What is it, how it works, and why you should seriously consider checking it out!
If you happen to pay any kind of attention to ongoing trends in the Linux OS sphere, you've more than likely come across posts, articles, or maybe a few videos that make reference to these interesting operating systems that tout having this magical structure that makes them "immutable".
Immutable operating systems are built with the principle of immutability in mind. This basically means that the operating system is designed to be unchangeable and unmodifiable during runtime. Any updates or modifications to the system result in the creation of a new instance or snapshot...thus making it extremely easy to rollback to a previous configuration should a change produce undesirable effects.
Ok, so maybe a literal kind of definition isn't exactly the most tasteful way of explaining what makes these OS's different from everything else...
Perhaps a better way to look at the difference between a typical OS many of us use, and an immutable one is like this:
Standard OS
- The vast majority of Linux operating systems, such as Arch or Ubuntu, follow a standard file system hierarchy (shown above).
- Users run their respective package manager commands to update their system, i.e.
apt upgrade
orpacman -Syu
, to check whether or not there are newer software versions available. - If a more recent version exists, the application binary (or shared libraries) is downloaded from the remote source and installed…consequently overwriting the previous installation files.
- Even though Windows differs in its system structure, it too follows a similar process for system updates.
- Such processes of update and replace are ultimately what makes these mutable systems.
Immutable Systems
- Upgrades happen in the complete opposite way.
- Instead of overwriting previous applications and files with their newest selves, an entirely new system state is created and stored separate from the previous one.
- This new state is then available at system boot, alongside any previous states from prior upgrades.
Immutable systems function similarly to version management tools such as git. Whenever you update or add new code to a project that's being tracked by git, you commit the new changes to the code base, which in turn receives a new hash and other metadata attached to it. Even though your code is updated, you're still able to rollback to the previous commit and toss all those changes if something happened to break after the commit was made.
Some Pros
- Version Control Mechanism: Immutable operating systems enable easier version control and rollback capabilities. If an update or change results in an issue or unintended consequence, reverting to a previous version is as simple as switching back to a known stable image.
- Simplified Maintenance: With immutable operating systems, the need for continuous patching and updates is significantly reduced. Since the system remains unchanged during runtime, there's no need for live updates or patches (unless of course you want to).
- Increased Stability: Immutable operating systems provide a high level of stability due to their unchangeable nature. By eliminating the potential for unexpected modifications or conflicts, the system is less prone to errors and crashes.
A Few (Slight) Cons
- Storage Requirements: Since each system version or change requires the creation of a new instance or image, the storage requirements for immutable operating systems can be higher compared to traditional operating systems. This isn't always the case though, as long as you keep the number of stored snapshots to a minimum.
- Learning Curves: Moving from a traditional operating system to an immutable one can involve a learning curve for some, especially for a system like NixOS which utilizes a single configuration file for defining system state. Users sometimes need to acquaint themselves with new tools and workflows for managing and updating the system. As with everything, reading through documentation and user forums can quickly flatten any curve.
There have been a number of immutable systems that have increasingly become more popular with users, and each has its own implementation of immutable file structures.
A few of these worth mentioning include:
- NixOS
- Fedora Silverblue
- VanillaOS
- macOS (through similar mechanisms)
So What?
I can already hear some of you saying it out loud:
"So what? It sounds like just another flavor of something I don't really need"
And ya know, you may be right…or you may be dead wrong! The thing is, immutable operating systems aren't the be-all-end-all of things. For many, they are a means to an end, and for others…well, for others, they're the only option.
Personally, I use NixOS on a daily basis on several of my laptops and desktops, but also love the bleeding edge and raw power that Arch Linux offers, and in certain scenarios the sysadmin qualities of CentOS/Rocky Linux.
The beautiful thing is, as with all things Linux…the choice is yours!
Wrapping Up
If you found this article intriguing, and would like to keep up with the wide world of application development and systems exploration, give me a follow and feel free to leave your thoughts! I try my best to respond to everyone's comments, and highly value all of your opinions!
💻 Check out my Github
Top comments (3)
It is a good read, this seems like a good choice for enterprise no?
Much appreciated! It definitely has the potential to add extraordinary stability to the enterprise sphere. I actually started working on another small project a few weeks back to demonstrate this exact use-case, so be sure to keep an eye out for my upcoming article on it!
Thanks Ed, this was a good description of the trend in individual system management! 👏
For those working in the space, a versioned, immutable approach works well with the 'cattle, not pets' philosophy common in cloud compute too: providing nicely versioned images for deployment (often using the pessimistic mechanism) or rollback should things begin to go wrong... Immutability also provides enhanced security as the whole file system can be subject to file integrity monitoring, not just poorly chosen bits of it, plus in the event of systems being compromised, they can be isolated, frozen and compared to the off-line images for faster forensics. Along with continuous deployment, immutability provides part of the DIE (Distributed, Immutable, Ephemeral) security strategy popularised by people such as Kelly Shortridge.