torcx - a boot-time addon manager
206 views
Skip to first unread message
Luca BRUNO
Apr 21, 2017, 2:02:14 PM4/21/17
to CoreOS Dev
This is an informational email about a new work-in-progress tool called
"torcx". Its role is to manage system-level binary addons and custom software
versions on top of the OS (CL) while keeping those entities independently
upgradeable.
If you want to skip all the boring details, you can jump straight to the
project repository and watch a short demo of torcx in action there:
* https://github.com/coreos/torcx
* https://asciinema.org/a/115034
## What is torcx?
torcx (pronounced `torks`) can be thought of as a package manager for an
immutable system. It is meant to be run at-most-once at an early stage of the
boot-process (after pivot_root) and install ephemeral addons.
The whole project is written in Go and exposes a human-friendly command-line
as well as machine-friendly JSON interfaces.
## How does it work?
This tool is designed to be a one-shot service which can be run in offline mode
at-most-once per boot. It applies addons to a system by unpacking a user-
configured set of archives and propagating some of the extracted assets into
transient well-known paths. The unpacked directories are then made read-only,
sealing the booted system into its new state.
## What's inside an addon archive?
An archive contains specific software which need to be available/running in
host context (eg. docker/containerd/rkt), together with specific libraries and
assets. While archives can be fetched and rendered from (OCI) containers, they
are NOT self-contained images and will share part of their runtime
environment with the host.
More specifically, an archive typically contains one or more binaries
(specially built with an appropriate runpath) and most of the shared
libraries used by that binary.
Contrarily to rkt-fly, such binaries do not run in a chroot.
## What's the status?
torcx is currently an experimental project, which works for limited PoC but
needs to be validated on more usecases. However, its overall design is mostly
stabilized at this point.
Ciao, Luca
--
"If you build a wall, think of what you leave outside it" - Italo Calvino
"torcx". Its role is to manage system-level binary addons and custom software
versions on top of the OS (CL) while keeping those entities independently
upgradeable.
If you want to skip all the boring details, you can jump straight to the
project repository and watch a short demo of torcx in action there:
* https://github.com/coreos/torcx
* https://asciinema.org/a/115034
## What is torcx?
torcx (pronounced `torks`) can be thought of as a package manager for an
immutable system. It is meant to be run at-most-once at an early stage of the
boot-process (after pivot_root) and install ephemeral addons.
The whole project is written in Go and exposes a human-friendly command-line
as well as machine-friendly JSON interfaces.
## How does it work?
This tool is designed to be a one-shot service which can be run in offline mode
at-most-once per boot. It applies addons to a system by unpacking a user-
configured set of archives and propagating some of the extracted assets into
transient well-known paths. The unpacked directories are then made read-only,
sealing the booted system into its new state.
## What's inside an addon archive?
An archive contains specific software which need to be available/running in
host context (eg. docker/containerd/rkt), together with specific libraries and
assets. While archives can be fetched and rendered from (OCI) containers, they
are NOT self-contained images and will share part of their runtime
environment with the host.
More specifically, an archive typically contains one or more binaries
(specially built with an appropriate runpath) and most of the shared
libraries used by that binary.
Contrarily to rkt-fly, such binaries do not run in a chroot.
## What's the status?
torcx is currently an experimental project, which works for limited PoC but
needs to be validated on more usecases. However, its overall design is mostly
stabilized at this point.
Ciao, Luca
--
"If you build a wall, think of what you leave outside it" - Italo Calvino
Reply all
Reply to author
Forward
0 new messages