Pengujian pembaruan Fedora CoreOS
| Pastikan bahwa Anda telah menyelesaikan langkah-langkah yang diuraikan dalam halaman penyiapan awal sebelum memulai tutorial ini. |
Dalam tutorial ini, kami tidak akan fokus pada proses provisioning, melainkan pada apa yang terjadi selama pembaruan dan opsi yang tersedia jika terjadi kegagalan.
Mengunduh rilis Fedora CoreOS yang lebih lama
Salah satu fitur utama Fedora CoreOS adalah pembaruan otomatis. Untuk melihatnya beraksi, kita perlu mengunduh rilis Fedora CoreOS yang lebih lama. Dalam hal ini, kita akan boot rilis N-1 Fedora CoreOS, yang dapat dilihat dari halaman rilis Fedora CoreOS di https://fedoraproject.org/coreos/release-notes/ atau dengan menggunakan metadata releases.json:
RELEASE=$(curl https://builds.coreos.fedoraproject.org/prod/streams/stable/releases.json | jq -r '.releases[-2].version')
curl -O https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/${RELEASE}/x86_64/fedora-coreos-${RELEASE}-qemu.x86_64.qcow2.xz
curl -O https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/${RELEASE}/x86_64/fedora-coreos-${RELEASE}-qemu.x86_64.qcow2.xz.sigSetelah arsip diunduh, pastikan untuk memeriksa keutuhannya:
curl https://fedoraproject.org/fedora.gpg | gpg --import
gpg --verify fedora-coreos-${RELEASE}-qemu.x86_64.qcow2.xz.sig| Cari "Good signature from" dalam output. |
Setelah Anda memverifikasi arsip, Anda dapat mengekstraknya dengan:
unxz fedora-coreos-${RELEASE}-qemu.x86_64.qcow2.xzUntuk mempermudah tutorial ini, sebaiknya Anda mengganti nama citra ini menjadi nama yang lebih pendek:
mv fedora-coreos-${RELEASE}-qemu.x86_64.qcow2 fedora-coreos-older.qcow2Menulis konfig Butane dan mengonversi ke Ignition
Kami akan membuat konfigurasi Butane yang akan:
-
Atur login otomatis konsol.
-
Menambahkan suatu Kunci SSH bagi pengguna
coredari berkasssh-key.publokal.
Mari kita tulis konfigurasi Butane ini ke dalam berkas bernama updates.bu:
variant: fcos
version: 1.6.0
passwd:
users:
- name: core
ssh_authorized_keys_local:
- ssh-key.pub
systemd:
units:
- name: serial-getty@ttyS0.service
dropins:
- name: autologin-core.conf
contents: |
[Service]
# Override Execstart in main unit
ExecStart=
# Add new Execstart with `-` prefix to ignore failure
ExecStart=-/usr/sbin/agetty --autologin core --noclear %I $TERM
TTYVTDisallocate=no
storage:
files:
- path: /etc/profile.d/systemd-pager.sh
mode: 0644
contents:
inline: |
# Tell systemd to not use a pager when printing information
export SYSTEMD_PAGER=cat| Secara opsional, Anda dapat mengganti kunci publik SSH di berkas YAML dengan kunci publik Anda sendiri sehingga Anda dapat masuk ke instance yang telah di-boot. Jika Anda memilih untuk tidak melakukannya, Anda tetap akan masuk secara otomatis ke konsol serial. |
Jalankan Butane untuk mengonversi itu ke suatu konfig Ignition:
butane --pretty --strict --files-dir=./ updates.bu --output updates.ignMemulai dan pembaruan awal
Sekarang mari kita siapkan. Pastikan Anda memulai dari citra Fedora CoreOS yang lebih lama pada langkah ini:
# Setup the correct SELinux label to allow access to the config
chcon --verbose --type svirt_home_t updates.ign
# Start a Fedora CoreOS virtual machine
virt-install --name=fcos --vcpus=2 --ram=2048 --os-variant=fedora-coreos-stable \
--import --network=bridge=virbr0 --graphics=none \
--qemu-commandline="-fw_cfg name=opt/com.coreos/config,file=${PWD}/updates.ign" \
--disk="size=20,backing_store=${PWD}/fedora-coreos-older.qcow2"Putuskan koneksi dari konsol serial dengan menekan CTRL + ], lalu gunakan alamat IP yang dilaporkan untuk NIC dari konsol serial untuk masuk menggunakan pengguna core melalui SSH:
Karena sistem tidak diperbarui, Zincati akan mendeteksi hal ini dan mulai memperbarui sistem. Anda akan melihat proses pembaruan berlangsung segera:
| Semua layanan jaringan yang diperlukan mungkin tidak aktif dan berjalan selama pemeriksaan awal. Dalam hal ini, Zincati akan memeriksa pembaruan lagi dalam waktu sekitar 5 menit. |
[core@localhost ~]$ systemctl status --full zincati.service
● zincati.service - Zincati Update Agent
Loaded: loaded (/usr/lib/systemd/system/zincati.service; enabled; preset: enabled)
Drop-In: /usr/lib/systemd/system/service.d
└─10-timeout-abort.conf
Active: active (running) since Thu 2023-08-03 19:52:41 UTC; 10s ago
Docs: https://github.com/coreos/zincati
Main PID: 1816 (zincati)
Status: "found update on remote: 38.20230709.3.0"
Tasks: 12 (limit: 2239)
Memory: 6.8M
CPU: 273ms
CGroup: /system.slice/zincati.service
├─1816 /usr/libexec/zincati agent -v
└─1873 rpm-ostree deploy --lock-finalization --skip-branch-check revision=552de26fe0fe6a5e491f7a4163db125e3d44b144ae53a8f5f488e3f8481c46f9 --disallow-downgrade
Aug 03 19:52:41 localhost.localdomain zincati[1816]: [INFO zincati::cli::agent] starting update agent (zincati 0.0.25)
Aug 03 19:52:41 localhost.localdomain zincati[1816]: [INFO zincati::cincinnati] Cincinnati service: https://updates.coreos.fedoraproject.org
Aug 03 19:52:41 localhost.localdomain zincati[1816]: [INFO zincati::cli::agent] agent running on node '87c9ec3e0a4045a19b74b54ae5ed986a', in update group 'default'
Aug 03 19:52:41 localhost.localdomain zincati[1816]: [INFO zincati::update_agent::actor] registering as the update driver for rpm-ostree
Aug 03 19:52:41 localhost.localdomain zincati[1816]: [INFO zincati::update_agent::actor] initialization complete, auto-updates logic enabled
Aug 03 19:52:41 localhost.localdomain zincati[1816]: [INFO zincati::strategy] update strategy: immediate
Aug 03 19:52:41 localhost.localdomain systemd[1]: Started zincati.service - Zincati Update Agent.
Aug 03 19:52:41 localhost.localdomain zincati[1816]: [INFO zincati::update_agent::actor] reached steady state, periodically polling for updates
Aug 03 19:52:42 localhost.localdomain zincati[1816]: [INFO zincati::cincinnati] current release detected as not a dead-end
Aug 03 19:52:43 localhost.localdomain zincati[1816]: [INFO zincati::update_agent::actor] target release '38.20230709.3.0' selected, proceeding to stage it
[core@localhost ~]$ rpm-ostree status
State: idle
AutomaticUpdatesDriver: Zincati
DriverState: active; update staged: 38.20230709.3.0; reboot delayed due to active user sessions
Deployments:
fedora:fedora/x86_64/coreos/stable
Version: 38.20230709.3.0 (2023-07-24T12:25:01Z)
Commit: 552de26fe0fe6a5e491f7a4163db125e3d44b144ae53a8f5f488e3f8481c46f9
GPGSignature: Valid signature by 6A51BBABBA3D5467B6171221809A8D7CEB10B464
Diff: 61 upgraded
● fedora:fedora/x86_64/coreos/stable
Version: 38.20230625.3.0 (2023-07-11T11:57:53Z)
Commit: e841d77aadb875bb801ac845a0d9b8a70b4224bdeb15e7d6c5bff1da932c0301
GPGSignature: Valid signature by 6A51BBABBA3D5467B6171221809A8D7CEB10B464
[core@localhost ~]$ systemctl status --full zincati.service
● zincati.service - Zincati Update Agent
Loaded: loaded (/usr/lib/systemd/system/zincati.service; enabled; preset: enabled)
Drop-In: /usr/lib/systemd/system/service.d
└─10-timeout-abort.conf
Active: active (running) since Thu 2023-08-03 19:52:41 UTC; 1min 21s ago
Docs: https://github.com/coreos/zincati
Main PID: 1816 (zincati)
Status: "update staged: 38.20230709.3.0; reboot delayed due to active user sessions"
Tasks: 6 (limit: 2239)
Memory: 3.2M
CPU: 362ms
CGroup: /system.slice/zincati.service
└─1816 /usr/libexec/zincati agent -v
Aug 03 19:52:41 localhost.localdomain zincati[1816]: [INFO zincati::cli::agent] agent running on node '87c9ec3e0a4045a19b74b54ae5ed986a', in update group 'default'
Aug 03 19:52:41 localhost.localdomain zincati[1816]: [INFO zincati::update_agent::actor] registering as the update driver for rpm-ostree
Aug 03 19:52:41 localhost.localdomain zincati[1816]: [INFO zincati::update_agent::actor] initialization complete, auto-updates logic enabled
Aug 03 19:52:41 localhost.localdomain zincati[1816]: [INFO zincati::strategy] update strategy: immediate
Aug 03 19:52:41 localhost.localdomain systemd[1]: Started zincati.service - Zincati Update Agent.
Aug 03 19:52:41 localhost.localdomain zincati[1816]: [INFO zincati::update_agent::actor] reached steady state, periodically polling for updates
Aug 03 19:52:42 localhost.localdomain zincati[1816]: [INFO zincati::cincinnati] current release detected as not a dead-end
Aug 03 19:52:43 localhost.localdomain zincati[1816]: [INFO zincati::update_agent::actor] target release '38.20230709.3.0' selected, proceeding to stage it
Aug 03 19:52:55 localhost.localdomain zincati[1816]: [INFO zincati::update_agent::actor] update staged: 38.20230709.3.0
Aug 03 19:52:55 localhost.localdomain zincati[1816]: [WARN zincati::update_agent] interactive sessions detected, entering grace period (maximum 10 minutes)
Segera setelah pembaruan diimplementasikan, sistem akan reboot secara default. Namun, jika sistem mendeteksi sesi pengguna yang aktif, sistem akan menunda reboot dan menampilkan pesan kepada pengguna:
Pesan siaran dari Zincati pada Kamis, 3 Agustus 2023 pukul 19:52:55 UTC: Pembaruan baru 38.20230709.3.0 tersedia dan telah diterapkan. Jika diizinkan oleh strategi pembaruan, Zincati akan melakukan reboot ke pembaruan ini ketika semua pengguna interaktif telah keluar, atau dalam 10 menit, mana yang lebih dahulu. Silakan keluar dari semua sesi aktif agar proses pembaruan otomatis dapat dilanjutkan.
Setelah sesi pengguna berakhir, proses reboot akan dilanjutkan. Dalam hal ini, kita perlu menghentikan layanan autologin pada ttyS0 dan juga keluar dari SSH:
[core@localhost ~]$ sudo systemctl stop serial-getty@ttyS0.service [core@localhost ~]$ exit logout Connection to 192.168.124.222 closed.
Anda dapat memantau konsol serial untuk melihat kapan mesin telah melakukan reboot melalui perintah virsh console fcos.
|
Ketika kita masuk kembali, kita dapat melihat bahwa versi terbaru Fedora CoreOS saat ini adalah yang terbaru. Output perintah rpm-ostree status juga akan menampilkan versi lama, yang masih ada jika kita perlu melakukan rollback:
[core@localhost ~]$ rpm-ostree status
State: idle
AutomaticUpdatesDriver: Zincati
DriverState: active; periodically polling for updates (last checked Thu 2023-08-03 19:59:16 UTC)
Deployments:
● fedora:fedora/x86_64/coreos/stable
Version: 38.20230709.3.0 (2023-07-24T12:25:01Z)
Commit: 552de26fe0fe6a5e491f7a4163db125e3d44b144ae53a8f5f488e3f8481c46f9
GPGSignature: Valid signature by 6A51BBABBA3D5467B6171221809A8D7CEB10B464
fedora:fedora/x86_64/coreos/stable
Version: 38.20230625.3.0 (2023-07-11T11:57:53Z)
Commit: e841d77aadb875bb801ac845a0d9b8a70b4224bdeb15e7d6c5bff1da932c0301
GPGSignature: Valid signature by 6A51BBABBA3D5467B6171221809A8D7CEB10B464
Deployment yang saat ini sedang dijalankan ditandai dengan karakter ●.
|
Anda dapat melihat perbedaan antara kedua versi dengan menjalankan perintah rpm-ostree db diff:
[core@localhost ~]$ rpm-ostree db diff ostree diff commit from: rollback deployment (e841d77aadb875bb801ac845a0d9b8a70b4224bdeb15e7d6c5bff1da932c0301) ostree diff commit to: booted deployment (552de26fe0fe6a5e491f7a4163db125e3d44b144ae53a8f5f488e3f8481c46f9) Upgraded: NetworkManager 1:1.42.6-1.fc38 -> 1:1.42.8-1.fc38 NetworkManager-cloud-setup 1:1.42.6-1.fc38 -> 1:1.42.8-1.fc38 NetworkManager-libnm 1:1.42.6-1.fc38 -> 1:1.42.8-1.fc38 NetworkManager-team 1:1.42.6-1.fc38 -> 1:1.42.8-1.fc38 NetworkManager-tui 1:1.42.6-1.fc38 -> 1:1.42.8-1.fc38 aardvark-dns 1.6.0-1.fc38 -> 1.7.0-1.fc38 ...
Kembali ke versi sebelumnya
Jika sistem tidak berfungsi sepenuhnya karena alasan apa pun, kita dapat kembali ke versi sebelumnya:
sudo rpm-ostree rollback --rebootSetelah masuk kembali setelah reboot, kita dapat melihat bahwa sistem sekarang telah boot kembali ke deployment lama sebelum upgrade dilakukan:
[core@localhost ~]$ rpm-ostree status
State: idle
AutomaticUpdatesDriver: Zincati
DriverState: active; periodically polling for updates (last checked Thu 2023-08-03 20:05:05 UTC)
Deployments:
● fedora:fedora/x86_64/coreos/stable
Version: 38.20230625.3.0 (2023-07-11T11:57:53Z)
Commit: e841d77aadb875bb801ac845a0d9b8a70b4224bdeb15e7d6c5bff1da932c0301
GPGSignature: Valid signature by 6A51BBABBA3D5467B6171221809A8D7CEB10B464
fedora:fedora/x86_64/coreos/stable
Version: 38.20230709.3.0 (2023-07-24T12:25:01Z)
Commit: 552de26fe0fe6a5e491f7a4163db125e3d44b144ae53a8f5f488e3f8481c46f9
GPGSignature: Valid signature by 6A51BBABBA3D5467B6171221809A8D7CEB10B464
Dan Anda juga dapat memverifikasi bahwa Zincati tidak akan mencoba memperbarui ke versi baru yang baru saja kami rollback:
[core@localhost ~]$ systemctl status --full zincati.service
● zincati.service - Zincati Update Agent
Loaded: loaded (/usr/lib/systemd/system/zincati.service; enabled; preset: enabled)
Drop-In: /usr/lib/systemd/system/service.d
└─10-timeout-abort.conf
Active: active (running) since Thu 2023-08-03 20:05:05 UTC; 45s ago
Docs: https://github.com/coreos/zincati
Main PID: 813 (zincati)
Status: "periodically polling for updates (last checked Thu 2023-08-03 20:05:05 UTC)"
Tasks: 6 (limit: 2239)
Memory: 22.0M
CPU: 238ms
CGroup: /system.slice/zincati.service
└─813 /usr/libexec/zincati agent -v
Aug 03 20:05:05 localhost.localdomain zincati[813]: [INFO zincati::cincinnati] Cincinnati service: https://updates.coreos.fedoraproject.org
Aug 03 20:05:05 localhost.localdomain zincati[813]: [INFO zincati::cli::agent] agent running on node '87c9ec3e0a4045a19b74b54ae5ed986a', in update group 'default'
Aug 03 20:05:05 localhost.localdomain zincati[813]: [INFO zincati::update_agent::actor] registering as the update driver for rpm-ostree
Aug 03 20:05:05 localhost.localdomain zincati[813]: [INFO zincati::update_agent::actor] found 1 other finalized deployment
Aug 03 20:05:05 localhost.localdomain zincati[813]: [INFO zincati::update_agent::actor] deployment 38.20230709.3.0 (552de26fe0fe6a5e491f7a4163db125e3d44b144ae53a8f5f488e3f8481c46f9) will be excluded from being a future update target
Aug 03 20:05:05 localhost.localdomain zincati[813]: [INFO zincati::update_agent::actor] initialization complete, auto-updates logic enabled
Aug 03 20:05:05 localhost.localdomain zincati[813]: [INFO zincati::strategy] update strategy: immediate
Aug 03 20:05:05 localhost.localdomain systemd[1]: Started zincati.service - Zincati Update Agent.
Aug 03 20:05:05 localhost.localdomain zincati[813]: [INFO zincati::update_agent::actor] reached steady state, periodically polling for updates
Aug 03 20:05:06 localhost.localdomain zincati[813]: [INFO zincati::cincinnati] current release detected as not a dead-end
Pembersihan
Sekarang mari kita bersihkan instance tersebut. Putuskan koneksi dari mesin dan kemudian hapus instance tersebut:
virsh destroy fcos virsh undefine --remove-all-storage fcos
Conclusion
In these tutorials we have learned a little bit about Fedora CoreOS. We have learned how it is delivered as a pre-created disk image, how it is provisioned in an automated fashion via Ignition, and also how automated updates are configured and achieved via Zincati and rpm-ostree. The next step is to try out Fedora CoreOS for your own use cases and join the community!
Want to help? Learn how to contribute to Fedora Docs ›