diff --git a/antora.yml b/antora.yml index 05fbf60..ae3137f 100644 --- a/antora.yml +++ b/antora.yml @@ -1,6 +1,11 @@ name: rhde-build title: Building Red Hat Device Edge Images version: 1 +asciidoc: + attributes: + commit-httpd-v1: 7ff678881e89e96c90eb083b905dce411740caf19c524481d7c1b848647b5746 + commit-httpd-v2: 4afeda6a96ec8b2c263b6965a9c3f92db1db2436ae1e1233da70b7776fc6137b + commit-httpd-v3: cfd48bbd633b68844c4ca8122f26e5fa36d8aad929525c61331d0aab5c3d3e88 nav: - modules/ROOT/nav.adoc - modules/ch1-build/nav.adoc diff --git a/modules/ch4-update/pages/s2-update-lab.adoc b/modules/ch4-update/pages/s2-update-lab.adoc index b8b5711..6d5ea6f 100644 --- a/modules/ch4-update/pages/s2-update-lab.adoc +++ b/modules/ch4-update/pages/s2-update-lab.adoc @@ -6,7 +6,7 @@ _Estimated reading time: *{time_estimate} minutes*._ Objective:: -Build RHEL for Edge image updates and publish them as OSTree deltas. +Build RHEL for Edge image updates, publish them as OSTree deltas, and apply the updates to a test VM. WARNING: Work in Progress @@ -16,19 +16,13 @@ You need a _development machine_ with RHEL and configured with the Image Builder You also need a _web server machine_ which serves an OSTree repository. Make sure that machine was configured and verified by following the instructions from xref:ch2-publish:s2-ostree-lab.adoc[a previous lab]. -Finally, you need the _test VM_ that you created and published in xref:ch2-publish:s2-boot-lab.adoc[another lab]. +Finally, you need the _test VM_ that you created and published in xref:ch3-test:s2-boot-lab.adoc[another lab]. These instructions were tested on RHEL 9.4 [tentative!] but should work with minimal or no change on and newer and older RHEL 9.x releases. If you are using the course classroom, you will log in on the `workstation` VM as the user `student` with password `student`, and you start SSH sessions to the `servera` VM from the same user. In this case, the `workstation` VM is your _development machine_, and the `servera` VM is your _web server_ machine. If not, please adapt the instructions to your test environment. -[ REVIEW NEXT PARA ] - -You will some steps in this lab on your _development machine_ and some steps on the _web server_ machine. - -[ Make one lab perform an update without a delta, and the other with a delta? ] - -[ Add commands to start VMs and connect to their consoles ] +You will perform some steps in this lab on your _development machine_ and some steps on the _web server_ machine. Pay attention to the instructions at each step! == Instructions @@ -59,15 +53,15 @@ repo_version=1 mode=archive-z2 -- -.. Check that you can get the current commit ID the OSTree branch with the httpd edge system image that you created in xref:ch2-publish:s3-ostree-lab.adoc[a previous lab]. Your will get a different ID: +.. Check that you can get the current commit ID the OSTree branch with the httpd edge system image that you created in xref:ch2-publish:s2-ostree-lab.adoc[a previous lab]. Your will get a different ID: + -[source,subs="verbatim,quotes"] +[source,subs="verbatim,quotes,attributes"] -- $ *curl http://servera.lab.example.com/repo/refs/heads/rhel/9/x86_64/edge* -4afeda6a96ec8b2c263b6965a9c3f92db1db2436ae1e1233da70b7776fc6137b +{commit-httpd-v1} -- + -Pay attention to the final path element of the URL, which should be "edge". +Pay attention to the final path element of the URL, which should be "edge". The commit ID you got will be the parent commit of the edge commit image you are building during this lab. .. Check that you can manage local VMs, and there's a VM left from the xref:s2-boot-lab:[previous lab] named `edge-test-1`. + @@ -78,42 +72,48 @@ $ *virsh list --all* --------------------------- 1 edge-test-1 shut-off 2 edge-db-1 shut-off ---- +-- + It's fine the existing VM displays an status of "running" instead of "shut off". -2. Make changes to the edge image blueprint to add a custom welcome page to the Apache Web Server. - -.. Open the `rhel9-httpd.toml` file which you created in a xref:ch1-build-blueprint-lab.adoc[previous lab], with any text editor. +2. On your _developer machine_, make changes to the edge image blueprint to add the Cockpit packages. -.. Increment the version number, in tbe beginning of the TOML file, and add a `customizations.file` section with an inline HTML page, to the end of the TOML file. +.. Open the `rhel9-httpd.toml` file, which you created in a xref:ch1-build:s6-blueprint-lab.adoc[previous lab], with any text editor. + -[ didn't work, switch to adding the cockpit package ] +Increment the version number, in the beginning of the TOML file, add a new `packages` section, and makes changes to its `services`` and `firewall` customization sections. The file should look like the following, after all edits: + [source,subs="verbatim,quotes"] -- name = "rhel9-edge" description = "blueprint-rhel9-edge" -version = "0.0.2" -... -[[customizations.files]] -path = "/var/www/html/index.html" -mode = "0644" -user = "root" -group = "root" -data = """ - - -

I am an Edge Device!

- - -"""-- - -.. Push the updated blueprint. +version = *"0.2.0"* +modules = [] +groups = [] +distro = "" + +*[[packages]] +name = "cockpit"* + +[[packages]] +name = "httpd" + +[customizations] +hostname = "edge" + +[customizations.services] +enabled = ["sshd", "httpd"*, "cockpit"*] + +[customizations.firewall.services] +enabled = ["ssh", "http", *"cockpit"*] +-- ++ +You can also download a https://raw.githubusercontent.com/RedHatQuickCourses/rhde-build-samples/refs/heads/main/blueprints/rhel9-httpd-v2.toml[TOML file with all edits] from the course samples repository in GitHub. Beware that the file in the samples repository has a different file name, but the same blueprint name, so it can be used as-is, without renaming. + +.. Push the updated blueprint to the Image Builder service. + [source,subs="verbatim,quotes"] -- -$ *composer-cli push blueprints rhde-build-samples/blueprints/rhel9-httpd-v2.toml* +$ *composer-cli blueprints push rhel9-httpd.toml* -- .. Verify that the blueprint in the Image Builder service contains your changes. @@ -127,75 +127,85 @@ rhel9-mysql $ *composer-cli blueprints show rhel9-edge* name = "rhel9-edge" description = "blueprint-rhel9-edge" -version = "0.0.2" +version = "0.2.0" ... -- 3. Still on your _development machine_, build an edge commit image from your changed blueprint. ++ +This is very similar to what you done in previous labs, but pay attention to the differences required for update images and a few hints about the usage of the `composer-cli` command. .. Start a compose for an edge commit image and copy its UUID to a shell variable. + -[ do I need a parent? looks like I have to reference the external repo ] -+ [source,subs="verbatim,quotes"] -- $ *composer-cli compose start-ostree rhel9-edge edge-commit --url http://servera.lab.example.com/repo --ref rhel/9/x86_64/edge* Compose fb5ef664-1def-4589-919d-1a0681f86371 added to the queue $ *UUID=fb5ef664-1def-4589-919d-1a0681f86371* -- - -.. Wait until the compose finishes. To avoid clutter from previous labs, this time we filter the list of composes. + -[ try a better filter with jq. why can't I ask just the status of a given compose? :-() ] +IMPORTANT: Be sure you include the URL of your remote OSTree repository and its branch name, so you can use it for system updates. + +.. Wait until the compose finishes. To avoid clutter from previous labs, this time we filter the list of composes to only show running composes. + [source,subs="verbatim,quotes"] -- $ *composer-cli compose list running* ID Status Blueprint Version Type -fb5ef664-1def-4589-919d-1a0681f86371 RUNNING rhel9-edge 0.0.2 edge-commit +fb5ef664-1def-4589-919d-1a0681f86371 RUNNING rhel9-edge 0.2.0 edge-commit $ *composer-cli compose list running* ID Status Blueprint Version Type -$ *composer-cli compose list finished* -ID Status Blueprint Version Type -... -fb5ef664-1def-4589-919d-1a0681f86371 FINISHED rhel9-edge 0.0.2 edge-commit -- -.. Download the edge commit image and copy it to your _web sever machine_. +.. Once the list of running composes is empty, it means your compose job either finished or failed. You could filter the list of composes on those statuses, but after some time both lists could become too large for visual inspection. Let's see how to filter the JSON output of `composer-cli` to get information of just one compose by its UUID: + [source,subs="verbatim,quotes"] -- -$ *composer-cli compose image $UUID* -fb5ef664-1def-4589-919d-1a0681f86371-commit.tar -$ *scp $UUID-commit.tar servera:~* -... +$ *composer-cli compose list -j | jq -r ".[1].body.finished[] | select(.id==\"$UUID\").queue_status"* +FINISHED +-- + +.. If your compose had failed, you would need a different filter, such as: ++ +[source,subs="verbatim,quotes"] -- +$ *composer-cli compose list -j | jq -r ".[2].body.failed[] | select(.id==\"$UUID\").queue_status"* +FAILED +-- ++ +Because our compose didn't fail, the previous query returns empty. ++ +You can download, from the source samples repository in GitHub, a https://raw.githubusercontent.com/RedHatQuickCourses/rhde-build-samples/refs/heads/main/sh/status-compose.sh[simple Bash script] that returns the status of a compose gives its UUID. -4. On your _web server machine_, copy the new edge image to the OSTree repository. -.. Copy the shell variable with the UUID of the new edge commit image and check that it exists on your home folder. +.. Download the edge commit image and copy it to your _web sever machine_. ++ +Because you have to track two sets of hashes, one for compose UUIDs, another for OSTree commit IDs, use the `--filename` option to give a mnemonic name to the TAR file of your edge commit image. This way, you won't be lost trying to figure out which of your many TAR files corresponds to each edge image, specially after they are moved to a different machine than the one where you run the Image Builder service. + [source,subs="verbatim,quotes"] -- -$ *UUID=fb5ef664-1def-4589-919d-1a0681f86371* -$ *ls $UUID-commit.tar* -fb5ef664-1def-4589-919d-1a0681f86371-commit.tar +$ *composer-cli compose image $UUID --filename rhel9-httpd-v2.tar* +rhel9-httpd-v2.tar-commit.tar +$ *scp rhel9-httpd-v2.tar servera:~* +... -- -.. Extract the edge commit image and pull it into the OSTree repository. +4. Open a terminal on your _web server machine_ and copy the new edge image to the OSTree repository. + +.. Check that the new edge commit image exists on your home folder. + [source,subs="verbatim,quotes"] -- -$ *mkdir delete-me* -$ *tar xf $UUID-commit.tar -C delete-me/* -$ *sudo ostree pull-local --repo=/var/www/html/repo delete-me/repo* -506 metadata, 1893 content objects imported; 0 bytes content written +$ *ls rhel9-httpd-v2.tar* +rhel9-httpd-v2.tar -- -.. Verify that the OSTree repo contains the same branch than your new edge commit image. The OSTree repo should contain additional branches. +.. Extract the new edge commit image to an empty temporary directory and verify that it contains a branch that exists on the OSTree repository of the web server. + [source,subs="verbatim,quotes"] -- +$ *mkdir delete-me* +$ *tar xf rhel9-httpd-v2.tar -C delete-me/* $ *ostree refs --repo=delete-me/repo* rhel/9/x86_64/edge $ *ostree refs --repo=/var/www/html/repo* @@ -203,19 +213,13 @@ rhel/9/x86_64/edge rhel/9/x86_64/db -- -.. Verify that the OSTree repo contains the same commit than your new edge commit image. -+ -[ looks like my pull overwrote everything in the branch with the new commit and discarded the old one :-( ] +.. Verify that the OSTree repository contains the commit that your edge commit image references as its parent. + -[ do I fix this at build time or at pull time? looks like at build time ] -+ -[ parent must be 4afeda6a96ec8b2c263b6965a9c3f92db1db2436ae1e1233da70b7776fc6137b for consistency with previous labs ] -+ -[source,subs="verbatim,quotes"] +[source,subs="verbatim,quotes,attributes"] -- $ *ostree log rhel/9/x86_64/edge --repo=delete-me/repo* -commit 4caef3752842366bbeab77b57b79854c6cb7bf4f2b62e82190cfba5d1cc3c12b -Parent: 7ff678881e89e96c90eb083b905dce411740caf19c524481d7c1b848647b5746 +commit {commit-httpd-v2} +Parent: {commit-httpd-v1} ContentChecksum: 94e275f4f9c9a9f68426ed9421845a48065467aea8bfcb57d826ed43fa50a253 Date: 2024-10-09 22:43:27 +0000 Version: 9.2 @@ -223,14 +227,7 @@ Version: 9.2 << History beyond this commit not fetched >> $ *ostree log rhel/9/x86_64/edge --repo=/var/www/html/repo* -commit 4caef3752842366bbeab77b57b79854c6cb7bf4f2b62e82190cfba5d1cc3c12b -Parent: 7ff678881e89e96c90eb083b905dce411740caf19c524481d7c1b848647b5746 -ContentChecksum: 94e275f4f9c9a9f68426ed9421845a48065467aea8bfcb57d826ed43fa50a253 -Date: 2024-10-09 22:43:27 +0000 -Version: 9.2 -(no subject) - -commit 7ff678881e89e96c90eb083b905dce411740caf19c524481d7c1b848647b5746 +commit {commit-httpd-v1} ContentChecksum: f938c449602ad38c31a74bd35f0e438beb833e8ca592c07c87ef90a56f659586 Date: 2024-10-09 20:25:03 +0000 Version: 9.2 @@ -238,280 +235,197 @@ Version: 9.2 -- -5. Now how do I get and apply the update to the test VM? - - +.. Now that you know your new edge commit image will connect to the existing history of the OSTree repository, pull the new edge commit image into the OSTree repository on the web server. + [source,subs="verbatim,quotes"] -- -[core@edge ~]$ rpm-ostree status -State: idle -Deployments: -● edge:rhel/9/x86_64/edge - Version: 9.2 (2024-10-09T20:25:03Z) - Commit: 7ff678881e89e96c90eb083b905dce411740caf19c524481d7c1b848647b5746 -[core@edge ~]$ sudo rpm-ostree upgrade --check -2 metadata, 0 content objects fetched; 18 KiB transferred in 0 seconds; 0 bytes content written -Note: --check and --preview may be unreliable. See https://github.com/coreos/rpm-ostree/issues/1579 -AvailableUpdate: - Version: 9.2 (2024-10-09T22:43:27Z) - Commit: 4caef3752842366bbeab77b57b79854c6cb7bf4f2b62e82190cfba5d1cc3c12b - Diff: 46 added -[core@edge ~]$ sudo rpm-ostree upgrade -[ 9130.645481] SELinux: Context system_u:object_r:cockpit_ws_exec_t:s0 is not valid (left unmapped). -[ 9130.658824] SELinux: Context system_u:object_r:cockpit_session_exec_t:s0 is not valid (left unmapped). -[ 9131.532015] SELinux: Context system_u:object_r:cockpit_unit_file_t:s0 is not valid (left unmapped). -⠴ Receiving objects; 66% (1605/2400) 58.1 MB/s 116.3 MB 507 metadata, 1893 content objects fetched; 118645 KiB transferred in 3 seconds; 187.9 MB content written -Receiving objects; 66% (1605/2400) 58.1 MB/s 116.3 MB... done -Staging deployment... done -Added: - adobe-source-code-pro-fonts-2.030.1.050-12.el9.1.noarch - cockpit-286.1-1.el9.x86_64 -... -Run "systemctl reboot" to start a reboot -$ systemctl reboot -... -boot messages -... -new login -... -[core@edge ~]$ rpm-ostree status -State: idle -Deployments: -● edge:rhel/9/x86_64/edge - Version: 9.2 (2024-10-09T22:43:27Z) - Commit: 4caef3752842366bbeab77b57b79854c6cb7bf4f2b62e82190cfba5d1cc3c12b +$ *sudo ostree pull-local --repo=/var/www/html/repo delete-me/repo* +Scanning metadata: 3434 +-- - edge:rhel/9/x86_64/edge - Version: 9.2 (2024-10-09T20:25:03Z) - Commit: 7ff678881e89e96c90eb083b905dce411740caf19c524481d7c1b848647b5746 +.. Update the summary file of the OSTree repository on the web server. ++ +[source,subs="verbatim,quotes"] +-- +$ *sudo ostree summary -u --repo=/var/www/html/repo* +-- -[core@edge ~]$ ostree log rhel/9/x86_64/edge -commit 4caef3752842366bbeab77b57b79854c6cb7bf4f2b62e82190cfba5d1cc3c12b -Parent: 7ff678881e89e96c90eb083b905dce411740caf19c524481d7c1b848647b5746 +.. As a sanity check, verify that the OSTree repository contains both the new commit, from the new edge commit image, and the previous commit. If everything is fine, you can delete the temporary directory. ++ +[source,subs="verbatim,quotes,attributes"] +-- +$ *ostree log rhel/9/x86_64/edge --repo=/var/www/html/repo* +commit {commit-httpd-v2} +Parent: {commit-httpd-v1} ContentChecksum: 94e275f4f9c9a9f68426ed9421845a48065467aea8bfcb57d826ed43fa50a253 Date: 2024-10-09 22:43:27 +0000 Version: 9.2 (no subject) -commit 7ff678881e89e96c90eb083b905dce411740caf19c524481d7c1b848647b5746 +commit {commit-httpd-v1} ContentChecksum: f938c449602ad38c31a74bd35f0e438beb833e8ca592c07c87ef90a56f659586 Date: 2024-10-09 20:25:03 +0000 Version: 9.2 (no subject) -[core@edge ~]$ rpm -q cockpit -cockpit-286.1-1.el9.x86_64 +$ *rm -rf delete-me* -- -+ -Notice the bullet on rpm-ostree status to show which is the active deployment -+ -[ do static detlas now or later? ] -+ -[ I didn't do "ostreee summary -u" what is its purpose? ] -.. Info om remotes depends on summary files on server +5. Back to your _development machine_, stage the new edge commit image on your _test VM_, which you created in a xref:ch3-test:s2-boot-lab.adoc[previous lab]. + +.. If your _test VM_ is shut down, start it. + -[source,subs="verbatim,quotes"] +[source,subs="verbatim,quotes,attributes"] -- -[core@edge ~]$ ostree remote refs edge -error: Remote refs not available; server has no summary file - -after [student@servera ~]$ sudo ostree summary -u --repo=/var/www/html/repo - -[core@edge ~]$ ostree remote refs edge -edge:rhel/9/x86_64/edge +$ *virsh domstate edtge-test-1* +shut off +$ *virsh start edge-test-1* +$ *virsh domstate edtge-test-1* +running -- - -6. Build another update and pull to the ostree repo - -.. Have three commits in the branch. -+ -[ any way of setting the subject during a pull local? or at image build time? ] +.. Attach to the console of your _test VM_ and log in as the user `core` with password `redhat123`. It may be necessary to press `[Enter]` a few times to get a login prompt + -[source,subs="verbatim,quotes"] +[source,subs="verbatim,quotes,attributes"] -- -[student@servera ~]$ ostree refs --repo /var/www/html/repo -rhel/9/x86_64/edge -[student@servera ~]$ ostree log rhel/9/x86_64/edge --repo /var/www/html/repo -commit cfd48bbd633b68844c4ca8122f26e5fa36d8aad929525c61331d0aab5c3d3e88 -Parent: 4caef3752842366bbeab77b57b79854c6cb7bf4f2b62e82190cfba5d1cc3c12b -ContentChecksum: a366c9c7b9887f26356db475c62aee3197ccdb505fe90406b391b11b049e47d0 -Date: 2024-10-10 16:37:33 +0000 -Version: 9.2 -(no subject) +$ *virsh console edge-test-1* -commit 4caef3752842366bbeab77b57b79854c6cb7bf4f2b62e82190cfba5d1cc3c12b -Parent: 7ff678881e89e96c90eb083b905dce411740caf19c524481d7c1b848647b5746 -ContentChecksum: 94e275f4f9c9a9f68426ed9421845a48065467aea8bfcb57d826ed43fa50a253 -Date: 2024-10-09 22:43:27 +0000 -Version: 9.2 -(no subject) - -commit 7ff678881e89e96c90eb083b905dce411740caf19c524481d7c1b848647b5746 -ContentChecksum: f938c449602ad38c31a74bd35f0e438beb833e8ca592c07c87ef90a56f659586 -Date: 2024-10-09 20:25:03 +0000 -Version: 9.2 -(no subject) +edge login: -- -.. Have two commits deployed +.. Verify that your _test VM_ is running the system image from the OSTree you got at the beginning of this lab. Notice that there's a single OSTree deployment, because your _test VM_ was just provisioned and didn't get any upgrade so far. + -[source,subs="verbatim,quotes"] +[source,subs="verbatim,quotes,attributes"] -- -[core@edge ~]$ rpm-ostree status +[core@edge ~]$ *rpm-ostree status* State: idle Deployments: ● edge:rhel/9/x86_64/edge - Version: 9.2 (2024-10-09T22:43:27Z) - Commit: 4caef3752842366bbeab77b57b79854c6cb7bf4f2b62e82190cfba5d1cc3c12b - - edge:rhel/9/x86_64/edge Version: 9.2 (2024-10-09T20:25:03Z) - Commit: 7ff678881e89e96c90eb083b905dce411740caf19c524481d7c1b848647b5746 + Commit: {commit-httpd-v1} +-- + +.. Verify that your _test VM_ does not contains the RPM package which provides Cockpit. ++ +[source,subs="verbatim,quotes,attributes"] +-- +[core@edge ~]$ *rpm -q cockpit* +package cockpit is not installed -- -.. VM sees no updates available, try again after updating the summary, it works. +.. Verify that your _test VM_ is preconfigured with an OSTree remote which points to the web server. + -[ I cannot see how the issue linked makes --check unreliable. guess it's just about layered packages, not about image/commit updates ] +[source,subs="verbatim,quotes,attributes"] +-- +[core@edge ~]$ *ostree remote list --show-urls* +edge http://servera.lab.example.com/repo/ +-- + +.. Verify that your _test VM_ can find available upgrades in the remote OSTree repository. + -[source,subs="verbatim,quotes"] +[source,subs="verbatim,quotes,attributes"] -- -[core@edge ~]$ sudo rpm-ostree upgrade --check +[core@edge ~]$ *sudo rpm-ostree upgrade --check* 2 metadata, 0 content objects fetched; 18 KiB transferred in 0 seconds; 0 bytes content written Note: --check and --preview may be unreliable. See https://github.com/coreos/rpm-ostree/issues/1579 AvailableUpdate: - Version: 9.2 (2024-10-10T16:37:33Z) - Commit: cfd48bbd633b68844c4ca8122f26e5fa36d8aad929525c61331d0aab5c3d3e88 - Diff: 2 added -[core@edge ~]$ sudo rpm-ostree upgrade -⠠ Scanning metadata: 2370 37 metadata, 65 content objects fetched; 14453 KiB transferred in 3 seconds; 57.6 MB content written -Scanning metadata: 2370... done + Version: 9.2 (2024-10-09T22:43:27Z) + Commit: {commit-httpd-v2} + Diff: 46 added +-- ++ +NOTE: You safely can ignore the warning about `--check` being unreliable. It refers to the use of `/usr` overlays to install RPMs packages not included in the system image. We are not using this feature of RPM-OSTree. + +.. Stage the upgrade on your _test VM_. ++ +[source,subs="verbatim,quotes"] +-- +[core@edge ~]$ *sudo rpm-ostree upgrade* +[ 9130.645481] SELinux: Context system_u:object_r:cockpit_ws_exec_t:s0 is not valid (left unmapped). +[ 9130.658824] SELinux: Context system_u:object_r:cockpit_session_exec_t:s0 is not valid (left unmapped). +[ 9131.532015] SELinux: Context system_u:object_r:cockpit_unit_file_t:s0 is not valid (left unmapped). +⠴ Receiving objects; 66% (1605/2400) 58.1 MB/s 116.3 MB 507 metadata, 1893 content objects fetched; 118645 KiB transferred in 3 seconds; 187.9 MB content written +Receiving objects; 66% (1605/2400) 58.1 MB/s 116.3 MB... done Staging deployment... done Added: - php-8.0.27-1.el9_1.x86_64 - php-common-8.0.27-1.el9_1.x86_64 + adobe-source-code-pro-fonts-2.030.1.050-12.el9.1.noarch + cockpit-286.1-1.el9.x86_64 +... Run "systemctl reboot" to start a reboot -- ++ +NOTE: You can safely ignore the SELinux errors during staging of a new system image. Those issues are fixed by reboot, when the kernel loads the SELinux policy included in the new system image. -.. After reboot, see that the commit from initial deployment of the VM was discarded. +.. You can verify that the new system image is not active (its the second deployment) but it is marked for the next reboot (notice the bullet). + -[source,subs="verbatim,quotes"] +[source,subs="verbatim,quotes,attributes"] -- -[core@edge ~]$ rpm-ostree status +[core@edge ~]$ *rpm-ostree status* State: idle Deployments: -● edge:rhel/9/x86_64/edge - Version: 9.2 (2024-10-10T16:37:33Z) - Commit: cfd48bbd633b68844c4ca8122f26e5fa36d8aad929525c61331d0aab5c3d3e88 - edge:rhel/9/x86_64/edge - Version: 9.2 (2024-10-09T22:43:27Z) - Commit: 4caef3752842366bbeab77b57b79854c6cb7bf4f2b62e82190cfba5d1cc3c12b -[core@edge ~]$ rpm -q cockpit -cockpit-286.1-1.el9.x86_64 -[core@edge ~]$ rpm -q php -php-8.0.27-1.el9_1.x86_64-- + Version: 9.2 (2024-10-15T20:27:34Z) + Commit: {commit-httpd-v1} + Diff: 46 added +● edge:rhel/9/x86_64/edge + Version: 9.2 (2024-10-15T19:56:56Z) + Commit: {commit-httpd-v2} +-- -7. Rollback to the previous image, which didn't have php, but only cockpit +6. Still on your _development machine_, apply the upgrade to your _test VM_ and verify it is running the new edge commit image you built during this lab. -.. Rollback and reboot +.. Reboot your _test VM_ and verify that the new commit is now the first (active) deployment and also the one marked for the next boot (as indicated by the bullet). + -[source,subs="verbatim,quotes"] +[source,subs="verbatim,quotes,attributes"] -- -[core@edge ~]$ sudo rpm-ostree rollback -[sudo] password for core: -Moving '4caef3752842366bbeab77b57b79854c6cb7bf4f2b62e82190cfba5d1cc3c12b.0' to be first deployment -Transaction complete; bootconfig swap: no; bootversion: boot.0.0, deployment count change: 0 -Removed: - php-8.0.27-1.el9_1.x86_64 - php-common-8.0.27-1.el9_1.x86_64 -Changes queued for next boot. Run "systemctl reboot" to start a reboot -[core@edge ~]$ sudo systemctl reboot +[core@edge ~]$ *systemctl reboot* ... --- - -.. After reboot (and relogin) both commits are still in the system, but they switch order -+ -[source,subs="verbatim,quotes"] --- -[core@edge ~]$ rpm-ostree status +edge login: +... +[core@edge ~]$ *rpm-ostree status* State: idle Deployments: ● edge:rhel/9/x86_64/edge Version: 9.2 (2024-10-09T22:43:27Z) - Commit: 4caef3752842366bbeab77b57b79854c6cb7bf4f2b62e82190cfba5d1cc3c12b + Commit: {commit-httpd-v2} edge:rhel/9/x86_64/edge - Version: 9.2 (2024-10-10T16:37:33Z) - Commit: cfd48bbd633b68844c4ca8122f26e5fa36d8aad929525c61331d0aab5c3d3e88 - -[core@edge ~]$ rpm -q cockpit -cockpit-286.1-1.el9.x86_64 -[core@edge ~]$ rpm -q php -package php is not installed + Version: 9.2 (2024-10-09T20:25:03Z) + Commit: {commit-httpd-v1} -- +.. As a sanity check, verify that the OSTree repository on your _test VM_ contains both the new and the previous commits. ++ +[source,subs="verbatim,quotes,attributes"] +-- +[core@edge ~]$ *ostree log rhel/9/x86_64/edge* +commit {commit-httpd-v2} +Parent: {commit-httpd-v1} +ContentChecksum: 94e275f4f9c9a9f68426ed9421845a48065467aea8bfcb57d826ed43fa50a253 +Date: 2024-10-09 22:43:27 +0000 +Version: 9.2 +(no subject) -[ keeping commit hashes consistent between labs will be a pain. maye it's time to use asciidoc attributes? ] - -[ with the edge-db VM, you need to configure a remote before applying updates ] - -[ there's rpm-ostree update, to get a newer commit of the same branch, and rpm-ostree rebase, to switch to a different branch which uses a different RHEL release ] - - -[ to make a lab using the edge-db VM more interesting (instead of 90%+ the same as this) could configure automatic image updates -But then we'd miss automatic rollbacks (greenboot) which I didn't put in scope here, this course is already too long - https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/composing_installing_and_managing_rhel_for_edge_images/index#proc_upgrading-your-rhel-8-system-to-rhel-9_managing-rhel-for-edge-images ] - -[ After an update, grub shows two entries (new and old deployment) show it here or in the next lab with the db VM? ] - -[ should I start with an empty remote ostree repo and reference it since the first build? The way it is now, the first build is different than other builds. ] - -[ Use --filename to not have to deal with UUIDs? ] - -[ changed the "y" version to see if image builder preserves them, and increments only the "z" number when you push a bp that overwrites an existing one ] - -//// - -Jq to filter composes - -$ composer-cli compose list -j | jq ".[1].body.finished[] | select(.id==\"$UUID\")" -{ - "blueprint": "rhel9-edge", - "compose_type": "edge-commit", - "id": "e03d42c5-d60a-4ce2-8f4f-e4c5c2b34201", - "image_size": 0, - "job_created": 1728577818.9874678, - "job_finished": 1728578265.801976, - "job_started": 1728577818.9923553, - "queue_status": "FINISHED", - "version": "0.0.2" -} -$ composer-cli compose list -j | jq ".[1].body.finished[] | select(.id==\"$UUID\").queue_status" -"FINISHED" -$ composer-cli compose list -j | jq ".[1].body.finished[] | select(.id==\"$UUID\") | [.blueprint, .queue_status]" -[ - "rhel9-edge", - "FINISHED" -] -$ composer-cli compose list -j | jq ".[1].body.finished[] | select(.id==\"$UUID\") | .blueprint + \": \" + .queue_status" -"rhel9-edge: FINISHED" - -# not tested yet, but should work for running composes - -$ composer-cli compose list -j | jq ".[0].body.run[] | select(.id==\"$UUID\").queue_status" +commit {commit-httpd-v1} +ContentChecksum: f938c449602ad38c31a74bd35f0e438beb833e8ca592c07c87ef90a56f659586 +Date: 2024-10-09 20:25:03 +0000 +Version: 9.2 +(no subject) +-- -//// +.. To prove it's running the new edge commit image, verify it contains the Cockpit RPM packages: ++ +[source,subs="verbatim,quotes, attributes"] +-- +[core@edge ~]$ *rpm -q cockpit* +cockpit-286.1-1.el9.x86_64 +-- -//// +.. If you wish, you can leave the console of your _test VM_ by typing `Ctrl+]` and stop your _test VM_. Or you can leave it there to use the terminal for the next activiy and open another terminal on your _development VM_. -Need more updates to show: +You sucessfully built an edge commit image and applied it as an update to a _test VM_ whoch stands for an edge device. -1. That an edge device only keeps the latest two updates (or how to prune older from devices) -2. That I can retire an update, after finding it failed in many devices, so other devices won't get it -3. That retiring an update (removing a commit from an ostree repo) won't break the chain from head to previous, and I can still rollback to those olders if I find more issues or regressions -- OK if a device already rolled back, it has no previous to go. I must push whatever they need to go back to as if it's a newer one. +== Next Steps -//// \ No newline at end of file +The next activity builds another edge commit image that is applied as an update and then rolled back, to show how you can revert an RPM-OSTree upgrade of an edge device. \ No newline at end of file diff --git a/modules/ch4-update/pages/s3-rollback-lab.adoc b/modules/ch4-update/pages/s3-rollback-lab.adoc index b8b5711..dca197e 100644 --- a/modules/ch4-update/pages/s3-rollback-lab.adoc +++ b/modules/ch4-update/pages/s3-rollback-lab.adoc @@ -1,12 +1,12 @@ :time_estimate: 11 -= Lab: Create And Publish Edge Image Updates += Lab: Rollback Edge Image Updates _Estimated reading time: *{time_estimate} minutes*._ Objective:: -Build RHEL for Edge image updates and publish them as OSTree deltas. +Rollback a test VM to a previous knowng good RHEL for Edge system image. WARNING: Work in Progress @@ -330,26 +330,26 @@ edge:rhel/9/x86_64/edge + [ any way of setting the subject during a pull local? or at image build time? ] + -[source,subs="verbatim,quotes"] +[source,subs="verbatim,quotes,attributes"] -- [student@servera ~]$ ostree refs --repo /var/www/html/repo rhel/9/x86_64/edge [student@servera ~]$ ostree log rhel/9/x86_64/edge --repo /var/www/html/repo -commit cfd48bbd633b68844c4ca8122f26e5fa36d8aad929525c61331d0aab5c3d3e88 -Parent: 4caef3752842366bbeab77b57b79854c6cb7bf4f2b62e82190cfba5d1cc3c12b +commit {commit-httpd-v3} +Parent: {commit-httpd-v2} ContentChecksum: a366c9c7b9887f26356db475c62aee3197ccdb505fe90406b391b11b049e47d0 Date: 2024-10-10 16:37:33 +0000 Version: 9.2 (no subject) -commit 4caef3752842366bbeab77b57b79854c6cb7bf4f2b62e82190cfba5d1cc3c12b -Parent: 7ff678881e89e96c90eb083b905dce411740caf19c524481d7c1b848647b5746 +commit {commit-httpd-v2} +Parent: {commit-httpd-v1} ContentChecksum: 94e275f4f9c9a9f68426ed9421845a48065467aea8bfcb57d826ed43fa50a253 Date: 2024-10-09 22:43:27 +0000 Version: 9.2 (no subject) -commit 7ff678881e89e96c90eb083b905dce411740caf19c524481d7c1b848647b5746 +commit {commit-httpd-v1} ContentChecksum: f938c449602ad38c31a74bd35f0e438beb833e8ca592c07c87ef90a56f659586 Date: 2024-10-09 20:25:03 +0000 Version: 9.2 @@ -358,32 +358,32 @@ Version: 9.2 .. Have two commits deployed + -[source,subs="verbatim,quotes"] +[source,subs="verbatim,quotes,attributes"] -- [core@edge ~]$ rpm-ostree status State: idle Deployments: ● edge:rhel/9/x86_64/edge Version: 9.2 (2024-10-09T22:43:27Z) - Commit: 4caef3752842366bbeab77b57b79854c6cb7bf4f2b62e82190cfba5d1cc3c12b + Commit:{commit-httpd-v2} edge:rhel/9/x86_64/edge Version: 9.2 (2024-10-09T20:25:03Z) - Commit: 7ff678881e89e96c90eb083b905dce411740caf19c524481d7c1b848647b5746 + Commit: {commit-httpd-v1} -- .. VM sees no updates available, try again after updating the summary, it works. + [ I cannot see how the issue linked makes --check unreliable. guess it's just about layered packages, not about image/commit updates ] + -[source,subs="verbatim,quotes"] +[source,subs="verbatim,quotes,attributes"] -- [core@edge ~]$ sudo rpm-ostree upgrade --check 2 metadata, 0 content objects fetched; 18 KiB transferred in 0 seconds; 0 bytes content written Note: --check and --preview may be unreliable. See https://github.com/coreos/rpm-ostree/issues/1579 AvailableUpdate: Version: 9.2 (2024-10-10T16:37:33Z) - Commit: cfd48bbd633b68844c4ca8122f26e5fa36d8aad929525c61331d0aab5c3d3e88 + Commit: {commit-httpd-v3} Diff: 2 added [core@edge ~]$ sudo rpm-ostree upgrade ⠠ Scanning metadata: 2370 37 metadata, 65 content objects fetched; 14453 KiB transferred in 3 seconds; 57.6 MB content written @@ -397,33 +397,34 @@ Run "systemctl reboot" to start a reboot .. After reboot, see that the commit from initial deployment of the VM was discarded. + -[source,subs="verbatim,quotes"] +[source,subs="verbatim,quotes,attributes"] -- [core@edge ~]$ rpm-ostree status State: idle Deployments: ● edge:rhel/9/x86_64/edge Version: 9.2 (2024-10-10T16:37:33Z) - Commit: cfd48bbd633b68844c4ca8122f26e5fa36d8aad929525c61331d0aab5c3d3e88 + Commit: {commit-httpd-v3} edge:rhel/9/x86_64/edge Version: 9.2 (2024-10-09T22:43:27Z) - Commit: 4caef3752842366bbeab77b57b79854c6cb7bf4f2b62e82190cfba5d1cc3c12b + Commit: {commit-httpd-v2} [core@edge ~]$ rpm -q cockpit cockpit-286.1-1.el9.x86_64 [core@edge ~]$ rpm -q php -php-8.0.27-1.el9_1.x86_64-- +php-8.0.27-1.el9_1.x86_64 +-- 7. Rollback to the previous image, which didn't have php, but only cockpit .. Rollback and reboot + -[source,subs="verbatim,quotes"] +[source,subs="verbatim,quotes,attributes"] -- [core@edge ~]$ sudo rpm-ostree rollback [sudo] password for core: -Moving '4caef3752842366bbeab77b57b79854c6cb7bf4f2b62e82190cfba5d1cc3c12b.0' to be first deployment +Moving '{commit-httpd-v2}.0' to be first deployment Transaction complete; bootconfig swap: no; bootversion: boot.0.0, deployment count change: 0 Removed: php-8.0.27-1.el9_1.x86_64 @@ -435,18 +436,18 @@ Changes queued for next boot. Run "systemctl reboot" to start a reboot .. After reboot (and relogin) both commits are still in the system, but they switch order + -[source,subs="verbatim,quotes"] +[source,subs="verbatim,quote,attributes"] -- [core@edge ~]$ rpm-ostree status State: idle Deployments: ● edge:rhel/9/x86_64/edge Version: 9.2 (2024-10-09T22:43:27Z) - Commit: 4caef3752842366bbeab77b57b79854c6cb7bf4f2b62e82190cfba5d1cc3c12b + Commit: {commit-httpd-v2} edge:rhel/9/x86_64/edge Version: 9.2 (2024-10-10T16:37:33Z) - Commit: cfd48bbd633b68844c4ca8122f26e5fa36d8aad929525c61331d0aab5c3d3e88 + Commit: {commit-httpd-v3} [core@edge ~]$ rpm -q cockpit cockpit-286.1-1.el9.x86_64 diff --git a/modules/ch4-update/pages/s4-deltas-lab.adoc b/modules/ch4-update/pages/s4-deltas-lab.adoc index 6d8ee70..aa7410d 100644 --- a/modules/ch4-update/pages/s4-deltas-lab.adoc +++ b/modules/ch4-update/pages/s4-deltas-lab.adoc @@ -1,12 +1,12 @@ :time_estimate: 11 -= Lab: Create And Publish Edge Image Updates += Lab: Update Edge Devices Using Static Deltas _Estimated reading time: *{time_estimate} minutes*._ Objective:: -Build RHEL for Edge image updates and publish them as OSTree deltas. +Update a test VM, that was provisioned using an edge installer image, using OSTree deltas. WARNING: Work in Progress