Immutability done right.
Since our little one is born, I have little-to-no spare time anymore to do proper server maintenance. Luckily I was prepared for this, and automated as much of the recurring tasks that I could. This post is a praise of our openSUSE transactional systems (Leap, Leap-Micro, MicroOS, Tumbleweed), because they make my life as a spare time home and family/friends sysadmin much easier.
Almost all openSUSE flavors provide a transactional system role. Some like MicroOS got as far, as to only run astransactional system. Transactional system means, that you have a immutable (“read-only”) root filesystem, where only a small subset of the folder hierarchy (/etc, /srv, /var) is writable. Package installation, updates, ecc. need to be performed as a “transaction”, i.e. in a new file system snapshot that does not mess with the current running system. Only after a system reboot, the effect of a transaction will be applied to the system. If something goes wrong, you can do a snapshot rollback, which can be a lifesaver.
Already since some time I run almost all of my servers as transactional servers. They are a bit more annoying that traditional systems to setup because transactional systems behave a bit differently, but you get increased reliability and resilience in return. By default you have automatic updates turned on, which check for system updates during the night, install them into a new snapshot and reboot the system to apply the changes. For most use cases this is the best fully automated update strategy that I’ve seen and used so far. Exceptions exists however.
In the last three weeks I didn’t had much time to perform typical maintenance tasks like installing updates myself. But that’s ok, because they are anyways automated. I knew my servers would take care of themselves. And I also knew that if an update goes wrong, I could just boot into an older snapshot and fix it from there. This was much appreciated peace-of-mind, knowing that at least this part is not to be worried about.
In the openSUSE world, the transactional role isn’t limited to MicroOS, Leap Micro or Tumbleweed. Also Leap has a transactional system role that I heavily use. To me, a transactional Leap system is a solid work horse that runs stable and reliable, and this extra protection and easy maintenance makes it in my eyes an awesome server system. I wouldn’t like to miss it.
Of course, there are some caveats with transactional systems. Just to name one, the system behaves differently than most people are used to, which means they have a higher entrance barrier. But if you’re a non-rookie sysadmin it’s a technology that pays off learning in my opinion. There are some more edges that I want to talk about in a future blog post, but for now I just wanted to praise the (openSUSE) transactional server systems, as they have made my server maintenance work in the last weeks a breeze.
Cheers.
(This blog runs on a transactional MicroOS server)