Transaction Server - New TW and LEAP 15 server option

I’m going to be spending more time looking at this over time…

https://news.opensuse.org/2018/05/15/transactional-updates-in-opensuse-leap-15/

Summary
This is a new server or Desktop choice during a new install,

Coming from the Kubic (Kubernetes on SUSE) project, “zypper up” and “zypper dup” are replaced with

transactional-update

and

transactional-update dup

So, why this new alternative to the long used zypper update and dist-upgrade commands?
It provides a significant amount of new safety and reliability, the important ability to roll back an entire day’s worth of new package installs if something breaks. Currently with zypper, to undo an update you’d have to pick out the individual packages to uninstall which is no easy thing to do… With this new command all your new packages are installed into a new snapshot image and then applied with a reboot. To roll back, you should only need to use snapper like any other btrfs rollback.

At the moment, I’m also wondering since the root file system is read-only,
Does this mean that your website deployed to this file system would be impervious to defacement, even if the website code was compromised?

So…
Although transactional-update is already configured to install and reboot about 5:30 am local time every day, if you wish to run the command manually, don’t forget to reboot immediately as well. If you instead run transactional-update without rebooting, you’ll be downloading and installing all over again and not complete the installation (until reboot).

Right now, this feature is available by default only on a text-only Server.
Note that installing a graphical Desktop is experimental. I just now tried to install the MinimalX system but it didn’t install completely so doesn’t run(The command I used is provided below)

Some examples…
Updating a system and automatically reboot immediately

transactional-update reboot

Install the mlocate package

transactional-update pkg install mlocate

Install the x11 (MinimalX) windows system(Note that the command completes without error but the result doesn’t work)

transactional-update pkg install -t pattern x11

TSU

Yep, mentioned in the all-important release notes as well… :wink:

https://doc.opensuse.org/release-notes/x86_64/openSUSE/Leap/15.0/#sec.install.transactional-server-role

It takes a bit of practice getting used to a read-only root file system as the default and not simply an option…
And to use it will require some getting used to, as well as learning new procedures like modifying the system on the fly. Update-alternatives now is read-only and can’t modify immediately.

This to me appears to be a viable Production deployment configuration in a flow which implements multiple stages, likely less suited for everyday use… Unless you don’t mind the extra steps needed for a number of common functions.

TSU

I don’t change the system much once it’s running, except for updates, so this seems like it might be a good choice as a production working environment for me. While I usually run XFCE, I understand that GUI interfaces aren’t available, yet. But I’m considering doing a CLI-only install and tinkering with it so I gain some understanding of the transactional environment before the GUI versions come out. I haven’t done anything with btrfs, for example, and this seemed like a good chance to do some exploring in a testing environment. And I’ve had some experience with read-only systems and found it disconcerting, as you noted, so I need to get used to thinking in that context.

So, I’d be doing this on a Pi-3B+. I’ll use a 32GB USB3 drive (not SSD, at least for now).

I’ve read through the release notes, and I have a couple of questions before I start that you might be able to answer:

  • Do µSDs and USB drives work OK with btrfs or do you really need an SSD drive for acceptable performance?
  • Start with JeOS ? I think that’s what “text mode” means. Right?
  • It looks like you need to make the boot partition be hybrid MBR/GPT. The gdisk warning about that looks a little worrisome: did the Pi boot successfully from that partition?
  • Any other “gotchas” that you could warn me about before I start?

Thanks for any advice you can give.

David

Hi,

Btrfs only, what about non Btrfs users? :slight_smile:

Won’t work for them yet. The new mechanism creates what one could call a snapshot-in-the-future. After a reboot that snapshot is booted into.
Since ext4, xfs and others have no snapshotting, it won’t work.

Well, I’d have sworn that while I was debugging new Raspberry Pi SLES/openSUSE installs a month ago or so, I stumbled upon an install that offered “transactional server” as an option – which I ignored at that time.

But I can’t find it any more. Did I mis-remember, or is there a RPi aarch64 distro in which you can select transactional server? I’ve tried TW, SLES 15, and Leap 15 (JeOS, X11, XFCE) and haven’t been able to find it again. I understand that it’s a text-only install, so SLES 15 and JeOS were the most likely candidates, but they didn’t give install options (and I couldn’t get TW JeOS to get past the “eth0:” prompt).

And yes, I confirmed that making the /dev/sda1 be a MBR/GPT hybrid with the gdisk procedure outlined on the HCL site does result in a system that boots successfully on the RPi. But I have yet to get one that installs as a btrfs / partition. I know I wasn’t dreaming (I didn’t want btrfs at that time, so it was a nightmare), but I can’t recreate it.

Any hints where to look?

David

I haven’t looked at RPi images that closely,
But in general when you install some version of LEAP 15, it’s offered as a Desktop option.
This will result in a text-mode server set up with transactional-updating (In other words, don’t install a regular text mode server).
For anything else, it’s not offered as a Desktop option but you can install transactional update packages. As discussed in this thread, you’ll need to make sure you have the prerequisites installed on your own (primarily BTRFS on the partition(s) you intend to protect, at least the root partition).

TSU

Thanks! That’s what I remembered. But I’ve tried several LEAP 15 installs on my RPi-3B+ (X11, XFCE) and they all proceeded smoothly with a desktop install and didn’t give the option of setting up a transactional-updating system. (That’s what I’d want to see – an easy, direct install of the GUI-based desktop.) I thought the JeOS install might give the transactional-update option, but it didn’t either.

Perhaps I’m just mis-remembering the install instructions I’d read in prep for the Leap 15 install 5-6 weeks ago, as if I had actually run though those screens. But if anyone has seen the option for installing the transactional-updating OS in a Raspberry Pi install, please let me know which distro has it. Thanks!

Right,
a RPi install doesn’t actually give you a choice of Desktop during an installation, an install applies a pre-built image so you won’t have a Desktop install option during install.

I’d highly recommend you submit a “feature request” to https://bugzilla.opensuse.org requesting transactional server builds for the various RPi <based on LEAP>.

In the meantime,
I’m going to guess that you should be able to install one of the Tumbleweed images and install the transactional zypper packages.

As for JeOS,
No one should ever likely choose JeOS except to create a Production instance of something very specific.
So, for instance I always build the first versions of anything using something else, usually with a full Desktop for the convenience of having ample options if I run into difficulties. Once I have the solution built right, configured properly and fully tested, only then I re-build on a JeoS for final deployment and distribution.

Otherwise, if you try to troubleshoot things on a JeOS, you’ll find common tools missing. The JeOS is intended to be the stripped down, streamlined final solution and not intended to have the extra things that might be needed for troubleshooting, learning, overcoming issues.

TSU