[HN Gopher] Why we decided for and against Ubuntu Core
___________________________________________________________________
Why we decided for and against Ubuntu Core
Author : thefilmore
Score : 64 points
Date : 2021-03-15 09:49 UTC (13 hours ago)
(HTM) web link (www.nitrokey.com)
(TXT) w3m dump (www.nitrokey.com)
| mwcampbell wrote:
| If I were them, I'd go with something that provides an immutable
| root FS (or at least immutable /usr) and atomic whole-system
| updates, the way Chromium OS and Flatcar Linux (former CoreOS)
| do. IIRC, Balena does this for the base system, but adds
| containers on top.
| c7DJTLrn wrote:
| I work in a different industry and am responsible for maintaining
| a fleet of bare metal OSes (we currently use Ubuntu).
|
| Bare metal management really feels like an unsolved problem.
| Whilst everybody working with cloud environments is whisked away
| by the latest shiny tools like Docker and Ansible, those of us
| working with bare metal are still trying to find a way to keep
| machines up and running with an OS that doesn't get corrupted
| from unexpected poweroffs or permanently cut itself off from the
| network because of a bad config.
|
| The only existing candidate I've seen is Balena, but it only
| supports specific hardware and the cost is probably so high that
| we wouldn't be making a profit if we went with it.
|
| At my current employer we are building a custom flavor of Ubuntu
| and provision it with Puppet, but we still get failures, and it's
| far from the immutable haven that DevOps guys would be used to.
| hnlmorg wrote:
| > _those of us working with bare metal are still trying to find
| a way to keep machines up and running with an OS that doesn 't
| get corrupted from unexpected poweroffs or permanently cut
| itself off from the network because of a bad config._
|
| I'm guessing there's more to this story than you've summarised
| because those points are pretty easily solved with:
|
| - UPS (if the power outs are that much of a problem then you
| might need to invest in a generator as well).
|
| - iLo / IPMI (remote management). Though even just running a
| serial cable out the back of the server is good enough for a
| remote console in the event of a network failure.
|
| As for managing the config of them, the usual tools like
| Ansible and Puppet work just as well (in some cases actually
| better since they were initially designed for on-prem
| hardware). Likewise for Docker. So don't think you can't run
| those tools on bare metal Linux. But if you don't want the
| containerisation-like aspects of Docker but still wanted the
| deployment tools then you can go a long way with git and shell
| scripts.
|
| While DevOps really came into popularity with cloud hosting,
| there's nothing fundamentally new about a lot of the tooling
| that wasn't possible in the old days of bare metal UNIX and
| Linux. Us older sysadmins were still doing a lot of the same
| stuff back then too, we just didn't given it trendy names back
| then.
| imwillofficial wrote:
| Check out Cockpit by the red hat guys. I think this might be
| useful for you.
| ohyeshedid wrote:
| It's been some time since I've happened across Cockpit on
| Ubuntu, but previous experience showed it was several major
| updates behind and lacked a lot of the functionality you see
| in the screenshots.
| c7DJTLrn wrote:
| Appreciate the suggestion but this looks like a provisioning
| tool. Puppet is more or less good enough, it's the OS and its
| mutability which is our problem.
| imwillofficial wrote:
| Maybe I read it wrong, I thought you were looking for fleet
| a management for bare metal. Anyone have any good
| suggestions of cockpit doesn't fit the bill?
| https://www.redhat.com/sysadmin/intro-cockpit
| gmfawcett wrote:
| Have you played with NixOS? The initial learning curve is
| steep, but the payoffs are pretty nice.
| c7DJTLrn wrote:
| I've had my eye on it but haven't played with it yet. From a
| bird's eye view and a discussion with a friend, it doesn't
| sound ready for production, but I'm not ruling it out.
|
| I think it would be a battle to convince my colleagues and
| managers to try NixOS precisely because of the learning curve
| and lack of experts in the hiring pool out there.
| mos_6502 wrote:
| Not that I'm a Canonical stan, or anything. But have you looked
| at MAAS [1]? It works decently well in my small-scale lab
| testing.
|
| 1. https://maas.io
| c7DJTLrn wrote:
| Correct me if I'm wrong, but isn't this just a tool to
| install a chosen OS (for example Ubuntu)?
| srswtf123 wrote:
| Have you checked out Digital Rebar? I'd be interested in
| hearing anyone's experiences with it.
|
| https://rackn.com/rebar/
| jmedefind wrote:
| We use it for our bare metal management and like it for the
| most part.
|
| It does require a lot of planning though.
|
| But the company has been great to work with and super helpful
| in slack.
| eointierney wrote:
| More and more guix or nixos seem like good practical choices
| for these kinds of use cases. I prefer guix as it's a little
| less finicky (though https://gitlab.com/nonguix/nonguix is
| probably required for all non-purists such as this lowly worm).
|
| Ubuntu OS is now stinky doodoo, which is a shame as it used to
| be the cat's pajamas for ease of use. Snapd is a debacle.
| c7DJTLrn wrote:
| Snap definitely doesn't belong on servers - our flavor of
| Ubuntu doesn't have it. If you bootstrap from Ubuntu Base you
| can cut out a lot of that crap.
| chousuke wrote:
| Out of curiosity, what sorts of issues are you having? I don't
| have much experience specifically with Ubuntu on bare metal,
| but I find kickstart easier to understand and use compared to
| preseed, for consistent bare-metal installations.
|
| I think there's an OpenStack project for provisioning bare
| metal servers via an API from images; I wonder how that's doing
| nowadays.
|
| Puppet is pretty good for configuration management when your
| systems do actually require the occasional change instead of
| just being continuously redeployed. Maybe there are people who
| rebuild their database servers every hour via CI, but I'd
| rather not.
|
| "Immutable infra" is definitely not the default state of things
| in DevOps land either. Often people talking about how their
| infra is immutable just conveniently ignore the parts that
| aren't. The data has to live somewhere.
| jonnelafin wrote:
| Good read!
| imwillofficial wrote:
| They raise some good points. However I think it is absurd to
| expect a company to be blamed for having a feature wall for paid
| features. You're trying to use a paid feature for free, that's
| uncool.
|
| I see the point about long term support being deceptive, and also
| the mixed messaging being confusing.
| d1egoaz wrote:
| I got mixed feelings after reading this.
|
| Do they want all the "features" for free, I went to
| https://ubuntu.com/core and it says 10 year security update
| commitment, it doesn't say it's going to be free, how Canonical
| will make money?
| znpy wrote:
| Ubuntu is losing its shine as years go on.
|
| It once was a Debian that just worked, nowadays is some kind of a
| trap. As you start getting deeper you start to notice non-
| standard things that get in the way more than they should,
| besides being utterly non-standard.
|
| Things i noticed so far:
|
| - auto-update enabled by default. if I boot a vm it's going to be
| nearly unusable (can't install packages) because it's going to
| spend the first 30 minutes doing a full upgrade
|
| - netplan -- not sure why that's there
|
| - snaps. for everything. the last straw for me was realizing that
| gnome-calculator packaged as a snap. it took almost 20 seconds to
| show the f-ing calculator. every time an app is slow i suspect
| that's because it's packaged as a snap.
|
| - doing weird stuff with motd. why?
|
| At this point my next reinstall will be a good old Debian.
| dorfsmay wrote:
| I went to Ubuntu years ago for the availability of packages.
|
| Snaps killed it for me. I moved my daily driver(s) on Fedora a
| few months after 20.04. It turns out, RPMfusion does have all
| the packages I want.
| loloquwowndueo wrote:
| " if I boot a vm it's going to be nearly unusable (can't
| install packages) because it's going to spend the first 30
| minutes doing a full upgrade" - wouldn't be an issue if you
| install from the newest image. Also if your cloud provider is
| so crappy that it actually takes 30 minutes to apply a few
| updates maybe find a new one.
| [deleted]
| moistbar wrote:
| Snaps also can't be installed from anywhere besides Snapcraft.
| That's a huge red flag to me.
|
| I initially disliked Flatpak, but I've come around to it
| recently in light of where Snaps seem to be heading.
| lawl wrote:
| The more i look at snap, the more i dislike it.
|
| The same goes for flatpak too unfortunately.
|
| Currently I feel like AppImage, while kind of a hack, might
| just be the best solution.
| c7DJTLrn wrote:
| Netplan on paper is a nice abstraction layer for various
| network configuration tools.
|
| In reality, it's a pain in the backside which may not yet
| support a config option you want to use for the chosen backend.
|
| These days my preference is to bypass the unnecessary
| abstraction and just use raw systemd-networkd instead.
| Jonnax wrote:
| Can you explain to me why netplan is bad?
|
| When it came out in an LTS, I was impressed by being able to
| declaratively describe networking. And there's even a way to
| test a configuration with auto rollback.
|
| These are features that I find great in thing like juniper
| routers.
|
| But when I went online to see what people thought there just
| was annoyance.
|
| It made no sense to me.
| znpy wrote:
| > Can you explain to me why netplan is bad?
|
| I don't see the advantage over networkmanager, honestly. And
| now there's another thing I have to learn and support, with
| no real benefit.
| orwin wrote:
| Well, unless you used to do bridges with nmcli (and if you
| did, i'm really impressed), netplan do have some
| advantages.
|
| And for all the swearing i did when i add to change the
| packer conf, then the ansible conf, i do think netplan is
| in fact easier to understand, read and change than
| brctl/bridge-utils.
|
| I hate snaps though.
| zamadatix wrote:
| netplan brings "generate" and "apply" and so on but that's
| about all the usefulness it brought while doing so completely
| upended the configuration format and supported functionality.
| It seems like there could have been a less disruptive way to
| add that functionality, or at least netplan could have been
| more feature complete when they switched to it.
| seany wrote:
| Good christ snaps are horrible. I had been using ubuntu for
| nearly 14 years, and that was the thing that pushed me back to
| debian.
___________________________________________________________________
(page generated 2021-03-15 23:00 UTC)