Fedora Classroom: Getting to Know Silverblue


#1

Fedora Silverblue is a variant of Fedora Workstation that is composed and delivered using ostree technology. It uses some of the same RPMs found in Fedora Workstation but delivers them in a way that produces an “immutable host” for the end user. This provides atomic upgrades for end users and allows users to move to a fully containerized environment using traditional containers and flatpaks.

Instructor

Micah Abbott is a Principal Quality Engineer working for Red Hat. He remembers his first introduction to Linux was during university when someone showed him Red Hat Linux running on a DEC Alpha Workstation. He’s dabbled with various distributions in the following years, but has always had a soft spot for Fedora. Micah has recently been contributing towards the development of Fedora/Red Hat CoreOS and before that Project Atomic. He enjoys engaging with the community to help solve problems that users are facing and has most recently been spending a lot of time involved with the Fedora Silverblue community.

View the classroom here: Fedora YouTube Channel: Getting to Know Silverblue

Feel free to make your questions under this topic.


#2

One question: in the demo, @rageear showed some rpm-ostree status options that I don’t seem to have on my installed Silverblue 29 system. For example, he showed more than two deployments and what would be upgraded at the bottom. How do I get those options?


#3

Hi @znmeb,

Try something like this. sudo ostree pull fedora:fedora/29/x86_64/silverblue --commit-metadata-only --depth=5 you can change the depth to what you want.
On my system fedora: is fedora-workstation. Also there is an open issue for an enhancement that may be what you saw, at this link https://github.com/projectatomic/rpm-ostree/issues/1489.
For myself I used the above command to find previous ostree commits I had and was able to go back to basically previous install’s. The caveat being your home dir and flatpaks don’t go back to that state.


#4

I like my flatpaks and everything useful in my home directory either lives on GitHub or is sycned via SpiderOak. :wink:


#5

I was referring mostly about the fuller information display @miabbott had on his other host in the classroom for Silverblue, which was what I thought you meant above. When I was trying to repeat an issue I had encountered with Silverblue, I had to go back to a specific time and redeploy a commit I had for rpm-ostree, and there wasn’t an available command to go past the rollback point using rpm-ostree, so I was directed by @dustymabe to the above noted issue for rpm-ostree. I would hazard a guess that @rageear is using the future version of the rpm-ostree command status. To get the type of info he was displaying currently I think I would be using ostree. The pinning option is interesting too.

I too like my flatpaks, and generally speaking the pet container doesn’t get much use. I find the more I use Silverblue, the less I miss the old workstation


#6

The only thing that’s keeping me from migrating my laptop to Silverblue from Arch is not having the proprietary NVidia drivers. Everything else I use now has workarounds.

That said, I don’t see podman replacing Docker just yet. The networking interface in podman lags docker network by too many features, and rootless containers don’t even publish ports yet.


#7

Have you checked into the extensions that are available for nvidia on flathub? I’m not certain what they are for but they have nvidia in the name. There is a whole bunch of them listed when you do a remote-ls of the flathub flatpak repo with the --runtime option.


#8

They won’t work without the proprietary drivers - the standard nouveau open-source driver black-screens on the NVidia GPU I have (1050Ti).


#9

IME for rootless containers, --net host is basically close enough. Specific port publishing is most useful for cases where you’re running containers in production, which I’d hope you’re not doing on your personal system… :eyes:


#10

Most of the containers I run are web apps or databases which expose single specific ports. PostgreSQL is 5432, RStudio Server is 8787, etc. If I have PostgreSQL on my host I either have to change its port or map the container’s 5432 to another port, like 5439.


#11

For the “extended” information that I demo’ed during the classroom, you can use rpm-ostree status -a.

That prints out the AvailableUpdate section which lists the CVEs that have been fixed in the update.

In the case of more than two deployments, I had listed four deployments (as shown in order):

  • upgraded deployment, ready to be booted into
  • currently booted deployment
  • previous deployment
  • pinned deployment to F28

You can pin a deployment with the ostree admin pin command.