paul knopf

An immutable, reproducible and inheritable Linux operating system.

posted on Sep 20, 2017

Be warned! This is just "thought-experiment" post. Nothing has been tried or tested.

My problem

I have multiple computers. Each system has a different OS (or version) and configuration. One has Ubuntu 14, the others have Ubuntu 16. Some have had their packages updated, some have been neglected. Some are using NVIDIA graphics, others onboard Intel graphics.

The context switching from machine-to-machine for simple tasks is mind numbing.

Is Qt Creator installed? If so, what version of Qt? Why does my compilation fail at home, but not at work? Old gcc? The list goes on.

What I want

Inheritance

I would like to treat my operating system like inheritance in OOP. Here is my pseudo code to illustrate.

public abstract class BaseImage
{
    protected abstract void Install();

    protected void Run(string command)
    {
        // Run "command" in your operating system.
        // This command could be shell scripts, apt-get/pacman commands, etc.
    }
}

public class Arch64 : BaseImage
{
    protected override void Install()
    {
        Run("./install-arch-rootfs.sh");
    }
}
    
public class NVidia : Arch64
{
    protected override void Install()
    {
        Run("./install-nvidia-drivers.sh");
    }
}

public class Development : NVidia
{
    protected override void Install()
    {
        Run("./install-devtools.sh");
    }
}

public class Gaming : NVidia
{
    protected override void Install()
    {
        Run("./install-stream.sh");
    }
}

I'd imagine building these images with something like this.

> build --type Gaming --output gaming.squashfs

Notice the squashfs extension, which brings me to my next point.

Temporary boots

When I boot images, I'd like all changes made to my operating system to be discarded after boot. This would allow me to test new packages with no fear that it will break my system.

Theoretically, Linux would mount gaming.squashfs at / on boot. The squashfs file system is read-only. To make / writable, we would have to overlay tmpfs on /, which would make all changes in / happen in RAM, wiping itself clean on fresh boot.

This would have also have a positive side effect of forcing you to capture all your operating system changes via your build scripts.

Proposal

Operating system

I'm a fan of Arch Linux. It gives you a lot of control and bleeding edge packages (via AUR). I haven't jumped aboard though because of the level of maintenance that has to be done, especially if your pacman -Syu breaks your install. Bleeding edge can bleed a little.

Building and inheritance

So, how do I build a an Arch rootfs while also allowing me to inherit "layers" from each other?

Docker.

# my-base - Packages that I want present on all systems.
FROM base/archlinux
# Update everything
RUN pacman -Syu
# Enable the AUR
RUN pacman -S yaourt
# Use KDE
RUN pacman -S plasma-meta
# Install Google Chrome
RUN pacman -S google-chrome
# my-base-nvidia - My base image with NVidia layered on top.
FROM my-base
# Install NVidia drivers
RUN pacman -S nvidia-dkms 
# my-development - My development machine that has a NVidia graphics card.
FROM my-base-nvidia
# Install dev tools
RUN pacman -S base-devel
# my-gaming - My gaming machine, which also has a NVidia graphics card.
FROM my-base-nvidia
RUN pacman -S steam

What? How do you expect to boot these docker images on bare-metal?

Well, yeah. You can't. However, Arch has support for preparing rootfs file systems on any Linux machine, provided you have the arch-chroot bash script is installed. This can be done in Docker.

So, I imagine creating a base arch-rootfs Docker image that contains a clean rootfs and arch-chroot available for customization.

# arch-rootfs
FROM base/archlinux
# Install arch-chroot
RUN arch-install-scripts
# Create our rootfs directory
RUN mkdir /rootfs
# Populate our rootfs with a base Arch install
RUN cd /rootfs &&
    curl -O https://arch.com/root.tar.gz &&
    tar xzf root.tar.gz

Now we will have to add some additional commands to our layers.

FROM arch-rootfs
# Update everything
RUN arch-chroot /rootfs pacman -Syu
# Enable the AUR
RUN arch-chroot /rootfs pacman -S yaourt
# Use KDE
RUN arch-chroot /rootfs pacman -S plasma-meta
# Install Google Chrome
RUN arch-chroot /rootfs pacman -S google-chrome

It isn't exactly clean, but it will work.

How will you extract the /rootfs for booting?

docker save my-gaming > my-gaming.tar

Within this tarball is a /rootfs directory containing our image. We will want to eventually convert this to a squashfs file.

To use boot these squashfs images, we would have to install Arch the normal way. Then customize the initcpio with some runtime hooks that will mount squashfs images, overlay tempfs on /, chroot into the new root, and call init.

Image storage

The docker files that build my layers will be checked into a GitHub repository. Travis-CI will monitor checkins, rebuild and deploy my images/layers to Docker Hub. I will use Docker Hub to make my builds available easily to all my machines.

I can also imagine many people using this approach, allowing people to quickly boot into stranger's operating systems to play around and experiment. For example:

# Checkout and build some guy named Steve's gaming build.
build steve/gaming
# And reboot into it!
boot steve/gaming
reboot now

Now you are playing around in someone else's configuration! Fun!

Let's get back to our build.

boot paul/gaming
reboot now

In summary

  • Reproducible builds of Arch Linux, using Docker.
  • Inheritance of Arch layers, using Docker.
  • Conversion of Docker images to squashfs files for read-only booting.
  • Mounting tempfs on / for writes that persist only during the current boot.
  • Storing images on Docker Hub for using in other machines, or by complete strangers!

What do you think?

Comments

There are no comments yet.

Join the discussion at GitHub