From Fedora Project Wiki

(Fix ordered lists)
No edit summary
 
(3 intermediate revisions by 3 users not shown)
Line 1: Line 1:
Stateless Linux is not a deployment model. It is not any single technology.
{{admon/important|This page describes a project which is not currently under active development|The technical concepts remain valid, and support for read-only root with separate state is included in Fedora, but there is not current new work in this area.}}
It's a new way of thinking about how a system is supposed to run and be
managed.


To be stateless, a system should be able to be replaced at any time,
= Stateless Linux =
whether it's running diskless or with local storage. Hard drive crash? Just
 
resync your remote image to a new drive, and you're good to go. Server
Stateless Linux is not a deployment model. It is not any single technology.  It's a new way of thinking about how a system is supposed to run and be managed.
goes offline? Start a new virtual instance running your OS image
 
To be stateless, a system should be able to be replaced at any time, whether it's running diskless or with local storage. Hard drive crash? Just resync your remote image to a new drive, and you're good to go. Server goes offline? Start a new virtual instance running your OS image
off of your network storage.
off of your network storage.


Moreover, it's about being able to run multiple machines from identical
Moreover, it's about being able to run multiple machines from identical OS metadata.  Instead of managing each machine independently, the single copy of the OS metadata is managed.
OS metadata.  Instead of managing each machine independently, the single
copy of the OS metadata is managed.


For more information, you might want to view the [http://people.redhat.com/notting/summit/summit-nottingham.pdf Red Hat Summit presentation] .
For more information, you might want to view the [http://people.redhat.com/notting/summit/summit-nottingham.pdf Red Hat Summit presentation] .
Line 30: Line 27:
== Component technologies ==
== Component technologies ==


Currently we're working on stateless enablers, that allow
Currently we're working on stateless enablers, that allow administrators to deploy machines according to a stateless model.
administrators to deploy machines according to a stateless model.


We have changes that affect how the OS runs its root filesystem:
We have changes that affect how the OS runs its root filesystem:
Line 42: Line 38:
# Persistent state (such as SSH keys) is managed by <code>puppet</code>.  Effectively this allows the master copy of persistent state to live and be managed on the server and be cached on the stateless client.
# Persistent state (such as SSH keys) is managed by <code>puppet</code>.  Effectively this allows the master copy of persistent state to live and be managed on the server and be cached on the stateless client.


We have changes that make it easier for multiple different computers
We have changes that make it easier for multiple different computers to run a single OS image:
to run a single OS image:


# Automatic hardware configuration that loads all relevant modules at boot
# Automatic hardware configuration that loads all relevant modules at boot
Line 91: Line 86:


SELinux should work without any significant modifications, provided the underlying filesystems support it. (This is not currently the case for NFS, or for the various filesystems used by LiveCDs.)
SELinux should work without any significant modifications, provided the underlying filesystems support it. (This is not currently the case for NFS, or for the various filesystems used by LiveCDs.)
[[Category:SIGs]]
[[Category:Fedora special-interest groups]]

Latest revision as of 16:24, 11 October 2010

Important.png
This page describes a project which is not currently under active development
The technical concepts remain valid, and support for read-only root with separate state is included in Fedora, but there is not current new work in this area.

Stateless Linux

Stateless Linux is not a deployment model. It is not any single technology. It's a new way of thinking about how a system is supposed to run and be managed.

To be stateless, a system should be able to be replaced at any time, whether it's running diskless or with local storage. Hard drive crash? Just resync your remote image to a new drive, and you're good to go. Server goes offline? Start a new virtual instance running your OS image off of your network storage.

Moreover, it's about being able to run multiple machines from identical OS metadata. Instead of managing each machine independently, the single copy of the OS metadata is managed.

For more information, you might want to view the Red Hat Summit presentation .

Mailing Lists

The place to discuss Stateless Linux is stateless-list . Discussion can also take place on fedora-devel-list .

Usage Cases

Many usage cases can benefit from a stateless approach:

  1. Server usage: a farm of machines instantiated and updated via a single copy of OS metadata
  2. Virtual server usage: same as above, but they don't even need to be physical machines
  3. Corporate desktops with local storage - stateless images are instantiated to a local disk from shared OS meta and run from there. This includes desktops (local swap, read-only root, and network homedirs) and laptops (local swap, read-only root, and local homedirs that need synced back to centralized network storage for backups.
  4. Thin clients using NFS root, with or without local storage for swap, scratchpad, etc.
  5. LiveCDs - a live CD is by definition stateless

Component technologies

Currently we're working on stateless enablers, that allow administrators to deploy machines according to a stateless model.

We have changes that affect how the OS runs its root filesystem:

  1. Read-only root support - all the system partitions are mounted read-only
  2. Root can be on a local disk, NFS, NFS loopback or iSCSI
  3. Temporary areas can be on a local disk, tmpfs or NFS storage
  4. Files/directories which must be writable for proper operation are either bind mounted or provided via unionfs backed by the temporary storage areas
  5. Any of these can be deployed with Xen to be used in a virtual environment
  6. Persistent state (such as SSH keys) is managed by puppet. Effectively this allows the master copy of persistent state to live and be managed on the server and be cached on the stateless client.

We have changes that make it easier for multiple different computers to run a single OS image:

  1. Automatic hardware configuration that loads all relevant modules at boot
  2. Automatic configuration of X, including monitor and input devices
  3. Network and printer configuration for desktops that doesn't need the root password

We're also looking at certain areas for the future:

  1. The ability to have a network-based image automatically synced to a local disk to enable disconnected mode.
  2. The ability to sync local disk back to the server (/home for disconnected laptops)
  3. The ability to use local disk as a persistent cache for network filesystems.
  4. The ability to update clients by modification of shared OS metadata

How do I test and deploy stateless images?

See HOWTO.

Not currently covered

Things we specifically aren't targeting:

  • configuration and management tools for images
  • changes to applications configuration mechanisms for getting configuration data (such as switching app configuration from local files to LDAP)
  • stateless-specific provisioning tools

The current working assumption that anything we would do in this space:

  • would be rushed and incomplete in the time needed to make FC6
  • would not work with current or future management tools without changes
  • would not integrate well into users' current management frameworks

Hence, these spaces are best left to development in the context of the future management system. What we're concentrating on for FC7 is the basic infrastructure.

FAQs

1. How do I make my app work with stateless?

Generally, if it avoids writing to the root filesystem, it should be OK. For configuration, we're doing configuration on the raw source images themselves (whether via chroot, via booting the image in Xen, or various other methods); this means that config files should be OK, as long as you're not expecting the client systems to write to them.

2. What architectures are targeted for this?

  • Initially: x86, x86_64
  • Additional arches if time permits: ppc

Server architecture only matters in that if you are modifying a (for example) i386 stateless image, whether by chroot() or Xen, you will need to do this from an architecture that can run i386 binaries.

3. How does this interact with SELinux?

SELinux should work without any significant modifications, provided the underlying filesystems support it. (This is not currently the case for NFS, or for the various filesystems used by LiveCDs.)