2 | rundown: Certified Kubernetes Distribution based on openSUSE MicroOS
3 | description: >-
4 | 
5 | Kubernetes is an open-source system for automating deployment, scaling, and management of containerised applications.
6 | Kubic uses kubeadm to provide an easy way of configuring a Kubernetes cluster across multiple machines, while our MicroOS base keeps your operating system updated automatically, with fully atomic rollbacks if required.
7 | links:
8 | - name: Documentation
9 | link: https://en.opensuse.org/Portal:Kubic
10 | icon: documentation
11 | color: light
12 | - name: System Requirements
13 | link: '#hardware'
14 | icon: cpu
15 | color: primary
16 | - name: Downloads
17 | link: https://en.opensuse.org/Portal:Kubic/Downloads
18 | icon: download
19 | color: success
20 | - name: Report a Bug
21 | link: https://bugzilla.opensuse.org/enter_bug.cgi?product=openSUSE+Tumbleweed&component=Kubic&format=guided
22 | icon: spanner
23 | color: warning
24 |
25 | - name: MicroOS 
26 | rundown: Micro Service OS providing Transactional (Atomic) Updates upon a read-only btrfs root filesystem
27 | description: >-
28 | Designed to host container workloads with automated administration & patching.
29 | Installing openSUSE MicroOS you get a quick, small environment for deploying Containers, or any other workload that benefits from Transactional Updates. As rolling release distribution the software is always up-to-date.
2 | description: >-
3 | * minimum 1 GB physical RAM
4 |
5 | * additional memory is needed for your workload
6 |
7 | - name: Storage 
8 | description: >-
9 | * minimum 20 GB available disk space
10 |
11 | * recommended: 40GB or more
12 |
13 | * increasing based on the needs of your container workloads
14 |
--------------------------------------------------------------------------------
/_includes/icons/chat.svg:
--------------------------------------------------------------------------------
1 |
4 |
--------------------------------------------------------------------------------
/_includes/icons/chip.svg:
--------------------------------------------------------------------------------
1 |
4 |
--------------------------------------------------------------------------------
/_includes/icons/chip.svg.bak:
--------------------------------------------------------------------------------
1 |
4 |
--------------------------------------------------------------------------------
/_includes/icons/cpu.svg:
--------------------------------------------------------------------------------
1 |
4 |
--------------------------------------------------------------------------------
/_includes/icons/documentation.svg:
--------------------------------------------------------------------------------
1 |
6 |
--------------------------------------------------------------------------------
/_includes/icons/download.svg:
--------------------------------------------------------------------------------
1 |
6 |
--------------------------------------------------------------------------------
/_includes/icons/github.svg:
--------------------------------------------------------------------------------
1 |
4 |
--------------------------------------------------------------------------------
/_includes/icons/hdd.svg:
--------------------------------------------------------------------------------
1 |
5 |
--------------------------------------------------------------------------------
/_includes/icons/hdd.svg.bak:
--------------------------------------------------------------------------------
1 |
5 |
--------------------------------------------------------------------------------
/_includes/icons/idea.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
79 |
--------------------------------------------------------------------------------
/_includes/icons/install.svg:
--------------------------------------------------------------------------------
1 |
4 |
--------------------------------------------------------------------------------
/_includes/icons/key.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
70 |
--------------------------------------------------------------------------------
/_includes/icons/mail.svg:
--------------------------------------------------------------------------------
1 |
4 |
--------------------------------------------------------------------------------
/_includes/icons/shield.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
85 |
--------------------------------------------------------------------------------
/_includes/icons/spanner.svg:
--------------------------------------------------------------------------------
1 |
4 |
--------------------------------------------------------------------------------
/_includes/icons/update.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
99 |
--------------------------------------------------------------------------------
/_includes/icons/work.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
85 |
--------------------------------------------------------------------------------
/assets/css/app.css:
--------------------------------------------------------------------------------
1 | @import "{{ site.theme }}";
2 |
3 | h1 svg.bi {
4 | color: var(--green);
5 |
--------------------------------------------------------------------------------
/assets/images/ARM_Logo.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubic-project/kubic-o-o/79d1a7c4fa009a8cc5a92340a438da5f084fab70/assets/images/ARM_Logo.jpg
--------------------------------------------------------------------------------
/assets/images/FullyAutomated.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubic-project/kubic-o-o/79d1a7c4fa009a8cc5a92340a438da5f084fab70/assets/images/FullyAutomated.png
--------------------------------------------------------------------------------
/assets/images/MicroOS_booted.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubic-project/kubic-o-o/79d1a7c4fa009a8cc5a92340a438da5f084fab70/assets/images/MicroOS_booted.png
--------------------------------------------------------------------------------
/assets/images/ShorterRoleName.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubic-project/kubic-o-o/79d1a7c4fa009a8cc5a92340a438da5f084fab70/assets/images/ShorterRoleName.png
--------------------------------------------------------------------------------
/assets/images/TransactionalRole.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubic-project/kubic-o-o/79d1a7c4fa009a8cc5a92340a438da5f084fab70/assets/images/TransactionalRole.png
--------------------------------------------------------------------------------
/assets/images/TransactionalScrenshot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubic-project/kubic-o-o/79d1a7c4fa009a8cc5a92340a438da5f084fab70/assets/images/TransactionalScrenshot.png
--------------------------------------------------------------------------------
/assets/images/cdfrdb-plot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubic-project/kubic-o-o/79d1a7c4fa009a8cc5a92340a438da5f084fab70/assets/images/cdfrdb-plot.png
--------------------------------------------------------------------------------
/assets/images/criologo.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/assets/images/kata-horz-onwhite.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubic-project/kubic-o-o/79d1a7c4fa009a8cc5a92340a438da5f084fab70/assets/images/kata-horz-onwhite.png
--------------------------------------------------------------------------------
/assets/images/kubeadm-intro/master-cni.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubic-project/kubic-o-o/79d1a7c4fa009a8cc5a92340a438da5f084fab70/assets/images/kubeadm-intro/master-cni.png
--------------------------------------------------------------------------------
/assets/images/kubeadm-intro/master-firstrun-errors.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubic-project/kubic-o-o/79d1a7c4fa009a8cc5a92340a438da5f084fab70/assets/images/kubeadm-intro/master-firstrun-errors.png
--------------------------------------------------------------------------------
/assets/images/kubeadm-intro/master-initcomplete.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubic-project/kubic-o-o/79d1a7c4fa009a8cc5a92340a438da5f084fab70/assets/images/kubeadm-intro/master-initcomplete.png
--------------------------------------------------------------------------------
/assets/images/kubeadm-intro/master-login.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubic-project/kubic-o-o/79d1a7c4fa009a8cc5a92340a438da5f084fab70/assets/images/kubeadm-intro/master-login.png
--------------------------------------------------------------------------------
/assets/images/kubeadm-intro/master-nodes.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubic-project/kubic-o-o/79d1a7c4fa009a8cc5a92340a438da5f084fab70/assets/images/kubeadm-intro/master-nodes.png
--------------------------------------------------------------------------------
/assets/images/kubeadm-intro/master-secondrun.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubic-project/kubic-o-o/79d1a7c4fa009a8cc5a92340a438da5f084fab70/assets/images/kubeadm-intro/master-secondrun.png
--------------------------------------------------------------------------------
/assets/images/kubeadm-intro/node-join.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubic-project/kubic-o-o/79d1a7c4fa009a8cc5a92340a438da5f084fab70/assets/images/kubeadm-intro/node-join.png
--------------------------------------------------------------------------------
/assets/images/kubeadm-intro/node-joined.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubic-project/kubic-o-o/79d1a7c4fa009a8cc5a92340a438da5f084fab70/assets/images/kubeadm-intro/node-joined.png
--------------------------------------------------------------------------------
/assets/images/kubeadm-intro/system-role.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubic-project/kubic-o-o/79d1a7c4fa009a8cc5a92340a438da5f084fab70/assets/images/kubeadm-intro/system-role.png
--------------------------------------------------------------------------------
/assets/images/logo.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
135 |
--------------------------------------------------------------------------------
/assets/images/microos-logo.svg:
--------------------------------------------------------------------------------
1 |
2 |
62 |
--------------------------------------------------------------------------------
/assets/images/symbolic.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
161 |
--------------------------------------------------------------------------------
/assets/images/traefik_webui.jpeg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kubic-project/kubic-o-o/79d1a7c4fa009a8cc5a92340a438da5f084fab70/assets/images/traefik_webui.jpeg
--------------------------------------------------------------------------------
/blog/_posts/2018-03-22-introduction.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: post
3 | title: "Introduction to Kubic"
4 | date: 2018-03-22 13:33:00 +0000
5 | author: The Kubic Team
6 | ---
7 | Welcome to the webpage and inaugural blog post of the Kubic Project. This post should serve as a basic introduction to Kubic for anyone interested in what we're doing.
8 |
9 | 
9 |
10 | The openSUSE Kubic team is proud to announce that as of [yesterday](https://github.com/cncf/k8s-conformance/pull/445), our Kubic distribution has become a Certified Kubernetes Distribution! Notably, it is **the first open source Kubernetes distribution to be certified using the [CRI-O container runtime](https://cri-o.io/)**!
11 |
12 | # What is Kubernetes Certification?
13 |
14 | Container technologies in general, and Kubernetes in particular, are becoming increasingly common and widely adopted by enthusiasts, developers, and companies across the globe. A [large ecosystem](https://landscape.cncf.io/format=landscape) of software and solutions is evolving around these technologies. More and more developers are thinking "Cloud Native" and producing their software in containers first, often targeting Kubernetes as their intended platform for orchestrating those containers. And put bluntly, they want their software to work.
15 |
16 | But Kubernetes isn't like some other software with this sort of broad adoption. Even though it's being used in scenarios large and small, from small developer labs to large production infrastructure systems, Kubernetes is still a fast-moving project, with new versions appearing very often and a support lifespan shorter than other similar projects. This presents real challenges for people who want to download, deploy and run Kubernetes clusters and _know_ they can run the things they want on top of it.
17 |
18 | When you consider the fast moving codebase and the diverse range of solutions providing or integrating with Kubernetes, that is a lot of moving parts provided by a lot of people. That can feel risky to some people, and lead to doubt that something built for Kubernetes today might not work tomorrow.
19 |
20 | Thankfully, this a problem the Cloud Native Computing Foundation (CNCF) is tackling. The CNCF helps to build a community around open source container software, and established the [Kubernetes Software Conformance Certification](https://www.cncf.io/certification/software-conformance/) to further that goal. Certified Kubernetes solutions are validated by the CNCF. They check that versions, APIs, and such are all correct, present, and working as expected so users and developers can be assured their Kubernetes-based solutions will work with ease, now and into the future.
21 |
22 | # Why Certify Kubic?
23 |
24 | The openSUSE Project has a long history of tackling the problem of distributing fast-moving software.
25 |
26 | Tumbleweed and Kubic are simultaneously both two of the fastest **and** most stable rolling release distributions available.
27 |
28 | With the [Open Build Service](https://openbuildservice.org) and [openQA](http://open.qa) we have an established pipeline that guarantees we only release software when it is built and tested both collectively and reproducibly.
29 |
30 | Our experience with btrfs and [snapper](http://snapper.io) means that even in the event of an unwanted (or heaven forbid, broken) change to a system, users can immediately rollback to a system state that works the way they want it to.
31 |
32 | With Transactional Updates, we ensure that no change ever happens to a running system. This futher guarantees that any rollback can return a system to a clean state in a single atomic operation.
33 |
34 | In [Kubic](https://kubic.opensuse.org), we leverage all of this to build an excellent container operating system, providing users with the latest versions of exciting new tools like [Podman]({{ site.baseurl }}{% post_url blog/2018-03-25-podman %}), [CRI-O]({{ site.baseurl }}{% post_url blog/2018-09-17-crio-default %}), Buildah, and (of course) Kubernetes.
35 |
36 | We're keeping up with all of those fast moving upstream projects, often releasing our packages within days or sometimes even hours of an upstream release.
37 |
38 | But we're careful not to put users at risk, releasing Kubic in sync with the larger openSUSE Tumbleweed distribution, sharing the same test and release pipeline, so we can be sure if either distribution makes changes that breaks the other, neither ships anything to users.
39 |
40 | So we've solved all the problems with fast moving software, so why certify? 😉
41 |
42 | Well, as much as it pains me to write this, no matter how great we are with code review, building, testing and releasing we're never going to catch **everything**. Even if we did, at the end of the day, all we can really say is **"we do awesome stuff, trust us"**
43 |
44 | And when you consider how we work in openSUSE, things can seem even more complicated to newcomers.
45 | We're not like other open source projects with a corporate backer holding the reigns and tightly controlling what we do.
46 |
47 | openSUSE is a **truly open source community project** where anyone and everyone can contribute, taking what we're doing in Kubic, and directly changing it to fit what they want to see.
48 |
49 | These contributions are on an equal playing field, with SUSE and other [Sponsors](https://en.opensuse.org/Sponsors) of openSUSE having to contribute in just the same way as any other community member.
50 |
51 | **And we want more contributions.** We will keep Kubic open and welcoming to whatever crazy (or smart, or crazy-smart) ideas you might have for our container distribution.
52 |
53 | But we also want everyone else to know that whatever we end up doing, people can rely on Kubic to get stuff done.
54 |
55 | By certifying Kubic with the CNCF, there is now an impartial third party who has looked over what we do, checked what we're distributing, checked our documentation, and conferred to us their seal of approval.
56 |
57 | So, to everyone who has contributed to Kubic so far and made this possible, **THANK YOU**.
58 |
59 | To all of the upstream projects without whom Kubic wouldn't have anything to distribute and get certified, **THANK YOU** and see you soon on your issue trackers and pull request queues.
60 |
61 | And to anyone and everyone else, **THANK YOU**, and we hope you *have a lot of fun* downloading, using, and hopefully contributing back our window into the container world.
62 |
63 |
--------------------------------------------------------------------------------
/blog/_posts/2019-08-14-kata-in-tumbleweed.md:
--------------------------------------------------------------------------------
1 | ---
2 | layout: post
3 | title: "Kata Containers now available in Tumbleweed"
4 | date: 2019-08-15 11:00:00 +0200
5 | author: Marco Vedovati
6 | ---
7 |
8 | 
9 |
10 | Kata Containers is an open source container runtime that is crafted to seamlessly
11 | plug into the containers ecosystem.
12 |
13 | We are now excited to announce that the Kata Containers packages are finally available
14 | in the official openSUSE Tumbleweed repository.
15 |
16 | It is worthwhile to spend few words explaining why this is a great news, considering
17 | the role of Kata Containers (a.k.a. Kata) in fulfilling the need for security in the
18 | containers ecosystem, and given its importance for openSUSE and Kubic.
19 |
20 |
21 | ## What is Kata
22 | As already mentioned, Kata is a container runtime focusing on security and on ease of
23 | integration with the existing containers ecosystem. If you are wondering what's a
24 | container runtime, [this blog post by Sascha](https://www.suse.com/c/demystifying-containers-part-ii-container-runtimes/)
25 | will give you a clear introduction about the topic.
26 |
27 | Kata should be used when running container images whose source is not fully trusted,
28 | or when allowing other users to run their own containers on your platform.
29 |
30 | Traditionally, containers share the same physical and operating system (OS) resources
31 | with host processes, and specific kernel features such as namespaces are used to provide
32 | an isolation layer between host and container processes.
33 | By contrast, Kata containers run inside lightweight virtual machines, adding an
34 | extra isolation and security layer, that minimizes the host attack surface and mitigates
35 | the consequences of containers breakout.
36 | Despite this extra layer, Kata achieves impressive runtime performances thanks to
37 | KVM hardware virtualization, and when configured to use a minimalist virtual machine
38 | manager (VMM) like Firecracker, a high density of microVM can be packed on a single host.
39 |
40 | If you want to know more about Kata features and performances:
41 | - katacontainers.io is a great starting point.
42 | - For something more SUSE oriented, Flavio [gave a interesting talk about Kata](https://youtu.be/EmOcxtCYzjk) at SUSECON 2019,
43 | - Kata folks hang out on katacontainers.slack.com, and will be happy to answer any quesitons.
44 |
45 | ## Why is it important for Kubic and openSUSE
46 | SUSE has been an early and relevant open source contributor to containers projects,
47 | believing that this technology is the future way of deploying and running software.
48 |
49 | The most relevant example is the [openSUSE Kubic project](https://kubic.opensuse.org/),
50 | that's a certified Kubernetes distribution and a set of container-related technologies
51 | built by the openSUSE community.
52 |
53 | We have also been working for some time in well known container projects, like runC,
54 | libpod and CRI-O, and since a year we also collaborate with Kata.
55 |
56 | Kata complements other more popular ways to run containers, so it makes sense for
57 | us to work on improving it and to assure it can smoothly plug with our products.
58 |
59 | ## How to use
60 | While Kata may be used as a standalone piece of software, it's intended use is serve
61 | as a runtime when integrated in a container engine like [Podman](https://podman.io/) or [CRI-O](https://cri-o.io/).
62 |
63 | This section shows a quick and easy way to spin up a Kata container using Podman
64 | on openSUSE Tumbleweed.
65 |
66 | First, install the Kata packages:
67 | ```
68 | $ sudo zypper in katacontainers
69 | ```
70 |
71 | Make sure your system is providing the needed set of hardware virtualization features
72 | required by Kata:
73 | ```
74 | $ sudo kata-runtime kata-check
75 | ```
76 | If no errors are reported, great! Your system is now ready to run Kata Containers.
77 |
78 | If you haven't already, install podman with:
79 | ```
80 | $ sudo zypper in podman
81 | ```
82 |
83 | That' all. Try running a your first Kata container with:
84 | ```
85 | $ sudo podman run -it --rm --runtime=/usr/bin/kata-runtime opensuse/leap uname -a
86 | Linux ab511687b1ed 5.2.5-1-kvmsmall #1 SMP Wed Jul 31 10:41:36 UTC 2019 (79b6a9c) x86_64 x86_64 x86_64 GNU/Linux
87 | ```
88 |
89 | ### Differences with runC
90 | Now that you have Kata up and running, let's see some of the differences between
91 | Kata and runC, the most popular container runtime.
92 |
93 | When starting a container with runC, container processes can be seen in the host
94 | processes tree:
95 | ```
96 | ...
97 | 10212 ? Ssl 0:00 /usr/lib/podman/bin/conmon -s -c -
6 |
{{ site.title_short }}
7 |
8 |
Name
Index — List of 19 | openSUSE Kubic 20 | helper application man pages
I¶
issue-add-ssh-keys.service(8) — Creates a volatile and temporary issue file
issue-generator(8) — Creates a volatile and temporary issue file
issue-generator.conf(8) — Creates a volatile and temporary issue file
issue-generator.service(8) — Creates a volatile and temporary issue file
issue.d(5) — Configuration for creating an issue file
R¶
rebootmgr.conf(5) — Reboot Manager configuration files
rebootmgr.service(8) — Reboot the machine during a maintenance window.
rebootmgrctl(1) — Tool to control and configure the reboot manager daemon.
rebootmgrd(8) — Reboot the machine during a maintenance window.
T¶
transactional-update(8) — Apply updates to the system in an atomic way via transactional updates.
transactional-update.conf(5) — transactional-update configuration files
transactional-update.service(8) — Apply updates to the system in an atomic way via transactional updates.
transactional-update.timer(8) — Apply updates to the system in an atomic way via transactional updates.
tukit.conf(5) — tukit configuration file
Name
issue-generator, issue-add-ssh-keys.service, issue-generator.service, 90-issue-generator.rules, issue-generator.conf — Creates a volatile and temporary issue file
Synopsis
/usr/sbin/issue-generator [--prefix path] [--help]
/usr/sbin/issue-generator network add | remove
19 | interface
/usr/sbin/issue-generator ssh add | remove
/usr/sbin/issue-generator --version
issue-add-ssh-keys.service
issue-generator.service
DESCRIPTION¶
issue-generator 20 | creates a volatile and temporary 21 | issue(5) 22 | file based on the input files and location specified in 23 | issue.d(5). 24 |
If invoked with no arguments, it applies all valid input files and
25 | creates a temporary issue file as
26 | /run/issue.
27 | /etc/issue should be symlink to this file.
Backup files ending on *.bak,
28 | *~ or *.rpm* will be ignored. Like
29 | files ending on *.issue, as this are directly shown by
30 | agetty(8).
31 |
OPTIONS¶
--prefixpath¶Add the prefix
pathto all used directories and files.network add|removeinterface¶Creates a deletes files of the format 32 |
/run/issue.d/70-. This 33 | files contains the name of theinterface.confinterfaceand 34 | the escape codes for 35 | agetty(8) 36 | to insert the IPv4 and IPv6 addresses.By default, only network interfaces where the name starts with 'b' 37 | or 'e' are added. Which interfaces are shown is configureable via a 38 | regex expression in in the variable 39 |
NETWORK_INTERFACE_REGEXin 40 |/etc/sysconfig/issue-generator. 41 |ssh add|remove¶Creates or deletes the file 42 |
/run/issue.d/60-ssh_host_keys.confwhich contains 43 | fingerprints of the public ssh keys of the host.
Synopsis
/etc/issue.d/*
/run/issue.d/*
/usr/lib/issue.d/*
DESCRIPTION¶
19 | The file /etc/issue is read from
20 | agetty(8)
21 | and similar tools and shown above the login prompt. While some of the
22 | informations can be adjusted with variables, the file itself is static. To
23 | display dynamic content,
24 | issue-generator(1)
25 | generates a /run/issue file from different files.
26 |
27 | Files in /etc/issue.d override files with the same
28 | name in /usr/lib/issue.d and
29 | /run/issue.d. Files in
30 | /run/issue.d override files with the same name in
31 | /usr/lib/issue.d. Packages should install their
32 | configuration files in /usr/lib/issue.d. Files in
33 | /etc/issue.d are reserved for the local
34 | administrator, who may use this logic to override the files installed by
35 | vendor packages. All configuration files are sorted by their filename
36 | in lexicographic order, regardless of which of the directories they reside in.
37 |
Name
rebootmgr.conf — Reboot Manager configuration files
Synopsis
/etc/rebootmgr.conf
Options¶
The following options are available in the "rebootmgr"
20 | section:
window-start=¶21 | The format of
window-startis the same as 22 | described in systemd.time(7). 23 |window-duration=¶24 | The format of
window-durationis 25 | "[XXh][YYm]". 26 |strategy=¶27 | This entry specifies the reboot strategy. For a list of valid 28 | strategies and their meaning look at the 29 | rebootmgrd(8) 30 | manual page. 31 |
Example¶
Example 1. Example configuration file
32 | In this example, the machine will reboot between 03:30 and 05:00 33 | o'clock in the morning. 34 |
/etc/rebootmgr.conf:
35 | [rebootmgr] 36 | window-start=03:30 37 | window-duration=1h30m 38 | strategy=best-effort 39 |
Name
rebootmgr.index — List all manpages from the rebootmgr project
R¶
rebootmgr.conf(5) — Reboot Manager configuration files
rebootmgr.service(8) — Reboot the machine during a maintenance window.
rebootmgrctl(1) — Tool to control and configure the reboot manager daemon.
rebootmgrd(8) — Reboot the machine during a maintenance window.
Name
rebootmgrd, rebootmgr.service, org.opensuse.RebootMgr.conf — Reboot the machine during a maintenance window.
Synopsis
/usr/sbin/rebootmgrd [ --debug | --help | --version ]
/usr/lib/systemd/system/rebootmgr.service
/etc/dbus-1/system.d/org.opensuse.RebootMgr.conf
Description¶
To avoid that a whole cluster or a set of machines with the same task 19 | reboot at the same there, rebootmgrd reboots 20 | the machine following configured policies.
Reboot Strategies¶
21 | rebootmgr supports different strategies, when a reboot should be done: 22 |
- instantly¶
23 | When the signal arrives other services will be informed 24 | that we plan to reboot and do the reboot without waiting 25 | for a maintenance window. 26 |
- maint-window¶
27 | Reboot only during a specified maintenance window. If no window is 28 | specified, reboot immediately. 29 |
- best-effort¶
30 | This is the default. IF a maintenance window is specified, 31 | use maint-window. If no maintenance window is specified, 32 | reboot immediately (instantly). 33 |
- off¶
34 | rebootmgr continues to run, but ignores all signals to 35 | reboot. Setting the strategy to off does not clear the maintenance 36 | window. If rebootmgr is enabled again, it will continue to use the 37 | old specified maintenance window. 38 |
39 | The reboot strategy can be configured via 40 | rebootmgr.conf(5) 41 | and adjusted at runtime via 42 | rebootmgrctl(1). 43 | These changes will be written to the configuration file and survive the 44 | next reboot. 45 |
Options¶
Name
transactional-update.index — List all manpages from the transactional-update project
T¶
transactional-update(8) — Apply updates to the system in an atomic way via transactional updates.
transactional-update.conf(5) — transactional-update configuration files
transactional-update.service(8) — Apply updates to the system in an atomic way via transactional updates.
transactional-update.timer(8) — Apply updates to the system in an atomic way via transactional updates.
tukit.conf(5) — tukit configuration file
Name
tukit.conf — tukit configuration file
Synopsis
/etc/tukit.conf
Description¶
This configuration file controls and defines the behaviour of 19 | tukit(8).
The tukit.conf file uses INI
20 | style assignments, e.g. PARAMETER=value.
A reference file (also used for reading the default values) can be 21 | found in 22 | /usr/etc/tukit.conf.
Options¶
The following options are available in the
23 | "tukit" section:
24 |
DRACUT_SYSROOT¶25 | Directory where "
dracut" will mount the 26 | "sysroot". The current default value is 27 | "/sysroot". 28 |LOCKFILE¶29 | Lock file path for tukit. By default it is 30 | "
/var/run/tukit.lock". 31 |OVERLAY_DIR¶32 | Directory where the "
/etc" overlays are 33 | stored. By default it is "/var/lib/overlay". 34 |BINDDIRS¶35 | Bind mount additional directories into the update 36 | environment; to add multiple directories add a separate 37 | entry with a different id between the brackets for each. 38 |
39 | Be aware that only the root file system is managed in a 40 | transactional way, i.e. any additional mounts added here 41 | will *not* get a seperate snapshot (so their contents 42 | cannot be rolled back) and the changes will be visible to 43 | the running system immediately (breaking the transactional 44 | concept and possibly resulting in a mix between old and 45 | new files if there are also changes to the root file 46 | system until the next reboot). 47 |
48 | By default only /opt will be bind-mounted, as this 49 | directory is often used by third-party packages, but the 50 | applications in there are usually self-contained. 51 |
52 | Example: To mount additional directories such as 53 | "
/usr/local" or 54 | "/var/lib/images" into the update 55 | environment, add the following lines to the configuration 56 | file: 57 |58 | BINDDIRS[0]="/opt" 59 | BINDDIRS[1]="/usr/local" 60 | BINDDIRS[2]="/var/lib/images" 61 |
62 | If a directory contains submounts, these have to be 63 | mounted separately. For example if for some reason 64 | "
/usr/local" should contain 65 | "/usr/local/extra" that is located on a 66 | different partition, both mounts will have to be listed: 67 |68 | BINDDIRS[0]="/opt" 69 | BINDDIRS[1]="/usr/local" 70 | BINDDIRS[2]="/usr/local/extra" 71 | BINDDIRS[3]="/var/lib/images" 72 |
73 |
74 | Note that in some situations one may be tempted to expose 75 | "
/var/lib" directly, but this can be 76 | dangerous. 77 |78 | "
/var/lib" contains a lot of data, 79 | including databases, docker images or sssd data. That data 80 | is often bound to a specific version of the 81 | software. Exposing it during an upgrade can make that an 82 | RPM post-script will make changes in place that will touch 83 | the live system, that will be directly visible to the 84 | user, breaking the guarantees that transactional-update 85 | provides. 86 |
Version 0.4, 28. September 2021
Abstract
2 | This is the documentation for transactional-update and is intended for 3 | users, administrators and packagers. 4 |
It describes how transactional-update with Btrfs works by giving 5 | an overview of the design, what an administrator needs to know about 6 | setting up and operating such a system and what a packager needs to 7 | know for creating compatible packages. 8 |
9 | For specific usage see the 10 | transactional-update man page 11 | or the 12 | list of Kubic related commands. 13 |
Table of Contents
List of Examples
- 4.1. /etc layers
2 | This document was written by Thorsten Kukuk <kukuk@suse.com> 3 | with many contributions from Ignaz Forster <iforster@suse.com>. 4 |
2 | transactional-update is split into two parts: the (open)SUSE specific 3 | transactional-update shell script, and the 4 | generic tukit (including libtukit, the tukit 5 | command line application and the D-Bus bindings). 6 |
7 | libtukit is a C++ library implementing the core functionality of 8 | transactional-update. It is responsible 9 | for snapshot management, preparing the environment (including 10 | overlay handling, see Section 4.3, “/etc”) and executing 11 | the command to run within the update environment. 12 |
13 | The library is designed to be a general purpose library for handling 14 | transactional systems. It provides methods to create, modify and close 15 | transactions as well as execute commands within a transaction. 16 | Currently snapper is the only implemented snapshot 17 | management option. 18 |
19 | Applications such as package managers are expected to use this library 20 | for easily supporting transactional systems. DNF for example is 21 | supporting transactional systems via the 22 | libdnf-plugin-txnupd 23 | plugin. 24 |
25 | The library also provides C bindings with the same functionality as the 26 | C++ library. 27 |
28 | tukit is a utility application to call libtukit 29 | functionality from the command line. Applications which do not support 30 | libtukit directly may use this application as 31 | a wrapper. This command is not yet intended to be called by the user 32 | directly, as it does not perform maintenance tasks such as marking a 33 | snapshot for deletion for now. 34 |
35 | The libtukit functionality is also available via 36 | D-Bus interface org.opensuse.tukit. Commands are 37 | executed asynchronously, returning a signal when the command execution 38 | is finished. 39 |
40 | This shell script is an (open)SUSE specific wrapper for handling the 41 | tasks typical on a transactional system, e.g. installing packages, 42 | updating the system or updating the bootloader. To do so it is using 43 | the tukit wrapper to call applications such as 44 | zypper for package management. 45 |
/usr/etc/transactional-update.conf2 | This is the reference configuration file for 3 | transactional-update, containing distribution 4 | default values. This file should not be changed by the 5 | administrator. 6 |
/etc/transactional-update.conf7 | To change the default configuration for 8 | transactional-update copy or create this file 9 | and change the options accordingly. See 10 | transactional-update.conf(5) 11 | for a description of the configuration options. Values from this 12 | file will overwride the distribution default values. 13 |
/var/lib/overlay/14 | See Section 4.3, “/etc” for an explanation of this 15 | directory's contents. 16 |
2 | Currently snapper is the only supported snapshot 3 | implementation, however the code base is prepared to support other 4 | (file) systems 5 | as long as they provide snapshot functionality and the ability to boot 6 | from specific snapshots. 7 |
{{ site.title }}
10 |{{ site.description }}
11 |