rpm-ostree/docs/manual/administrator-handbook.md
Colin Walters a3250f221d docs: Update admin handbook, mention ex in manpage
- Focus on `rpm-ostree` rather than `atomic host` since...well, a
   lot of stuff isn't exposed there and the whole branding is confusing.
 - Mention `ex`, `rebase` etc.

Closes: #908
Approved by: miabbott
2017-08-07 20:56:55 +00:00

4.6 KiB

Administering an rpm-ostree based system

At the moment, there are four primary commands to be familiar with on an rpm-ostree based system. Also remember that in a Project Atomic system, the atomic host command (from the Atomic command) is an alias for rpm-ostree.

   # rpm-ostree status

Will show you your deployments, in the order in which they will appear in the bootloader. The shows the currently booted deployment.

   # rpm-ostree upgrade

Will perform a system upgrade, creating a new deployment (root filesystem) and set it as the default for the next boot. You should use systemctl reboot shortly afterwards.

   # rpm-ostree rollback

This rolls back to the previous state. By default, the rpm-ostree upgrade will keep at most two bootable "deployments", though the underlying technology supports more.

# rpm-ostree deploy <version>

This command makes use of the server-side history feature of OSTree. It will search the history of the current branch for a commit with the specified version, and deploy it. This can be used in scripts to ensure consistent updates. For example, if the upstream OS vendor provides an update online, you might not want to deploy it until you've tested it. This helps ensure that when you upgrade, you are getting exactly what you asked for.

Hybrid image/packaging via package layering

It is possible to dynamically add more packages onto the system that are not part of the commit composed on the server. These additional "layered" packages are persistent across upgrades, rebases, and deploys (contrast with the ostree unlocking mechanism).

This is where the true hybrid image/package nature of rpm-ostree comes into play; you get a combination of the benefits of images and packages. The package updates are still fully transactional and offline.

For example, you can use package layering to install 3rd party kernel modules, or userspace driver daemons such as pcsc-lite-ccid. While most software should go into a container, you have full flexibilty to use packages where it suits.

# rpm-ostree install <pkg>

Will download the target package, its dependencies, and create a new deployment with those packages installed. To remove layered packages, use rpm-ostree uninstall.

By default, every rpm-ostree operation is "offline" - it has no effect on your running system, and will only take effect when you reboot. This "pending" state is called the "pending deployment". Operations can be chained; for example, if you invoke rpm-ostree upgrade after installing a package, your new root will upgraded with the package also installed.

Rebasing

rpm-ostree rebase -b $branchname

Your operating system vendor may provide multiple base branches. For example, Fedora Atomic Host has branches of the form:

  • fedora/26/x86_64/atomic-host
  • fedora/26/x86_64/updates-testing/atomic-host
  • fedora/27/x86_64/atomic-host

You can use the rebase command to switch between these; this can represent a major version upgrade, or logically switching between different "testing" streams within the same release. Like every other rpm-ostree operation, All layered packages and local state will be carried across.

Other local state changes

See man rpm-ostree for more. For example, there is an rpm-ostree initramfs command that enables local initramfs generation.

Experimental interface

There is a generic rpm-ostree ex command that offers experimental features. One of those is rpm-ostree ex livefs, which offers the ability to apply changes from the pending deployment to the booted deployment.

See man rpm-ostree for more information.

Filesystem layout

The only writable directories are /etc and /var. In particular, /usr has a read-only bind mount at all times. Any data in /var is never touched, and is shared across upgrades.

At upgrade time, the process takes the new default /etc, and adds your changes on top. This means that upgrades will receive new default files in /etc, which is quite a critical feature.

For more information, see OSTree: Adapting.

Operating system changes

  • The RPM database is stored in /usr/share/rpm, and is immutable.
  • A package nss-altfiles is required, and the system password database is stored in /usr/lib/passwd. Similar for the group database. This might change in the future; see this issue.