1 Read-only file system #
This chapter focuses on the characteristics of the read-only file system that is used by SLE Micro.
SLE Micro was designed to use a read-only root file system. This means that
after the deployment is complete, you are not able to perform direct
modifications to the root file system, e.g. by using
zypper
. Instead, SUSE Linux Enterprise Micro introduces the concept of
transactional updates which enables you to modify your system and keep it up
to date.
The key features of transactional updates are the following:
They are atomic - the update is applied only if it completes successfully.
Changes are applied in a separate snapshot and so do not influence the running system.
Changes can easily be rolled back.
1.1 /etc
on a read-only file system #
Even though /etc
is part of the read-only file system,
using an OverlayFS
layer on this directory enables you to
write to this directory. All modifications that you performed on the content
of /etc
are written to the
/var/lib/overlay/SNAPSHOT_NUMBER/etc
.
Each snapshot has one associated OverlayFS
directory.
Whenever a new snapshot is created (for example, as a result of a system
update), the content of /etc
is synchronized and used
as a base in the new snapshot. In the OverlayFS
terminology, the current snapshot's /etc
is mounted as
lowerdir
. The new snapshot's /etc
is
mounted as upperdir
. If there were no changes in the
upperdir
/etc
, any changes performed
to the lowerdir
are visible to the
upperdir
. Therefore, the new snapshot also contains the
changes from the current snapshot's /etc
.
lowerdir
and upperdir
If /etc
in both snapshots is modified, only the
changes in the new snapshot (upperdir
) persist. Changes
made to the current snapshot (lowerdir
) are not
synchronized to the new snapshot. Therefore, we do not recommend changing
/etc
after a new snapshot has been created and the
system has not been rebooted. However, you can still find the changes in
the /var/lib/overlay/
directory for the snapshot in
which the changes were performed.
--continue
option of the transactional-update
command
If you use the --continue
option of the
transactional-update
command when performing changes to
the file system, all /etc
directory layers created by
each separate run of transactional-update
, except for
the one in the newest snapshot, are synchronized to the
lowerdir
(the lowerdir
can have
several mount points).