JeOS (MinimalVM) with transactional updates

Impatient? Scroll down to the Step-by-step guide.

The concept of (openSUSE) JeOS is to have a bare minimum base VM image. The concept of transactional updates is to have atomic updates with automatic rollback mechanism. How awesome would it be to combine those two things and have a minimal VM image with transactional updates? I believe this is a very versatile and resilient basis for most of my server VMs. The only caveat is that the slimmed down kernel of JeOS might not be suited if you require some non-default kernel modules.

While there is no transactional openSUSE JeOS image out there, it is surprisingly easy to realize this yourself.

# Pragmatic introduction into JeOS

One of the awesome parts of JeOS is, that you have a working minimalistic VM up and running in under 5 minutes, including 3 minutes to refill your coffee cup :-)

A JeOS image is in principle a ready-to-be-used minimal system image with a stripped down kernel for virtual machines. All you need to do is to import the downloaded image into your VM hypervisor and run it from there. Because it is a ready-to-use image, there is no installation required, only a short first-run configuration procedure (keyboard layout, root password, timezone).

Word of advice if this is the first time you are running JeOS: I recommend to not store any user or application data on the JeOS disk/image, but on a separate data disk. Use the system disk as a system disk only, that saves you a lot of struggle (e.g. performance issues). For more general information, checkout the JeOS portal.

Please mind, that there are some minor inconsistencies between the JeOS VM images you can download from and some more specialized images like for Raspberry Pi images. Those are also names JeOS. The term still makes sense on the broader scheme, however there are differences between the two image types (e.g. yast is included for the later ones).

In a nutshell: JeOS is a bare minimum system base image for virtual machine guests and on a broader scope also for some specialized hardware (e.g. Raspberry Pi).

# Download

You find the latest JeOS images in the Alternative Download section on Select Leap or Tumbleweed, go to Downloads and click on “Alternative Downloads”. JeOS images are build for KVM and Xen, MS HyperV, VMware and as OpenStack images.

# Turn a JeOS image into a transactional JeOS image

Transforming a JeOS image into a transactional JeOS system is a painless three-step procedure without dirty voodoo tricks. I have tested this with Leap 15.3 and with Tumbleweed on my x86_64 machine and the procedure was working in both cases.

First install the transactional-update system pattern by installing patterns-base-transactional_base:

zypper in patterns-base-transactional_base

Next, edit /etc/fstab and set the root partition (only the / entry. Don’t touch the subvolumes!) to read-only by changing defaults to ro. On my system I had to change

UUID=6dbb2984-ba76-494b-a0e1-2c8d74cae083 / btrfs defaults 0 0


UUID=6dbb2984-ba76-494b-a0e1-2c8d74cae083 / btrfs ro 0 0

CAVE: Don’t touch the subvolumes. I say this twice, because this is important!

Lastly, do a reboot.

Congratulations, you have created your transactional JeOS image!

# Step-by-step guide

Prerequirements: Download and run any (open)SUSE JeOS images.

  • zypper in patterns-base-transactional_base
  • Edit /etc/fstab, make the root filesystem entry (/) read-only by setting it to ro (i.e. replace defaults with ro for this entry only). Leave the subvolumes untouched (!!!)
  • reboot
  • Congrats, you have now a transactional JeOS VM

Tested and worked on the current Leap 15.3 and Tumbleweed images.

# Conclusion

JeOS (or Minimal-VM) in combination with transactional-updates is a interesting base for my future generation of server VMs. The slim JeOS images provides a minimalistic base system with a stripped down kernel and the transactional updates make fully-automated system updates easier and more reliable than ever before. In addition I have a fully working VM up and running in under 5 minutes.

I believe this could a mighty platform for many small and heavy-load VM workloads with minimal configuration and maintenance effort. Before I can really recommend it for production, I will need to do more testing and deploy it in a real-world scenario for some time. However, I don’t see any obstacles and would expect this works just fine as it is.

# What works

  • The root filesystem is read only

Trying to create a test file on the root filesystem is not possible

# touch /test
touch: cannot touch '/test': Read-only file system
  • zypper recognises that it is on a transactional-server:

Trying to do some system maintenance via zypper fails with a propriate error message

# zypper rm zypper
This is a transactional-server, please use transactional-update to update or modify the system.
  • Installing and setting up a simple webserver using nginx

Jep, it does exactly what it should do (serve a simple test page)

  • firewalld is up and running, firewall-cmd commands work just fine.

# What doesn’t

I have not encountered any issues out of the ordinary. Everything seems to work fine in my first test runs.

However, JeOS/MinimalVM uses a slimmed down kernel. If you plan to do some more low-level stuff, there is a chance, that some of your required modules are (not yet) included. Do your research/testing before adpoting this strategy to your workload.

That being said, for most workloads and “normal applications” this setup should just work. If you are just running some webservices, podman/docker containers, then everything should work out of the box.

# Pitfalls

# Changes in /etc/fstab are overwritten

Issue: changes in /etc/fstab are not persistent through different snapshots. e.g. after installing a new package, the recent changes are overwritten with a previous state.

Solution: Use transactional-update shell and edit /etc/fstab within there.