Introduction

Earlier this month I was lucky enough to attend the 2018 Fedora Infrastructure Hackfest. It’s always a treat to hang out with some of the people who really make Fedora tick. Sinny Kumari and I were there to help represent the Atomic Working Group, and also get some face time with each other to learn and hack on a few things related to the Atomic Working group.

The Hackfest was held in Paul Frield’s hometown of Fredricksburg, VA. Since I live in Raleigh, NC I decided it would be nice to take the train since I don’t often get to take the train in the southeast. As can be expected the train was a little late, but got us there without a problem and was a pretty good experience.

Introduction

In Fedora we are moving to a unified OSTree repo structure where there is a single OSTree repository that is the remote for all branches of Fedora (rawhide, branched, stable, etc). As part of this we want to be able to define different retention policies for different branches within the repository. For rawhide we’ll retain a few weeks worth of commits, but for stable we don’t want to prune any of the commits.

cross posted with this Project Atomic blog post

TL;DR

Fedora Atomic Host (and derivatives) will now include the firewalld package in the base OSTree that is tested, delivered, and released every two weeks. Existing users should observe no change as it won’t be enabled by default.

Firewalld in Atomic Host

In the past we have had requests to have firewalld in Atomic Host to enable a better interface into firewall management for administrators and management software. It turns out that if you have lots of rules to manage, or even multiple pieces of software trying to manage different sets of rules on a single system, then iptables becomes a limitation pretty quickly.

History

I’m back again with the Fedora 27 edition of my Fedora BTRFS+Snapper series. As you know, in the past I have configured my computers to be able to snapshot and rollback the entire system by leveraging BTRFS snapshots, a tool called snapper, and a patched version of Fedora’s grub2 package. I have some great news this time! You no longer need a patched version of Fedora’s grub package in order to pull this off. Recently Fedora developer Peter Jones, Fedora contributor Neal Gompa and I got together and managed to get these patches into Fedora’s grub.

cross posted with this Project Atomic blog post

Introduction

This week we put out the first release of Fedora 27 Atomic Host. Some quick notes:

• In Fedora 27 Atomic Host we removed kubernetes from the base OSTree. See Appendix A: Upgrading Systems with Kubernetes for more information.

• For Fedora 27 we are currently sticking with the non-unified repo approach as opposed to a unified repo. TL;DR nothing is changing for now but we expect to implement a unified repo as described here during the F27 release cycle.

  [Read More]

Introduction

Hosting your own Atomic Host OSTree can be useful from time to time. Maybe you want to try out something new or maybe you want to permanently build your own custom tree and use it forever. It can be quite easy to set up a build server and host the contents, especially for personal use.

This post will walk through setting up a server to do builds and also hosting the content over http.

Introduction

In Part 4 of this series we learned about package layering and experimental features of atomic host OSTree mutations. This included installing packages from external repositories as well as removing and replacing components of the base OSTree that was delivered with Atomic Host. We also converted our localweb service to be hosted by a local docker container running the httpd software rather than Python 3.

In this section of the lab we’ll talk a litte bit more about Containerized and Non-Containerized Applications and the role Atomic Host plays.

Introduction

In Part 3 of this series we learned about rebasing, upgrading, and performing rollbacks on Atomic Host. We also learned how files are restored during a rollback operation and how to inspect the differences in RPM content between each commit in the OSTree history of an Atomic Host using the rpm-ostree command line tool. In this section we will cover the following topics from the outline in Part 0.

• Package Layering
• Experimental Features (livefs, remove, replace)

Adding Packages to Atomic Host via Package Layering

When Atomic Host was first released we could not change much about the the delivered software on the system. Over time we developed a system for layering packages on top of what was provided by the base OSTree to allow the flexibility needed for those few packages that, for whatever reason, we may not want to put into a container.

Introduction

In Part 2 of this series we learned about configuring container storage on Atomic Host. In this section we will cover the following topics from the outline in Part 0.

• Atomic Host Rebasing
• Atomic Host Upgrades and Rollbacks
• Browsing OS History

Rebasing

One of the more fascinating aspects of Atomic Host techology is that you can rebase to completely different operating system trees. Let’s take this to an extreme and go from the newer technology in Fedora to the older (more stable) technology in CentOS. We’ll achieve by rebasing to an OSTree commit that was built from CentOS 7 RPMs:

Introduction

In Part 1 of this series we learned a little about the technology behind Atomic Host and how to interact with a deployed system. In this section we will cover the Configuring Storage for Containers topic from the outline in Part 0.

History of Container Storage

One of the early goals of Atomic Host was to be a good platform for running containerized workloads. This is still a fundamental goal of Atomic Host and certainly includes making sure that the container runtime (currently the docker daemon) has proper storage configuration such that it can get a balance of good performance and stability.