SlideShare uma empresa Scribd logo

Immutable Image-Based Operating Systems - EW2024.pdf

Drew Moseley
Drew Moseley

This document discusses immutable image-based operating systems. It begins with definitions, explaining that immutable systems have read-only critical components and use separate mechanisms for user data and applications. The conceptual architecture is described as updating the entire OS image rather than individual packages. Benefits include atomic updates and reproducibility, while drawbacks include less flexibility and required reboots. Technologies like libostree and Btrfs snapshots are discussed. Examples of desktop and embedded immutable systems are provided, along with references for further information.

1 de 24
Baixar para ler offline
Immutable Image-Based Operating Systems Presented by Drew Moseley Technical Solutions Architect Toradex
WHAT WE’LL COVER TODAY… • Definitions • Architecture • Benefits • Desktop Distro • Embedded OS Architecture • Demo(?) AGENDA
WHAT WE DO RELIABLEAND EASY-TO-USE EMBEDDED SOLUTIONS FOR YOU Arm® System on Modules Reliable Long-Term Maintenance Scalable From Stock Production-Ready Software Yocto-Based Linux Windows Embedded Compact Development Tools Long-Term Maintenance Ease-of-Use Support Ecosystem
Definitions • Immutable1: not capable of or susceptibleto change › Critical portions of the system are "read-only" › Updates are performed with only well-defined mechanisms › User data stored separately › Applications generally use a different mechanism 1 https://www.merriam-webster.com/dictionary/immutable 2 https://www.merriam-webster.com/dictionary/image • Image2: exact likeness › Updating the entire "Operating System" › Updating individual packages or applications "not supported" 3 https://www.merriam-webster.com/dictionary/atomic • Atomic3: of, relating to, or concerned with atoms › Incapable of being subdivided › No chance of partially installed updates Other names: Layered OS, Reprovisionable, Anti-hysteresis
Sidebar: Pets vs Cattle • Coined by Randy Bias1 › Originally from Enterprise Computing Space • Desktop/Server: › Pets - Individual laptops › Cattle - Servers managed as code • In Embedded: › Pets - Weekend projects, home automation › Cattle - Large fleets of identical devices. 1 http://cloudscaling.com/blog/cloud-computing/the-history-of-pets-vs-cattle/
Conceptual Architecture System Operating System (Image v1) Bootloader Kernel/DTB/Initramfs "OS" Packages User Data User Applications
Conceptual Architecture System Operating System (Image v2) Bootloader Kernel/DTB/Initramfs "OS" Packages User Data User Applications Operating System (Image v2) Bootloader Kernel/DTB/Initramfs "OS" Packages
Benefits • Atomic versioning and updates of critical system components › No more `apt --fix-missing --install` or related commands • User components separately managed › Better isolation of dependencies (ie containers) › Fewer conflicts based on OS installed package versions • Reproducibility › The OS image is deterministic › No configuration drift • Better testing › Exactly matching software on test and productiondevices • Rollback capability • More secure? Arguable
Drawbacks • New/unfamiliar workflows • Less flexible than traditional distros • Do all your applications run in the sandbox? • Reboot required for any updates › Mitigated by the app packaging system • Is it really appropriate for desktop/laptop use?
Technologies and Concepts • libostree (https://ostreedev.github.io/ostree/) › "Git for filesystems" › Content-addressable objectstorage + hard links • Multiple partitions › Usually mounted read-only › Symlinks for mutable config files • Btrfs snapshots • Declarative configuration • Layering: https://coreos.github.io/rpm-ostree/
WHAT IS libostree? "libostree is both a shared library and suite of command line tools that combines a “git-like” model for committing and downloading bootable filesystem trees, along with a layer for deploying them and managing the bootloader configuration." 1 "git-like" model bootable filesystem trees Bootloader configuratio n 1 https://github.com/ostreedev/ostree#libostree
OSTree BASICS • File-based (!) • Relies on non-root mount/“bind-mount” - Normally the root of a file system is mounted as “the root” - Linux allows to bind mount a subdirectory • Initramfs mounts OSTree - Pivot into bind mount/sub-directory • Hardlinks are used to speed-up deployment and minimize space usage Source: https://medium.com/@1154_75881/what-is-the-difference-between-a-hard-link-and-a-symbolic-link-14db61df7707
Libostree filesystem layout (Simplified)
"File system based on the copy-on-write principle using B-trees, developed at Oracle since 2007"1 • Declared stable in Linux in 2013 • Subvolumes • Atomically writable snapshots • Cloning (multiple inodes pointing to the same disk blocks) BTRFS Snapshots 1 https://en.wikipedia.org/wiki/Btrfs
Applications Containers: https://www.docker.com/ or https://podman.io/ Flatpak: https://www.flatpak.org/ Appimage: https://appimage.org/ Snaps: https://snapcraft.io/ Bundled with dependencies "Distro-independent" Linux packages Sandboxed from the host OS and other packages
Torizon Demo
Universal Blue Based on Fedora Silverblue "Cloud Native Linux Desktop Model" • Base images generated by OCI containers o RPM-OSTree o BTRFS (snapshots?) o Applications normally use Flatpak Distrobox (https://distrobox.it/) Linuxbrew (https://docs.brew.sh/Homebrew-on-Linux) Many variants: • Bluefin: GNOME Desktop • Bluefin-DX: Bluefin + Cloud developer tools • Built-in GPU drivers
Universal Blue Demo
NixOS Reproducible Declarative Reliable Package Manager or Full blown OS
VanillaOS • Ubuntu Desktop based • Dual A-B partitions
Survey of available systems Desktop/Server • Debian: Endless OS • Ubuntu: VanillaOS • Fedora: Silverblue • Universal Blue • NixOS • GNU Guix • Clear Linux • Fedora CoreOS • openSUSE Aeon (Gnome) • openSUSE Kalpa (KDE) • Flatcar Linux • Bottlerocket OS • Talos Linux (k8s) • ChromeOS Embedded • Torizon • Ubuntu Core • Linux microPlatform • BalenaOS • SteamOS
References • https://github.com/castrojo/awesome-immutable • https://discord.gg/N4mswFw6ds • https://blog.verbum.org/2020/08/22/immutable-%E2%86%92-reprovisionable-anti-hysteresis/ • https://www.torizon.io/ • https://www.torizon.io/open-source-community • https://universal-blue.org/
THANK YOU FOR YOUR INTEREST www.toradex.com | www.torizon.io | developer.toradex.com community.toradex.com | labs.toradex.com

Recomendados

Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Drew Moseley
 
ContainerCon EU 2016 - Software-Defined Storage and Container Schedulers
ContainerCon EU 2016 - Software-Defined Storage and Container SchedulersContainerCon EU 2016 - Software-Defined Storage and Container Schedulers
ContainerCon EU 2016 - Software-Defined Storage and Container Schedulers
David vonThenen
 
Smart Platform Infrastructure with AWS
Smart Platform Infrastructure with AWSSmart Platform Infrastructure with AWS
Smart Platform Infrastructure with AWS
James Huston
 
Best Practices for Development Deployment & Distributions: Capital Camp + Gov...
Best Practices for Development Deployment & Distributions: Capital Camp + Gov...Best Practices for Development Deployment & Distributions: Capital Camp + Gov...
Best Practices for Development Deployment & Distributions: Capital Camp + Gov...
Phase2
 
Gentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile EverythingGentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile Everything
Donnie Berkholz
 
Linux操作系统01 简介
Linux操作系统01 简介Linux操作系统01 简介
Linux操作系统01 简介
lclsg123
 
ECSA 2023 Ubuntu Case Study
ECSA 2023 Ubuntu Case StudyECSA 2023 Ubuntu Case Study
ECSA 2023 Ubuntu Case Study
CREST
 
Introduction of vertical crawler
Introduction of vertical crawlerIntroduction of vertical crawler
Introduction of vertical crawler
Jinglun Li
 

Recomendados

Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Drew Moseley
 
ContainerCon EU 2016 - Software-Defined Storage and Container Schedulers
ContainerCon EU 2016 - Software-Defined Storage and Container SchedulersContainerCon EU 2016 - Software-Defined Storage and Container Schedulers
ContainerCon EU 2016 - Software-Defined Storage and Container Schedulers
David vonThenen
 
Smart Platform Infrastructure with AWS
Smart Platform Infrastructure with AWSSmart Platform Infrastructure with AWS
Smart Platform Infrastructure with AWS
James Huston
 
Best Practices for Development Deployment & Distributions: Capital Camp + Gov...
Best Practices for Development Deployment & Distributions: Capital Camp + Gov...Best Practices for Development Deployment & Distributions: Capital Camp + Gov...
Best Practices for Development Deployment & Distributions: Capital Camp + Gov...
Phase2
 
Gentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile EverythingGentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile Everything
Donnie Berkholz
 
Linux操作系统01 简介
Linux操作系统01 简介Linux操作系统01 简介
Linux操作系统01 简介
lclsg123
 
ECSA 2023 Ubuntu Case Study
ECSA 2023 Ubuntu Case StudyECSA 2023 Ubuntu Case Study
ECSA 2023 Ubuntu Case Study
CREST
 
Introduction of vertical crawler
Introduction of vertical crawlerIntroduction of vertical crawler
Introduction of vertical crawler
Jinglun Li
 
Windows_Installation.pptx
Windows_Installation.pptxWindows_Installation.pptx
Windows_Installation.pptx
LearyJohn
 
Protecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxProtecting confidential files using SE-Linux
Protecting confidential files using SE-Linux
Giuseppe Paterno'
 
Puppet Camp Charlotte 2015: Managing middleware with Puppet
Puppet Camp Charlotte 2015: Managing middleware with PuppetPuppet Camp Charlotte 2015: Managing middleware with Puppet
Puppet Camp Charlotte 2015: Managing middleware with Puppet
Puppet
 
Deploying PHP apps on the cloud
Deploying PHP apps on the cloudDeploying PHP apps on the cloud
Deploying PHP apps on the cloud
Zend by Rogue Wave Software
 
Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)
MongoDB
 
GraphTour - Workday: Tracking activity with Neo4j (English Version)
GraphTour - Workday: Tracking activity with Neo4j (English Version)GraphTour - Workday: Tracking activity with Neo4j (English Version)
GraphTour - Workday: Tracking activity with Neo4j (English Version)
Neo4j
 
Presentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutPresentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rollout
xKinAnx
 
Presentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutPresentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rollout
solarisyourep
 
Poking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And ProfitPoking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And Profit
ssusera432ea1
 
Puppet & Perforce: Versioning Everything for Deployments
Puppet & Perforce: Versioning Everything for DeploymentsPuppet & Perforce: Versioning Everything for Deployments
Puppet & Perforce: Versioning Everything for Deployments
Perforce
 
Package management and creation in Gentoo Linux
Package management and creation in Gentoo LinuxPackage management and creation in Gentoo Linux
Package management and creation in Gentoo Linux
Donnie Berkholz
 
Deployment Strategy
Deployment StrategyDeployment Strategy
Deployment Strategy
MongoDB
 
Ch1Ch2Sept10.pdf
Ch1Ch2Sept10.pdfCh1Ch2Sept10.pdf
Ch1Ch2Sept10.pdf
SamSami69
 
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
Gaetano Giunta
 
Operating system components
Operating system componentsOperating system components
Operating system components
Syed Zaid Irshad
 
How to Build a Compute Cluster
How to Build a Compute ClusterHow to Build a Compute Cluster
How to Build a Compute Cluster
Ramsay Key
 
Building Embedded Linux Systems Introduction
Building Embedded Linux Systems IntroductionBuilding Embedded Linux Systems Introduction
Building Embedded Linux Systems Introduction
Sherif Mousa
 
Eclipse plug in development
Eclipse plug in developmentEclipse plug in development
Eclipse plug in development
Martin Toshev
 
Extension Library - Viagra for XPages
Extension Library - Viagra for XPagesExtension Library - Viagra for XPages
Extension Library - Viagra for XPages
Ulrich Krause
 
Selecting And Protecting The Right Sharepoint Backup Targets Sps Michigan
Selecting And Protecting The Right Sharepoint Backup Targets Sps MichiganSelecting And Protecting The Right Sharepoint Backup Targets Sps Michigan
Selecting And Protecting The Right Sharepoint Backup Targets Sps Michigan
Christopher Bunn
 
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
insn4465
 
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
IJECEIAES
 

Mais conteúdo relacionado

Semelhante a Immutable Image-Based Operating Systems - EW2024.pdf

Windows_Installation.pptx
Windows_Installation.pptxWindows_Installation.pptx
Windows_Installation.pptx
LearyJohn
 
Protecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxProtecting confidential files using SE-Linux
Protecting confidential files using SE-Linux
Giuseppe Paterno'
 
Puppet Camp Charlotte 2015: Managing middleware with Puppet
Puppet Camp Charlotte 2015: Managing middleware with PuppetPuppet Camp Charlotte 2015: Managing middleware with Puppet
Puppet Camp Charlotte 2015: Managing middleware with Puppet
Puppet
 
Deploying PHP apps on the cloud
Deploying PHP apps on the cloudDeploying PHP apps on the cloud
Deploying PHP apps on the cloud
Zend by Rogue Wave Software
 
Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)
MongoDB
 
GraphTour - Workday: Tracking activity with Neo4j (English Version)
GraphTour - Workday: Tracking activity with Neo4j (English Version)GraphTour - Workday: Tracking activity with Neo4j (English Version)
GraphTour - Workday: Tracking activity with Neo4j (English Version)
Neo4j
 
Presentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutPresentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rollout
xKinAnx
 
Presentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutPresentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rollout
solarisyourep
 
Poking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And ProfitPoking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And Profit
ssusera432ea1
 
Puppet & Perforce: Versioning Everything for Deployments
Puppet & Perforce: Versioning Everything for DeploymentsPuppet & Perforce: Versioning Everything for Deployments
Puppet & Perforce: Versioning Everything for Deployments
Perforce
 
Package management and creation in Gentoo Linux
Package management and creation in Gentoo LinuxPackage management and creation in Gentoo Linux
Package management and creation in Gentoo Linux
Donnie Berkholz
 
Deployment Strategy
Deployment StrategyDeployment Strategy
Deployment Strategy
MongoDB
 
Ch1Ch2Sept10.pdf
Ch1Ch2Sept10.pdfCh1Ch2Sept10.pdf
Ch1Ch2Sept10.pdf
SamSami69
 
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
Gaetano Giunta
 
Operating system components
Operating system componentsOperating system components
Operating system components
Syed Zaid Irshad
 
How to Build a Compute Cluster
How to Build a Compute ClusterHow to Build a Compute Cluster
How to Build a Compute Cluster
Ramsay Key
 
Building Embedded Linux Systems Introduction
Building Embedded Linux Systems IntroductionBuilding Embedded Linux Systems Introduction
Building Embedded Linux Systems Introduction
Sherif Mousa
 
Eclipse plug in development
Eclipse plug in developmentEclipse plug in development
Eclipse plug in development
Martin Toshev
 
Extension Library - Viagra for XPages
Extension Library - Viagra for XPagesExtension Library - Viagra for XPages
Extension Library - Viagra for XPages
Ulrich Krause
 
Selecting And Protecting The Right Sharepoint Backup Targets Sps Michigan
Selecting And Protecting The Right Sharepoint Backup Targets Sps MichiganSelecting And Protecting The Right Sharepoint Backup Targets Sps Michigan
Selecting And Protecting The Right Sharepoint Backup Targets Sps Michigan
Christopher Bunn
 

Semelhante a Immutable Image-Based Operating Systems - EW2024.pdf (20)

Windows_Installation.pptx
Windows_Installation.pptxWindows_Installation.pptx
Windows_Installation.pptx
 
Protecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxProtecting confidential files using SE-Linux
Protecting confidential files using SE-Linux
 
Puppet Camp Charlotte 2015: Managing middleware with Puppet
Puppet Camp Charlotte 2015: Managing middleware with PuppetPuppet Camp Charlotte 2015: Managing middleware with Puppet
Puppet Camp Charlotte 2015: Managing middleware with Puppet
 
Deploying PHP apps on the cloud
Deploying PHP apps on the cloudDeploying PHP apps on the cloud
Deploying PHP apps on the cloud
 
Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)Deployment Strategies (Mongo Austin)
Deployment Strategies (Mongo Austin)
 
GraphTour - Workday: Tracking activity with Neo4j (English Version)
GraphTour - Workday: Tracking activity with Neo4j (English Version)GraphTour - Workday: Tracking activity with Neo4j (English Version)
GraphTour - Workday: Tracking activity with Neo4j (English Version)
 
Presentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutPresentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rollout
 
Presentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutPresentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rollout
 
Poking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And ProfitPoking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And Profit
 
Puppet & Perforce: Versioning Everything for Deployments
Puppet & Perforce: Versioning Everything for DeploymentsPuppet & Perforce: Versioning Everything for Deployments
Puppet & Perforce: Versioning Everything for Deployments
 
Package management and creation in Gentoo Linux
Package management and creation in Gentoo LinuxPackage management and creation in Gentoo Linux
Package management and creation in Gentoo Linux
 
Deployment Strategy
Deployment StrategyDeployment Strategy
Deployment Strategy
 
Ch1Ch2Sept10.pdf
Ch1Ch2Sept10.pdfCh1Ch2Sept10.pdf
Ch1Ch2Sept10.pdf
 
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
eZ Publish 5: from zero to automated deployment (and no regressions!) in one ...
 
Operating system components
Operating system componentsOperating system components
Operating system components
 
How to Build a Compute Cluster
How to Build a Compute ClusterHow to Build a Compute Cluster
How to Build a Compute Cluster
 
Building Embedded Linux Systems Introduction
Building Embedded Linux Systems IntroductionBuilding Embedded Linux Systems Introduction
Building Embedded Linux Systems Introduction
 
Eclipse plug in development
Eclipse plug in developmentEclipse plug in development
Eclipse plug in development
 
Extension Library - Viagra for XPages
Extension Library - Viagra for XPagesExtension Library - Viagra for XPages
Extension Library - Viagra for XPages
 
Selecting And Protecting The Right Sharepoint Backup Targets Sps Michigan
Selecting And Protecting The Right Sharepoint Backup Targets Sps MichiganSelecting And Protecting The Right Sharepoint Backup Targets Sps Michigan
Selecting And Protecting The Right Sharepoint Backup Targets Sps Michigan
 

Último

哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
insn4465
 
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
IJECEIAES
 
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student MemberIEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
VICTOR MAESTRE RAMIREZ
 
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
171ticu
 
Seminar on Distillation study-mafia.pptx
Seminar on Distillation study-mafia.pptxSeminar on Distillation study-mafia.pptx
Seminar on Distillation study-mafia.pptx
Madan Karki
 
Material for memory and display system h
Material for memory and display system hMaterial for memory and display system h
Material for memory and display system h
gowrishankartb2005
 
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
IJECEIAES
 
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
ydzowc
 
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
shadow0702a
 
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
Yasser Mahgoub
 
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.pptUnit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
KrishnaveniKrishnara1
 
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
Gino153088
 
Introduction to AI Safety (public presentation).pptx
Introduction to AI Safety (public presentation).pptxIntroduction to AI Safety (public presentation).pptx
Introduction to AI Safety (public presentation).pptx
MiscAnnoy1
 
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Sinan KOZAK
 
cnn.pptx Convolutional neural network used for image classication
cnn.pptx Convolutional neural network used for image classicationcnn.pptx Convolutional neural network used for image classication
cnn.pptx Convolutional neural network used for image classication
SakkaravarthiShanmug
 
Welding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdfWelding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdf
AjmalKhan50578
 
Computational Engineering IITH Presentation
Computational Engineering IITH PresentationComputational Engineering IITH Presentation
Computational Engineering IITH Presentation
co23btech11018
 
Manufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptxManufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptx
Madan Karki
 
Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...
bijceesjournal
 
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
ecqow
 

Último (20)

哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
 
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
 
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student MemberIEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
 
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
 
Seminar on Distillation study-mafia.pptx
Seminar on Distillation study-mafia.pptxSeminar on Distillation study-mafia.pptx
Seminar on Distillation study-mafia.pptx
 
Material for memory and display system h
Material for memory and display system hMaterial for memory and display system h
Material for memory and display system h
 
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
 
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
 
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
 
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
 
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.pptUnit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
 
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
 
Introduction to AI Safety (public presentation).pptx
Introduction to AI Safety (public presentation).pptxIntroduction to AI Safety (public presentation).pptx
Introduction to AI Safety (public presentation).pptx
 
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
 
cnn.pptx Convolutional neural network used for image classication
cnn.pptx Convolutional neural network used for image classicationcnn.pptx Convolutional neural network used for image classication
cnn.pptx Convolutional neural network used for image classication
 
Welding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdfWelding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdf
 
Computational Engineering IITH Presentation
Computational Engineering IITH PresentationComputational Engineering IITH Presentation
Computational Engineering IITH Presentation
 
Manufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptxManufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptx
 
Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...
 
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
 

Immutable Image-Based Operating Systems - EW2024.pdf

  • 1. Immutable Image-Based Operating Systems Presented by Drew Moseley Technical Solutions Architect Toradex
  • 2. WHAT WE’LL COVER TODAY… • Definitions • Architecture • Benefits • Desktop Distro • Embedded OS Architecture • Demo(?) AGENDA
  • 3. WHAT WE DO RELIABLEAND EASY-TO-USE EMBEDDED SOLUTIONS FOR YOU Arm® System on Modules Reliable Long-Term Maintenance Scalable From Stock Production-Ready Software Yocto-Based Linux Windows Embedded Compact Development Tools Long-Term Maintenance Ease-of-Use Support Ecosystem
  • 4. Definitions • Immutable1: not capable of or susceptibleto change › Critical portions of the system are "read-only" › Updates are performed with only well-defined mechanisms › User data stored separately › Applications generally use a different mechanism 1 https://www.merriam-webster.com/dictionary/immutable 2 https://www.merriam-webster.com/dictionary/image • Image2: exact likeness › Updating the entire "Operating System" › Updating individual packages or applications "not supported" 3 https://www.merriam-webster.com/dictionary/atomic • Atomic3: of, relating to, or concerned with atoms › Incapable of being subdivided › No chance of partially installed updates Other names: Layered OS, Reprovisionable, Anti-hysteresis
  • 5. Sidebar: Pets vs Cattle • Coined by Randy Bias1 › Originally from Enterprise Computing Space • Desktop/Server: › Pets - Individual laptops › Cattle - Servers managed as code • In Embedded: › Pets - Weekend projects, home automation › Cattle - Large fleets of identical devices. 1 http://cloudscaling.com/blog/cloud-computing/the-history-of-pets-vs-cattle/
  • 6. Conceptual Architecture System Operating System (Image v1) Bootloader Kernel/DTB/Initramfs "OS" Packages User Data User Applications
  • 7. Conceptual Architecture System Operating System (Image v2) Bootloader Kernel/DTB/Initramfs "OS" Packages User Data User Applications Operating System (Image v2) Bootloader Kernel/DTB/Initramfs "OS" Packages
  • 8. Benefits • Atomic versioning and updates of critical system components › No more `apt --fix-missing --install` or related commands • User components separately managed › Better isolation of dependencies (ie containers) › Fewer conflicts based on OS installed package versions • Reproducibility › The OS image is deterministic › No configuration drift • Better testing › Exactly matching software on test and productiondevices • Rollback capability • More secure? Arguable
  • 9. Drawbacks • New/unfamiliar workflows • Less flexible than traditional distros • Do all your applications run in the sandbox? • Reboot required for any updates › Mitigated by the app packaging system • Is it really appropriate for desktop/laptop use?
  • 10. Technologies and Concepts • libostree (https://ostreedev.github.io/ostree/) › "Git for filesystems" › Content-addressable objectstorage + hard links • Multiple partitions › Usually mounted read-only › Symlinks for mutable config files • Btrfs snapshots • Declarative configuration • Layering: https://coreos.github.io/rpm-ostree/
  • 11. WHAT IS libostree? "libostree is both a shared library and suite of command line tools that combines a “git-like” model for committing and downloading bootable filesystem trees, along with a layer for deploying them and managing the bootloader configuration." 1 "git-like" model bootable filesystem trees Bootloader configuratio n 1 https://github.com/ostreedev/ostree#libostree
  • 12. OSTree BASICS • File-based (!) • Relies on non-root mount/“bind-mount” - Normally the root of a file system is mounted as “the root” - Linux allows to bind mount a subdirectory • Initramfs mounts OSTree - Pivot into bind mount/sub-directory • Hardlinks are used to speed-up deployment and minimize space usage Source: https://medium.com/@1154_75881/what-is-the-difference-between-a-hard-link-and-a-symbolic-link-14db61df7707
  • 14. "File system based on the copy-on-write principle using B-trees, developed at Oracle since 2007"1 • Declared stable in Linux in 2013 • Subvolumes • Atomically writable snapshots • Cloning (multiple inodes pointing to the same disk blocks) BTRFS Snapshots 1 https://en.wikipedia.org/wiki/Btrfs
  • 15. Applications Containers: https://www.docker.com/ or https://podman.io/ Flatpak: https://www.flatpak.org/ Appimage: https://appimage.org/ Snaps: https://snapcraft.io/ Bundled with dependencies "Distro-independent" Linux packages Sandboxed from the host OS and other packages
  • 16.
  • 18. Universal Blue Based on Fedora Silverblue "Cloud Native Linux Desktop Model" • Base images generated by OCI containers o RPM-OSTree o BTRFS (snapshots?) o Applications normally use Flatpak Distrobox (https://distrobox.it/) Linuxbrew (https://docs.brew.sh/Homebrew-on-Linux) Many variants: • Bluefin: GNOME Desktop • Bluefin-DX: Bluefin + Cloud developer tools • Built-in GPU drivers
  • 21. VanillaOS • Ubuntu Desktop based • Dual A-B partitions
  • 22. Survey of available systems Desktop/Server • Debian: Endless OS • Ubuntu: VanillaOS • Fedora: Silverblue • Universal Blue • NixOS • GNU Guix • Clear Linux • Fedora CoreOS • openSUSE Aeon (Gnome) • openSUSE Kalpa (KDE) • Flatcar Linux • Bottlerocket OS • Talos Linux (k8s) • ChromeOS Embedded • Torizon • Ubuntu Core • Linux microPlatform • BalenaOS • SteamOS
  • 23. References • https://github.com/castrojo/awesome-immutable • https://discord.gg/N4mswFw6ds • https://blog.verbum.org/2020/08/22/immutable-%E2%86%92-reprovisionable-anti-hysteresis/ • https://www.torizon.io/ • https://www.torizon.io/open-source-community • https://universal-blue.org/
  • 24. THANK YOU FOR YOUR INTEREST www.toradex.com | www.torizon.io | developer.toradex.com community.toradex.com | labs.toradex.com