Hi @Trab40,
nice thread indeed, because I think it highlights a few challenges which are very common. Some quotes slightly shortened, but hopefully keeping the meaning intact.
Understood - like said, it’s a very common situation unfortunately. Starting out with a golden image feels easier and possibly yields faster results in the beginning, but you end up with a maintenance nightmare. Where to head depends on your specific requirements of course, but basically it means addressing the technical debt from the faster ramp-up.
Such a setup is, let’s say, comparatively easy to build. In the end it consists, as you already figured out, of two building blocks.
- the base OS image, which provides the infrastructure to run and update a container-based workload. I have written a tutorial on this, and an example incarnation for the Raspberry Pi at meta-mender-community/kas/demos/meta-mender-demo-app-updates at scarthgap · mendersoftware/meta-mender-community · GitHub
- the containerized application payload, which is then deployed on top of the base image. Mender provides the so-called application update module, and based on that I am just right now working on an example pipeline to build and deploy those artifacts. You can find the current working state (I’d say beta quality, functional but not pretty) at GitHub - TheYoctoJester/mender-app-update-pipeline: Example repository for creating and deploying a docker-compose based Mender Artifact
I’m pretty sure it can be done, also without too much hassle, if the original Ubuntu setup already is A/B enabled. For something x86/UEFI based, even better. It will definitely require a bit of tinkering and testing, but my gut feeling is that it should not be a blocker. Possibly even the easiest part of this. Maybe @kacf has some thoughts?
The first and foremost step would be finding a way to create an SBOM of what you are actually shipping. To my knowledge, that’s extremely hard to nearly impossible for golden images, because basically every time (exception: configuration) you modify the image, you actually change the software payload. And doing so at different points in time will even give you slightly different states of software, because the versions from the upstream repositories are in flux. In a nutshell: it’s just not reproducible or traceable.
So TL;DR: my advice would be to go for a combined Yocto base OS plus container updates on top of it. But again, I’m somewhat biased there.
How all of this plays together with ROS, I absolutely cannot comment on.
Greetz,
Josef