Recently I spent a few days exploring Alpine Linux.
For years I’ve followed advice to use Alpine in container builds as a lightweight base image. Recent casual reading got me thinking about possibly using Alpine as a base for a custom desktop distribution or (more seriously) for appliances that run containers using Nomad or directly with Docker or Podman. I had some spare Raspberry Pis and was able to quickly install Alpine on one using rpi-imager. From there I set up Podman, Nomad, and Vault in a four-node Alpine-based cluster of Raspberry Pis.
My first impressions were great: even on my Pi 4’s, Alpine felt snappy. In hindsight, I think this was partly because Alpine had a better default sshd configuration, which made logging in faster on my Alpine Pis than my Ubuntu-based ones. But it was also undeniably faster to install and set up.
After digging a bit deeper, I’m pausing my Alpine explorations. I don’t have a compelling enough use for it, considering some of the disadvantages noted below. Ubuntu is working out well enough for me and is less of a barrier to potential adopters. Still, Alpine is a tempting base that I might dig into again.
Pros#
- Alpine is lightweight and feels really fast on my Raspberry Pis.
- Alpine’s founder (Natanael Copa, Meet the Creator of Alpine Linux) seems like an effective steward.
- Building the core utilities on busybox seems clever and efficient.
- musl seems like a good idea. Without looking into it, it’s easy to believe that libc is bloated.
- OpenRC is easy to configure and use.
- I really like the packaging system (apk); it was easy to use it and not hard to set up a repository.
- Tailscale is in the community repository and was easy to install. With it, I can ssh into my Alpine machines from any machine in my tailnet.
- Although I had to build these tools myself, I was easily able to get Nomad, the Nomad Podman driver, and Vault running on a small cluster of four Raspberry Pis.
Cons#
Of these, the “major” problems are ones that I don’t want to solve myself, the “minor” ones are ones that I think I could easily deal with, and “nits” are things that bug me but that I can easily accept.
- Major: musl has memory allocation performance problems. WizOS uses libc instead of musl, but do I really want to use a corporate distribution? (No.)
- Major: Tailscale doesn’t fully work in Alpine, apparently due to DNS problems. tl;dr I can’t see other machines in my tailnet from my Alpine nodes.
- Minor: The cloud providers that I currently use (Digital Ocean and Google) don’t offer Alpine images. This has been said to be due to a lack of cloud-init support, or to difficulty adapting to OpenRC. These problems seem to be addressed by third-party projects and the Alpine project offers cloud images. I found that Linode and Hetzner (and possibly others) directly offer Alpine images, although I didn’t try either.
- Minor: I didn’t work out a way to automate setup of my Pi Alpine instances.
- Minor: It seems risky to use Alpine on a desktop. I don’t really want to become an expert in configuring Linux desktop environments.
- Minor: Nomad and Vault were removed from the community repository over licensing issues and I was unable to find another source, so I had to build my own Nomad and Vault instances.
- Minor: Package generation is centralized. I haven’t seen a way to parallelize it.
- Nit: Busybox is an aging monolith, so adding anything or changing it would be hard (but it’s trivial to replace individual commands with their own binaries).
- Nit: I’m not particularly a Lua fan, but I can see its usefulness in
apk.
Aside#
Here, without explanation and with all comments removed, is the Alpine /etc/ssh/sshd_config that I used to simplify my Ubuntu configuration and speed up login on my Ubuntu Pis:
PermitRootLogin prohibit-password
AuthorizedKeysFile .ssh/authorized_keys
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
Subsystem sftp internal-sftp