Implement ex livefs --replace #1028
Conversation
|
what does |
Yep. |
|
Related: GNOME/libglnx#89 |
just wondering.. what problem does that solve? just wondering why users might be interested in such a feature |
|
Some of the use cases here go into what's currently covered by Another case is doing quick testing of e.g. a FAH release update live. Yes, you don't get the new kernel, but OTOH you can do some things quickly. If things go wrong, you have the rollback. In general, supporting this goes much farther down the path of having an option to do live updates where possible. |
Hmm, TBH I'm still leaning towards either (1) not including the livefs deployment in the boot entries and/or (2) make the livefs deployment as "ephemeral" as possible. (Those were discussed in #639). Why do we want the changes to be persistent? The usefulness of livefs is that you essentially delay a reboot, but if you're rebooting anyway, we want to encourage users to go to either the pending deployment or the rollback, right? Esp. that we have Anyway, the above isn't directly related to this PR, which looks sane at a quick glance (though maybe we should rename the switch to |
|
I completely agree that it's broken to boot into something that says it was live-modified. The whole livefs thing is clearly going to go through a lot of changes before we lift the Anyways back to this PR; if I'm doing |
Lots of tradeoffs in this. See the comments in the code for more info. WIP for now.
cgwalters
changed the title
|
OK, I added a basic sanity test. Lifting WIP, though this could still use more tests. |
|
Rawr.
C7 doesn't have the license bits standardized. Will hack around this. |
|
Fixed up. |
| break; | ||
| const char *name = dent->d_name; | ||
| /* Keep track of what entries are in the new /usr */ | ||
| g_hash_table_add (seen_new_children, g_strdup (name)); |
There was a problem hiding this comment.
We're leaking this, right? Hash table should probably be g_hash_table_new_full (..., ..., g_free, NULL)
| * all of it. We could do a diff, but doing that precisely and quickly depends | ||
| * on https://github.com/ostreedev/ostree/issues/1224 | ||
| * | ||
| * In this approach, we iterate over and exchange subdirectories. Some issues |
There was a problem hiding this comment.
If we're not recursing, let's clarify that it's only first-level subdirectories of /usr.
| @@ -522,6 +522,106 @@ replace_subpath (OstreeRepo *repo, | |||
| return TRUE; | |||
| } | |||
|
|
|||
| /* The sledgehammer 🔨 approach. Because /usr is a mount point, we can't replace | |||
| * all of it. We could do a diff, but doing that precisely and quickly depends | |||
| * on https://github.com/ostreedev/ostree/issues/1224 | |||
There was a problem hiding this comment.
Hmm, it's true, we are talking about a lot of fdopendir/readdir/stat calls, though I do still wonder how bad it would be.
Actually, that reminds me of cgwalters#2, in which I measured adding a stat penalty on a real compose to be around ~60 ms. Of course, it'd be much larger, but even so, even if it's say, 1 second, it seems like an OK tradeoff considering the added safety? E.g. I would be very hesitant to ever use this feature on my Atomic Workstation; feels a bit too violent. ⚡️ 🔥 💻 😱
| assert_file_has_content livefs-analysis.txt 'livefs OK (dry run)' | ||
| vm_assert_status_jq '.deployments|length == 2' '.deployments[0]["live-replaced"]|not' \ | ||
| '.deployments[1]["live-replaced"]|not' | ||
| vm_rpmostree ex livefs --replace |
There was a problem hiding this comment.
Let's add another vm_assert_status_jq here to confirm it's what we expect?
| (cat vmcheck/usr/bin/ls; echo more stuff) > vmcheck/usr/bin/ls.new | ||
| chmod a+x vmcheck/usr/bin/ls.new | ||
| mv vmcheck/usr/bin/ls{.new,} | ||
| (date; echo "JUST KIDDING DO WHATEVER") >vmcheck/${dummy_file_to_modify}.new && mv vmcheck/${dummy_file_to_modify}{.new,} |
There was a problem hiding this comment.
As a corner-case, maybe also mkdir vmcheck/usr/newdir and check that it was created later on down there?
|
Hmm, weird. Not sure what's going on with the CentOS one. Let's give it a try. |
|
☀️ Test successful - status-atomicjenkins |
Lots of tradeoffs in this. See the comments in the code for
more info. WIP for now.