From Fedora Project Wiki



OSTree-based Workstation

Summary

A variant of Fedora Workstation that uses OSTree to install and update the OS

Owners

  • Name: Matthias Clasen, Owen Taylor, Alex Larsson, Richard Hughes, David King
  • Email: mclasen@redhat.com
  • Release notes owner:
  • Product: Fedora Workstation
  • Responsible WG: Workstation working group

Current status

  • Targeted release: Fedora 25
  • Last updated: 2016-10-20
  • Tracker bug: <will be assigned by the Wrangler>

Status update from [| April 1]

Status update from [| April 7]

Status update from [| May 17]

Detailed Description

The idea of an image-based workstation is to use the ideas of "Project Atomic" to have a core operating system for a workstation that updates atomically as a whole, and then layer extra software on top of that. This is as opposed to the traditional model, where the operating system is dynamically composed on the end users system out of individual packages.

For a longer discussion, see Workstation/AtomicWorkstation.

Benefit to Fedora

Updating the operating system via ostree has multiple advantages compared to traditional yum or dnf updates:

  • The update is offline, and there is no possibility of the running system being in a mixed state with some applications still using old versions and some using new versions. This has already been accomplished using PackageKit offline updates in recent Fedora.
  • The update is reliable and atomic - there is no complicated process of updating files piecemeal that can break in the middle, or be interrupted by power failure and leave the system in an inconsistent and broken state
  • The update can be rolled back if the new operating system is incompatible with the users hardware or applications

Advantages that we get beyond this come from improving the separation between the operating system and what the user has installed on top of it; if we package software as xdg-app bundles depending on a standard runtime or as Docker containers, then we expect them to have little ability to break the operation of the underlying system, and we expect them to also be insulated from changes in the underlying system, and not be dependent on specific versions of packages and libraries.

  • Currently, what we provide for each update or upgrade is a set of package metadata and an algorithm and we expect it to work for all combinations of packages a user might have installed, including potentially packages not even from Fedora's repositories. The dnf and yum algorithms are impressive, and *usually* they get this right. But sometimes they don't - often because there's no obvious right thing to do. And in these cases, the system requires an experienced sysadmin to debug. If we precisely define the operating system, there are not uncountable numbers of possible upgrades, instead there is precisely one upgrade between each set of Fedora versions.
  • We can potentially do a better job at functionality testing as well, because each Fedora Workstation user's system will be more alike and more like what is tested.
  • Because the operating system is precisely defined, we can remove components from it; currently we have no idea whether a package on the system is part of the operating system or something the user installed.
  • The components that are installed on top of the operating system are potentially more portable between different versions of Fedora and even between different distributions.

Note: Currently, many problems with an unbootable Fedora system are bootloader or initrd issues; bootloader configuration issues are still a potential problem with the Atomic model. The ostree handling of /etc, which allows arbitrary modification by the user, also means that there is a gap between the goal of an unbreakable system and the reality.

Scope

  • Other developers:
    • Create a fedora-release subpackage for this workstation variant
    • Support installing non xdg-app content using rpm-ostree
  • Policies and guidelines
    • The third-party software guidelines are needed
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

This will be a separate variant of the Fedora workstation product, 'traditional' rpm-based installation will continue to be supported. Switching to the ostree variant will be an explicit decision for the user to make before installing. We will not support switching from one variant to the other during an upgrade.

How To Test

The content of the OSTree image is going to be basically identical to the 'traditional' workstation install, it is just installed and updated differently. Therefore, the existing tests for the workstation will apply and ensure that the overall functionality of the OS, the desktop and the applications.

Testing for this particular to this change should focus on the areas of difference:

  • Does the installer work ?
  • Does gnome-initial setup come up on first boot, and does it work ?
  • Can the installed system be updated from the ostree repo using the rpm-ostree commandline tool ?
  • Can the installed system be updated using gnome-software ?
  • Are system configuration changes preserved across updates ?
  • Does gnome-software correctly reflect the fact that the system is readonly ?
  • Does gnome-software offer to install and remove xdg-apps ?
  • Can xdg-apps be updated 'live', without reboot ?

User Experience

In an OStree-based installation, updates of the OS require a reboot (as offline updates do currently), but we no longer reboot twice, since the updated images can be downloaded and deployed while the system is running, and then we can directly reboot into the new image. Since the OS image is readonly, installing rpms does not work (at least not until rpm-ostree's layering capability is mature enough for production). Desktop application can be installed in the form of xdg-apps, which are independent from the OS image and can be updated 'live'.

Dependencies

This change depends on the rpm-ostree tooling and infrastructure that is developed as part of project Atomic, and on xdg-app tooling and infrastructure.

Contingency Plan

  • Contingency mechanism: This feature is about a new deliverable, so if we don't make it, we will just not add the new product variant to our portfolio for Fedora 25. This will affect the website and release announcement, but little else. The ostree support in gnome-software will just be inactive as it is on traditional installs, anyway.
  • Contingency deadline: Beta
  • Blocks release: No, the image-based installation will be experimental in Fedora 25, and it would not be appropriate for it to block the release.

Documentation

N/A (not a System Wide Change)

Release Notes