Re: How is OSTree designed to be safe from power loss damage?

From: Phil Wise <phil advancedtelematic com>
To: ostree-list gnome org
Subject: Re: How is OSTree designed to be safe from power loss damage?
Date: Mon, 9 Jan 2017 15:52:50 +0100

Hi Leon,

On 09.01.2017 15:29, Leon Woestenberg wrote:


+CC: Leon Anavi and Anton Gerasimov.

I think discussions will happen here on the OSTree mailing list or
OpenEmbedded (or Yocto) mailing list, depending on the core of the subject.

The existing work is AGL related, this is where I saw Leon and Anton do
what I was trying to do. :)


meta-updater is independent of AGL now, so it should work with any
OE-based project.  We've put together a simple example using poky and
the R-Pi here:

https://github.com/advancedtelematic/garage-quickstart-rpi

I'd be keen to get OSTree support upstreamed into Yocto/OE: is there
anything we can do to help that process?


Cheers,

Phil

On Mon, Jan 9, 2017 at 3:12 PM, Colin Walters <walters verbum org
<mailto:walters verbum org>> wrote:

    __

    On Mon, Jan 9, 2017, at 07:37 AM, Leon Woestenberg wrote:

    I would like to make OSTree a first class citizen in upstream
    Yocto/OpenEmbedded, a lot has been done already by Leon Anavi and
    Anton Gerasimov in meta-updater.
    (https://github.com/advancedtelematic/meta-updater
    <https://github.com/advancedtelematic/meta-updater>)


    Awesome, happy to help with anything I can here.


    The question was not so much about the atomic swap, but more about
    what happens if the system was power-cycled or reset in the middle
    of pulling objects from a remote, or in the middle of deploying an OS?
    In other words, what happens if I reset the device halfway
    creating the hardlinks, on the next boot cycle?


    Okay, so there are two phases here.  Downloading into the repo, and
    creating deployments.

    For downloads, the latest on this is:
    https://github.com/ostreedev/ostree/commit/27a45e2edbd1c4551b801a957cafcb27b3417fd3
    <https://github.com/ostreedev/ostree/commit/27a45e2edbd1c4551b801a957cafcb27b3417fd3>
    Specifically:
    
https://github.com/ostreedev/ostree/commit/27a45e2edbd1c4551b801a957cafcb27b3417fd3#diff-23d4c8887c7dda91613c9451bf3fe7c0R1281
    
<https://github.com/ostreedev/ostree/commit/27a45e2edbd1c4551b801a957cafcb27b3417fd3#diff-23d4c8887c7dda91613c9451bf3fe7c0R1281>

    Basically, pending objects (files) are staged in a directory per
    kernel "boot id", which is
    unique per boot.  Hence, if the power is lost any pending objects
    will be discarded (
    we currently do a time-based pruning of the tmpdir).
    This is a bit conservative obviously - we could *try* resuming from
    them and if the checksum doesn't match, redownload, but so far it
    hasn't gone up in priority.

    For deployments, it's a lot simpler - we're just making a hardlink
    farm and copying
    forward changes in /etc.  If the system crashes before, on the next
    upgrade attempt,
    we'll just garbage collect the pending hardlink farm and redo it.





_______________________________________________
ostree-list mailing list
ostree-list gnome org
https://mail.gnome.org/mailman/listinfo/ostree-list


-- 
Phil Wise, ATS Advanced Telematic Systems GmbH
Kantstrasse 162, 10623 Berlin
Managing Directors: Dirk Pöschl, Armin G. Schmidt
Register Court: HRB 151501 B, Amtsgericht Charlottenburg

Follow-Ups:
- Re: How is OSTree designed to be safe from power loss damage?
  - From: Leon Woestenberg

References:
- How is OSTree designed to be safe from power loss damage?
  - From: Leon Woestenberg
- Re: How is OSTree designed to be safe from power loss damage?
  - From: Colin Walters
- Re: How is OSTree designed to be safe from power loss damage?
  - From: Leon Woestenberg
- Re: How is OSTree designed to be safe from power loss damage?
  - From: Colin Walters
- Re: How is OSTree designed to be safe from power loss damage?
  - From: Leon Woestenberg

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]