rpm-ostree is the hybrid image/package system that provides transactional upgrades on Atomic Host. Here are some highlights from version v2017.6, including “livefs” support for adding package layers.
The highlight of this release is experimental support for live system updates. You can test it out by rebasing your Fedora Atomic Host onto the testing branch. Feel free to also leave karma in the pending Bodhi updates:
Live updates
rpm-ostree now has experimental support for applying some
updates live without the need to reboot using the
rpm-ostree ex livefs command (the ex command groups new
features that are not ready to be declared stable; details
of how these commands work may change in the future).
For now, the livefs command only works in situations where
the only difference between the pending deployment and the
current deployment is added packages. You can see it in
action below:
# rpm-ostree status
State: idle
Deployments:
* vmcheck
Timestamp: 2017-06-02 19:45:32
Commit: 3f5650aeffe16474584b57c6ec0654e6fd96c3c60d998a04b1e550e61556d8ab
# ltrace
bash: ltrace: command not found
# rpm -q ltrace
package ltrace is not installed
We don’t have ltrace installed. Let’s overlay it:
# rpm-ostree install ltrace
Checking out tree 3f5650a... done
Enabled rpm-md repositories: fedora-cisco-openh264 updates fedora jlebon
rpm-md repo 'fedora-cisco-openh264' (cached); generated: 2017-03-24 17:58:10
rpm-md repo 'updates' (cached); generated: 2017-06-02 01:51:29
rpm-md repo 'fedora' (cached); generated: 2016-11-15 19:49:18
rpm-md repo 'jlebon' (cached); generated: 2017-05-08 16:24:16
Importing metadata [========================================================100%
Resolving dependencies... done
Will download: 1 package (159.2 kB)
Downloading from fedora: [================================================100%
Importing: [================================================================100%
Overlaying... done
Writing rpmdb... done
Writing OSTree commit... done
Copying /etc changes: 26 modified, 0 removed, 103 added
Transaction complete; bootconfig swap: yes deployment count change: 1
Added:
ltrace-0.7.91-20.fc25.x86_64
Run "systemctl reboot" to start a reboot
# rpm-ostree status
State: idle
Deployments:
vmcheck
Timestamp: 2017-06-02 19:45:32
BaseCommit: 3f5650aeffe16474584b57c6ec0654e6fd96c3c60d998a04b1e550e61556d8ab
LayeredPackages: ltrace
* vmcheck
Timestamp: 2017-06-02 19:45:32
Commit: 3f5650aeffe16474584b57c6ec0654e6fd96c3c60d998a04b1e550e61556d8ab
Normally, at this point, we’d have to reboot. However, since
we just added a package, we can use the livefs command
instead to get the changes immediately applied:
# rpm-ostree ex livefs
notice: "livefs" is an experimental command and subject to change.
Diff Analysis: 3f5650aeffe16474584b57c6ec0654e6fd96c3c60d998a04b1e550e61556d8ab => f71fedccd227b5112b461b466106e069bf2c1c2de21f1554abda72297594e8a0
Files:
modified: 0
removed: 0
added: 15
Packages:
modified: 0
removed: 0
added: 1
Preparing new rollback matching currently booted deployment
Copying /etc changes: 26 modified, 0 removed, 103 added
Transaction complete; bootconfig swap: yes deployment count change: 1
Overlaying /usr... done
# ltrace
ltrace: too few arguments
Try `ltrace --help' for more information.
# rpm -q ltrace
ltrace-0.7.91-20.fc25.x86_64
The livefs command helpfully created a rollback deployment
of the original commit we booted into because it modifies
the deployment itself permanently. You can see this
modification reflected in the output of the status
command:
# rpm-ostree status
State: idle
Deployments:
vmcheck
Timestamp: 2017-06-02 19:45:32
BaseCommit: 3f5650aeffe16474584b57c6ec0654e6fd96c3c60d998a04b1e550e61556d8ab
Commit: f71fedccd227b5112b461b466106e069bf2c1c2de21f1554abda72297594e8a0
LayeredPackages: ltrace
* vmcheck
Timestamp: 2017-06-02 19:45:32
BootedCommit: 3f5650aeffe16474584b57c6ec0654e6fd96c3c60d998a04b1e550e61556d8ab
LiveCommit: f71fedccd227b5112b461b466106e069bf2c1c2de21f1554abda72297594e8a0
vmcheck
Timestamp: 2017-06-02 19:45:32
Commit: 3f5650aeffe16474584b57c6ec0654e6fd96c3c60d998a04b1e550e61556d8ab
The BootedCommit is the commit we original started with,
whereas the LiveCommit is the commit that was applied to
the live deployment.
As mentioned earlier, this feature is still in experimental mode, and thus is subject to change. Discussions are still ongoing upstream as to the finer details of the command and expected use cases.
Repodata caching
You might have noticed this bit in the output above:
Enabled rpm-md repositories: fedora-cisco-openh264 updates fedora jlebon
rpm-md repo 'fedora-cisco-openh264' (cached); generated: 2017-03-24 17:58:10
rpm-md repo 'updates' (cached); generated: 2017-06-02 01:51:29
rpm-md repo 'fedora' (cached); generated: 2016-11-15 19:49:18
rpm-md repo 'jlebon' (cached); generated: 2017-05-08 16:24:16
rpm-ostree now caches repo metadata for up to a day, and
prints this information during layering operations. One can
do cleanup -m in order to purge the metadata and force a
refresh.
Journal logging
The rpm-ostree daemon now logs more and more information to the journal to help sysadmins understand system state and to diagnose issues. Here are some sample journal outputs from the operations above:
rpm-ostree[1276]: Preparing pkg txn; enabled repos: ['updates', 'fedora', 'jlebon'] solvables: 71435
rpm-ostree[1276]: Imported 1 pkg
...
rpm-ostree[1276]: Starting livefs for commit f71fedccd227b5112b461b466106e069bf2c1c2de21f1554abda72297594e8a0 addition; 1 pkgs, 15 files
rpm-ostree[1276]: Completed livefs for commit f71fedccd227b5112b461b466106e069bf2c1c2de21f1554abda72297594e8a0
Many of these journal entries actually use the structured output feature of journald. For example, there is a dedicated MESSAGE_ID for reporting repo information during package transactions:
# journalctl -b 0 MESSAGE_ID=0eea679bbfa34d43802dec99b274ebe7 -o json-pretty
{
...
"MESSAGE_ID" : "0eea679bbfa34d43802dec99b274ebe7",
"MESSAGE" : "Preparing pkg txn; enabled repos: ['updates', 'fedora', 'jlebon'] solvables: 71435",
"SACK_N_SOLVABLES" : "71881",
"ENABLED_REPOS" : "['updates', 'fedora', 'jlebon']",
"ENABLED_REPOS_SOLVABLES" : "[19748, 51669, 18]",
"ENABLED_REPOS_TIMESTAMPS" : "[1496368289, 1479239358, 1494260656]",
...
}
Other minor fixes and improvements
There are many other small improvements, here are a few:
rpm-ostree is now more diligent about checking whether RPMs from repos are the same as locally cached RPMs. Previously, two different RPMs with the same name and version would be considered equivalent. We now store the actual package checksum and do a comparison to verify this.
on the compose side, rpm-ostree now supports a new
tmp-is-dirfield, which allows for example, systemd to mount a tmpfs on startup, rather than using a central permanent/tmpdirectory.rpm-ostree is now capable of rebasing to a local branch using the
rebase :local-branchsyntax. This was previously not possible if the current refspec was from a remote.