]>
Commit | Line | Data |
---|---|---|
c5915c63 | 1 | <?xml version='1.0'?> <!--*-nxml-*--> |
3a54a157 | 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" |
eea10b26 | 3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> |
db9ecf05 | 4 | <!-- SPDX-License-Identifier: LGPL-2.1-or-later --> |
c5915c63 ZJS |
5 | |
6 | <refentry id="systemd.offline-updates"> | |
7 | <refentryinfo> | |
8 | <title>systemd.offline-updates</title> | |
9 | <productname>systemd</productname> | |
c5915c63 ZJS |
10 | </refentryinfo> |
11 | ||
12 | <refmeta> | |
13 | <refentrytitle>systemd.offline-updates</refentrytitle> | |
14 | <manvolnum>7</manvolnum> | |
15 | </refmeta> | |
16 | ||
17 | <refnamediv> | |
18 | <refname>systemd.offline-updates</refname> | |
19 | <refpurpose>Implementation of offline updates in systemd</refpurpose> | |
20 | </refnamediv> | |
21 | ||
22 | <refsect1> | |
23 | <title>Implementing Offline System Updates</title> | |
24 | ||
45f0c64e | 25 | <para>This man page describes how to implement "offline" system updates with systemd. By "offline" |
c5915c63 ZJS |
26 | OS updates we mean package installations and updates that are run with the system booted into a |
27 | special system update mode, in order to avoid problems related to conflicts of libraries and | |
28 | services that are currently running with those on disk. This document is inspired by this | |
29 | <ulink url="https://wiki.gnome.org/Design/OS/SoftwareUpdates">GNOME design whiteboard</ulink>. | |
30 | </para> | |
31 | ||
32 | <para>The logic:</para> | |
33 | ||
34 | <orderedlist> | |
35 | <listitem> | |
e9dd6984 | 36 | <para>The package manager prepares system updates by downloading all (.rpm or .deb or |
c5915c63 | 37 | whatever) packages to update off-line in a special directory |
b0343f8c | 38 | <filename index="false">/var/lib/system-update</filename> (or |
c5915c63 ZJS |
39 | another directory of the package/upgrade manager's choice).</para> |
40 | </listitem> | |
41 | ||
42 | <listitem> | |
b9dac418 EC |
43 | <para>When the user OK'ed the update, the symlink <filename>/system-update</filename> or |
44 | <filename>/etc/system-update</filename> is created that points to | |
45 | <filename index="false">/var/lib/system-update</filename> (or wherever the directory with | |
46 | the upgrade files is located) and the system is rebooted. This symlink is in the root | |
47 | directory, since we need to check for it very early at boot, at a time where | |
48 | <filename>/var/</filename> is not available yet.</para> | |
c5915c63 ZJS |
49 | </listitem> |
50 | ||
51 | <listitem> | |
45f0c64e | 52 | <para>Very early in the new boot |
2ac5fe95 | 53 | <citerefentry><refentrytitle>systemd-system-update-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry> |
b9dac418 EC |
54 | checks whether <filename>/system-update</filename> or |
55 | <filename>/etc/system-update</filename> exists. If so, it (temporarily and for this boot | |
56 | only) redirects (i.e. symlinks) <filename>default.target</filename> to | |
fec0ccea | 57 | <filename>system-update.target</filename>, a special target that pulls in the base system |
45f0c64e ZJS |
58 | (i.e. <filename>sysinit.target</filename>, so that all file systems are mounted but little |
59 | else) and the system update units.</para> | |
c5915c63 ZJS |
60 | </listitem> |
61 | ||
62 | <listitem> | |
2b656050 ZJS |
63 | <para>The system now continues to boot into <filename>default.target</filename>, and |
64 | thus into <filename>system-update.target</filename>. This target pulls in all system | |
65 | update units. Only one service should perform an update (see the next point), and all | |
66 | the other ones should exit cleanly with a "success" return code and without doing | |
67 | anything. Update services should be ordered after <filename>sysinit.target</filename> | |
301a21a8 | 68 | so that the update starts after all file systems have been mounted.</para> |
45f0c64e ZJS |
69 | </listitem> |
70 | ||
71 | <listitem> | |
2b656050 | 72 | <para>As the first step, an update service should check if the |
b9dac418 EC |
73 | <filename>/system-update</filename> or <filename>/etc/system-update</filename> symlink |
74 | points to the location used by that update service. In case it does not exist or points to a | |
75 | different location, the service must exit without error. It is possible for multiple update | |
76 | services to be installed, and for multiple update services to be launched in parallel, and | |
77 | only the one that corresponds to the tool that <emphasis>created</emphasis> the symlink | |
78 | before reboot should perform any actions. It is unsafe to run multiple updates in | |
79 | parallel.</para> | |
c5915c63 ZJS |
80 | </listitem> |
81 | ||
82 | <listitem> | |
2b656050 ZJS |
83 | <para>The update service should now do its job. If applicable and possible, it should |
84 | create a file system snapshot, then install all packages. After completion (regardless | |
85 | whether the update succeeded or failed) the machine must be rebooted, for example by | |
86 | calling <command>systemctl reboot</command>. In addition, on failure the script should | |
87 | revert to the old file system snapshot (without the symlink).</para> | |
c5915c63 ZJS |
88 | </listitem> |
89 | ||
90 | <listitem> | |
e9dd6984 ZJS |
91 | <para>The update scripts should exit only after the update is finished. It is expected |
92 | that the service which performs the update will cause the machine to reboot after it | |
953bf460 | 93 | is done. If the <filename>system-update.target</filename> is successfully reached, i.e. |
b9dac418 EC |
94 | all update services have run, and the <filename>/system-update</filename> or |
95 | <filename>/etc/system-update</filename> symlink still exists, it will be removed and | |
96 | the machine rebooted as a safety measure.</para> | |
2b656050 ZJS |
97 | </listitem> |
98 | ||
99 | <listitem> | |
b9dac418 EC |
100 | <para>After a reboot, now that the <filename>/system-update</filename> and |
101 | <filename>/etc/system-update</filename> symlink is gone, the generator won't redirect | |
102 | <filename>default.target</filename> anymore and the system now boots into the default | |
103 | target again.</para> | |
c5915c63 ZJS |
104 | </listitem> |
105 | </orderedlist> | |
106 | </refsect1> | |
107 | ||
108 | <refsect1> | |
109 | <title>Recommendations</title> | |
110 | ||
111 | <orderedlist> | |
112 | <listitem> | |
113 | <para>To make things a bit more robust we recommend hooking the update script into | |
b0343f8c | 114 | <filename>system-update.target</filename> via a <filename index="false">.wants/</filename> |
c5915c63 ZJS |
115 | symlink in the distribution package, rather than depending on <command>systemctl |
116 | enable</command> in the postinst scriptlets of your package. More specifically, for your | |
117 | update script create a .service file, without [Install] section, and then add a symlink like | |
0215f04a | 118 | <filename index="false">/usr/lib/systemd/system/system-update.target.wants/foobar.service</filename> |
b0343f8c | 119 | → <filename index="false">../foobar.service</filename> to your package.</para> |
c5915c63 ZJS |
120 | </listitem> |
121 | ||
122 | <listitem> | |
b9dac418 EC |
123 | <para>Make sure to remove the <filename>/system-update</filename> and |
124 | <filename>/etc/system-update</filename> symlinks as early as possible in the update | |
125 | script to avoid reboot loops in case the update fails.</para> | |
c5915c63 ZJS |
126 | </listitem> |
127 | ||
128 | <listitem> | |
45f0c64e ZJS |
129 | <para>Use <varname>FailureAction=reboot</varname> in the service file for your update script |
130 | to ensure that a reboot is automatically triggered if the update fails. | |
131 | <varname>FailureAction=</varname> makes sure that the specified unit is activated if your | |
132 | script exits uncleanly (by non-zero error code, or signal/coredump). If your script succeeds | |
133 | you should trigger the reboot in your own code, for example by invoking logind's | |
b17649ee | 134 | <command>Reboot()</command> call or calling <command>systemctl reboot</command>. See |
21006e0e ZJS |
135 | <citerefentry><refentrytitle>org.freedesktop.login1</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
136 | for details about the logind D-Bus API.</para> | |
c5915c63 | 137 | </listitem> |
45f0c64e ZJS |
138 | |
139 | <listitem> | |
964c4eda | 140 | <para>The update service should declare <varname>DefaultDependencies=no</varname>, |
2b656050 | 141 | <varname>Requires=sysinit.target</varname>, <varname>After=sysinit.target</varname>, |
a18d83c2 | 142 | <varname>After=system-update-pre.target</varname>, <varname>Before=system-update.target</varname> |
2b656050 | 143 | and explicitly pull in any other services it requires.</para> |
45f0c64e | 144 | </listitem> |
bc3c5e16 HG |
145 | |
146 | <listitem> | |
147 | <para>It may be desirable to always run an auxiliary unit when booting | |
148 | into offline-updates mode, which itself does not install updates. To | |
149 | do this create a .service file with | |
150 | <varname>Wants=system-update-pre.target</varname> and | |
151 | <varname>Before=system-update-pre.target</varname> and add a symlink | |
152 | to that file under | |
b0343f8c | 153 | <filename index="false">/usr/lib/systemd/system-update.target.wants</filename> |
bc3c5e16 HG |
154 | .</para> |
155 | </listitem> | |
c5915c63 ZJS |
156 | </orderedlist> |
157 | </refsect1> | |
158 | ||
159 | <refsect1> | |
59b44379 | 160 | <title>See Also</title> |
c5915c63 | 161 | |
13a69c12 DT |
162 | <para><simplelist type="inline"> |
163 | <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member> | |
164 | <member><citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry></member> | |
165 | <member><citerefentry><refentrytitle>systemd-system-update-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry></member> | |
166 | <member><citerefentry project='mankier'><refentrytitle>dnf.plugin.system-upgrade</refentrytitle><manvolnum>8</manvolnum></citerefentry></member> | |
167 | </simplelist></para> | |
c5915c63 ZJS |
168 | </refsect1> |
169 | </refentry> |