Edmondo's Vault

Modern Linux Distributions

May 18, 20262 min read

Modern Linux Distributions in this context refers to immutable distributions. The most notable are CoreOS, Flatcar, Bottlerocket (created in AWS and used for ECS and EKs) and RancherOS. These OS they are all immutable.

Dual-Partition scheme for Updates

A dual-partition scheme means that the OS has two main system partitions: one active and one inactive. Here’s how it works in the context of an immutable OS:

  1. When an update is available, the OS downloads and installs the update on the inactive partition (the one not currently in use).
  2. After the update is applied, the system reboots into the inactive partition, which becomes the active one, now running the updated OS version.
  3. If the update fails or causes issues, the OS can reboot back into the previous partition, effectively rolling back to the previous version.

This scheme makes updates atomic (either fully applied or not at all) and safe, as you can revert to the old version if something goes wrong. Both CoreOS and Flatcar use a dual-partition setup, which simplifies and secures the update process.

Auto-Updates

In the case of CoreOS and Flatcar, auto-updates are applied to the inactive partition in a dual-partition setup, meaning the system can be kept up-to-date with minimal disruption. These updates typically replace the whole OS image, reinforcing immutability by preventing granular changes to individual components.

OCI-Based Image Updates

Bottlerocket uses OCI (Open Container Initiative) image-based updates. Instead of traditional package-based updates (where each software package is updated individually), Bottlerocket applies updates as whole OS images that are packaged as OCI container images. This approach aligns with container standards and simplifies OS updates, as the OS is refreshed by pulling a new image rather than updating individual packages.

With OCI-based updates, the system downloads the latest OS image (like downloading a new container image), then applies it to the active partition, making updates faster and more consistent. The base OS is read-only so it is easy to rollback and apply a different set of layers

Running Everything as a Container

In RancherOS, even the system’s core components (like networking, logging, and SSH) are Docker containers, which means that RancherOS truly runs “everything as a container.” It has two Docker instances: - System Docker: Runs the core OS services as containers. - User Docker: Runs user applications and custom containers.

Graph View

Backlinks