ostree/docs/repository-management.md
Eric Curtin bc5c0717fc docs/atomic-rollbacks: Add a section on rollbacks
Describing how different types of rollbacks work.

Signed-off-by: Eric Curtin <ecurtin@redhat.com>
2024-02-13 17:07:17 +00:00

11 KiB

nav_order
100

Managing content in OSTree repositories

{: .no_toc }

  1. TOC {:toc}

Once you have a build system going, if you actually want client systems to retrieve the content, you will quickly feel a need for "repository management".

The command line tool ostree does cover some core functionality, but doesn't include very high level workflows. One reason is that how content is delivered and managed has concerns very specific to the organization. For example, some operating system content vendors may want integration with a specific errata notification system when generating commits.

In this section, we will describe some high level ideas and methods for managing content in OSTree repositories, mostly independent of any particular model or tool. That said, there is an associated upstream project ostree-releng-scripts which has some scripts that are intended to implement portions of this document.

Another example of software which can assist in managing OSTree repositories today is the Pulp Project, which has a Pulp OSTree plugin.

Mirroring repositories

It's very common to want to perform a full or partial mirror, in particular across organizational boundaries (e.g. an upstream OS provider, and a user that wants offline and faster access to the content). OSTree supports both full and partial mirroring of the base archive content, although not yet of static deltas.

To create a mirror, first create an archive repository (you don't need to run this as root), then add the upstream as a remote, then use pull --mirror.

ostree --repo=repo init --mode=archive
ostree --repo=repo remote add exampleos https://exampleos.com/ostree/repo
ostree --repo=repo pull --mirror exampleos:exampleos/x86_64/standard

You can use the --depth=-1 option to retrieve all history, or a positive integer like 3 to retrieve just the last 3 commits.

See also the rsync-repos script in ostree-releng-scripts.

Separate development vs release repositories

By default, OSTree accumulates server side history. This is actually optional in that your build system can (using the API) write a commit with no parent. But first, we'll investigate the ramifications of server side history.

Many content vendors will want to separate their internal development with what is made public to the world. Therefore, you will want (at least) two OSTree repositories, we'll call them "dev" and "prod".

To phrase this another way, let's say you have a continuous delivery system which is building from git and committing into your "dev" OSTree repository. This might happen tens to hundreds of times per day. That's a substantial amount of history over time, and it's unlikely most of your content consumers (i.e. not developers/testers) will be interested in all of it.

The original vision of OSTree was to fulfill this "dev" role, and in particular the "archive" format was designed for it.

Then, what you'll want to do is promote content from "dev" to "prod". We'll discuss this later, but first, let's talk about promotion inside our "dev" repository.

Promoting content along OSTree branches - "buildmain", "smoketested"

Besides multiple repositories, OSTree also supports multiple branches inside one repository, equivalent to git's branches. We saw in an earlier section an example branch name like exampleos/x86_64/standard. Choosing the branch name for your "prod" repository is absolutely critical as client systems will reference it. It becomes an important part of your face to the world, in the same way the "main" branch in a git repository is.

But with your "dev" repository internally, it can be very useful to use OSTree's branching concepts to represent different stages in a software delivery pipeline.

Deriving from exampleos/x86_64/standard, let's say our "dev" repository contains exampleos/x86_64/buildmain/standard. We choose the term "buildmain" to represent something that came straight from git main. It may not be tested very much.

Our next step should be to hook up a testing system (Jenkins, Buildbot, etc.) to this. When a build (commit) passes some tests, we want to "promote" that commit. Let's create a new branch called smoketested to say that some basic sanity checks pass on the complete system. This might be where human testers get involved, for example.

This is a basic way to "promote" the buildmain commit that passed testing:

ostree commit -b exampleos/x86_64/smoketested/standard -s 'Passed tests' --tree=ref=aec070645fe53...

Here we're generating a new commit object (perhaps include in the commit log links to build logs, etc.), but we're reusing the content from the buildmain commit aec070645fe53 that passed the smoketests.

For a more sophisticated implementation of this model, see the do-release-tags script, which includes support for things like propagating version numbers across commit promotion.

We can easily generalize this model to have an arbitrary number of stages like exampleos/x86_64/stage-1-pass/standard, exampleos/x86_64/stage-2-pass/standard, etc. depending on business requirements and logic.

In this suggested model, the "stages" are increasingly expensive. The logic is that we don't want to spend substantial time on e.g. network performance tests if something basic like a systemd unit file fails on bootup.

Promoting content between OSTree repositories

Now, we have our internal continuous delivery stream flowing, it's being tested and works. We want to periodically take the latest commit on exampleos/x86_64/stage-3-pass/standard and expose it in our "prod" repository as exampleos/x86_64/standard, with a much smaller history.

We'll have other business requirements such as writing release notes (and potentially putting them in the OSTree commit message), etc.

In Build Systems we saw how the pull-local command can be used to migrate content from the "build" repository (in bare-user mode) into an archive repository for serving to client systems.

Following this section, we now have three repositories, let's call them repo-build, repo-dev, and repo-prod. We've been pulling content from repo-build into repo-dev (which involves gzip compression among other things since it is a format change).

When using pull-local to migrate content between two archive repositories, the binary content is taken unmodified. Let's go ahead and generate a new commit in our prod repository:

checksum=$(ostree --repo=repo-dev rev-parse exampleos/x86_64/stage-3-pass/standard`)
ostree --repo=repo-prod pull-local repo-dev ${checksum}
ostree --repo=repo-prod commit -b exampleos/x86_64/standard \
       -s 'Release 1.2.3' --add-metadata-string=version=1.2.3 \
	   --tree=ref=${checksum}

There are a few things going on here. First, we found the latest commit checksum for the "stage-3 dev", and told pull-local to copy it, without using the branch name. We do this because we don't want to expose the exampleos/x86_64/stage-3-pass/standard branch name in our "prod" repository.

Next, we generate a new commit in prod that's referencing the exact binary content in dev. If the "dev" and "prod" repositories are on the same Unix filesystem, (like git) OSTree will make use of hard links to avoid copying any content at all - making the process very fast.

Another interesting thing to notice here is that we're adding an version metadata string to the commit. This is an optional piece of metadata, but we are encouraging its use in the OSTree ecosystem of tools. Commands like ostree admin status show it by default.

Derived data - static deltas and the summary file

As discussed in Formats, the archive repository we use for "prod" requires one HTTP fetch per client request by default. If we're only performing a release e.g. once a week, it's appropriate to use "static deltas" to speed up client updates.

So once we've used the above command to pull content from repo-dev into repo-prod, let's generate a delta against the previous commit:

ostree --repo=repo-prod static-delta generate exampleos/x86_64/standard

We may also want to support client systems upgrading from two commits previous.

ostree --repo=repo-prod static-delta generate --from=exampleos/x86_64/standard^^ --to=exampleos/x86_64/standard

Generating a full permutation of deltas across all prior versions can get expensive, and there is some support in the OSTree core for static deltas which "recurse" to a parent. This can help create a model where clients download a chain of deltas. Support for this is not fully implemented yet however.

Regardless of whether or not you choose to generate static deltas, you should update the summary file:

ostree --repo=repo-prod summary -u

(Remember, the summary command cannot be run concurrently, so this should be triggered serially by other jobs).

There is some more information on the design of the summary file in Repo.

Pruning our build and dev repositories

First, the OSTree author believes you should not use OSTree as a "primary content store". The binaries in an OSTree repository should be derived from a git repository. Your build system should record proper metadata such as the configuration options used to generate the build, and you should be able to rebuild it if necessary. Art assets should be stored in a system that's designed for that (e.g. Git LFS).

Another way to say this is that five years down the line, we are unlikely to care about retaining the exact binaries from an OS build on Wednesday afternoon three years ago.

We want to save space and prune our "dev" repository.

ostree --repo=repo-dev prune --refs-only --keep-younger-than="6 months ago"

That will truncate the history older than 6 months. Deleted commits will have "tombstone markers" added so that you know they were explicitly deleted, but all content in them (that is not referenced by a still retained commit) will be garbage collected.

Generating "scratch" deltas for efficient initial downloads

In general, the happy path for OSTree downloads is via static deltas. If you are in a situation where you want to download an OSTree commit from an uninitialized repo (or one with unrelated history), you can generate "scratch" (aka --empty deltas) which bundle all objects for that commit.

The tradeoff here is increasing server disk space in return for many fewer client HTTP requests.

For example:

$ ostree --repo=/path/to/repo static-delta generate --empty --to=exampleos/x86_64/testing-devel
$ ostree --repo=/path/to/repo summary -u

After that, clients fetching that commit will prefer fetching the "scratch" delta if they don't have the original ref.

Licensing for this document:

SPDX-License-Identifier: (CC-BY-SA-3.0 OR GFDL-1.3-or-later)