RpmOstree - Server side composes and atomic upgrades
The rpm-ostree tool provides a new way to deploy and manage RPM-based operating systems. Instead of performing a package-by-package install and upgrade on each client machine, the tooling supports "composing" sets of packages on a server side, and then clients can perform atomic upgrades as a tree.
The system by default preserves the previously booted deployment, providing an "A/B partition" type feel, allowing quick system rollbacks for the entire OS content (kernel and userspace).
This is a dependency of the Changes/AtomicHost. This Change serves as a focus point for issues and improvements relating just to rpm-ostree (i.e not Docker) from the previous all-in-one Changes/Atomic_Cloud_Image Further, conceptually, AtomicHost is just one use of the rpm-ostree model. It can also apply to replicated workstation or point-of-sale systems, fixed purpose embedded systems, and the like. So a further goal of this Change is to promote support of the rpm-ostree tool for those use cases.
- Name: Colin Walters
- Email: email@example.com
- Product: Fedora All
- Responsible WG: FESCO ?
rpm-ostree is far from the first effort in the field of "image-like" update systems in Fedora. The StatelessLinux project was first prototyped in Fedora Core 6 timeframe. Today, particularly in the cloud, many deployments perform OS upgrades by terminating an instance, and booting a new OS image and having it discover previous state stored in an external volume or network store.
Another model is to perform an atomic upgrade by delivering the OS content via an ISO or USB stick, and simply swapping it out, then rebooting. The oVirt Node is an example of this model.
The most challenging case though is stateful systems that require online/incremental Internet/Intranet connected upgrades. This is the default model for traditional Fedora package managers such as yum. A common approach for this to have an "A/B" partition model, and to use rsync or a custom tool to perform upgrades offline into the non-active partition.
rpm-ostree is attempting to address this last case, but in a more flexible and dynamic fashion. It has some of the flexibility of package systems, with the atomic upgrade and rollback of image-based systems. Furthermore, rpm-ostree intends to bind together the world of packages with an image-like update system. For example, an "rpm-ostree upgrade" command can show the system administrator the package-level diff.
In the future, the intention is for rpm-ostree to further gain package-system like features (e.g. package layering: https://github.com/projectatomic/rpm-ostree/pull/107).
Finally, the rpm-ostree project will closely track underlying technologies in Fedora such as the hawkey/librepo libraries underlying dnf. The current git master uses libhif which shares code with dnf/PackageKit.
Benefit to Fedora
A server-side compose mechanism for atomic upgrades can be used by many deployments where Fedora is used.
- Proposal owners: work on http://projectatomic.io upstream
- Other developers:
- Anaconda: Help maintain rpmostreepayload.py
- Anaconda/Architecture porters: Backends for the OSTree bootloader code, similar to grubby
- RPM content:
- Use systemd-tmpfiles instead of placing content in /var: https://lists.fedoraproject.org/pipermail/devel/2015-January/206462.html
- Change "rootfiles" and "bash" to not require files in /root by default: https://bugzilla.redhat.com/show_bug.cgi?id=1193590
- RPM content:
- Release engineering: None, but will be needed for AtomicHost.
- Policies and guidelines: Potentially create one for the /var changes.
Existing installations will continue to function as before with the previous system's package manager; this feature is opt-in for new installations. (However, rpm-ostree does support nondestrucive parallel installation inside existing roots)
How To Test
- For client testing, use Anaconda or an Atomic cloud image to install, then "rpm-ostree upgrade" and "rpm-ostree rollback"
- For server testing, use rpm-ostree compose tree to commit a set of RPMs to an OSTree repository.
For systems which are deployed using this model, the user experience difference is very large. The traditional package managers such as yum/dnf/PackageKit, if installed, can only operate in a read-only mode.
The rpm-ostree tooling depends on and intends to integrate with other fundamental Fedora components such as Anaconda. It makes use of the libhif(hawkey/librepo) libraries which are components underlying dnf.
- Contingency mechanism:
A showstopper in rpm-ostree would block Changes/AtomicHost.
The contingency plan would be to not ship that product.
- Contingency deadline:
- Blocks release? Unknown
- Blocks product? Fedora Atomic