On Wed, Dec 29, 2021 at 3:36 PM Stephen John Smoogen <smooge(a)gmail.com> wrote:
On Wed, 29 Dec 2021 at 13:51, Gordon Messmer <gordon.messmer(a)gmail.com> wrote:
>
> On 12/29/21 09:59, Stephen John Smoogen wrote:
> > The modern day case where /usr is read-only is inside a container and
> > you put an overlay or using some sort of linking to /var which is
> > read-write in case of reboots.
>
>
> Right, that makes sense.
>
>
> > To me this is like saying 'move everything into /usr but because its
> > volitile move it back into /var but in a sub-directory from where it
> > was so you can keep an image running.' In this case, this doesn't
> > sound like any savings and more of a headache of why did it corrupt
> > this time.
>
>
> But this doesn't. Why would you need to move the rpmdb? Users probably
> aren't installing rpm packages in containers at run time (particularly
> if /usr is read-only); installation typically happens when building the
> container image, at which point /usr isn't read-only.
>
Most of the containers I am dealing with are
Grab the base image,
Create a layer, and add the images you want,
Test and deploy the layered image.
Update that image over time.
Theoretically people should build the thing from scratch every time but instead you get
someone downloading the base image which they have gotten an OK to use, then adding the
stuff they need, and then running with that for YEARS because the person who built the
first one left long ago and no one wants to break the paycheck program again.
This is a very, very old problem: I was dealing with it with OS images
20 years ago.