Red Hat SummitChapter 5. Upgrading and Downgrading
5.1. Setting up an Atomic Compose Server
This procedure explains how to set up an Atomic Compose server. It is possible to use an Atomic Compose server to create atomic update trees. The procedure here explains how to set up an Atomic Compose server that creates a local mirror of the upstream OSTree repository.
Log into a shell on the host, and run the Atomic Tools container.
atomic run rhel7/rhel-tools
# atomic run rhel7/rhel-toolsCopy to Clipboard Copied! Toggle word wrap Toggle overflow From inside the tools container, create an unprivileged user.
adduser container
# adduser containerCopy to Clipboard Copied! Toggle word wrap Toggle overflow Acquire the entitlement certificates and use
chownto make them owned by the unprivileged container user.cd ~container # cp /host/etc/pki/entitlement/*.pem . chown container: *.pem runuser -u container bash
# cd ~container # cp /host/etc/pki/entitlement/*.pem . # chown container: *.pem # runuser -u container bashCopy to Clipboard Copied! Toggle word wrap Toggle overflow Log out of the root account.
exit
# exitCopy to Clipboard Copied! Toggle word wrap Toggle overflow NoteWe use /host/var/tmp/repo so the data is outside of the container. This could be a remote mount point to Ceph/etc.
Put the entitlement certificates inside the repo directory.
cd /host/var/tmp mkdir repo && ostree --repo=repo init --mode=archive-z2 mv ~/*.pem repo/
$ cd /host/var/tmp $ mkdir repo && ostree --repo=repo init --mode=archive-z2 $ mv ~/*.pem repo/Copy to Clipboard Copied! Toggle word wrap Toggle overflow Copy the remote configuration from the host into the repository:
cat /host/etc/ostree/remotes.d/redhat.conf >> repo/config
$ cat /host/etc/ostree/remotes.d/redhat.conf >> repo/configCopy to Clipboard Copied! Toggle word wrap Toggle overflow Change variables
Edit repo/config and change the tls-client-* variables to look like the ones below. This tells the command where to find the client certificates that are necessary to access the CDN.
tls-client-cert-path = ./repo/123451234512345.pem tls-client-key-path = ./repo/123451234512345-key.pem
tls-client-cert-path = ./repo/123451234512345.pem tls-client-key-path = ./repo/123451234512345-key.pemCopy to Clipboard Copied! Toggle word wrap Toggle overflow Final steps
Everything is now set up. The following command will incrementally mirror all of the content. It is possible to run the command from a cron job or systemd timer.
ostree --repo=repo pull --mirror rhel-atomic-host-ostree
$ ostree --repo=repo pull --mirror rhel-atomic-host-ostreeCopy to Clipboard Copied! Toggle word wrap Toggle overflow For client machines, change /etc/ostree/remotes.d/redhat.conf to point to a static web server that is exporting the repo directory.
5.2. Upgrading to a New Version
Unlike Red Hat Enterprise Linux 7 which uses Yum and has a traditional package management model, RHEL Atomic Host uses OSTree and is upgraded by preparing a new operating system root, and making it the default for the next boot.
To perform an upgrade, execute the following commands:
atomic host upgrade systemctl reboot
# atomic host upgrade
# systemctl rebootThe OSTrees are downloaded securely. However, if you want, you can manually verify the provenance of the OSTree to which you are upgrading. See Manually Verifying OS Trees.
If you are using a system that requires an HTTP proxy, the proxy is configured with an environment variable. To configure the environment variable, use a command similar to the following one:
env http_proxy=http://proxy.example.com:port/ atomic host upgrade
# env http_proxy=http://proxy.example.com:port/ atomic host upgrade5.3. Rolling Back to a Previous Version
To revert to a previous installation of Red Hat Enterprise Linux Atomic Host, execute the following commands:
atomic host rollback systemctl reboot
# atomic host rollback
# systemctl rebootTwo versions of Red Hat Enterprise Linux Atomic Host are available on the system after the initial upgrade. One is the currently running version. The other is either a new version recently installed from an upgrade or the version that was in place prior to the last upgrade.
Configuration is preserved across updates, but is only forward-preserved. This means that if you make a configuration change and then later roll back to a previous version, the configuration change you made is reverted.
Running the atomic host upgrade command will replace the non-running version of Red Hat Enterprise Linux Atomic Host. This version will also be configured to be used during the next boot.
To determine which version of the operating system is running, execute the following command:
atomic host status
# atomic host statusThe output that includes the hash name of the directory in the /ostree/deploy/rhel-atomic-host/ directory looks like this:
This fictional sample output shows that version 7.3 will be booted into on the next restart. The version to be booted on the next restart is printed first.
This fictional sample also shows that version 7.2.7 is the currently running version. The currently running version is marked with an asterisk (*).
This output was created just after the atomic host upgrade command was executed, and that means that a new version has been staged to be applied at the next restart.
5.4. Generating the initramfs Image on the Client
By default, Atomic Host uses a generic initramfs image built on the server side. This is distinct from the yum-based Red Hat Enterprise Linux, where initramfs is generated per installation. However, in some situations, additional configuration or content may need to be added, which requires generating initramfs on the client side.
To make an Atomic Host client machine generate initramfs on every upgrade, run:
rpm-ostree initramfs --enable
$ rpm-ostree initramfs --enable
After this, on every upgrade, the client runs the dracut program, which builds the new initramfs.
To disable generating initramfs on the client, run:
rpm-ostree initramfs --disable
$ rpm-ostree initramfs --disable
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}