Spotlight - Fedora IoT

Fedora May 13, 2021

Fedora provides a wide variety of Linux based distributions. In the "Fedora - Overview" article, I provided a brief introduction of the different tastes. This article is focused on the newest "Edition" named Fedora IoT. Let's see what it is about and why you should use it for certain use cases.

Target audience

Fedora IoT seems to have a very small target audience, but that's not entirely true. Even if the name indicates, that it is used for IoT only, it is also a perfect fit for home servers, industry PCs and edge computing.

Release & Support

Fedora IoT is supported the same way as other Fedora Linux variants. You will get a new major release every 6 months, which will be supported for 13 months.

There is also no option to get paid support for Fedora, but you need to get in touch with the community. In case of Fedora IoT, I made the experience, that the team is very motivated and tries to help as soon as possible.

You can get in touch with the community via:

Please also check out the contribution guide for further information.

Features

Fedora IoT shares some common features with other Fedora variants. So you can expect to find SELinux, NetworkManager or firewalld. In addition, it provides some unique features, that are built around the usage as an IoT or Edge computing device.

Immutable OS

The operating system for IoT systems needs to be immutable and image based. This way you can centrally test your images and deployed on scale afterwards. Updates and installations should be atomic, so basically nothing changes until the device is rebooted. In addition, you will need rollback capabilities, in case something went wrong.

All the above can be achieved with ostree and rpm-ostree. Ostree works a bit like "Git for the OS image". You will check out new images from a central repository, and you need to reboot to use them. You are also not allowed to remove and manipulate certain file system locations. For example, removing something from /usr is not possible.

If you want to install additional packages, you cannot use dnf, but must use rpm-ostree. New packages will be overlaid on top of the base image and will not corrupt the base image in any way. There is even an option to reset all overlays back to the base image.

# Install a package overlay

$ sudo rpm-ostree install cockpit
$ sudo systemctl reboot

# Uninstall a package overlay

$ sudo rpm-ostree uninstall cockpit
$ sudo systemctl reboot

# Reset all overlays

$ sudo rpm-ostree reset
$ sudo systemctl reboot

Please check out the documentation for further instructions and examples for rpm-ostree.

Container

With an immutable base image, you will need other options to deploy your software. Fedora IoT comes with Podman and Skopeo pre-installed. With Podman, you can deploy your applications in containers and with systemd, you can use them like every other service.

Please check out the article "Podman - systemd container management" to get an idea how this works. If you never heard of Podman, you can also have a look at the Podman articles in general.

There are also some cool articles on Fedora Magazine, that show how containers can be used on IoT devices.

IoT/Edge tooling

Fedora IoT comes with some pre-installed software packages, that are very useful for Edge computing and IoT devices.

Industry PCs, IoT Devices and Edge computing devices are often very remote and in unsecure locations. Therefore, USBGuard is pre-installed and can be used to secure your devices from malicious USB devices. You can forbid everything or allow only registered devices.

Furthermore, you will have the libgpiod packages pre-installed. These are especially useful for SoC devices like the Raspberry Pi. You can control the GPIO panel on supported SoC boards and build code, which facilitates the GPIO devices.

Another addition to Fedora IoT is greenboot. This is a generic health checking tool, that can be used to test certain states and react to issues. It's as simple as placing a script in a directory, which tests the state and reboot the machine.

Installation

Fedora IoT provides a wide variety of supported installation methods. You can install it in a VM, on a x86_64 server or a System-on-Chip (SoC) like the Raspberry Pi.

If you want to install Fedora IoT in a VM or x86_64 machine, you will need to download the proper installer ISO. Afterwards, you need to create a boot media or use the ISO to create a VM.

Fedora IoT - Download Page

After the initial boot, you will be greeted from Anaconda (the installer), that will guide you through partitioning, network and user configuration. The installer works exactly the same as for Fedora Workstation or CentOS with one exception: You are very limited in regard to partitioning.

The below gallery shows some screenshots of the installation process.

After the first boot, you will be granted with a prompt like below.

Fedora IoT - First boot

You can see a line, informing you about https://provision.fedoraproject.org. This is a feature (namely Zezere), exclusively available for Fedora IoT. It allows provisioning machines with a ssh-key, so you can log in.

For an installation in a VM (via Anaconda), this is not so important, but comes in very handy, if you use the raw images to provision SoCs.

After the first login, it is strongly recommended updating the system via rpm-ostree. Please ensure that the machine is rebooted afterwards, since ostree patches are only applied after a restart.

# Update and reboot the system

$ sudo rpm-ostree upgrade
$ sudo systemctl reboot

Documentation

The documentation for Fedora IoT is not so exhaustive as for other Fedora variants. Nevertheless, most of the already existing documentation can be applied, and you will also find additional guidance.

Conclusion

Fedora IoT is a somewhat specialized, but not IoT-exclusive distribution, that is immutable. It is very container focused and comes with security software and tools pre-installed that are helpful for IoT, Edge, home and IPC usage.

Tags

Daniel Schier

Just a guy doing stuff. Mostly #FLOSS like #Linux, #Ansible, #Podman, #K8s, #Python, #Nextcloud or whatever comes next.

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.