• untoreh-light


Pine, Alpine linux based on OSTree

Choosing what OS runs on your servers is a matter of convenience and familiarity. Convenience means you want something that gives you as less troubles as possible, familiarity means that you would prefer not to learn additional things if you don't have to.

My servers are pets so I am ok manually issuing a few commands every once in a while, and don't require complete automation.

After trying out CoreOS for a year I switched to my own simplified distro based on alpine and ostree.


This version of alpine takes cues from flatcar and project-atomic and is supposed to be installed as a read-only root file-system with updates happening atomically, that is, either they succeed or the system swaps back to the previous state. For this to be possible to system has to always have at least two snapshots of the released file-system version, available on storage.


In what environments will the system run? I targeted OVZ and [KVM], but in general you can say containers and virtual machines with the main difference being that containers don't run their own kernel, in particular they don't have a boot process, they call directly into the init system (which for example in a Dockerfile it would be defined by the CMD or ENTRYPOINT statements), which is responsible to manage the tree of prcesses that will keep the container running (just like a normal session, if the init process dies, the container terminates). Also containers can't configure system knobs, and can have additional restrictions on capabilities.

Bisecting the build process

How is the image built?


The prepare.sh script handles dependencies, most of which are the packages to offer common cli tools like coreutils, util-linux, binutils, utilities to operate with block devices like blkid, sfdisk, multipath-tools and file systems with xfsprogs and e2fsprogs. The squashfs-tools package is used at the end to compress the built root file system. A glib compatibility package is also installed by default because alpine is based on musl, the compatibility package works by providing some libraries built against .

The tree

File trees for both VMs and containers are build with respectively make.sh and make_ovz.sh. This is a simplified description of the steps

For containers, the sequence is the same, but configuration changes, because with a system not booted from a bootloader ostree has troubles verifying the environment, we have to apply some workarounds and setup some devices which are usually handled by the initramfs step. This is how OVZ or LXC templates are configured.


Once we have our ostree committed files tree build.sh or build-update.sh takes care of producing the artifact that will be distributed. The difference between the scripts is that the update version starts from a previous ostree repository, and also produces a delta artifact that a running system can apply on its ostree instance to perform upgrades. This is a simplified description of the build steps

The partitions configuration is applied with a fdisk layout.cfg file which defines the partition sizes, we have one partition for the rootfs (~430M), the boot partition (~40M) and a swap partition (~40M). With containers with just skip mounting the previous build over a loop device, and just pull the new ostree commit over the old (extracted) ostree repository.


What am I bundling in this image (apart from installed packages)?

What used to be and isn't anymore


To install the image you can either upload it to the hosting provider and install from VNC, in case of virtual machines, but I usually hijack an existing installation, because it is always possible, well as long I have tested the setup script against version of the linux distribution, generally I use debian-8 or ubuntu-14, haven't tested other ones since these I have always found these to be available. The setup steps follows


I made pine 5 years from time of writing and I am still using it, and I see no reasons to switch to anything else. Alpine as a linux distro is great, simple, and I have never experienced breakage. I can easily deploy on NATed servers which tend to offer ultra-low resources, actually I have a box running with just 64M of RAM, and still have all the features I need.

[1]root file system

Post Tags: