems, Factory Reset, Golden Master Systems and systemd Updating /usr can be updated offline On next boot, /etc and /var are updated ConditionNeedsUpdate= ldconfig, sysusers, udev hwdb, . . . All atomic

Stateless Systems, Factory Reset, Golden Master Systems and systemd Multiple /usr trees around!

Double Buffering

Stateless Systems, Factory Reset, Golden Master Systems and systemd Double Buffering Multiple /usr trees around!

Stateless Systems, Factory Reset, Golden Master Systems and systemd RPM? Classic Distributions?

Stateless Systems, Factory Reset, Golden Master Systems and systemd Timeframe?

Stateless Systems, Factory Reset, Golden Master Systems and systemd /usr: os, runtime, framework /opt/appname: app

Apps!

Stateless Systems, Factory Reset, Golden Master Systems and systemd /opt/appname: app

Apps! /usr: os, runtime, framework

Stateless Systems, Factory Reset, Golden Master Systems and systemd Apps! /usr: os, runtime, framework /opt/appname: app

Stateless Systems, Factory Reset, Golden Master Systems and systemd Runtime: a /usr one can run executables against Framework: a /usr one can build executables with

OS: a /usr one can boot up a system with

Stateless Systems, Factory Reset, Golden Master Systems and systemd Framework: a /usr one can build executables with

OS: a /usr one can boot up a system with Runtime: a /usr one can run executables against

Stateless Systems, Factory Reset, Golden Master Systems and systemd OS: a /usr one can boot up a system with Runtime: a /usr one can run executables against Framework: a /usr one can build executables with

Stateless Systems, Factory Reset, Golden Master Systems and systemd All in multiple versions on the same system btrfs subvolumes

OS, Runtime, Framework, Instance, Apps

Stateless Systems, Factory Reset, Golden Master Systems and systemd btrfs subvolumes

OS, Runtime, Framework, Instance, Apps All in multiple versions on the same system

Stateless Systems, Factory Reset, Golden Master Systems and systemd OS, Runtime, Framework, Instance, Apps All in multiple versions on the same system btrfs subvolumes

Stateless Systems, Factory Reset, Golden Master Systems and systemd btrfs???

Stateless Systems, Factory Reset, Golden Master Systems and systemd usr:vendorid:architecture:version root:name:vendorid:architecture runtime:vendorid:architecture:version framework:vendorid:architecture:version app:vendorid:runtime:architecture:version

Clear naming Scheme for subvolumes

Stateless Systems, Factory Reset, Golden Master Systems and systemd root:name:vendorid:architecture runtime:vendorid:architecture:version framework:vendorid:architecture:version app:vendorid:runtime:architecture:version

Clear naming Scheme for subvolumes usr:vendorid:architecture:version

Stateless Systems, Factory Reset, Golden Master Systems and systemd runtime:vendorid:architecture:version framework:vendorid:architecture:version app:vendorid:runtime:architecture:version

Clear naming Scheme for subvolumes usr:vendorid:architecture:version root:name:vendorid:architecture

Stateless Systems, Factory Reset, Golden Master Systems and systemd framework:vendorid:architecture:version app:vendorid:runtime:architecture:version

Clear naming Scheme for subvolumes usr:vendorid:architecture:version root:name:vendorid:architecture runtime:vendorid:architecture:version

Stateless Systems, Factory Reset, Golden Master Systems and systemd app:vendorid:runtime:architecture:version

Clear naming Scheme for subvolumes usr:vendorid:architecture:version root:name:vendorid:architecture runtime:vendorid:architecture:version framework:vendorid:architecture:version

Stateless Systems, Factory Reset, Golden Master Systems and systemd Clear naming Scheme for subvolumes usr:vendorid:architecture:version root:name:vendorid:architecture runtime:vendorid:architecture:version framework:vendorid:architecture:version app:vendorid:runtime:architecture:version

Stateless Systems, Factory Reset, Golden Master Systems and systemd Dynamic views on the system, for containers and apps Multiple root subvolumes sharing the same usr subvolume! Multiple app subvolumes sharing the same runtime subvolume!

Namespaces!

Stateless Systems, Factory Reset, Golden Master Systems and systemd Multiple root subvolumes sharing the same usr subvolume! Multiple app subvolumes sharing the same runtime subvolume!

Namespaces! Dynamic views on the system, for containers and apps

Stateless Systems, Factory Reset, Golden Master Systems and systemd Multiple app subvolumes sharing the same runtime subvolume!

Namespaces! Dynamic views on the system, for containers and apps Multiple root subvolumes sharing the same usr subvolume!

Stateless Systems, Factory Reset, Golden Master Systems and systemd Namespaces! Dynamic views on the system, for containers and apps Multiple root subvolumes sharing the same usr subvolume! Multiple app subvolumes sharing the same runtime subvolume!

Stateless Systems, Factory Reset, Golden Master Systems and systemd btrfs send/recv deltas via http Same for OS, runtimes, frameworks and apps

Delivery:

Stateless Systems, Factory Reset, Golden Master Systems and systemd Same for OS, runtimes, frameworks and apps

Delivery: btrfs send/recv deltas via http

Stateless Systems, Factory Reset, Golden Master Systems and systemd Delivery: btrfs send/recv deltas via http Same for OS, runtimes, frameworks and apps

Stateless Systems, Factory Reset, Golden Master Systems and systemd 1 Create GPT table with ESP + btrfs 2 Deserialize usr tree into btrfs 3 Install bootloader into ESP 4 Profit!

OS installation:

Stateless Systems, Factory Reset, Golden Master Systems and systemd 2 Deserialize usr tree into btrfs 3 Install bootloader into ESP 4 Profit!

OS installation:

1 Create GPT table with ESP + btrfs

Stateless Systems, Factory Reset, Golden Master Systems and systemd 3 Install bootloader into ESP 4 Profit!

OS installation:

1 Create GPT table with ESP + btrfs 2 Deserialize usr tree into btrfs

Stateless Systems, Factory Reset, Golden Master Systems and systemd 4 Profit!

OS installation:

1 Create GPT table with ESP + btrfs 2 Deserialize usr tree into btrfs 3 Install bootloader into ESP

Stateless Systems, Factory Reset, Golden Master Systems and systemd OS installation:

1 Create GPT table with ESP + btrfs 2 Deserialize usr tree into btrfs 3 Install bootloader into ESP 4 Profit!

Stateless Systems, Factory Reset, Golden Master Systems and systemd http://0pointer.net/blog/projects/stateless.html http://0pointer.net/blog/ revisiting-how-we-put-together-linux-systems.html

Stateless Systems, Factory Reset, Golden Master Systems and systemd That’s all, folks!

Stateless Systems, Factory Reset, Golden Master Systems and systemd