Skip to content

Instantly share code, notes, and snippets.

@abcdw

abcdw/stateless-os.org

Last active June 16, 2022 01:03
Show Gist options
  • Save abcdw/343ce43004c8a435c5ac603ba081f307 to your computer and use it in GitHub Desktop.
Save abcdw/343ce43004c8a435c5ac603ba081f307 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
stateless-os.org

Stateless Operating System

Problems of undesired statefulness

https://i.stack.imgur.com/JG9yA.png

Problems

  • Reasoning hugely increase congnitive load.
  • Not aware of what happens.
  • Much easier to make a mistake, because a change affects almost whole system.

Example

  • ifconfig/iptables/nm-tui/gnome settings/etc
  • Did some tweaks. Forgot about it. Did reboot. Broke everything.

Stateless OS is possible?

Nope.

  • # of packages, dhcp, etc.
  • NetworkManager configuration and similar.
  • db cache, db data, etc.

Solution 1: Immutable OS

revisioned configuration and revisioned pkgs.

  • f(config, pkgs) -> system
  • f(config, pkgs, encrypted-secrets) -> system + security key

Problem of Reproducibility

You can’t make secrets a part of OS.

Desirable workflow

  • Threw out ssd of your localhost, insert new one
  • Boot from usb stick, connect to network
  • Clone rde-config repo
  • cd rde-config
  • [rde partition config.scm /device]
  • rde system init config.scm /device/partition
  • reboot

Init is idempotent

How to achieve? [OS]

  • Pre-configure as much as possible
  • Update only by system reconfigure
  • Erase / with snapshot on each boot
  • Boot the system
  • Make another snapshot
  • Work
  • Diff changes
  • Move state to config

Solution 2: Computing Environment

Immutable OS + User programs with state

Immutability and Small State

Good practice. https://i.stack.imgur.com/JG9yA.png

Realistic workflow

rde file systems

  • [rde partition config.scm /device]
  • [rde security-key init /device/partition]
  • rde system init config.scm /device/partition
  • rde state init config.scm /device/partition
  • reboot

How to achieve? [User]

  • Define state components
  • Work
  • Diff changes
  • Eliminate uncontrolled state

How it will look?

  • rde state check-untracked
  • rde state edit # state.scm config
  • rde state sync
  • rde state status

State types

Credentials/secrets (system)

Part of the system + secret key.

  • 2-step deployement

Cache

In most cases we do not care.

Remote FS

Revisionable data

Archive

No need to init, possible to retrieve manually

Backup

Same as

Media (video/pics/music/books/articles)

Can be archiveable or not. Something that we are agree to lose.

Encrypted data

Conclusion

It’s obviously possible to reduce the amount of state, but it requires some time to implement such solution.

Links

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment