Slide 1

Slide 1 text

State of transactional-update Research Engineer / SUSE openSUSE Conference 2022 Ignaz Forster [email protected]

Slide 2

Slide 2 text

State of transactional-update ➢What are Transactional Updates? ➢What’s new? ➢Revamped software stack (C++, library) ➢D-Bus service ➢Cockpit interface for updates ➢dnf integration ➢Q&A

Slide 3

Slide 3 text

What are Transactional Updates? ● Update your system in the background – Won’t interfere with your currently running system ● Typically used on read-only* systems openSUSE MicroOS ALP

Slide 4

Slide 4 text

Definition A transactional update is an update that ● is atomic – Either fully applied, or not applied at all – Update does not influence the running system ● can be rolled back – A failed or incompatible update can be quickly discarded to restore the previous system condition

Slide 5

Slide 5 text

SUSE Tools ● Zypper for package management ● Snapper for snapshot management ● Btrfs as default file system

Slide 6

Slide 6 text

… Update with transactional-update current / next / 1. 2. Active system 1. snapper creates new target snapshot 2. zypper updates system in snapshot, makes it read-only and sets it as default for next boot ● Current root file system is not modified ● Discard snapshot in case of errors ➔ Reboot activates new system

Slide 7

Slide 7 text

Interested in more details? ● /etc handling ● /var handling ● bind mounts ● health-checker ● rebootmgr ⇒ Presentation at SUSE Labs Conference 2020

Slide 8

Slide 8 text

What’s new?

Slide 9

Slide 9 text

Everything! (But only under the hood.)

Slide 10

Slide 10 text

New architecture ● transactional-update (1537 line Bash script) ● (generic C++ API for handling transactions) ● tukit (Command line client for API) ● tukitd (D-Bus interface) ● transactional-update (now 1557 lines of *SUSE specific Bash script)

Slide 11

Slide 11 text ● Generic library for Transaction management – init(std::string base) ⇒ Initialize – execute(char* argv[]) ⇒ Execute some command – finalize() ⇒ Make snapshot ro and set as new default ● Basic Snapshot management – getList(std::string columns) ⇒ List snapshots – deleteSnap(std::string id) ⇒ Delete given snapshot ● Currently only header file documentation ● C bindings ● Could also support snapshot managers other than Snapper / Btrfs

Slide 12

Slide 12 text

tukit ● Command line wrapper for – tukit execute ⇒ Wrapper for API functions init, execute, finalize – But also fine grained API control possible tukit open tukit call tukit close

Slide 13

Slide 13 text

Using the library API ( Application (tukitd, dnf-Plugin) Application tukit (calling zypper from transactional-update)

Slide 14

Slide 14 text

transactional-update ● Wrapper for all *SUSE specific commands ● Interface stays the same – transactional-update dup will just call tukit call zypper dup in the background ● Not everything migrated yet, e.g. snapshot management (transactional-update cleanup / rollback)

Slide 15

Slide 15 text

transactional-update Cheat Sheet ● Update installed packages transactional-update up transactional-update up ● Perform a distribution update transactional-update dup transactional-update dup ● Install package(s) transactional-update pkg in transactional-update pkg in ● Update package(s) transactional-update pkg up transactional-update pkg up ● Remove package(s) transactional-update pkg rm transactional-update pkg rm ● Open shell transactional-update shell transactional-update shell ● Request reboot transactional-update reboot transactional-update reboot ● System rollback transactional-update rollback [number] transactional-update rollback [number]

Slide 16

Slide 16 text

D-Bus interface ● Written in C ● Exposing the API via D-Bus ● Same with /org/opensuse/tukit/Snapshot ● Responses for longer commands are asynchronous D- busctl --system introspect org.opensuse.tukit /org/opensuse/tukit/Transaction org.opensuse.tukit.Transaction

Slide 17

Slide 17 text

overlay /etc overlay defaults,upperdir=/sysroot/var/lib/overlay/18/etc,lowerdir=/sysroot/var/lib/ overlay/16/etc:/sysroot/var/lib/overlay/12/etc:/sysroot/var/lib/overlay/10/ etc:/sysroot/var/lib/overlay/8/etc:/sysroot/var/lib/overlay/7/etc:/sysroot/ var/lib/overlay/6/etc:/sysroot/etc,workdir=/sysroot/var/lib/overlay/work- etc,x-systemd.requires-mounts-for=/var,x-systemd.requires-mounts-for=/var/ lib/overlay,x-systemd.requires-mounts-for=/sysroot/var,x-systemd.requires- mounts-for=/sysroot/var/lib/overlay,x-initrd.mount 0 0 Simplified /etc overlays (May still contain several lowerdirs when using the --continue option) overlay /etc overlay defaults,upperdir=/sysroot/var/lib/overlay/7/etc,lowerdir=/sysroot/var/lib/ overlay/3/etc:/sysroot/etc,workdir=/sysroot/var/lib/overlay/7/work-etc,x- systemd.requires-mounts-for=/var,x-systemd.requires-mounts-for=/sysroot/var,x- initrd.mount 0 0

Slide 18

Slide 18 text

Other (older) news ● Added SELinux support, including setup-selinux command ● status command (experimental) to see whether a system is up to date or modified ● Kernel Live-Patching support ● transactional-update --quiet is really quiet now ● stderr output not mangled into stdout

Slide 19

Slide 19 text

Contact us ● Find us on [email protected] ● openSUSE Bugzilla: Component MicroOS ● SUSE Bugzilla: Component Transactional Update ● GitHub: date

Slide 20

Slide 20 text IRC: irc://