Linux golden images without packer

Linux golden images have come and gone in popularity over the years with a variety of different tools. When I was first a sysadmin we would hand craft a VM, sysprep it, and then export a vmdk file.

When configuration management tools came out we would hand craft a “minimal” VM, sysprep it, export a vmdk file, and let puppet configure the rest during boot. This wasn’t anti-golden image, but the tools at the time made it hard to manage lots of different images and we could get a lot more flexibility by doing a little post-provisioning configuration.

Packer leaned into this approach for creating golden Linux images. It can automate the workflow by automatically provisioning VMs, applying your configuration, and exporting the artifact. Automating the old practices instead of eliminating them.

Containers came out with a different solution for application packaging. They use layered file systems to make it easier to distribute, modify, and track changes to applications. Golden application images have been normal for a long time now. So why are we still building Linux the old way?

The current state of the art in Linux artifacts is:

  1. Write bash/config management to install packages and make changes
  2. Create a Packer pipeline to build artifacts
  3. Distribute artifacts where they’re needed
  4. Replace old systems with new versions
  5. During boot, read metadata to configure the OS

This has been working in cloud environments and some virtualized, on-prem environments, but it has been lacking for bare metal. This is partially because an image based bare metal installation option is not common, hardware configuration is not API driven and requires manual, step-by-step changes, and there’s a lack of rich metadata services to configure nodes.

At the end of the day, all of these steps are writing bits to a disk. How and when they’re written depends on how much pre and post configuration you do.

Because Talos is immutable and API driven we push as much configuration into the pre-deployment stages which means creating golden images. But customizing Talos shouldn’t be as time consuming as traditional Linux distros. It should be easier like composable container layers.

That’s why we created factory.talos.dev

The image factory makes it simple to create customized Talos Linux artifacts without complicated build or distribution steps.

The whole process is 3 steps:

  1. Select the version of Talos Linux you want
  2. Select optional system extensions
  3. Download the artifact

In the above example we create a Talos Linux 1.6.7 artifact with gvisor, tailscale, and zfs. They come installed and configured out the box image.

You can apply this configuration to an existing system with the Talos MachineConfig provided by factory, downloading the images generated, or PXE boot directly to the factory endpoint. The image factory and system extensions do all the hard work.

You can see all of the system extensions we maintain on GitHub. If you need private extensions you can self-host the image factory in your environment. Just get in touch with an email to [email protected].

Not only is the factory a great way to get started with customized Talos Linux images. It’s also integrated directly into Omni. If you’ve ever clicked the “Download Media” button in Omni, you were using the image factory!

Sometimes you do want a local command to build and test images. Especially when you’re creating and testing system extensions.

So we also provide a tool called imager which builds the artifacts for you. Imager still works by layering file system images instead of booting and modifying temporary VMs. It works more like Docker than Packer. What you get is an artifact that’s ready to boot just like docker run.

The question you should be asking yourself is, do you still want to be building golden images the way we did 15 years ago, or do you want to do it the tried and tested way we ship containers and applications.

As a matter of fact, the layered approach works so well you can run Talos Linux directly in Docker. Give it a try.

If you want to learn more or join for a hands on workshop make sure you sign up for Taloscon in September.

Subscribe!

Occasional Updates On Sidero Labs, Kubernetes And More!