rpm-ostree is the hybrid image/package system that provides transactional upgrades on Atomic Host. Here are some highlights from version v2017.6, including “livefs” support for adding package layers.

The highlight of this release is experimental support for live system updates. You can test it out by rebasing your Fedora Atomic Host onto the testing branch. Feel free to also leave karma in the pending Bodhi updates:

Live updates

rpm-ostree now has experimental support for applying some updates live without the need to reboot using the rpm-ostree ex livefs command. Details of how the command works may change in the future.

For now, the livefs command only works in situations where the only difference between the pending deployment and the current deployment is added packages. You can see it in action below:

# rpm-ostree status
State: idle
Deployments:
* vmcheck
              Timestamp: 2017-06-02 19:45:32
                 Commit: 3f5650aeffe16474584b57c6ec0654e6fd96c3c60d998a04b1e550e61556d8ab
# ltrace
bash: ltrace: command not found
# rpm -q ltrace
package ltrace is not installed

We don’t have ltrace installed. Let’s overlay it:

# rpm-ostree install ltrace
Checking out tree 3f5650a... done
Enabled rpm-md repositories: fedora-cisco-openh264 updates fedora jlebon
rpm-md repo 'fedora-cisco-openh264' (cached); generated: 2017-03-24 17:58:10
rpm-md repo 'updates' (cached); generated: 2017-06-02 01:51:29
rpm-md repo 'fedora' (cached); generated: 2016-11-15 19:49:18
rpm-md repo 'jlebon' (cached); generated: 2017-05-08 16:24:16

Importing metadata [========================================================100%
Resolving dependencies... done
Will download: 1 package (159.2 kB)

  Downloading from fedora: [================================================100%

Importing: [================================================================100%
Overlaying... done
Writing rpmdb... done
Writing OSTree commit... done
Copying /etc changes: 26 modified, 0 removed, 103 added
Transaction complete; bootconfig swap: yes deployment count change: 1
Added:
  ltrace-0.7.91-20.fc25.x86_64
Run "systemctl reboot" to start a reboot
# rpm-ostree status
State: idle
Deployments:
  vmcheck
              Timestamp: 2017-06-02 19:45:32
             BaseCommit: 3f5650aeffe16474584b57c6ec0654e6fd96c3c60d998a04b1e550e61556d8ab
        LayeredPackages: ltrace

* vmcheck
              Timestamp: 2017-06-02 19:45:32
                 Commit: 3f5650aeffe16474584b57c6ec0654e6fd96c3c60d998a04b1e550e61556d8ab

Normally, at this point, we’d have to reboot. However, since we just added a package, we can use the livefs command instead to get the changes immediately applied:

# rpm-ostree ex livefs
notice: "livefs" is an experimental command and subject to change.
Diff Analysis: 3f5650aeffe16474584b57c6ec0654e6fd96c3c60d998a04b1e550e61556d8ab => f71fedccd227b5112b461b466106e069bf2c1c2de21f1554abda72297594e8a0
Files:
 modified: 0
 removed: 0
 added: 15
Packages:
 modified: 0
 removed: 0
 added: 1
Preparing new rollback matching currently booted deployment
Copying /etc changes: 26 modified, 0 removed, 103 added
Transaction complete; bootconfig swap: yes deployment count change: 1
Overlaying /usr... done
# ltrace
ltrace: too few arguments
Try `ltrace --help' for more information.
# rpm -q ltrace
ltrace-0.7.91-20.fc25.x86_64

The livefs command helpfully created a rollback deployment of the original commit we booted into because it modifies the deployment itself permanently. You can see this modification reflected in the output of the status command:

# rpm-ostree status
State: idle
Deployments:
  vmcheck
              Timestamp: 2017-06-02 19:45:32
             BaseCommit: 3f5650aeffe16474584b57c6ec0654e6fd96c3c60d998a04b1e550e61556d8ab
                 Commit: f71fedccd227b5112b461b466106e069bf2c1c2de21f1554abda72297594e8a0
        LayeredPackages: ltrace

* vmcheck
              Timestamp: 2017-06-02 19:45:32
           BootedCommit: 3f5650aeffe16474584b57c6ec0654e6fd96c3c60d998a04b1e550e61556d8ab
             LiveCommit: f71fedccd227b5112b461b466106e069bf2c1c2de21f1554abda72297594e8a0

  vmcheck
              Timestamp: 2017-06-02 19:45:32
                 Commit: 3f5650aeffe16474584b57c6ec0654e6fd96c3c60d998a04b1e550e61556d8ab

The BootedCommit is the commit we original started with, whereas the LiveCommit is the commit that was applied to the live deployment.

As mentioned earlier, this feature is still in experimental mode, and thus is subject to change. Discussions are still ongoing upstream as to the finer details of the command and expected use cases.

Repodata caching

You might have noticed this bit in the output above:

Enabled rpm-md repositories: fedora-cisco-openh264 updates fedora jlebon
rpm-md repo 'fedora-cisco-openh264' (cached); generated: 2017-03-24 17:58:10
rpm-md repo 'updates' (cached); generated: 2017-06-02 01:51:29
rpm-md repo 'fedora' (cached); generated: 2016-11-15 19:49:18
rpm-md repo 'jlebon' (cached); generated: 2017-05-08 16:24:16

rpm-ostree now caches repo metadata for up to a day, and prints this information during layering operations. One can do cleanup -m in order to purge the metadata and force a refresh.

Journal logging

The rpm-ostree daemon now logs more and more information to the journal to help sysadmins understand system state and to diagnose issues. Here are some sample journal outputs from the operations above:

rpm-ostree[1276]: Preparing pkg txn; enabled repos: ['updates', 'fedora', 'jlebon'] solvables: 71435
rpm-ostree[1276]: Imported 1 pkg
...
rpm-ostree[1276]: Starting livefs for commit f71fedccd227b5112b461b466106e069bf2c1c2de21f1554abda72297594e8a0 addition; 1 pkgs, 15 files
rpm-ostree[1276]: Completed livefs for commit f71fedccd227b5112b461b466106e069bf2c1c2de21f1554abda72297594e8a0

Many of these journal entries actually use the structured output feature of journald. For example, there is a dedicated MESSAGE_ID for reporting repo information during package transactions:

# journalctl -b 0 MESSAGE_ID=0eea679bbfa34d43802dec99b274ebe7 -o json-pretty
{
        ...
        "MESSAGE_ID" : "0eea679bbfa34d43802dec99b274ebe7",
        "MESSAGE" : "Preparing pkg txn; enabled repos: ['updates', 'fedora', 'jlebon'] solvables: 71435",
        "SACK_N_SOLVABLES" : "71881",
        "ENABLED_REPOS" : "['updates', 'fedora', 'jlebon']",
        "ENABLED_REPOS_SOLVABLES" : "[19748, 51669, 18]",
        "ENABLED_REPOS_TIMESTAMPS" : "[1496368289, 1479239358, 1494260656]",
        ...
}

Other minor fixes and improvements

There are many other small improvements, here are a few:

  • rpm-ostree is now more diligent about checking whether RPMs from repos are the same as locally cached RPMs. Previously, two different RPMs with the same name and version would be considered equivalent. We now store the actual package checksum and do a comparison to verify this.

  • on the compose side, rpm-ostree now supports a new tmp-is-dir field, which allows for example, systemd to mount a tmpfs on startup, rather than using a central permanent /tmp directory.

  • rpm-ostree is now capable of rebasing to a local branch using the rebase :local-branch syntax. This was previously not possible if the current refspec was from a remote.