Stateless Systems, Factory Reset, Golden Master Systems and systemd – Lennart Poettering, Red Hat

This talk is partly implemented, partly vaporware.

Factory reset brings a system back to the state that it was in when it was shipped. A stateless system always boots into factory reset. The golden master system is what you boot into at factory reset. The golden master is typically bitwise identical on all systems it runs on.

A verifiable setup means that there is an image that you can cryptographically verify, so it shouldn’t be modified.

There’s tons of prior art, it’s done all over the place, but it’s reinvented over and over again. The goal of systemd and this task is to make it more generic.

First, you need to separate the state from the OS resources. So cleanly use /etc for config, /var for state, and /usr for the OS (so you need /usr merge). That of course means changing all applications to do this properly.

Resetting means flushing /var, but does booting with an empty /var work? Actually it does, just a few tmpfiles rules to add some directories and wtmp and btmp.

Factory reset also means flushing /etc. That’s a lot more complex, because a lot of software is allergic to missing config files. So we need to copy a default etc from somewhere else. More difficult is the user database, and you need a lot of users for the services. And the UIDs must be assigned dynamically according to the set of software that is installed. So the user database should be generated at first boot. sysusers does that. At the moment, two core things are still a problem: dbus and PAM. So for these, there are tmpfiles rules that copy from /usr/share/factory/etc. /usr/share/factory is the vendor’s intended configuration, which is also useful to be able to compare your custom settings to the vendor-supplied settings.

For updates, you can update /usr in a copy and then atomically switch. But some things in /var and /etc also need to be updated. Therefore, systemd adds ConditionsNeedsUpdate to its units. This compares the version of /etc to /usr and if /usr is more recent, it runs the update fragments.

How do package managers fit into this? You compose the core OS as a set of packages. Appliances can be put on top of that in containers – cfr. Leonard’s blog entry about this. But those images still have to be created, and that’s where the package managers come in.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s