Deploy software with systemd-sysext
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Subtitle |
| |
| Title of Series | ||
| Number of Parts | 62 | |
| Author | ||
| License | CC Attribution 4.0 International: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/59739 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
| |
| Keywords |
FrOSCon 202222 / 62
4
9
12
13
17
18
20
25
28
33
34
39
40
42
44
45
48
54
55
58
60
62
00:00
FreewareOpen sourceHypermediaSoftwarePhysical systemCASE <Informatik>Server (computing)Read-only memorySoftwareMedical imagingExtension (kinesiology)JSONXML
00:44
Binary fileExtension (kinesiology)Statement (computer science)Personal digital assistantService-oriented architecturePortable communications deviceSoftwareOpen sourceFreewarePhysical systemReduction of orderDisintegrationFluid staticsCommon Language InfrastructureComputer fileScatteringTrailComputer-generated imagerySingle-precision floating-point formatNetwork topologyFile systemPhysical systemConfiguration spaceService-oriented architectureCASE <Informatik>Computer configurationCartesian coordinate systemMedical imagingBinary codeServer (computing)Computer fileMathematicsComputer programInterprozesskommunikationVolume (thermodynamics)AdditionState of matterPlug-in (computing)Right angleInterface (computing)SoftwareComputer networkBitRoutingExterior algebraData managementSpacetimeSingle-precision floating-point formatRevision controlPoint (geometry)Default (computer science)Perspective (visual)CurvatureFile systemDistribution (mathematics)Library (computing)Extension (kinesiology)Portable communications deviceExecution unitINTEGRALFlagNetwork topologyAttribute grammarFlow separationDegree (graph theory)ScatteringTrailDifferent (Kate Ryan album)Graphical user interfaceComputer animation
09:28
Binary fileTrailOpen sourceFreewareComputer-generated imageryOverlay-NetzFile systemService-oriented architecturePhysical systemComputer fileGraphical user interfaceCommon Language InfrastructureUsabilityPortable communications deviceAdditionGeneric programmingFluid staticsExtension (kinesiology)Directory servicePartition (number theory)Revision controlIndependence (probability theory)FingerprintPairwise comparisonNumberDirection (geometry)MultiplicationAdditionMIDIExtension (kinesiology)Network topologyDirectory serviceLibrary (computing)CASE <Informatik>Content (media)BitStructural loadExecution unitPortable communications deviceProjective planeMatching (graph theory)Maxima and minimaOcean currentComputer fileVolume (thermodynamics)Formal verificationPhysical systemBinary codeOverlay-NetzPairwise comparisonRevision controlSimilarity (geometry)Level (video gaming)Kernel (computing)ResultantService-oriented architectureLogicPartition (number theory)FreewareDifferent (Kate Ryan album)String (computer science)SpacetimeArchitectureArithmetic progressionMedical imagingDisjunctive normal formForcing (mathematics)Auditory maskingOrder (biology)1 (number)CurvatureForm (programming)Field (computer science)Fluid staticsFile systemTrailGraphical user interfaceComputer animation
18:11
Service-oriented architectureExtension (kinesiology)Installation artExecution unitDemonSocket-SchnittstelleBlock (periodic table)MultiplicationComputer-generated imageryMaß <Mathematik>Revision controlServer (computing)Fluid staticsPhysical systemOpen sourceFreewareRevision controlExtension (kinesiology)Physical systemPoint (geometry)Link (knot theory)Single-precision floating-point formatSimulationComputer fileMedical imagingServer (computing)Directory serviceService-oriented architectureBootingMehrplatzsystemContext awarenessSharewareGreatest elementComponent-based software engineeringPower (physics)Configuration spaceAdditionOcean currentExecution unitComputer animation
20:38
Link (knot theory)SimulationExtension (kinesiology)Revision controlPhysical systemDirectory serviceOcean currentFlow separationNormal (geometry)
21:42
Service-oriented architecturePhysical systemOverlay-NetzBinary fileComputer-generated imageryFluid staticsGeneric programmingFile systemGraphical user interfaceCommon Language InfrastructureUsabilityPortable communications deviceAdditionComputer fileBitService-oriented architectureExtension (kinesiology)Run time (program lifecycle phase)Computer fileOverlay-NetzLipschitz-StetigkeitKernel (computing)Physical systemComputer animation
22:39
Partition (number theory)Open sourceFreewareBinary fileMetadataMaß <Mathematik>Revision controlScripting languageComputer filePhysical systemExtension (kinesiology)Data storage deviceBootingDisintegrationHuman migrationPoint cloudIndependence (probability theory)Software testingService-oriented architectureMultiplication signPhysical systemMedical imagingRevision controlSoftwareIndividualsoftwareCloud computingBootingService-oriented architectureBinary codeOverlay-NetzPoint cloudCoefficient of determinationComputer fileLatent heatCombinational logicSoftware testingTerm (mathematics)Computer networkBinary fileMusical ensembleExtension (kinesiology)Human migrationPhysicalismPartition (number theory)Different (Kate Ryan album)Conditional-access moduleCASE <Informatik>Auditory maskingBitInternet service providerConfiguration spaceDeclarative programmingComputer clusterComputer wormPerspective (visual)State of matterLink (knot theory)Directory serviceVariety (linguistics)Execution unitFile systemMetadataSelectivity (electronic)File archiverScripting languagePlastikkarteCurvatureRepository (publishing)Run time (program lifecycle phase)Computer animation
30:48
EmailArithmetic progressionLecture/Conference
31:26
InternetworkingWebsiteMedical imagingLecture/Conference
32:30
Computer-generated imageryRevision controlSoftwareMusical ensembleAddress spaceService-oriented architecturePortable communications deviceBinary fileInclusion mapHuman migrationSineDirectory serviceoutputMetadataPhysical systemFunction (mathematics)BootingData storage deviceLink (knot theory)Content (media)Medical imagingScripting languageComputer fileZoom lensOverlay-NetzBinary codePhysical systemDirectory serviceExtension (kinesiology)Source codeXML
33:30
Computer-generated imageryRepository (publishing)Self-organizationInclusion mapMetadataBootingFunction (mathematics)Fluid staticsMaß <Mathematik>Normed vector spaceDirectory servicePhysical systemObject-oriented programmingConfiguration spaceMedical imagingExtension (kinesiology)Server (computing)Revision controlSource codeXML
34:34
Service-oriented architectureSoftware testingPartition (number theory)BootingRevision controlServer (computing)Fluid staticsExtension (kinesiology)Physical systemExecution unitInstallation artMultiplicationComputer-generated imageryMaß <Mathematik>Directory serviceFile systemBinary fileMetadataScripting languageComputer fileSlide ruleFile systemExtension (kinesiology)Directory serviceService-oriented architecturePhysical systemLipschitz-StetigkeitSharewareMedical imagingComputer fileShared memoryComputer animation
37:14
Binary fileMetadataMaß <Mathematik>Revision controlExtension (kinesiology)Computer filePhysical systemComputerScripting languageDirectory serviceWordExtension (kinesiology)Computer filePhysical systemRevision controlMatching (graph theory)Directory serviceOverlay-NetzRight angleCASE <Informatik>Forcing (mathematics)Normal (geometry)Software developerBlogDirection (geometry)Computer animationSource code
41:03
Extension (kinesiology)MIDIIcosahedronReverse engineeringManufacturing execution systemMathematical singularityOverlay-NetzService-oriented architectureWaveletRevision controlStructural loadExtension (kinesiology)Content (media)Physical systemLecture/ConferenceSource codeJSON
43:15
JSONXMLUML
Transcript: English(auto-generated)
00:06
So hello, I will talk about how to deploy software with systemd sysext and why to do it and I will tell you what these operating system extension images are. I'm Kai Luecke
00:24
I'm one of the Flatcar container Linux maintainers, and I work at Microsoft and Flatcar is a minimal server operating system that has image-based AB updates and the read-only user partition, but more about this later when we show some use cases for systemd sysext and
00:45
we'll next have a closer look at the problem space and the different solutions that are there and the pros and the cons and I will give a more general introduction about systemd sysext and
01:00
more concrete use cases on where it kind of has use scenarios that make sense from my perspective from a Flatcar container Linux Maintainer, but maybe they can serve as examples on what you could do with systemd sysext as well
01:24
so it's about deploying software on Linux without packages and Yeah, if you think what packages give you it's a convenient way, it's well established they Extract the different binaries for the services and CLI commands that you have any additional required files and the config
01:46
default config that you can modify them and You have an efficient way of managing the dependencies and yeah, so why wouldn't you use packages and
02:01
One point is that if you have many distros that means you have to have many packages that you create for your software and the distros maybe have different versions of libraries that you want to depend on and It's a lot of work to get this right and also Having package installation means that we have some kind of state that changes and that depends on what version was installed before what?
02:29
package files it shipped and also what the configuration That is extracted under slash etc is and whether it gets updated when you update to the new package version and
02:42
there's also some other state inside the package manager itself and you know these states together can be a bit fragile when you upgrade at least that was my experience from last decade and That's I think why some distros don't have a package manager at all in the embedded space
03:02
And yeah, also in the server space so for example the flat car has no package manager And if we don't have packages to deploy our software then we have a lot of alternatives we can think about containers for example Which are a modern change route where you have all your library dependencies inside
03:23
So of course there's docker container department cryo lxt containers is system the n spawn But in the end they have the same reside from what we look at not right now and One two way also has snap and it's also available in some other distributions. We can also have a look at that a bit
03:41
For the desktop we have flat pack and yeah, it's kind of well established there for graphical interface applications Then system be as portable services these may not be that well known. I think I will also introduce them again and Yeah For the rest you can also resort to having static binaries that you copy through your server and run and
04:07
it's also kind of Established way I think of deploying software that has to be directly on the server So looking at containers
04:21
They reduce the dependencies on the system because they have this file system they ship and It's kind of handy to have everything in there, and you also gain some isolation from the host to some yeah configurable degree To protect against common cases of things that go wrong can go wrong
04:44
But yeah this isolation and having everything in its separate file system also means we Have to integrate again sometimes this container with the rest of the system So for example how do you start this container you can set this restart attribute for a docker container?
05:02
But often maybe it's a better idea to have a system d-unit That's spawns the docker container with the right command line flags and also maybe you prefer having logging only in John a gear from system D and Have some special Requirements on how the service should be started up when and then maybe it comes handy to have the system d-unit dependencies and so on
05:28
and Yeah, so you can have this additional system unit file to start the container and then tweak some kind yeah This isolation that you normally have to integrate it better with the system. Maybe we have some
05:43
volumes that have to be available to the container and shared between the host or there's some kind of IPC that we have to forward because it's making a service available to other programs on the system so things like that But what we still don't really get from deploying a container is we don't have any CLI binaries on the hosts that you can
06:05
Type in your shell, and then we have a nice command to interact with the container That kind of API brings or some kind of helper tools it normally would have So for example the container network interface
06:20
plugins like celium They provide extra static binaries that you copy to your host and then you can interact with celium from there And yeah in the end it means we need to keep track of these scattered files like there's a system You wanted maybe that we have we have the additional CLI binaries when updating maybe you also have some config files that you have to take care of when you
06:43
Update the docker image version in snap we have One single file image that can contain not only the system services, but also the CLI tools, so that's kind of handy I would say but it's mostly only used on Ubuntu and
07:04
while available on Fedora and Debian 2 yeah, it's competing with flatpak in some way and I don't have the highest hope that it would be the go-to in every distro for deploying your Services for example so speaking about flatpak. It's mainly meant for desktop applications
07:28
It has a great integration there with supporters, and we have this permissions where? You can configure that this is the system bars or the session bars of the user session gets available
07:40
And how much it gets available to the application? So that's yeah working well across distros, but it's not meant for system services maybe you can find a hack to do it, but It's yeah, it's not nice to do it for system services. I would say and it's not meant to be and
08:01
What we also don't get is kind of CLI experience so you can set up this path for example, then you can type the full flatpak name to run it and Not a nice experience It's not meant to be used that way and there are system deportable services so similar to containers
08:24
You can say they reduce the system dependencies because everything is in its all five system tree And you have all these isolation options available from system D To protect the system for example from this service and harden it and
08:42
What you actually get is a good integration with the host because the system the unit files that are inside this portable service image are getting copied out to the host and then also removed there later when you don't need it anymore and We have this own file system inside the service and
09:01
You can even layer it with some kind of extension in it, so that's actually this X what we talk about data But the problem we have again is that they don't make any CLI binaries available to the host So what do you do to add some static binaries again or?
09:20
We need some way to do it together that we have Updates experience where we can replace one thing and that we know okay the update is done now, and we didn't forget any files so Static binaries are as I said not a bad solution often you can use them for CLI
09:42
Tools you can use them for the services as well like I don't know download Katie you run it from there But it's difficult to keep track of all these files in the end you have the system D You need files which are at a different location, and you have these binaries Maybe put them in slash up slash win, and then we have Additional resource files and so on and all these need to be updated together
10:03
Yeah, and now what the system just is next it's a way to have a file system image that gets overlay mounted or on top of slash user and slash opt and You can have multiple of them stacked upon your distros slash user
10:25
directory and It's mainly meant for CLI and graphical user interface binaries for now, and there's a workaround which I will introduce shortly later and For example you can also as I said extend the portable service internal file system or in fact any system
10:43
D service that you start can be extended with this overlay amounts Through the simple directive of using an extension image or a number of them And then this overlay mount only happens for this service unit and not for the whole system but it's yeah, it's
11:01
Main purpose is actually to use it as overlay mount globally for the whole system and Instead of using it in addition to some kind of Container or your portable service with some small work around you can also ship your services as system D Syslex We have to yeah kind of load these system D unit files because overlay mount happens too late the system
11:26
Knows about them and takes them into account so an upstream solution would be maybe to create this overlay mount a bit earlier Yeah, but speaking about overlay mounts a general note is that you have to be careful to not overlay any system files in an unexpected
11:41
way, so if we have the glib C library and your system D Syslex also wants to depend on a We are particular version of this library You shouldn't just overlay the hosts library because it has unexpected results to do so and you shouldn't also really overlay any other binaries that are there and
12:02
It's many went to extend the system you can overlay mount mount stuff when we really need it, but better not do it if you don't have to and There's a way to depend on things of the host OS for example There's some version magic which I talked about soon, and then you can be sure okay
12:25
This version of the SS there that means I can link against this minimal version of glib C then and do some dynamic linking But if you don't really set up these dependencies for your system D Sysexed image then
12:40
It would be more generic image, and you can also say it should be used on any distro then I think you should use static binaries of course and Yeah, maybe that confused you a bit so more in detail again from the start, so what are the allowed formats? It's a dot-ra file with a file system image
13:04
Inside it could be for example squash FS or x4 better face whatever or it is a dot-ra file that has the GPT partitioning image inside and So you can have for example in multiple different variants of this is text and it gets also discovered Which one should be used for your architecture?
13:23
Or you can have maybe a setup with DM verity. That's also supported for a verification of the contents of this file, so that's not corrupted or yeah Malicious whatever you want to verify what you're loading there
13:41
and Yeah, but for simple cases can also be a directory and then you put the files there And they get overlay mounted or better with a sub volume so and inside this File-system tree that you have you must have an extension release file. That's yeah under this path here
14:00
called extension release dot the name of your Sysex and It is used for matching The what the extension expects from the host So what normally is there is this ID from the OS release file where you for example can say?
14:20
ID fedora which means I expect to run on fedora and version ID is 36 the current version of fedora Because that's what I require as minimum more or I'm only tested with that. I'm not tested with anything you are so only this is expected to work and For the next system D release I kind of relaxed this a bit to have a way to say ID is underscore
14:47
any that means I opt out of Version and distro matching because for example. I just have static binaries. I expect them to run on any Linux kernel that's reason enough and I also don't want to have any
15:01
version matching for example But you can do instead of this version ID also is to define your own system used to sext level variable this field is Yeah, free form you can kind of come up with what you want in flat car for example. We used 1.0 as version for the system you live through sex level and
15:24
it just means we don't have to match the version because on fact that's changing very quickly and Just say ID flat care is what we expect to run on So and this file system image is then put into one of these Paths there, so the first one to look at is etc extensions, and then there are other ones
15:47
and Actually the first one win so if you want to disable something that is in a read-only Partition which you can't and you can't take it off from there You could just make some dummy entry in a higher order a higher priority
16:01
Pass here and kind of mask it somehow and Yeah Then from there it gets loaded by the system uses X service or you can also use the command directly system uses X merge to set up the overlay mounts unmerged to unmount them and
16:21
Then refresh to do both together and force is actually skipping this extension release Checks for ID and version and so on so more about this matching logic so what you have on your distro is this etc OS release file normally and
16:42
So these things are then matched together with this extension release file So you can have strong coupling to the OS version as said for example for dynamic linking or some other kind of dependency Maybe you kind of expect that up to there or DNF or something and you want to do something with that
17:00
Yeah, but I said you can also Use the self-defense this X level instead of the version to have more flexibility instead of coupling to exactly one version of it and For example on actually also don't even have this version ID file. It's a rolling release So the only thing you said on arse news is actually ideas arch and then that's it
17:25
and you don't even need this this X level then and Also in progress in the system D project is what I said making this OS ID matching optional To have underscore any s value and this is X Release file and I also added architecture matching so that you can say my user
17:44
Space binary that I provide in this extension image I'm 64 binaries and I expect them the host to be able to run them and Yeah, there are no similar comparisons or something like that No semantics, it's just simple string matching for now
18:04
and it's quite new and Yeah, so I talked about having it for shipping your service files That means they would they would be started up on boot or when you load this so system D this is X image and
18:20
The workaround we have on flat guy is this additional hair power service that is run after system X and then it does these two commands you can see here at the bottom. It does the demo reload to Make system D aware of the new service files that are coming in now from the overlay mount and then we
18:41
Restart the common targets that you have to enable your service units and Restarting them actually just means that the dependencies are getting re-elevated. So inside your This X image you have a Sim link that you set up from for example multi-user target dot once folder under slash
19:04
user flip you point to your service unit with the sim link and then Yeah, this restart here makes sure that your service gets started then. So how do you actually update these files?
19:21
so you put them in this folder for example etc extensions and Now you want to have a new version you can replace the single file and reload it and Live it should work or you can also reboot if you want but it's maybe a bit better to not just replace this file, but to have
19:41
For example a version suffix so that we have one folder and you store the different versions there of your extension images and then you can roll back more easily and You can do so by having a sim link that is the name of the system and then the sim link points to The five is a version suffix. That should be the current version
20:02
Yeah, there's a fix done. So that's Not back ported yet and not released. So maybe the next system be version is a bit better for that and What you can also use this is accompanying to assist in Jesus updates in Two five one
20:21
It's very new and has some rough edges, but you can use it for exactly this You have some kind of local update configuration for your components and you want to update it says what goes where when and Then you can have a remote server or some local directory with this manifest file that tells
20:40
okay, these are the versions that are there and then suddenly there's a new version and system uses update can Download this version and put it into this directory and then also set up the current sim link for you if you want So for example, we can let it download some new extension to this Whatever folder we made up and we say okay. We store these extensions with a version suffix and
21:07
Then system uses update should also update the sim link here the current sim link to point to the new version and It's kind of contained in one folder and then we pull in this this exed
21:20
Enable it so to say by having a sibling from etc extensions that points to this I think it's nice to have the separation of concerns with two siblings, but you could also say directly creates this normal sim link and Kind of skip this dash current sim link stuff
21:42
Yeah use cases, but maybe Going back a bit So I talked about Overlay mounts about it's on top of slash user and slash op so it's not on slash etc So any files you expect to have an etc?
22:01
Need to be somehow brought in differently and you I think you shouldn't really create them dynamically But rather look for solutions to do it In a declarative way from slash user slash lip for example If you want to create a user account for your service Then there is a system delay of making it at runtime without having to write an entry to etc pass
22:25
Wd and it gets Created on the fly and as soon as your extension is unloaded The kernel won't know again about your service user so always try to Find a way to make it kind of safe contained
22:43
and Yeah, don't write files anywhere again, which would introduce the state So yeah some scenarios now from the flat car perspective Maybe it helps again to tell what that guy is it's an image based
23:02
OS so we only release images no packages, and we have some update payloads that also bring you to the new image and We have a be out updates, so it's a partition system where we have two partitions and one is active one and the other new version gets written to it and
23:23
that means we can also roll back to the previous version and this user partition is read only and What flat cows has is a declarative first boot configuration with ignition JSON files? You can also create them from some yamil More high-level configuration language, and it is applied from the inner from file systems or
23:45
from there you would create your system with this X or and any configuration files and so on and then the system directly boots up with them and what flat car also has is a tool called talks and
24:03
you can use it to deploy your custom docker version and It's meant to swap out the version that Flat card provides it as default, and then the user can have its own version of docker also in some kind of image file and
24:22
Yeah, instead of using talks as a special solution now. We can use this in this is X for that and It's more generic because talks was kind of bound to docker and now we have something That is making these nice overlay mounts and solves a lot of trouble we had with talks So yeah for users we can recommend now already to use this in this is X to set this up
24:45
We have some helper scripts or recipes built make baking recipes in this repository here, so it's expatriate to download your official Download the official docker release binaries these are static binaries already
25:02
And then you can just package them up by adding the system the unit and this is X Release metadata file and your success is ready, so what it does is quite simple and you can also Take it. Yeah as instructions for how you can build your own SIS X image so first you have to set up the
25:26
Directory for example here, it's this yeah unpacking of the archive and then we have to move some things around and We create the system service units and the common folder and also some
25:44
configuration file for container deep and then the last thing we do is this Extension release file here. We say it should be for flat car, but actually it could also be more generic and In the end we make a squash of this image of this because it's easy to do so
26:03
It's just one command and it picks up everything into one Physicism image if you want to have this GPT Yeah image with DM variety and so on of course it's more involved than that But for starters, I think it's nice to have one single thing to do and already you can use it
26:25
so another use case is similar again container runtime selection so flat guy has this talk software to Provide some docker plus container D by default, but you can also disable it and bring your own and
26:42
It also had a way to switch versions so for some time there there was an old version of docker shipped and the new one because Kubernetes wasn't really compatible with a new version of docker and yeah, we needed a way to switch to the old version and
27:01
Now we plan to use this and this is X for that and you can even split this up a bit to say we have Docker in one image and container D in the other image and then you can have both you can have one of them or You can have none of them So users could for example disable docker because they don't need it and from the ignition config
27:21
so the system boots without docker but container D and The way users could do this is by masking it so currently I say could it's not implemented smile yeah, it's the proposal here, which I'm showing as use case and Yeah with this empty directory instead of a definitely make because that's currently the way to
27:44
Mask system uses X that's working Then another use case we have this cloud vendor tool updates So in flat car we have the cloud winner tools in an oem partition, so the images that we have for flat cam
28:02
Mostly the same they have the same slash you are a partition, but they have different oem partitions per Cloud image type and this is not a be updated like the rest of the OS and we need a solution to that And we plan to provide system syntax images instead that are stored in this oem partition
28:20
Instead of having all these files extracted there, and you can't update them easily and with some kind of migration paths to Delete these old files and only have the system the system images. They are which are single file gets deleted gets added And you can have two of them and select the active one for example
28:40
By some update service that downloads a new file and an early boot service that activates the one that matches our current version And this is a strong coupling to the OS version we get also much better integration Because on one hand this systex can directly appear under slash usr So no strange path where you have this oem mount and then inside that we have the binaries that have to be in the path
29:06
No, we have to directly under slash usr bin for example And we can use dynamic linking more safely because it's updated together, and we have the strong coupling to the OS version and
29:21
Future ideas are for example having some optional extensions such as a kubernetes extension that has a kubelet binary and the CNI binaries that you maybe want to have for container networking and Now this could be either standalone and independent from the flatcar version so the user has to update it of out of band on their own terms and
29:42
Like flatcar auto updates itself and then the user decides to update the kubernetes as wanted and Could use the system uses update tool. I talked about Or maybe we could say we benefit from some strong coupling of the OS And we also benefit from this auto updating together with the OS we have one reboot, and then it's a new version and
30:06
by having this strong coupling We can say okay. We also cover this in our release test. We know this combination is working well and yeah, if it's not working very we roll back, so a thing and
30:20
Yeah, user doesn't have to care about updating kubernetes anymore then because it's done and tested together from the OS release Yeah, so these were the use cases currently the flatcar suspect specific dogs under this link and They only talk about the first use case your custom
30:41
Software to deploy for example docker was a thing But it could also be a something else that you want to deploy so that's working right now and the others are work in progress and Yeah, that is the end of my talk. I thank you for listening and hope you have any
31:00
questions and remarks Would be interesting to yeah to hear about your impression now Okay Feel free to reach out by email if you have some questions also
31:20
Later okay, do we have a mic to share here or how do we do it?
31:42
Do you have a few examples you can show How to build a suspect image how to activate it on flat car Yeah So I would have to open this website
32:05
Sorry No, okay, I don't have internet sorry I have to connect with
32:41
Okay, so Zooming you built this system the suspect image with a paper script I Showed where you have these simple commands like extract the binaries to one folder and then run Create this and exchange release file, and then one make makes what if as to build it so we have this file then in
33:01
the end It's across the swash of images who can mount it and look at it directly But if you want to skip it in the beginning you can also just create a directory under Dc extensions and put your things in there and then starts to sex and will overlay mount this directory on top of
33:20
USR and From flat car you Can do it manually you can copy it over to your instance and run this X but What we normally do is we have some Yeah Ignition configuration so here it's the CLC YAML Format that gets transpired recognition, and we say okay, we have this
33:47
SpaceX image may be hosted on some server and It should be downloaded to this path. It is the extensions on the first boot and Because we also don't want to use talks because we replace
34:04
System like a stalker version we kind of have to disable it now yeah, so that's what how what you would do from flat car and Yeah, I can also go to this
34:22
Repository maybe oops can again But
34:42
GitHub is blocked, okay Okay, if you want. I just go back to the slide where I showed the the general things that happen Where was it sorry? Yeah? Yeah, so assuming we have the
35:10
pass like ETC slash extensions And then you create a new folder there called my extension then you Yeah, put some kind of
35:22
File there hello world and as a you under the folder us are directly maybe or us r slash share and then create this extension release file under this path inside the directory extension release dot my extension and then
35:45
Because we use a plain Directory you don't have to package it up as file system image and reload system uses X then it would already mount the stuff I Can try to do a live demo not sure if it works perfectly
36:09
So, okay So I first look at ETC extensions, I don't even have this Created first wrong password also, so we create a
36:47
Extension my ex and We also look at this system D So this ex service it never ran, and we either use the service or do it manually to load it and
37:02
We have to prepare this my extension user Lip what was the name? I already forgot The extension that should leave
37:22
And now we call our Extension my ex that means we have to create this file extension release dot my ex and the ID here is Debian I think let me check. Yeah. Oh, I don't even have the version or whatever reason
37:47
that's why I think that's enough and Yeah We do some Hello world text file directly on the
38:02
USR directory and now we run system to use this ex merge And It merged this extension so we can see with status. Okay. It's there. We have one extension that overlays slash usr We can also see what is available in general even if it's not enabled and now the check is
38:25
Under slash usr. We have this text file available and it says hello world And now we get rid of our extension. We can unmerge it and
38:40
Now it's gone again. All extensions are either merged or unmerged and Yeah, so now We remove our extension again Or we move it to some other name, which is invalid because it doesn't match the extension release file and Now if we merge again, there's no extension, but there's one ignored because it doesn't have the right
39:06
settings Okay, so that's that's how you would use it if you try it out yourself Does it answer your question Okay, so yeah any other questions in this direction or in general?
39:23
Why is this even invented or something like that? Yeah, it's very new so You can expect that it's not working perfectly maybe but I think it has very interesting use cases
39:44
so for example one thing that Nana Patrick shared in his blog post was that you could yeah make a development version of some Thing that you are working on and now we want to test it live on your system Normally you shouldn't do it because you corrupt your system, but if it's just an overlay amount why not?
40:06
You can reboot in the worst case and get a working system back. So yeah, that's the case of Overlaying files of your system. That's not what I expect you to do in the most cases But it's also possible and with this dash dash force here for the merge command
40:24
You can even skip the creation of this extension release file and it will load it anyway, so I can maybe demonstrate this we have This invalid folder and now we will even remove this extension file to make it even more invalid and
40:45
We merge this force and it yeah now loaded this directory created this overlay amount of for us and We see there's something called invalid now and our file is there
41:00
Now if you run up to update up Upgrade or something like that or DNF upgrade it will complain because we have a read-only slash user now because I was is Overlay month so before you do any modification there you always have to unmerge again, but yeah Normally, you don't run these things directly you can say
41:25
You do it just by starting or Stopping this service so for example you can start the service now our extension is merged I know it's not because it's invalid and
41:46
I removed this file. I'm rolling release on sit, so that's why I don't have this version ID So again yeah, we can start the service and now it's
42:05
Not there for whatever reason still not yeah because I started already maybe restart yeah now it's there, okay I Was in there, and then yeah, you can stop or disable dash dash now to get rid of it again
42:26
Yeah, so that's how you would do it you? load your new stuff in the right folders, and then you do restart and then your extensions get restarted and Yeah, if you want to update your system is a traditional way because you don't have the
42:43
Wavelet car does it for example of fedora chorus or whatever? Yeah, then you just have to make sure you disable all assistant extensions before you modify the user contents because otherwise you can't Okay, so one last question or not, and I think that's it