Skip to content
LinkState
Go back

Baked configs versus mounts versus generated startup

Comparing Configuration Delivery Models for Large Labs

When scaling lab environments, the way configuration is delivered has a direct impact on boot determinism, cache efficiency, diffability, and failure isolation—especially when custom images and topology templates evolve independently. Below we examine three common delivery models and score each criterion on a scale of 1 (poor) to 5 (excellent).

ModelBoot DeterminismCache EfficiencyDiffabilityFailure IsolationTypical Tools
1. Pre‑built Golden Images5423Packer, VMware Image Builder, Docker Build
2. Config‑as‑Code Injection (cloud‑init/ignition)4544cloud‑init, Ignition, Terraform provisioner
3. Declarative State Sync (GitOps/Operators)3355ArgoCD, Flux, Kubernetes Operators, Ansible Operator

1. Pre‑built Golden Images

A golden image contains the OS, required packages, and often the lab‑specific software baked in. The image is version‑controlled (e.g., in an artifact repository) and instantiated directly by the hypervisor or container runtime.

Strengths

Weaknesses

Example CLI workflow

# Build a golden image with Packer
packer build -var 'lab_version=2024.09' golden-image.pkr.hcl

# Upload to an artifact repo (e.g., Artifactory)
curl -u$user:$token -T golden-image.qcow2 \
  "https://repo.example.com/lab-images/golden-image-${LAB_VER}.qcow2"

# Instantiate with libvirt
virt-install \
  --name lab-node-01 \
  --import \
  --disk path=/var/lib/libvirt/images/golden-image.qcow2,format=qcow2 \
  --vcpus 4 --ram 8192 \
  --os-variant ubuntu22.04

2. Config‑as‑Code Injection (cloud‑init / Ignition)

Here a minimal base image (often a distro cloud image) is paired with a user‑data script or Ignition config that is applied at first boot. The base image changes infrequently; the user‑data evolves with the topology.

Strengths

Weaknesses

Example CLI workflow

# Create a cloud‑init user‑data file
cat > user-data.yaml <<'EOF'
#cloud-config
package_update: true
package_upgrade: true
packages:
  - python3-pip
  - git
runcmd:
  - pip3 install -r /opt/lab/requirements.txt
  - systemctl enable lab-service
EOF

# Generate an ISO with the user‑data (for VMs)
cloud-localds user-data.iso user-data.yaml

# Boot a VM attaching the ISO as a config drive
virt-install \
  --name lab-node-02 \
  --import \
  --disk path=/var/lib/libvirt/images/ubuntu-22.04-cloud.img,format=qcow2 \
  --disk path=user-data.iso,device=cdrom \
  --vcpus 2 --ram 4096 \
  --os-variant ubuntu22.04

3. Declarative State Sync (GitOps / Operators)

The lab runs a baseline image (often a minimal OS or container) and a control plane continuously reconciles the desired state declared in a Git repository. Changes to images or topology are expressed as declarative manifests that an operator applies.

Strengths

Weaknesses

Example CLI workflow (ArgoCD + Kustomize)

# 1. Commit a base image tag to Git
git checkout -b update-base-image
sed -i 's|image: .*|image: myrepo/base-image:2024.09|' kustomization.yaml
git add kustomization.yaml
git commit -m "chore: bump base image to 2024.09"
git push origin update-base-image

# 2. ArgoCD automatically syncs the cluster
argocd app sync lab-cluster

# 3. Verify rollout
kubectl rollout status deployment/lab-workload -n lab

Guidance for Choosing a Model

ScenarioRecommended Model
Strict reproducibility required (e.g., certification tests)Pre‑built Golden Images
Frequent topology tweaks, infrequent OS changesConfig‑as‑Code Injection
Rapid feature flow, need for auditability and rollbackDeclarative State Sync (GitOps)

In practice, many large labs adopt a hybrid approach: a golden base image provides the OS layer, cloud‑init injects site‑specific parameters, and a GitOps operator manages application‑level services. This layers the strengths of each model while mitigating their individual weaknesses.


Share this post on:

Previous Post
ACL canaries with shadow counters first
Next Post
Packet-walk replay cases for overlay blackholes