8️⃣ Here's the 8th post highlighting key new features of the upcoming v261 release of systemd.
-
8️⃣ Here's the 8th post highlighting key new features of the upcoming v261 release of systemd. #systemd261 #systemd
When you manage a fleet a systems, it's important to minimize differences between systems, in order to unify handling. But at the same time systems will differ in purpose, in location, in hardware properties, architectures, in connectivity, deployment state, in payloads and more.
To schedule work on the machines it's often necessary to condition them properly, to take all these…
-
8️⃣ Here's the 8th post highlighting key new features of the upcoming v261 release of systemd. #systemd261 #systemd
When you manage a fleet a systems, it's important to minimize differences between systems, in order to unify handling. But at the same time systems will differ in purpose, in location, in hardware properties, architectures, in connectivity, deployment state, in payloads and more.
To schedule work on the machines it's often necessary to condition them properly, to take all these…
…minor and major differences into account. And what precisely to consider and what not is really up to the administrator to figure out.
With v261 we hope to help the admin with that a bit. There's now a new "machine tags" concept. At their most basic they are just a list of labels you can write to the MACHINE_TAGS= field in /etc/machine-info. How the admin picks the labels is up to them, and how they name them is too.
You can query and modify the tags via "hostnamectl tags". You can also…
-
…minor and major differences into account. And what precisely to consider and what not is really up to the administrator to figure out.
With v261 we hope to help the admin with that a bit. There's now a new "machine tags" concept. At their most basic they are just a list of labels you can write to the MACHINE_TAGS= field in /etc/machine-info. How the admin picks the labels is up to them, and how they name them is too.
You can query and modify the tags via "hostnamectl tags". You can also…
…initialize them on first boot via the new "firstboot.machine-tags" system credential.
The true power comes when combined with ConditionMachineTag=/AssertMachineTag=: you can condition units easily based on the labels you assigned.
(With the future v262 we plan to extend the concept further: the goal is to make it easy to "auto-tag" machines based on detected hw, via udev rules/hwdb, and to condition more objects, such as .network files on them)
-
…initialize them on first boot via the new "firstboot.machine-tags" system credential.
The true power comes when combined with ConditionMachineTag=/AssertMachineTag=: you can condition units easily based on the labels you assigned.
(With the future v262 we plan to extend the concept further: the goal is to make it easy to "auto-tag" machines based on detected hw, via udev rules/hwdb, and to condition more objects, such as .network files on them)
@pid_eins Why are there two options? ConditionMachineaTag= and AssertMachineTag=.
-
@pid_eins Why are there two options? ConditionMachineaTag= and AssertMachineTag=.
@levitating all our conditions come in both flavours. ConditionXYZ= will skip the start job successfully if the condition doesnt hold. AssertXYZ= will make the start job fail if so. Use the former for optional stuff, use the latter for hard pre-conditions. See man pages for details.
-
…initialize them on first boot via the new "firstboot.machine-tags" system credential.
The true power comes when combined with ConditionMachineTag=/AssertMachineTag=: you can condition units easily based on the labels you assigned.
(With the future v262 we plan to extend the concept further: the goal is to make it easy to "auto-tag" machines based on detected hw, via udev rules/hwdb, and to condition more objects, such as .network files on them)
@pid_eins Why not just use a immutable operating system on the machines?
-
@pid_eins Why not just use a immutable operating system on the machines?
@Velocifyer @pid_eins well systemd has to provide for traditional systems as well. This feature can be useful for immutable distributions as well. E.g. monitoring solution with differing configuration based on the tags.
-
@pid_eins Why not just use a immutable operating system on the machines?
@Velocifyer i dont grok the question. These days pretty much anything I do is in the context of immutable OSes. But maybe our definition of immutable OSes differs. For me it means the OS still carries a local identity (which is definitely writable, at least initially), and is composed of immutable images, though the choice of the combination itself is not immutable. Machine tags are supposed to fill in an important glue in the middle: they are part of the local identification and we hook...
-
@Velocifyer i dont grok the question. These days pretty much anything I do is in the context of immutable OSes. But maybe our definition of immutable OSes differs. For me it means the OS still carries a local identity (which is definitely writable, at least initially), and is composed of immutable images, though the choice of the combination itself is not immutable. Machine tags are supposed to fill in an important glue in the middle: they are part of the local identification and we hook...
@Velocifyer ... the selection of images onto it.
But hey, I have no trademark on the term "immutable OS", and pretty obviously people have different definitions of the term. For example ostree/bootc people think a mutable fs backend is fine, though I'd disagree.
-
R relay@relay.infosec.exchange shared this topic
