Sell me on Atomic, CoreOS, Flatpaks, and Containers

I’m seeing hints Fedora is moving towards prioritizing those things, and I’ve been actively avoiding them because I find their concepts not necessary.

I have my thoughts on the topics below, and I welcome all clarifications (a lot are assumptions)!

Flatpaks feel like a bulky, entire system (like systemd), filled with unofficial developers (packages still need vetting and thus security concerns), and a larger “solution” than the old-school way of just finding libraries and symlinking them for the rare programs that need that, or running it through Wine

I don’t want to be vetting packages. I don’t want to be having another repo on my computer if I can help it (I already have issue with RPM Fusion). And really the only time I needed a Flatpak was to play Hexen with Doomsday Engine on Fedora 39, and it didn’t even work (didn’t debug it; but it’s in openSUSE’s default repos and works).

I like running stuff as-close to bare-metal as possible. I have problem with the concept of Wayland (like doing libinput → evdev instead of just evdev on Xorg). I have problem with Flatpaks pulling in an entire Mesa library based on some old version the unofficial dev last tested a year ago; yeah it’s cool that it’ll run still, but that’s an incredibly sub-optimal way to go about it.

I also like the best possible performance real-world and in-concept, so any extra layers that are there for compatibility are a no-go for the most part (I tolerated libinput fine until I found I could still force evdev on GNOME 46 on Xorg :stuck_out_tongue: )

I do servers bare-metal and believe security comes from the OS, good sysadmin practices, and traditional physical protection and backup/recovery.

Atomic and immutable distros I feel imply the main distro lacks QA to deliver safe updates, or that the distro can break just by moving the cursor in a specific gesture (unstable).

I’ve done servers with openSUSE Tumbleweed and Fedora Server with unattended daily updates for close to 10 years and never had a broken update or a failed reboot, and generally know not to be doing silly things to be causing boot to fail on servers (like deleting /boot because :person_shrugging: ). I do daily backups too, so if a HDD failed, whatever I manually rebuild and have it back up within an hour or two. So I don’t quite get immutable on servers.

On workstations/PCs, I feel it’s a hindrance to power-users and only for protecting newbies from… deleting /boot because it’ll make GRUB faster. I don’t like this protection as I feel it only continues a growing cycle of not exposing users to how to diagnose traditional issues. I know there’s better wording for that and I’ll come back to it :stuck_out_tongue:

If the distro has good QA, updates aren’t breaking a system. If the distro has good leadership, it’ll provide access to good repos for proprietary or specialized drivers (NVIDIA, ROCm, bleeding-edge Mesa, etc), and these repos won’t be pushing stuff that will break a system. I know Ubuntu is fine. RPM Fusion and that mesa-freeworld ordeal dropped my confidence in Fedora since they also use RPM Fusion for NV drivers (but iirc it was just a NV driver repo so I might be ok with that by itself). Fedora on the Intel UHD 630 I have works fine without anything from RPM Fusion, and the last AMD GPU I had also had a good Ryzen CPU to handle any video I wanted, so I’m fine with Fedora on open-source graphics for now.

I run things on servers on the host OS as-is, and that host OS is running on bare-metal (but I’ll tolerate VMs on VPS). The idea I get of Containers is that it’s another Flatpak, but for server stuff, and running that stuff inside their own (containers) VM.

I use Fedora Server and openSUSE TW and the stuff I run runs with the latest tech. Generally speaking my stuff is mainly a webserver with LEMP, but I was doing this with game servers a while back too and latest GCC. The stuff I run runs with the latest tech, which the distros provides in fast-order; I didn’t need to have a specific outdated version of anything or to lock versions.

If I needed specific older versions of things (like nginx to run a certain extension), then I can maybe understand containers on servers. And if I had to run one thing in a container, I’d try for everything at that point just for consistency. I guess that would be the point of CoreOS?

Most of my view is only as an end-user with a homelab. I like the current Workstation edition being GNOME, it still having an Xorg session, and it not being Atomic.

I can see the appeal of large-scale enterprise needing centralized, consistent software across fleets of computers. And for those ordeals, Fedora is where I’d look first for Atomic distros and CoreOS.

And Flatpak? I can run a repo just for the organization, and it’s convenient it’s already baked into Fedora!

And I suppose containers have to be good enough if Fedora has a whole OS with it in-mind, so if I’m already streamlining everything, containers sound like a plan too!

1 Like

There are large projects with very small user communities and that are hard to package because distro packages for key libraries don’t enable some key features.
One that I used from 1997 until 2018 was distributed with source and a set of scripts to build libraries with the required configuration. The Julia language is another example that is difficult to package. These projects have user communities that are focused on application of the packages and benefit when all members of the community are using the same binaries even though many different distros are being used.

There aren’t enough Linux developers and packagers to meet the needs of all the niche communities using rare programs. In cases where a distro library failed to enable options required by a “niche” system, you need workarounds like environment modules to ensure that distro software can use the distro versions of libraries while the niche system will use a locally compiled version built with the required configuration. In many fields, the added storage needed for flatpaks is trivial compared to the size of files being processed.

I’ve argued hard with vendors to get them to package their software for Fedora and, for a lot of them, I had to concede that Flatpak makes more sense for them. By creating flatpaks, they don’t need to coordinate with other packagers (who may be AWOL) and they can have one release and have it run everyone.

1 Like