Re: How is OSTree designed to be safe from power loss damage?
- From: Colin Walters <walters verbum org>
- To: Leon Woestenberg <leon sidebranch com>
- Cc: ostree-list gnome org
- Subject: Re: How is OSTree designed to be safe from power loss damage?
- Date: Mon, 09 Jan 2017 09:12:47 -0500
On Mon, Jan 9, 2017, at 07:37 AM, Leon Woestenberg wrote:
Awesome, happy to help with anything I can here.
The question was not so much about the atomic swap, but more about what happens if the system was power-cycled or reset in the middle of pulling objects from a remote, or in the middle of deploying an OS?
In other words, what happens if I reset the device halfway creating the hardlinks, on the next boot cycle?
Okay, so there are two phases here. Downloading into the repo, and creating deployments.
For downloads, the latest on this is:
Specifically:
Basically, pending objects (files) are staged in a directory per kernel "boot id", which is
unique per boot. Hence, if the power is lost any pending objects will be discarded (
we currently do a time-based pruning of the tmpdir).
This is a bit conservative obviously - we could *try* resuming from them and if the checksum doesn't match, redownload, but so far it hasn't gone up in priority.
For deployments, it's a lot simpler - we're just making a hardlink farm and copying
forward changes in /etc. If the system crashes before, on the next upgrade attempt,
we'll just garbage collect the pending hardlink farm and redo it.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
