It seems like there is a lot of enterprise potential here for Silverblue with those that want to produce safer updates. My current employer operates a 200-300 user call center using linux. The management tools are okay but this functionality is a real step forward in terms stability and reliability.
So, I have a couple questions
Are there any management tools available or in development for ostree (specifically Silverblue)? I’ve seen embedded OTAs but that doesn’t seem to cover this.
Do any manage the actual layers? The capability to serve, add and remove layers is absolutely critical to ensuring consistency.
Have you tried yum, perhaps combined with a tool such as Ansible, to
handle configuration management? This is how most larger companies manage RHEL
systems, so I imagine it’d apply well to Fedora.
Yes, dnf and ansible are workable solutions but I think there are better options like storing actual layers. Ansible can be cut off before it completes, therefore, scripting needs to handle that scenario and rollback. Otherwise you’re creating a completely new states (each host could have a different state depending on which step it failed on).
Example scenario, my organization needs new security updates for the silverblue and wants to add 1 new application, google chrome to the next release.
The general workflow would go like this
Admin updates image/layer with security updates, adds google chrome application and labels this release “2020.06.11-1”
Admin briefly smoke tests new image/layer.
Smoke test passes, Admin pushes image/layer labeled “2020.06.11-1” to small group of beta users.
a. Schedule Reboot during off hours.
After positive beta user feedback, Admin pushes image/layer labeled “2020.06.11-1” to all users.
a. Schedule Reboot during off hours.
Repeat process.
I would expect Enterprise functionality to include