diff options
-rw-r--r-- | Makefile-man.am | 2 | ||||
-rw-r--r-- | man/systemd.offline-updates.xml | 151 |
2 files changed, 153 insertions, 0 deletions
diff --git a/Makefile-man.am b/Makefile-man.am index a7e348b1f1..a4835a533f 100644 --- a/Makefile-man.am +++ b/Makefile-man.am @@ -144,6 +144,7 @@ MANPAGES += \ man/systemd.link.5 \ man/systemd.mount.5 \ man/systemd.nspawn.5 \ + man/systemd.offline-updates.7 \ man/systemd.path.5 \ man/systemd.preset.5 \ man/systemd.resource-control.5 \ @@ -2651,6 +2652,7 @@ EXTRA_DIST += \ man/systemd.netdev.xml \ man/systemd.network.xml \ man/systemd.nspawn.xml \ + man/systemd.offline-updates.xml \ man/systemd.path.xml \ man/systemd.preset.xml \ man/systemd.resource-control.xml \ diff --git a/man/systemd.offline-updates.xml b/man/systemd.offline-updates.xml new file mode 100644 index 0000000000..dd4fad853c --- /dev/null +++ b/man/systemd.offline-updates.xml @@ -0,0 +1,151 @@ +<?xml version='1.0'?> <!--*-nxml-*--> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> + +<!-- + This file is part of systemd. + + Copyright 2013 Lennart Poettering + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +--> + +<refentry id="systemd.offline-updates"> + <refentryinfo> + <title>systemd.offline-updates</title> + <productname>systemd</productname> + + <authorgroup> + <author> + <contrib>Developer</contrib> + <firstname>Lennart</firstname> + <surname>Poettering</surname> + <email>lennart@poettering.net</email> + </author> + </authorgroup> + </refentryinfo> + + <refmeta> + <refentrytitle>systemd.offline-updates</refentrytitle> + <manvolnum>7</manvolnum> + </refmeta> + + <refnamediv> + <refname>systemd.offline-updates</refname> + <refpurpose>Implementation of offline updates in systemd</refpurpose> + </refnamediv> + + <refsect1> + <title>Implementing Offline System Updates</title> + + <para>This is implemented starting with systemd 183.</para> + + <para>Here are some guidelines how to implement "offline" OS updates with systemd. By "offline" + OS updates we mean package installations and updates that are run with the system booted into a + special system update mode, in order to avoid problems related to conflicts of libraries and + services that are currently running with those on disk. This document is inspired by this + <ulink url="https://wiki.gnome.org/Design/OS/SoftwareUpdates">GNOME design whiteboard</ulink>. + </para> + + <para>The logic:</para> + + <orderedlist> + <listitem> + <para>The package manager prepares system updates by downloading all (RPM or DEB or + whatever) packages to update off-line in a special directory + <filename noindex="true">/var/lib/system-update</filename> (or + another directory of the package/upgrade manager's choice).</para> + </listitem> + + <listitem> + <para>When the user OK'ed the update, the symlink <filename>/system-update</filename> is + created that points to <filename noindex="true">/var/lib/system-update</filename> + (or wherever the upgrade package directory is called) and the system is rebooted. This + symlink is in the root directory, since we need to check for it very early at boot, at a + time where <filename>/var</filename> is not available yet.</para> + </listitem> + + <listitem> + <para>Very early in the new boot a systemd generator checks whether + <filename>/system-update</filename> exists. If so, it (temporarily and for this boot only) + redirects (i.e. symlinks) <filename>default.target</filename> to + <filename>system-update.target</filename>, a new target that is intended to pull in the base + system (i.e. <filename>sysinit.target</filename>, so that all file systems are mounted but + little else) and the system update units.</para> + </listitem> + + <listitem> + <para>The system now continues to boot into <filename>default.target</filename>, and thus + into <filename>system-update.target</filename>. This target pulls in the OS update script, + which is executed after all file systems are mounted.</para> + </listitem> + + <listitem> + <para>The system update script now creates a btrfs snapshot (if possible), then installs all + RPMs. After completion (regardless whether the update succeeded or failed) the + /system-update symlink is removed. In addition, on failure it reverts to the old btrfs state + (modulo the aforementioned symlink), on success it leaves the newly made changes in + place.</para> + </listitem> + + <listitem> + <para>The system is rebooted. Since the <filename>/system-update</filename> symlink is gone, + the generator won't redirect <filename>default.target</filename> after reboot and the + system now boots into the default target again.</para> + </listitem> + </orderedlist> + </refsect1> + + <refsect1> + <title>Recommendations</title> + + <orderedlist> + <listitem> + <para>To make things a bit more robust we recommend hooking the update script into + <filename>system-update.target</filename> via a <filename noindex='true'>.wants/</filename> + symlink in the distribution package, rather than depending on <command>systemctl + enable</command> in the postinst scriptlets of your package. More specifically, for your + update script create a .service file, without [Install] section, and then add a symlink like + <filename noindex='true'>/usr/lib/systemd/system-update.target.wants/foobar.service</filename> + → <filename noindex='true'>../foobar.service</filename> to your package.</para> + </listitem> + + <listitem> + <para>Make sure to remove the <filename>/system-update</filename> symlink early in the + update script to avoid reboot loops in case the update fails.</para> + </listitem> + + <listitem> + <para>Use <varname>OnFailure=reboot.target</varname> in the service file for your update + script to ensure that a reboot is automatically triggered if the update fails. + <varname>OnFailure=</varname> makes sure that the specified unit is activated if your script + exits uncleanly (by non-zero error code, or signal/coredump). If your script succeeds you + should trigger the reboot in your own code, for example by invoking logind's + <command>Reboot()</command> call. See + <ulink url="http://www.freedesktop.org/wiki/Software/systemd/logind">logind dbus API</ulink> + for details.</para> + </listitem> + </orderedlist> + </refsect1> + + <refsect1> + <title>See also</title> + + <para> + <ulink url="http://www.freedesktop.org/wiki/Software/systemd/SystemUpdates/">Implementing Offline System Updates</ulink>, + <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry> + </para> + </refsect1> +</refentry> |