[thirdparty/systemd.git] / man / systemd.offline-updates.xml

<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">

<!--
  This file is part of systemd.

  Copyright 2013 Lennart Poettering
  Copyright 2016 Zbigniew Jędrzejewski-Szmek

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->

<refentry id="systemd.offline-updates">
  <refentryinfo>
    <title>systemd.offline-updates</title>
    <productname>systemd</productname>

    <authorgroup>
      <author>
        <contrib>Developer</contrib>
        <firstname>Lennart</firstname>
        <surname>Poettering</surname>
        <email>lennart@poettering.net</email>
      </author>
    </authorgroup>
  </refentryinfo>

  <refmeta>
    <refentrytitle>systemd.offline-updates</refentrytitle>
    <manvolnum>7</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>systemd.offline-updates</refname>
    <refpurpose>Implementation of offline updates in systemd</refpurpose>
  </refnamediv>

  <refsect1>
    <title>Implementing Offline System Updates</title>

    <para>This man page describes how to implement "offline" system updates with systemd. By "offline"
    OS updates we mean package installations and updates that are run with the system booted into a
    special system update mode, in order to avoid problems related to conflicts of libraries and
    services that are currently running with those on disk. This document is inspired by this
    <ulink url="https://wiki.gnome.org/Design/OS/SoftwareUpdates">GNOME design whiteboard</ulink>.
    </para>

    <para>The logic:</para>

    <orderedlist>
      <listitem>
        <para>The package manager prepares system updates by downloading all (RPM or DEB or
        whatever) packages to update off-line in a special directory
        <filename noindex="true">/var/lib/system-update</filename> (or
        another directory of the package/upgrade manager's choice).</para>
      </listitem>

      <listitem>
        <para>When the user OK'ed the update, the symlink <filename>/system-update</filename> is
        created that points to <filename noindex="true">/var/lib/system-update</filename> (or
        wherever the directory with the upgrade files is located) and the system is rebooted. This
        symlink is in the root directory, since we need to check for it very early at boot, at a
        time where <filename>/var</filename> is not available yet.</para>
      </listitem>

      <listitem>
        <para>Very early in the new boot
        <citerefentry><refentrytitle>systemd-update-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
        checks whether <filename>/system-update</filename> exists. If so, it (temporarily and for
        this boot only) redirects (i.e. symlinks) <filename>default.target</filename> to
        <filename>system-update.target</filename>, a special target that is pulls in the base system
        (i.e. <filename>sysinit.target</filename>, so that all file systems are mounted but little
        else) and the system update units.</para>
      </listitem>

      <listitem>
        <para>The system now continues to boot into <filename>default.target</filename>, and thus
        into <filename>system-update.target</filename>. This target pulls in the system update unit,
        which starts the system update script after all file systems have been mounted.</para>
      </listitem>

      <listitem>
        <para>As the first step, the update script should check if the
        <filename>/system-update</filename> symlink points to the location used by that update
        script. In case it does not exists or points to a different location, the script must exit
        without error. It is possible for multiple update services to be installed, and for multiple
        update scripts to be launched in parallel, and only the one that corresponds to the tool
        that <emphasis>created</emphasis> the symlink before reboot should perform any actions. It
        is unsafe to run multiple updates in parallel.</para>
      </listitem>

      <listitem>
        <para>The update script should now do its job. If applicable and possible, it should
        create a file system snapshot, then install all packages.
        After completion (regardless whether the update succeeded or failed) the machine
        must be rebooted, for example by calling <command>systemctl reboot</command>.
        In addition, on failure the script should revert to the old file system snapshot
        (without the symlink).</para>
      </listitem>

      <listitem>
        <para>The system is rebooted. Since the <filename>/system-update</filename> symlink is gone,
        the generator won't redirect <filename>default.target</filename> after reboot and the
        system now boots into the default target again.</para>
      </listitem>
    </orderedlist>
  </refsect1>

  <refsect1>
    <title>Recommendations</title>

    <orderedlist>
      <listitem>
        <para>To make things a bit more robust we recommend hooking the update script into
        <filename>system-update.target</filename> via a <filename noindex='true'>.wants/</filename>
        symlink in the distribution package, rather than depending on <command>systemctl
        enable</command> in the postinst scriptlets of your package. More specifically, for your
        update script create a .service file, without [Install] section, and then add a symlink like
        <filename noindex='true'>/usr/lib/systemd/system-update.target.wants/foobar.service</filename>
        → <filename noindex='true'>../foobar.service</filename> to your package.</para>
      </listitem>

      <listitem>
        <para>Make sure to remove the <filename>/system-update</filename> symlink as early as
        possible in the update script to avoid reboot loops in case the update fails.</para>
      </listitem>

      <listitem>
        <para>Use <varname>FailureAction=reboot</varname> in the service file for your update script
        to ensure that a reboot is automatically triggered if the update fails.
        <varname>FailureAction=</varname> makes sure that the specified unit is activated if your
        script exits uncleanly (by non-zero error code, or signal/coredump). If your script succeeds
        you should trigger the reboot in your own code, for example by invoking logind's
        <command>Reboot()</command> call or calling <command>systemct reboot</command>. See
        <ulink url="http://www.freedesktop.org/wiki/Software/systemd/logind">logind dbus API</ulink>
        for details.</para>
      </listitem>

      <listitem>
        <para>The update service should declare <varname>DefaultDependencies=false</varname>,
        and pull in any services it requires explicitly.</para>
      </listitem>
    </orderedlist>
  </refsect1>

  <refsect1>
    <title>See also</title>

    <para>
      <ulink url="http://www.freedesktop.org/wiki/Software/systemd/SystemUpdates/">Implementing Offline System Updates</ulink>,
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-update-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry project='mankier'><refentrytitle>dnf.plugin.system-upgrade</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    </para>
  </refsect1>
</refentry>
Commit	Line	Data
c5915c63 ZJS	1	<?xml version='1.0'?> <!---nxml--->
	2	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
	3	"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
	4
	5	<!--
	6	This file is part of systemd.
	7
	8	Copyright 2013 Lennart Poettering
45f0c64e	9	Copyright 2016 Zbigniew Jędrzejewski-Szmek
c5915c63 ZJS	10
	11	systemd is free software; you can redistribute it and/or modify it
	12	under the terms of the GNU Lesser General Public License as published by
	13	the Free Software Foundation; either version 2.1 of the License, or
	14	(at your option) any later version.
	15
	16	systemd is distributed in the hope that it will be useful, but
	17	WITHOUT ANY WARRANTY; without even the implied warranty of
	18	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	19	Lesser General Public License for more details.
	20
	21	You should have received a copy of the GNU Lesser General Public License
	22	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	23	-->
	24
	25	<refentry id="systemd.offline-updates">
	26	<refentryinfo>
	27	<title>systemd.offline-updates</title>
	28	<productname>systemd</productname>
	29
	30	<authorgroup>
	31	<author>
	32	<contrib>Developer</contrib>
	33	<firstname>Lennart</firstname>
	34	<surname>Poettering</surname>
	35	<email>lennart@poettering.net</email>
	36	</author>
	37	</authorgroup>
	38	</refentryinfo>
	39
	40	<refmeta>
	41	<refentrytitle>systemd.offline-updates</refentrytitle>
	42	<manvolnum>7</manvolnum>
	43	</refmeta>
	44
	45	<refnamediv>
	46	<refname>systemd.offline-updates</refname>
	47	<refpurpose>Implementation of offline updates in systemd</refpurpose>
	48	</refnamediv>
	49
	50	<refsect1>
	51	<title>Implementing Offline System Updates</title>
	52
45f0c64e	53	<para>This man page describes how to implement "offline" system updates with systemd. By "offline"
c5915c63 ZJS	54	OS updates we mean package installations and updates that are run with the system booted into a
	55	special system update mode, in order to avoid problems related to conflicts of libraries and
	56	services that are currently running with those on disk. This document is inspired by this
	57	<ulink url="https://wiki.gnome.org/Design/OS/SoftwareUpdates">GNOME design whiteboard</ulink>.
	58	</para>
	59
	60	<para>The logic:</para>
	61
	62	<orderedlist>
	63	<listitem>
	64	<para>The package manager prepares system updates by downloading all (RPM or DEB or
	65	whatever) packages to update off-line in a special directory
	66	<filename noindex="true">/var/lib/system-update</filename> (or
	67	another directory of the package/upgrade manager's choice).</para>
	68	</listitem>
	69
	70	<listitem>
	71	<para>When the user OK'ed the update, the symlink <filename>/system-update</filename> is
45f0c64e ZJS	72	created that points to <filename noindex="true">/var/lib/system-update</filename> (or
45f0c64e ZJS	73	wherever the directory with the upgrade files is located) and the system is rebooted. This
c5915c63 ZJS	74	symlink is in the root directory, since we need to check for it very early at boot, at a
	75	time where <filename>/var</filename> is not available yet.</para>
	76	</listitem>
	77
	78	<listitem>
45f0c64e ZJS	79	<para>Very early in the new boot
	80	<citerefentry><refentrytitle>systemd-update-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
	81	checks whether <filename>/system-update</filename> exists. If so, it (temporarily and for
	82	this boot only) redirects (i.e. symlinks) <filename>default.target</filename> to
	83	<filename>system-update.target</filename>, a special target that is pulls in the base system
	84	(i.e. <filename>sysinit.target</filename>, so that all file systems are mounted but little
	85	else) and the system update units.</para>
c5915c63 ZJS	86	</listitem>
	87
	88	<listitem>
	89	<para>The system now continues to boot into <filename>default.target</filename>, and thus
45f0c64e ZJS	90	into <filename>system-update.target</filename>. This target pulls in the system update unit,
	91	which starts the system update script after all file systems have been mounted.</para>
	92	</listitem>
	93
	94	<listitem>
	95	<para>As the first step, the update script should check if the
61233823	96	<filename>/system-update</filename> symlink points to the location used by that update
45f0c64e ZJS	97	script. In case it does not exists or points to a different location, the script must exit
	98	without error. It is possible for multiple update services to be installed, and for multiple
	99	update scripts to be launched in parallel, and only the one that corresponds to the tool
	100	that <emphasis>created</emphasis> the symlink before reboot should perform any actions. It
	101	is unsafe to run multiple updates in parallel.</para>
c5915c63 ZJS	102	</listitem>
	103
	104	<listitem>
45f0c64e ZJS	105	<para>The update script should now do its job. If applicable and possible, it should
	106	create a file system snapshot, then install all packages.
	107	After completion (regardless whether the update succeeded or failed) the machine
	108	must be rebooted, for example by calling <command>systemctl reboot</command>.
	109	In addition, on failure the script should revert to the old file system snapshot
	110	(without the symlink).</para>
c5915c63 ZJS	111	</listitem>
	112
	113	<listitem>
	114	<para>The system is rebooted. Since the <filename>/system-update</filename> symlink is gone,
	115	the generator won't redirect <filename>default.target</filename> after reboot and the
	116	system now boots into the default target again.</para>
	117	</listitem>
	118	</orderedlist>
	119	</refsect1>
	120
	121	<refsect1>
	122	<title>Recommendations</title>
	123
	124	<orderedlist>
	125	<listitem>
	126	<para>To make things a bit more robust we recommend hooking the update script into
	127	<filename>system-update.target</filename> via a <filename noindex='true'>.wants/</filename>
	128	symlink in the distribution package, rather than depending on <command>systemctl
	129	enable</command> in the postinst scriptlets of your package. More specifically, for your
	130	update script create a .service file, without [Install] section, and then add a symlink like
	131	<filename noindex='true'>/usr/lib/systemd/system-update.target.wants/foobar.service</filename>
	132	→ <filename noindex='true'>../foobar.service</filename> to your package.</para>
	133	</listitem>
	134
	135	<listitem>
45f0c64e ZJS	136	<para>Make sure to remove the <filename>/system-update</filename> symlink as early as
45f0c64e ZJS	137	possible in the update script to avoid reboot loops in case the update fails.</para>
c5915c63 ZJS	138	</listitem>
	139
	140	<listitem>
45f0c64e ZJS	141	<para>Use <varname>FailureAction=reboot</varname> in the service file for your update script
	142	to ensure that a reboot is automatically triggered if the update fails.
	143	<varname>FailureAction=</varname> makes sure that the specified unit is activated if your
	144	script exits uncleanly (by non-zero error code, or signal/coredump). If your script succeeds
	145	you should trigger the reboot in your own code, for example by invoking logind's
	146	<command>Reboot()</command> call or calling <command>systemct reboot</command>. See
c5915c63 ZJS	147	<ulink url="http://www.freedesktop.org/wiki/Software/systemd/logind">logind dbus API</ulink>
	148	for details.</para>
	149	</listitem>
45f0c64e ZJS	150
	151	<listitem>
	152	<para>The update service should declare <varname>DefaultDependencies=false</varname>,
	153	and pull in any services it requires explicitly.</para>
	154	</listitem>
c5915c63 ZJS	155	</orderedlist>
	156	</refsect1>
	157
	158	<refsect1>
	159	<title>See also</title>
	160
	161	<para>
	162	<ulink url="http://www.freedesktop.org/wiki/Software/systemd/SystemUpdates/">Implementing Offline System Updates</ulink>,
	163	<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
45f0c64e ZJS	164	<citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
45f0c64e ZJS	165	<citerefentry><refentrytitle>systemd-update-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
0a07667d	166	<citerefentry project='mankier'><refentrytitle>dnf.plugin.system-upgrade</refentrytitle><manvolnum>8</manvolnum></citerefentry>
c5915c63 ZJS	167	</para>
	168	</refsect1>
	169	</refentry>