docs/atomic-rollbacks: Add a section on rollbacks

Describing how different types of rollbacks work.

Signed-off-by: Eric Curtin <ecurtin@redhat.com>
This commit is contained in:
Eric Curtin 2024-02-13 10:39:20 +00:00
parent a3f9276a32
commit bc5c0717fc
19 changed files with 194 additions and 18 deletions

View File

@ -1,5 +1,5 @@
---
nav_order: 19
nav_order: 190
---
# Contributing

View File

@ -1,5 +1,5 @@
---
nav_order: 99
nav_order: 990
title: Historical OSTree README
---

View File

@ -1,5 +1,5 @@
---
nav_order: 6
nav_order: 70
---
# Adapting existing mainstream distributions

176
docs/atomic-rollbacks.md Normal file
View File

@ -0,0 +1,176 @@
---
nav_order: 60
---
# Atomic Rollbacks
{: .no_toc }
1. TOC
{:toc}
## Automatic rollbacks
See [greenboot](https://github.com/fedora-iot/greenboot/blob/main/README.md) for information on automatic rollbacks and how to integrate
without your bootloader.
## Manual rollbacks
Ostree writes bootloader entries that are interpreted by the bootloader. To
manually rollback, for bootloaders such as GRUB and syslinux that have an
interactive UI, it is possible to select a previous boot entry. In the case of
an Android bootloader, a slot switch may be triggererd using an AB switching
tool. This may be useful for testing purposes.
## Rollbacks
```
+------------------------------------------------+
+------------------+ | |
| | | |
| | | |
| | | (ostree:0) latest (multi-user.target) |
| | | |
| Bootloader |--->+ root |
| | | |
| | | (ostree:1) latest - 1 (multi-user.target) |
| | | |
| | | |
+------------------+ | |
+------------------------------------------------+
```
Bootloaders have multiple boot entries to choose from after upgrade. On
rollback, the bootloader will boot the "latest - 1" version, rather than the
latest version of the OS.
## Alternate rollback techniques
Below is an alternate technique to traditional AB switching that can be used.
On rollback, an alternative boot target is used, rather than booting as
default.target.
```
+------------------------------------------------+
+------------------+ | |
| | | |
| | | |
| | | (ostree:0) latest (multi-user.target) |
| | | |
| Bootloader |--->+ root |
| | | |
| | | (ostree:1) latest - 1 (rescue.target) |
| | | |
| | | |
+------------------+ | |
+------------------------------------------------+
```
In this case, instead of rolling back to an older version, we also boot
into an alternate systemd boot target. Here we will describe how you can put
togther an alternate systemd boot target, using the built-in rescue.target as
an example.
Below is a rescue.service file, it essentially executes systemd-sulogin-shell
rescue when this service is activated.
rescue.service:
```
# SPDX-License-Identifier: LGPL-2.1-or-later
#
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
[Unit]
Description=Rescue Shell
Documentation=man:sulogin(8)
DefaultDependencies=no
Conflicts=shutdown.target
After=sysinit.target plymouth-start.service
Before=shutdown.target
[Service]
Environment=HOME=/root
WorkingDirectory=-/root
ExecStartPre=-/usr/bin/plymouth --wait quit
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue
Type=idle
StandardInput=tty-force
StandardOutput=inherit
StandardError=inherit
KillMode=process
IgnoreSIGPIPE=no
SendSIGHUP=yes
```
Below is a rescue.target file, it is reached once rescue.service is complete.
rescue.target:
```
# SPDX-License-Identifier: LGPL-2.1-or-later
#
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
[Unit]
Description=Rescue Mode
Documentation=man:systemd.special(7)
Requires=sysinit.target rescue.service
After=sysinit.target rescue.service
AllowIsolate=yes
```
This is a simple bash script, it checks whether `ostree admin status -D` is
`not-default` and if it is, it notifies systemd to alternatively boot into
rescue.target.
In the happy path, when we have booted the latest version
`ostree admin status -D` would output `default`.
ostree-rollback-to-rescue:
```
#!/usr/bin/bash
set -euo pipefail
if [ "$(ostree admin status -D)" = "not-default" ]; then
exec systemctl --no-block isolate rescue.target
fi
```
This is a systemd service file that runs ostree-rollback-to-rescue early in the
boot sequence, it is essential that this service is run early to ensure we
don't execute a full boot sequence, hence options `DefaultDependencies=no` and
`Before=` are used.
ostree-rollback-to-rescue.service
```
[Unit]
Description=OSTree rollback to rescue
DefaultDependencies=no
OnFailure=emergency.target
OnFailureJobMode=replace-irreversibly
After=initrd-root-fs.target initrd-fs.target initrd.target boot.mount
Before=cryptsetup.target integritysetup.target remote-fs.target slices.target swap.target veritysetup.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/ostree-rollback-to-rescue
[Install]
WantedBy=sysinit.target
```
###### Licensing for this document:
`SPDX-License-Identifier: (CC-BY-SA-3.0 OR GFDL-1.3-or-later)`

View File

@ -1,5 +1,5 @@
---
nav_order: 5
nav_order: 50
---
# Atomic Upgrades

View File

@ -1,5 +1,5 @@
---
nav_order: 9
nav_order: 100
---
# Handling access to authenticated remote repositories

View File

@ -1,5 +1,5 @@
---
nav_order: 11
nav_order: 120
---
# Bootloaders

View File

@ -1,5 +1,5 @@
---
nav_order: 8
nav_order: 90
---
# Writing a buildsystem and managing repositories

View File

@ -1,5 +1,5 @@
---
nav_order: 10
nav_order: 110
---
# Using composefs with OSTree

View File

@ -1,5 +1,5 @@
---
nav_order: 20
nav_order: 200
---
# OSTree Contributing Tutorial

View File

@ -1,5 +1,5 @@
---
nav_order: 4
nav_order: 40
---
# Deployments

View File

@ -1,5 +1,5 @@
---
nav_order: 7
nav_order: 80
---
# OSTree data formats

View File

@ -1,5 +1,5 @@
---
nav_order: 10
nav_order: 110
---
# Using Linux IMA with OSTree

View File

@ -1,5 +1,5 @@
---
nav_order: 1
nav_order: 10
---
# libostree

View File

@ -1,5 +1,5 @@
---
nav_order: 2
nav_order: 20
---
# OSTree Overview

View File

@ -1,5 +1,5 @@
---
nav_order: 10
nav_order: 110
---
# Related Projects

View File

@ -1,5 +1,5 @@
---
nav_order: 3
nav_order: 30
---
# Anatomy of an OSTree repository

View File

@ -1,5 +1,5 @@
---
nav_order: 9
nav_order: 100
---
# Managing content in OSTree repositories

View File

@ -1,5 +1,5 @@
---
nav_order: 6
nav_order: 70
---
# OSTree and /var handling