2.2 KiB
rpm-ostree
RPM-OSTree (also nicknamed /usr/bin/atomic) is a mechanism to
assemble RPMs on a server side into an
OSTree repository. Then
clients can update from that repository in a reliable image-like
fashion, via atomic upgrade.
Currently, rpm operates on a read-only mode on installed systems; it is not possible to add or remove anything on the client. In return, client systems are reliably synchronized with the server-provided tree. For example, if a package is removed in the server-composed set, when clients update, it also drops out of their tree.
This model works well in scenarios where one wants reliable state replication of master to many client machines.
Installing and setting up a repository
First, unfortunately you must disable SELinux on the build host in order to support SELinux on the built system. See: https://bugzilla.redhat.com/show_bug.cgi?id=1060423
Once you have that done, choose a build directory. Here we'll use /srv/rpm-ostree.
# cd /srv/rpm-ostree
# mkdir repo
# ostree --repo=repo init --mode=archive-z2
Running rpm-ostree compose tree
This program takes as input a manifest file that describes the target system, and commits the result to an OSTree repository.
See also: https://github.com/projectatomic/rpm-ostree-toolbox
The input format is a JSON "treefile". See examples in
doc/treefile-examples, as well as doc/treefile.md.
# rpm-ostree compose tree --repo=/srv/rpm-ostree/repo --proxy=http://127.0.0.1:8123 sometreefile.json
All this does is use yum to download RPMs from the referenced repos,
and commit the result to the OSTree repository, using the ref named by
ref. Note that we've specified a local caching proxy (polipo in
this case) - otherwise we you will download the packages for each
treecompose.
You can export /srv/rpm-ostree/repo via any static webserver.
The use of --proxy is not mandatory but strongly recommended - with
this option you can avoid continually redownloading the packages every
compose. I personally use
Polipo,
but you can of course any HTTP proxy you wish.