What is the suggested approach(es) to correctly set up a Silverblue Workstation

desktop
podman
flatpak

#1

OK, so since I am a masochist that enjoys living at the leading edge with the occasional insanity tromp through the bleeding edge, I have to ask. What is/are the suggested approach(es) to getting a usable system based upon Silverblue? Should a person’s first steps focus on the core ostree, and getting containers and podman set up to cover desired potential usage cases, then populate those containers with the pertinent flatpaks? Although I have been watching the use of containers grow, I have been sticking with what works for me in regards to the traditional Fedora Workstation based system, with the occasional headless server when needed. Thus I have been ignoring the gory details of using containers daily, and even flatpak as an application package deploy method. I understand the advantages that would seem to be in their potential, and I am wondering if through use, some of the community members have experiences they would share with those of us just beginning to use these technologies?


#2

I’ve been building Docker images for a few years now, but the concept of a “pet container workstation” is relatively new. I’m planning to run Silverblue 29 and Antergos in a dual-boot on my workstation and sticking with Windows 10 Pro and Antergos on my gamer laptop.

My main workload is data science, specifically R / RStudio and PostgreSQL. So it lends itself well to a container environment - this project was in part inspired by Silverblue: https://github.com/znmeb/data-science-pet-containers.

The gotcha with a pet container workflow is that it doesn’t really work on Windows 10 Pro or MacOS. Docker on those systems is done inside a full virtual machine running Linux. That machine has a virtual disk drive and is typically allocated a fraction of the RAM the system has.

For example, on my gamer laptop, the Docker VM gets 2 GB of RAM out of the 8 GB the laptop has. This kind of inefficiency is intolerable for data science, so I run native binaries on Windows.

Advice for setting up a Silverblue workstation: I’d say do as much as you can with pre-built images from the Docker Store / Docker Hub. For example, Data Science Pet Containers is built on the official PostgreSQL and pgAdmin images along with the official “Rocker” RStudio image. I’m still using Docker Compose for orchestration but the trend is clearly towards Kubernetes.

And do as much as you can on the desktop with Flatpaks. In my case, the only apps I have on my desktop that are available as Flatpaks but installed from the Silverblue repos are stable Firefox and GNOME Boxes.


#3

I was thinking that it would be best to avoid layering as much as possible. Towards that end I can envision circumstances where I may require to use containers, which I see as being very good at providing a base image to build upon by adding flatpaks as necessary. The problem I am trying to wrap my head around is that I am used to the way I set up my Fedora Workstation and the associated workflow I put through it consequently is pretty firmly entrenched in my psyche. Resolving that and translating to a immutable OS + Container base image + flatpak application for the desktop is where I fall short of the vision. Somewhat due to the urge to have everything available all of the time from any perspective. As well as things like hardware that I use sometimes, such as a Mixed Signal Oscilloscope require physical port access and control. Thankfully, I don’t have the need to run containers on my Windows 10 Pro laptop, since it is specifically for proprietary software needed by me to support my customers, and unfortunately there are not available open source alternatives.


#4

Thanks for the advice. I’m still working through the ‘pet container’ idea, which I cannot seem to get a lot of info about. I thought a good place to start would be podman or libpod, I guess it is actually called. I went through the getting started and managed to create a container which won’t run since I didn’t have ‘slirp4net’? Which is something I must install apparently, and likely layered as well. I did manage to get the info about the pod image which was informative, and easily readable. So now I’m off to the Docker Store / Docker Hub to check into the Pet Containers. Ahhhhh! I can smell the mind numbing technical acronyms from here!


#5

I’m still working through the ‘pet container’ idea, which I cannot seem to get a lot of info about.

It’ll be hard to find any concrete information about them, because (almost by definition) they are all going to be unique. Each person is going to have their own settings and packages they want to include.

What has worked for me is to examine the configs for other people’s pet containers and iterate on those. I found @jlebon’s container to be very useful (in fact all of his dotfiles) as a starting point:

Or have a look at @walters set of dev containers:

And I’ll even include my own for grins:

It will be interesting to see if we can collate these kinds of examples into some sort of framework that would allow users to build their own pet containers using some sort of tool (or dare I say…wizard!?).

I would be interested if you find any ‘pet containers’ labeled as such on Docker Hub/Store, simply because I don’t know if that concept has gained adoption outside of the Silverblue users.


#6

I have a “more traditional Docker” version - I build a network of containers with Docker Compose from official repos in the Docker Store / Docker Hub, rather than trying to build one “pet container” that has everything on my desktop. Presumably I could run the identical network on a cloud server from a Chromebook, bandwidth willing, of course.

One of the attractions of the pet container approach is that quite a few third party packages aren’t tested on Fedora - just RHEL/CentOS and Ubuntu LTS. So rather than build them from source and have to do my own support, I run them in containers.


#7

Thank you for providing the links. I understand what you mean by the variances of user set up’s, I realize there won’t be a single solution. I’ll have a look through the files, it’s good to have examples to refer to.


#8

Thank you for the advice, I went to Docker Hub, and did manage to pull an image. The only issue I ran into was missing slirp4netns. I had to install (slirp4netns) using rpm-ostree, and reboot. I note this is a library used by Podman and other apps, and since you cannot load an image in podman without it, I was thinking maybe there is some issue there with dependencies not being met at install of podman. In any case, once I installed slirp4netns things worked, I could load an image. Now I am armed with examples and advice, I will be reading for the weekend I see. Perhaps, before Silverblue get’s a “wizard” for post installation configuration options as @miabbott points out, a guide may be a good place to start. In my case, I consider myself a layman in terms of current best practices for container use, indeed the same could be said for my level of Systems Admin knowledge. Silverblue presents (for the average Fedora user) a significant paradigm shift in how the PC is being used. The simple concept of sandboxed everything outside of your core OS bits, is quite subtly more involved than first blush would indicate. Having said all of that, I will say that I was still able to use Silverblue right out of the box when I installed F28 Silverblue on bare metal. Aside from the missing flatpaks of favourite apps, everything worked, at least until it didn’t.


#9

The only issue I ran into was missing slirp4netns. I had to install (slirp4netns) using rpm-ostree, and reboot. I note this is a library used by Podman and other apps, and since you cannot load an image in podman without it, I was thinking maybe there is some issue there with dependencies not being met at install of podman.

You are hitting this issue - https://pagure.io/teamsilverblue/issue/39

TL;DR - podman should have slirp4netns as a dependency

It’s currently a Recommends, but might need to be a hard Requires

https://src.fedoraproject.org/rpms/podman/blob/master/f/podman.spec#_76


#10

In my opinion, we need input from all types of users. From experts to laymen. :slight_smile:

If you can document your experiences trying to create your own pet container, what worked and what didn’t, we could start to build out documentation around this. We know there isn’t going to be a one size fits all, but the more documentation and examples we provide, the better off we will be in the long term.


#11

I’ll definitely take some notes while going through the process. Be glad to share, if they’ll be of help is an entirely different matter.


#12

Currently, I am in the middle of machine repairs for my customers, so I am not able to get to this forum as often, but thanksgiving is here and a bit of a break. I looked over the info you provided, which was quite a bit and was very informative for me. It truly brought home your point about the variance in set up. It also reminded me of my need to understand what I am asking before asking it, sort of a conundrum. In this case the question seemed simple enough to ask, “What is the suggested approach(es) to correctly set up a Silverblue Workstation?”. It isn’t in fact a simple question to answer, especially succinctly. I think there is a commonality of approach between the examples you provided for me, and it is that approach I am interested in. Perhaps the Install/Upgrade could offer the option to have automatic setup/configuration prior to creating the ostree, eventually. In the interim, I am starting my approach with writing a list of things I absolutely need to have as part of the immutable kernel, layer appropriately, then move onto flatpak installation of pretty much everything else, including the development setup I choose. I would like to keep within the bounds of operating Silverblue, with minimal/no layering, and copious use of flatpaks. Avoidance of OSTree compromising technologies should be viewed as verboten IMO.