this post was submitted on 10 Apr 2024
43 points (95.7% liked)
Linux
47952 readers
1939 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'd like to clarify that I didn't intend to portray any anger in my comment, I'm sorry if it came across that way. Text is notoriously difficult to convey emotion and intention through without purposefully writing to convey it.
With that said, I am a bit confused. I was not aware that Ansible had the ability to seamlessly roll back updates like an immutable distro, this could certainly influence my opinion. I don't have any personal experience with Ansible myself, so I suppose I'd have to take your word for it since a quick search online didn't provide any results. That would be very useful, indeed.
As I have little experience with large scale deployment, I am unfamiliar with management software that could assist in managing large groups of computers. Would it be possible to use Ansible or some other sort of large scale management software in conjunction with an immutable distro? It seems like the management aspect of Ansible is quite useful and shouldn't be distro-dependent, so I'm unsure why it would be limited to mutable distros. I feel like that could perhaps get the best of both worlds, as it would allow for consistent deployment of atomic distros that have the ability to be automatically rolled back in the event of a bad update, even if they were to be otherwise rendered unbootable (since one of the selling points of immutable distros is that it's as simple as an arrow key down and an enter key press while booting to roll back to a bootable OS). Update rollbacks are also as simple as a single command with atomic distros. You don't have to find a backup to restore from, as the base image is basically organized with version control software (think Git or Subversion, where each update is like a commit/pull request). You can roll back any changes individually or as a group (you can roll back to the exact image you were at during the last successful boot, for instance).
Immutable distros also have plenty of potential for globally shared applications through simple package overlays. The documentation on installing packages through rpm-ostree is fairly competent last I checked, and would be what you're looking for with globally installed apps like LibreOffice or Firefox. It just uses the normal Fedora repos for those packages. The actual install commands aren't different from any other package manager, at least in the sense that all package managers have slightly different syntax, but they have a similar base structure of being able to install/remove/update packages. The backend is unique, yes, but the presentation to the end user isn't far off from any other package manager. Of course, that comes with the caveat that you have to reboot after installing something through rpm-ostree, because the base image cannot be edited while booted in normal operation. User-specific apps can naturally be Flatpaks, as you wouldn't want users installing system packages anyway (if you even allowed installation permission, that is).
You're certainly correct that traditional desktops have more documentation, and I suppose that since it is a change to the norm, it may be more work for someone experienced with mutable distros to learn how to manage immutable distros. I don't feel as if that is an issue OP is currently considering, though. They don't seem to have a whole lot of experience with large scale management of Linux desktops, anyway. Either option could present issues if mismanaged, but if all you need to do to fix something is to roll back a change you made, I feel like that makes immutable distros a little easier to fix (at least when the issue is caused by the user/admin).
Also, I am unsure where uBlue claims to be in beta. I checked their site, and I didn't see anything about their products being solely beta packages. Yes, there are beta packages available (for instance, for Fedora 40 which is still in Beta as it hasn't released yet), but that can be said for practically any software. You can install nightly/beta builds for most packages if you so desire. If there's somewhere on the uBlue website that confirms your point, please feel free to provide it. I don't know a whole lot about uBlue, so I would genuinely be interested in knowing. I just know they're based off the Fedora Atomic desktops with some extra configuration thrown in, and the information readily available on their website.
If you really wanted consistency with ease of deployment, NixOS is also an option. It just takes time to learn how to use its configs, and I believe the wiki is currently down pending a redesign (or so I heard from another post).
I suppose I should clarify that I used Fedora Silverblue for about a year as a test drive, and when I got a new computer I installed basic Fedora Workstation back on it. Immutable distros are particularly difficult for me to use because I do a lot of low level changes that would require a lot of complicated overlays, but I'm not the average user. I'll give Fedora Atomic KDE a shot when Fedora 40 releases, but I've always imagined that the ideal scenario for atomic distros is in applications prone to breakage (like school labs where students might mess around doing something that causes issues accidentally), and situations where you want to have large scale management of computers and ensure they all behave exactly the same (though I suppose that's the draw of Ansible as well). Atomic distros' main selling point is fixing breakage and remaining stable and reliable (with failsafes you can fall back on when necessary).
I suppose I don't have the experience to really conclude whether or not the benefits outweigh any potential costs, though. I am mostly unaware of how large scale management software works, so maybe there would be a lot of disadvantages I don't immediately see, or perhaps the advantages themselves aren't as great as they seem in my head. I chimed in because I felt like the Fedora Atomic distros were being misrepresented. For instance, they aren't in beta, and while they lack the testing of something like Debian, as the community grows, so does the testing userbase. I think that they are an interesting option with distinct benefits, but that of course doesn't mean that they are the best option.
Immutable distros aren't bad and can be a good thing. I just think it will take time before they are able to be troubleshooted by someone who may not be all that familiar with Linux.
Maybe I'm just hesitant to use something I don't understand. As far as updates go theoretically you shouldn't need to roll back if your testing is good enough. Reliability is why you use something stable and review each update before deploying. There needs to be a testing and validation pipeline for each update. Then again, that is not really possible for a one man team. In that case I would recommend setting up a generic image that spins up and creates a new machine id and keys before getting taken over by Ansible automation.
This is the kind of stuff that is used to admin thousands of VMs. Maybe it is simpler to use immutable distros but I haven't heard much from people who use them.
Overall I think I'll give them a shot in a VM. As for the user asking for help I'll just let them decide what's best for there needs.
If you have more than a handful of VMs Ansible is the answer