什么是 rpm-ostree
rpm-ostree是什么?我们可以把rpm-ostree看成是rpm和ostree的合体。一方面它提供了基于rpm的软件包安装,另一方面它提供了基于ostree的操作系统更新升级,而且rpm-ostree将这两种操作都视为对操作系统的更新,每次对系统的更新都像提交“Transaction-事务”,从而确保更新全部成功或全部失败,允许在更新系统后回退到更新前的状态。
在 RHCOS/FCOS 中没提供像 RHEL/CentOS 的YUM/dnf工具,而提供了rpm-ostree实现基于rpm的软件安装。rpm-ostree使用的也是Yum Repository获得软件,可以执行以下命令查看Fedora CoreOS自带的Repository,而在在RHCOS中没有提供缺省的Repository。
[core@tutorial ~]$ ll /etc/yum.repos.d/
total 28
-rw-r--r--. 1 root root 728 Oct 11 09:02 fedora-cisco-openh264.repo
-rw-r--r--. 1 root root 1303 Oct 11 09:02 fedora-modular.repo
-rw-r--r--. 1 root root 1349 Oct 11 09:02 fedora-updates-modular.repo
-rw-r--r--. 1 root root 1391 Oct 11 09:02 fedora-updates-testing-modular.repo
-rw-r--r--. 1 root root 1344 Oct 11 09:02 fedora-updates-testing.repo
-rw-r--r--. 1 root root 1286 Oct 11 09:02 fedora-updates.repo
-rw-r--r--. 1 root root 1239 Oct 11 09:02 fedora.repo
rpm-ostree提供的不仅仅是基于rpm包安装软件,rpm-ostree提供了类似“Transaction-事务”的软件安装升级过程。不像 YUM 那样是单个升级更新软件包,rpm-ostree 是将升级更新作为一个原子单元进行的,因此更类似“Transaction-事务”提交。rpm-ostree在更新操作系统的时候会有2个bootable区域,一个是更新前一个是更新后的,更新升级只有在重启操作系统后才生效。如果软件安装或升级出现问题,则回滚和重新启动会使CoreOS系统返回到先前的状态。我们可以查看CoreOS的“/ostree/”和“/boot/”目录,它们是ostree Repository环境和boot使用哪个ostree。注意:在FCOS和RHCOS中会有稍许差异。
sh-4.4# ls -l /ostree/
total 0
lrwxrwxrwx. 1 root root 8 Jul 30 02:51 boot.1 -> boot.1.1
drwxr-xr-x. 3 root root 19 Jul 30 02:51 boot.1.1
drwxrwxr-x. 3 root root 19 Jul 30 02:51 deploy
drwxrwxr-x. 7 root root 102 Jul 30 02:51 repo
sh-4.4# ls -al /boot/
total 37
drwxr-xr-x. 7 root root 1024 Jul 30 02:51 .
drwxr-xr-x. 12 root root 253 Jul 30 02:51 ..
drwxr-xr-x. 3 root root 16384 Jan 1 1970 efi
drwxrwxr-x. 4 root root 1024 Jul 14 17:24 grub2
lrwxrwxrwx. 1 root root 8 Jul 30 02:51 loader -> loader.1
drwxr-xr-x. 3 root root 1024 Jul 30 02:51 loader.1
drwx------. 2 root root 12288 Jul 14 17:23 lost+found
drwxrwxr-x. 3 root root 1024 Jul 30 02:51 ostree
升级更新CoreOS操作系统
自动更新升级
为了可以看到自动更新的效果,可以先下载稍早些的RCOS的版本(https://getfedora.org/en/coreos?stream=stable),这样才有更新的版本。
- 新建一个CoreOS虚拟机环境(确保可以上互联网),然后在CoreOS中执行命令查看rpm-ostree状态。此时可以看到状态是“busy”、而且提示“Transaction: deploy --lock-finalization”,revision为“5090d96f4faf090c90c5f4ebf6c3cdab458acc89f2ba08d1ff704744a143b7e6”。当前版本(*指向)是“32.20200907.3.0 (2020-09-23T08:16:31Z)”。
[core@tutorial ~]$ rpm-ostree status
State: busy
Transaction: deploy --lock-finalization revision=5090d96f4faf090c90c5f4ebf6c3cdab458acc89f2ba08d1ff704744a143b7e6 --disallow-downgrade
Initiator: caller :1.14
Deployments:
* ostree://fedora:fedora/x86_64/coreos/stable
Version: 32.20200907.3.0 (2020-09-23T08:16:31Z)
Commit: b53de8b03134c5e6b683b5ea471888e9e1b193781794f01b9ed5865b57f35d57
GPGSignature: Valid signature by 97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0
- zincati服务是CoreOS自动升级的服务,执行命令查看zincati服务状态,此时是“auto-updates logic enabled”(自动更新)。由于是自动更新,因此上一步的rpm-ostree的状态是“busy”,说明系统正在升级中。
[core@tutorial /]$ systemctl status zincati.service
● zincati.service - Zincati Update Agent
Loaded: loaded (/usr/lib/systemd/system/zincati.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2020-10-10 10:35:30 UTC; 2h 28min ago
Docs: https://github.com/coreos/zincati
Main PID: 667 (zincati)
Tasks: 2 (limit: 1074)
Memory: 19.4M
CGroup: /system.slice/zincati.service
└─667 /usr/libexec/zincati agent -v
Oct 10 10:35:30 tutorial systemd[1]: Started Zincati Update Agent.
Oct 10 10:35:31 tutorial zincati[667]: [INFO ] starting update agent (zincati 0.0.12)
Oct 10 10:35:34 tutorial zincati[667]: [INFO ] Cincinnati service: https://updates.coreos.fedoraproject.org
Oct 10 10:35:34 tutorial zincati[667]: [INFO ] agent running on node '8bda37ece9284650967684a1e552c5f4', in update group 'default'
Oct 10 10:35:34 tutorial zincati[667]: [INFO ] initialization complete, auto-updates logic enabled
- 一段时间后CoreOS将自动重启。此时再次登录CoreOS,可以再次确认rpm-ostree的状态,其中状态转为“idle”,而且当前版本已经是“32.20200923.3.0 (2020-10-05T16:42:18Z)”,这说明rpm-ostree版本已经升级了。
$ ssh core@<COREOS_HOST> -i id_rsa
[core@tutorial ~]$ rpm-ostree status
State: idle
Deployments:
* ostree://fedora:fedora/x86_64/coreos/stable
Version: 32.20200923.3.0 (2020-10-05T16:42:18Z)
Commit: 5090d96f4faf090c90c5f4ebf6c3cdab458acc89f2ba08d1ff704744a143b7e6
GPGSignature: Valid signature by 97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0
ostree://fedora:fedora/x86_64/coreos/stable
Version: 32.20200907.3.0 (2020-09-23T08:16:31Z)
Commit: b53de8b03134c5e6b683b5ea471888e9e1b193781794f01b9ed5865b57f35d57
GPGSignature: Valid signature by 97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0
- 查看zincati服务的日志,确认包括升级“32.20200923.3.0”的过程和重启系统的日志。另外日志显示的“auto-updates logic enabled”也说明更新是自动的(修改更新策略可参考https://docs.fedoraproject.org/en-US/fedora-coreos/auto-updates/,本文就省略了)。
[core@tutorial ~]$ journalctl -u zincati.service
-- Logs begin at Sun 2020-10-11 01:13:13 UTC, end at Sun 2020-10-11 01:32:26 UTC. --
Oct 11 01:13:21 tutorial systemd[1]: Started Zincati Update Agent.
Oct 11 01:13:22 tutorial zincati[882]: [INFO ] starting update agent (zincati 0.0.12)
Oct 11 01:13:25 tutorial zincati[882]: [INFO ] Cincinnati service: https://updates.coreos.fedoraproject.org
Oct 11 01:13:25 tutorial zincati[882]: [INFO ] agent running on node '124aa9a131ee4d8399ca49e8ae2dbe54', in update group 'default'
Oct 11 01:13:25 tutorial zincati[882]: [INFO ] initialization complete, auto-updates logic enabled
Oct 11 01:13:29 tutorial zincati[882]: [INFO ] target release '32.20200923.3.0' selected, proceeding to stage it
Oct 11 01:15:54 tutorial zincati[882]: [INFO ] staged deployment '32.20200923.3.0' available, proceeding to finalize it
Oct 11 01:15:55 tutorial systemd[1]: Stopping Zincati Update Agent...
Oct 11 01:15:55 tutorial systemd[1]: zincati.service: Succeeded.
Oct 11 01:15:55 tutorial systemd[1]: Stopped Zincati Update Agent.
-- Reboot --
Oct 11 01:16:10 tutorial systemd[1]: Started Zincati Update Agent.
Oct 11 01:16:10 tutorial zincati[668]: [INFO ] starting update agent (zincati 0.0.12)
Oct 11 01:16:14 tutorial zincati[668]: [INFO ] Cincinnati service: https://updates.coreos.fedoraproject.org
Oct 11 01:16:14 tutorial zincati[668]: [INFO ] agent running on node '124aa9a131ee4d8399ca49e8ae2dbe54', in update group 'default'
Oct 11 01:16:14 tutorial zincati[668]: [INFO ] initialization complete, auto-updates logic enabled
- 手动重启CoreOS虚拟机,可以在CoreOS系统启动界面中看到下图中的2行,它们就是rpm-ostree记录的2个version。缺省会使用ostree:0启动,但是也可手动选择ostree:1启动。这说明我们可以临时使用以前的系统启动。
手动升级更新
除了自动更新FCOS外,还可以使用以下rpm-ostree命令完成手动更新操作系统。
[core@tutorial ~]$ sudo rpm-ostree upgrade --check
[core@tutorial ~]$ sudo rpm-ostree upgrade --preview
[core@tutorial ~]$ sudo rpm-ostree upgrade --download-only
[core@tutorial ~]$ sudo rpm-ostree upgrade --reboot
比较更新前后差别
- 执行命令,确认此时ostree有2个版本,commit分别为“5090d96f4faf090c90c5f4ebf6c3cdab458acc89f2ba08d1ff704744a143b7e6”和“b53de8b03134c5e6b683b5ea471888e9e1b193781794f01b9ed5865b57f35d57”。
[core@tutorial ~]$ rpm-ostree status
State: idle
Deployments:
* ostree://fedora:fedora/x86_64/coreos/stable
Version: 32.20200923.3.0 (2020-10-05T16:42:18Z)
Commit: 5090d96f4faf090c90c5f4ebf6c3cdab458acc89f2ba08d1ff704744a143b7e6
GPGSignature: Valid signature by 97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0
ostree://fedora:fedora/x86_64/coreos/stable
Version: 32.20200907.3.0 (2020-09-23T08:16:31Z)
Commit: b53de8b03134c5e6b683b5ea471888e9e1b193781794f01b9ed5865b57f35d57
GPGSignature: Valid signature by 97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0
- 执行命令,根据commit比较2个ostree的差别。
[core@tutorial /]$ rpm-ostree db diff 5090d96f4faf090c90c5f4ebf6c3cdab458acc89f2ba08d1ff704744a143b7e6 b53de8b03134c5e6b683b5ea471888e9e1b193781794f01b9ed5865b57f35d57
ostree diff commit from: 5090d96f4faf090c90c5f4ebf6c3cdab458acc89f2ba08d1ff704744a143b7e6
ostree diff commit to: b53de8b03134c5e6b683b5ea471888e9e1b193781794f01b9ed5865b57f35d57
Downgraded:
afterburn 4.5.1-1.fc32 -> 4.5.0-1.fc32
afterburn-dracut 4.5.1-1.fc32 -> 4.5.0-1.fc32
catatonit 0.1.5-3.fc32 -> 0.1.5-2.fc32
conmon 2:2.0.21-2.fc32 -> 2:2.0.19-1.fc32
container-selinux 2:2.145.0-1.fc32 -> 2:2.144.0-2.fc32
crun 0.14.1-5.fc32 -> 0.14.1-4.fc32
curl 7.69.1-6.fc32 -> 7.69.1-5.fc32
dbus-broker 24-1.fc32 -> 23-2.fc32
elfutils-default-yama-scope 0.181-1.fc32 -> 0.179-2.fc32
elfutils-libelf 0.181-1.fc32 -> 0.179-2.fc32
elfutils-libs 0.181-1.fc32 -> 0.179-2.fc32
flatpak-session-helper 1.8.2-2.fc32 -> 1.6.5-1.fc32
grub2-common 1:2.04-23.fc32 -> 1:2.04-21.fc32
grub2-efi-x64 1:2.04-23.fc32 -> 1:2.04-21.fc32
grub2-pc 1:2.04-23.fc32 -> 1:2.04-21.fc32
grub2-pc-modules 1:2.04-23.fc32 -> 1:2.04-21.fc32
grub2-tools 1:2.04-23.fc32 -> 1:2.04-21.fc32
grub2-tools-minimal 1:2.04-23.fc32 -> 1:2.04-21.fc32
iproute 5.7.0-1.fc32 -> 5.6.0-1.fc32
iproute-tc 5.7.0-1.fc32 -> 5.6.0-1.fc32
krb5-libs 1.18.2-22.fc32 -> 1.18.2-20.fc32
libcurl 7.69.1-6.fc32 -> 7.69.1-5.fc32
libnfsidmap 1:2.5.1-4.rc4.fc32 -> 1:2.5.1-2.rc3.fc32
libsmbclient 2:4.12.7-0.fc32 -> 2:4.12.6-0.fc32
libssh 0.9.5-1.fc32 -> 0.9.4-3.fc32
libssh-config 0.9.5-1.fc32 -> 0.9.4-3.fc32
libwbclient 2:4.12.7-0.fc32 -> 2:4.12.6-0.fc32
libxml2 2.9.10-7.fc32 -> 2.9.10-3.fc32
linux-firmware 20200918-112.fc32 -> 20200817-111.fc32
linux-firmware-whence 20200918-112.fc32 -> 20200817-111.fc32
nfs-utils-coreos 1:2.5.1-4.rc4.fc32 -> 1:2.5.1-2.rc3.fc32
openldap 2.4.47-5.fc32 -> 2.4.47-4.fc32
pcre2 10.35-6.fc32 -> 10.35-4.fc32
pcre2-syntax 10.35-6.fc32 -> 10.35-4.fc32
procps-ng 3.3.16-1.fc32 -> 3.3.15-7.fc32
rpm-ostree 2020.5-1.fc32 -> 2020.4-1.fc32
rpm-ostree-libs 2020.5-1.fc32 -> 2020.4-1.fc32
samba-client-libs 2:4.12.7-0.fc32 -> 2:4.12.6-0.fc32
samba-common 2:4.12.7-0.fc32 -> 2:4.12.6-0.fc32
samba-common-libs 2:4.12.7-0.fc32 -> 2:4.12.6-0.fc32
sudo 1.9.2-1.fc32 -> 1.9.0-0.1.b4.fc32
systemd 245.8-2.fc32 -> 245.7-1.fc32
systemd-container 245.8-2.fc32 -> 245.7-1.fc32
systemd-libs 245.8-2.fc32 -> 245.7-1.fc32
systemd-pam 245.8-2.fc32 -> 245.7-1.fc32
systemd-rpm-macros 245.8-2.fc32 -> 245.7-1.fc32
systemd-udev 245.8-2.fc32 -> 245.7-1.fc32
Removed:
clevis-14-4.fc32.x86_64
clevis-dracut-14-4.fc32.x86_64
clevis-luks-14-4.fc32.x86_64
clevis-systemd-14-4.fc32.x86_64
jose-10-6.fc32.x86_64
libjose-10-6.fc32.x86_64
libluksmeta-9-7.fc32.x86_64
luksmeta-9-7.fc32.x86_64
nmap-ncat-2:7.80-4.fc32.x86_64
tpm2-tools-4.1.3-1.fc32.x86_64
tpm2-tss-2.4.2-1.fc32.x86_64
回滚系统更新
- 执行命令,回滚前面的操作系统的自动更新。
[core@tutorial ~]$ sudo rpm-ostree rollback
Moving 'b53de8b03134c5e6b683b5ea471888e9e1b193781794f01b9ed5865b57f35d57.0' to be first deployment
Bootloader updated; bootconfig swap: yes; deployment count change: 0
Downgraded:
afterburn 4.5.1-1.fc32 -> 4.5.0-1.fc32
afterburn-dracut 4.5.1-1.fc32 -> 4.5.0-1.fc32
catatonit 0.1.5-3.fc32 -> 0.1.5-2.fc32
conmon 2:2.0.21-2.fc32 -> 2:2.0.19-1.fc32
container-selinux 2:2.145.0-1.fc32 -> 2:2.144.0-2.fc32
crun 0.14.1-5.fc32 -> 0.14.1-4.fc32
curl 7.69.1-6.fc32 -> 7.69.1-5.fc32
dbus-broker 24-1.fc32 -> 23-2.fc32
elfutils-default-yama-scope 0.181-1.fc32 -> 0.179-2.fc32
elfutils-libelf 0.181-1.fc32 -> 0.179-2.fc32
elfutils-libs 0.181-1.fc32 -> 0.179-2.fc32
flatpak-session-helper 1.8.2-2.fc32 -> 1.6.5-1.fc32
grub2-common 1:2.04-23.fc32 -> 1:2.04-21.fc32
grub2-efi-x64 1:2.04-23.fc32 -> 1:2.04-21.fc32
grub2-pc 1:2.04-23.fc32 -> 1:2.04-21.fc32
grub2-pc-modules 1:2.04-23.fc32 -> 1:2.04-21.fc32
grub2-tools 1:2.04-23.fc32 -> 1:2.04-21.fc32
grub2-tools-minimal 1:2.04-23.fc32 -> 1:2.04-21.fc32
iproute 5.7.0-1.fc32 -> 5.6.0-1.fc32
iproute-tc 5.7.0-1.fc32 -> 5.6.0-1.fc32
krb5-libs 1.18.2-22.fc32 -> 1.18.2-20.fc32
libcurl 7.69.1-6.fc32 -> 7.69.1-5.fc32
libnfsidmap 1:2.5.1-4.rc4.fc32 -> 1:2.5.1-2.rc3.fc32
libsmbclient 2:4.12.7-0.fc32 -> 2:4.12.6-0.fc32
libssh 0.9.5-1.fc32 -> 0.9.4-3.fc32
libssh-config 0.9.5-1.fc32 -> 0.9.4-3.fc32
libwbclient 2:4.12.7-0.fc32 -> 2:4.12.6-0.fc32
libxml2 2.9.10-7.fc32 -> 2.9.10-3.fc32
linux-firmware 20200918-112.fc32 -> 20200817-111.fc32
linux-firmware-whence 20200918-112.fc32 -> 20200817-111.fc32
nfs-utils-coreos 1:2.5.1-4.rc4.fc32 -> 1:2.5.1-2.rc3.fc32
openldap 2.4.47-5.fc32 -> 2.4.47-4.fc32
pcre2 10.35-6.fc32 -> 10.35-4.fc32
pcre2-syntax 10.35-6.fc32 -> 10.35-4.fc32
procps-ng 3.3.16-1.fc32 -> 3.3.15-7.fc32
rpm-ostree 2020.5-1.fc32 -> 2020.4-1.fc32
rpm-ostree-libs 2020.5-1.fc32 -> 2020.4-1.fc32
samba-client-libs 2:4.12.7-0.fc32 -> 2:4.12.6-0.fc32
samba-common 2:4.12.7-0.fc32 -> 2:4.12.6-0.fc32
samba-common-libs 2:4.12.7-0.fc32 -> 2:4.12.6-0.fc32
sudo 1.9.2-1.fc32 -> 1.9.0-0.1.b4.fc32
systemd 245.8-2.fc32 -> 245.7-1.fc32
systemd-container 245.8-2.fc32 -> 245.7-1.fc32
systemd-libs 245.8-2.fc32 -> 245.7-1.fc32
systemd-pam 245.8-2.fc32 -> 245.7-1.fc32
systemd-rpm-macros 245.8-2.fc32 -> 245.7-1.fc32
systemd-udev 245.8-2.fc32 -> 245.7-1.fc32
Removed:
clevis-14-4.fc32.x86_64
clevis-dracut-14-4.fc32.x86_64
clevis-luks-14-4.fc32.x86_64
clevis-systemd-14-4.fc32.x86_64
jose-10-6.fc32.x86_64
libjose-10-6.fc32.x86_64
libluksmeta-9-7.fc32.x86_64
luksmeta-9-7.fc32.x86_64
nmap-ncat-2:7.80-4.fc32.x86_64
tpm2-tools-4.1.3-1.fc32.x86_64
tpm2-tss-2.4.2-1.fc32.x86_64
Run "systemctl reboot" to start a reboot
- 在重启CoreOS之前可查看当前rpm-ostree还是指向的是“32.20200923.3.0”版本。
[core@tutorial ~]$ rpm-ostree status
State: idle
Deployments:
ostree://fedora:fedora/x86_64/coreos/stable
Version: 32.20200907.3.0 (2020-09-23T08:16:31Z)
Commit: b53de8b03134c5e6b683b5ea471888e9e1b193781794f01b9ed5865b57f35d57
GPGSignature: Valid signature by 97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0
Diff: 47 downgraded, 11 removed
* ostree://fedora:fedora/x86_64/coreos/stable
Version: 32.20200923.3.0 (2020-10-05T16:42:18Z)
Commit: 5090d96f4faf090c90c5f4ebf6c3cdab458acc89f2ba08d1ff704744a143b7e6
GPGSignature: Valid signature by 97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0
- 重启CoreOS,然后再次进入CoreOS。
[core@tutorial ~]$ sudo reboot
$ ssh core@<COREOS_HOST> -i id_rsa
- 确认此时rpm-ostree指向已经回退到“32.20200907.3.0”版本了。
[core@tutorial ~]$ rpm-ostree status
State: idle
Deployments:
* ostree://fedora:fedora/x86_64/coreos/stable
Version: 32.20200907.3.0 (2020-09-23T08:16:31Z)
Commit: b53de8b03134c5e6b683b5ea471888e9e1b193781794f01b9ed5865b57f35d57
GPGSignature: Valid signature by 97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0
ostree://fedora:fedora/x86_64/coreos/stable
Version: 32.20200923.3.0 (2020-10-05T16:42:18Z)
Commit: 5090d96f4faf090c90c5f4ebf6c3cdab458acc89f2ba08d1ff704744a143b7e6
GPGSignature: Valid signature by 97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0
切换当前的rpm-ostree版本
在上面最后一步,我们看到当前rpm-ostree中有“32.20200907.3.0”和“32.20200923.3.0”两个版本,而CoreOS使用的是“32.20200907.3.0”版本。我们可以通过以下命令可切换当前CoreOS使用的rpm-ostree版本。
- 执行命令,切换当前的rpm-ostree版本到“32.20200923.3.0”,然后自动重启CoreOS。
[core@tutorial ~]$ sudo rpm-ostree deploy -r 32.20200923.3.0
Resolving version '32.20200923.3.0'
⠄ Receiving metadata objects: 0/(estimating) -/s 0 bytes...
Receiving metadata objects: 0/(estimating) -/s 0 bytes... done
⠒ Receiving metadata objects: 0/(estimating) -/s 0 bytes...
Receiving metadata objects: 0/(estimating) -/s 0 bytes... done
Staging deployment... done
Connection to 192.168.1.100 closed by remote host.
Connection to 192.168.1.100 closed.
- 重启后再次登录CoreOS,然后确认CoreOS已经使用的是“32.20200923.3.0”版本的ostree了。
$ ssh core@<COREOS_HOST> -i id_rsa
[core@tutorial ~]$ rpm-ostree status
State: idle
Deployments:
* ostree://fedora:fedora/x86_64/coreos/stable
Version: 32.20200923.3.0 (2020-10-05T16:42:18Z)
Commit: 5090d96f4faf090c90c5f4ebf6c3cdab458acc89f2ba08d1ff704744a143b7e6
GPGSignature: Valid signature by 97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0
ostree://fedora:fedora/x86_64/coreos/stable
Version: 32.20200907.3.0 (2020-09-23T08:16:31Z)
Commit: b53de8b03134c5e6b683b5ea471888e9e1b193781794f01b9ed5865b57f35d57
GPGSignature: Valid signature by 97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0
安装软件
- 执行命令,用rpm-ostree安装httpd。
[core@tutorial ~]$ sudo rpm-ostree install httpd
Checking out tree 5090d96... done
Enabled rpm-md repositories: fedora-cisco-openh264 updates fedora
Updating metadata for 'fedora-cisco-openh264'... done
rpm-md repo 'fedora-cisco-openh264'; generated: 2020-08-25T19:05:18Z
Updating metadata for 'updates'... done
rpm-md repo 'updates'; generated: 2020-10-09T16:04:03Z
Updating metadata for 'fedora'... done
rpm-md repo 'fedora'; generated: 2020-04-22T22:22:36Z
Importing rpm-md... done
Resolving dependencies... done
Will download: 10 packages (2.0?MB)
Downloading from 'fedora'... done
Downloading from 'updates'... done
Importing packages... done
Checking out packages... done
Running pre scripts... done
Running post scripts... done
Running posttrans scripts... done
Writing rpmdb... done
Writing OSTree commit... done
Staging deployment... done
Added:
apr-1.7.0-3.fc32.x86_64
apr-util-1.6.1-12.fc32.x86_64
apr-util-bdb-1.6.1-12.fc32.x86_64
apr-util-openssl-1.6.1-12.fc32.x86_64
fedora-logos-httpd-30.0.2-4.fc32.noarch
httpd-2.4.46-1.fc32.x86_64
httpd-filesystem-2.4.46-1.fc32.noarch
httpd-tools-2.4.46-1.fc32.x86_64
mailcap-2.1.48-7.fc32.noarch
mod_http2-1.15.14-1.fc32.x86_64
Run "systemctl reboot" to start a reboot
- 查看rpm-ostree的状态,确认当前最前面的ostree已经包含“LayeredPackages: httpd”了。但是当前“*”指向的不是新版的ostree,这是因为最新的ostree还没有生效。
[core@tutorial ~]$ rpm-ostree status
State: idle
Deployments:
ostree://fedora:fedora/x86_64/coreos/stable
Version: 32.20200923.3.0 (2020-10-05T16:42:18Z)
BaseCommit: 5090d96f4faf090c90c5f4ebf6c3cdab458acc89f2ba08d1ff704744a143b7e6
GPGSignature: Valid signature by 97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0
Diff: 10 added
LayeredPackages: httpd
* ostree://fedora:fedora/x86_64/coreos/stable
Version: 32.20200923.3.0 (2020-10-05T16:42:18Z)
Commit: 5090d96f4faf090c90c5f4ebf6c3cdab458acc89f2ba08d1ff704744a143b7e6
GPGSignature: Valid signature by 97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0
ostree://fedora:fedora/x86_64/coreos/stable
Version: 32.20200907.3.0 (2020-09-23T08:16:31Z)
Commit: b53de8b03134c5e6b683b5ea471888e9e1b193781794f01b9ed5865b57f35d57
GPGSignature: Valid signature by 97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0
- 执行命令,查看ostree变化情况。可以看到“pending deployment”比“booted deployment”多了10个包。
[core@tutorial ~]$ rpm-ostree db diff
ostree diff commit from: booted deployment (5090d96f4faf090c90c5f4ebf6c3cdab458acc89f2ba08d1ff704744a143b7e6)
ostree diff commit to: pending deployment (6d09d2e87ee5c22db2eacf8670fde9461c1c29abe67108f879ea212970ea31f1)
Added:
apr-1.7.0-3.fc32.x86_64
apr-util-1.6.1-12.fc32.x86_64
apr-util-bdb-1.6.1-12.fc32.x86_64
apr-util-openssl-1.6.1-12.fc32.x86_64
fedora-logos-httpd-30.0.2-4.fc32.noarch
httpd-2.4.46-1.fc32.x86_64
httpd-filesystem-2.4.46-1.fc32.noarch
httpd-tools-2.4.46-1.fc32.x86_64
mailcap-2.1.48-7.fc32.noarch
mod_http2-1.15.14-1.fc32.x86_64
- 重启CoreOS,重启后再次登录CoreOS。
[core@tutorial ~]$ sudo reboot
$ ssh core@<COREOS_HOST> -i id_rsa
- 再次查看rpm-ostree的状态。通过“*”的指向确认此时rpm-ostree已经使用带有“LayeredPackages: httpd”的了。
[core@tutorial ~]$ rpm-ostree status
State: idle
Deployments:
* ostree://fedora:fedora/x86_64/coreos/stable
Version: 32.20200923.3.0 (2020-10-05T16:42:18Z)
BaseCommit: 5090d96f4faf090c90c5f4ebf6c3cdab458acc89f2ba08d1ff704744a143b7e6
GPGSignature: Valid signature by 97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0
LayeredPackages: httpd
ostree://fedora:fedora/x86_64/coreos/stable
Version: 32.20200923.3.0 (2020-10-05T16:42:18Z)
Commit: 5090d96f4faf090c90c5f4ebf6c3cdab458acc89f2ba08d1ff704744a143b7e6
GPGSignature: Valid signature by 97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0
- 确认此时CoreOS中已经有httpd服务了。
[core@tutorial ~]$ sudo systemctl start httpd
[core@tutorial ~]$ systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Sun 2020-10-11 02:57:18 UTC; 5s ago
Docs: man:httpd.service(8)
Main PID: 4124 (httpd)
Status: "Started, listening on: port 80"
Tasks: 213 (limit: 1074)
Memory: 19.2M
CGroup: /system.slice/httpd.service
├─4124 /usr/sbin/httpd -DFOREGROUND
├─4125 /usr/sbin/httpd -DFOREGROUND
├─4126 /usr/sbin/httpd -DFOREGROUND
├─4127 /usr/sbin/httpd -DFOREGROUND
└─4128 /usr/sbin/httpd -DFOREGROUND
Oct 11 02:57:18 tutorial systemd[1]: Starting The Apache HTTP Server...
Oct 11 02:57:18 tutorial httpd[4124]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::fa65:9674:c105:f61c%enp0s3. Set the >
Oct 11 02:57:18 tutorial systemd[1]: Started The Apache HTTP Server.
Oct 11 02:57:18 tutorial httpd[4124]: Server configured, listening on: port 80
- (可选)如果当rpm-ostree的State是busy的时候安装软件,我们可以看到以下错误提示。说明系统更新正在进行中,还未完成,此时无法执行新的安装操作。
[core@tutorial ~]$ sudo rpm-ostree install wget
error: Transaction in progress: deploy --lock-finalization revision=5090d96f4faf090c90c5f4ebf6c3cdab458acc89f2ba08d1ff704744a143b7e6 --disallow-downgrade
删除软件
除了可以用rpm-ostree安装软件外, 还可以用它删除软件,完成后会自动重启操作系统以使得安装生效。
[core@tutorial /]$ sudo rpm-ostree uninstall httpd --reboot
参考
https://docs.fedoraproject.org/en-US/iot/applying-updates-UG/
https://dustymabe.com/2020/01/23/devconf.cz-2020-fedora-coreos-lab/
https://discussion.fedoraproject.org/c/server/coreos/5
https://developers.redhat.com/blog/2020/03/12/how-to-customize-fedora-coreos-for-dedicated-workloads-with-ostree/