man: import "Implementing Offline System Updates"

This imports most of http://www.freedesktop.org/wiki/Software/systemd/SystemUpdates/
to turn it into a man page. Similarly for the man page about generators,
this will make it easier to keep up-to-date, keep a history of changes,
and make it more discoverable for end-users.

diff --git a/Makefile-man.am b/Makefile-man.am
index a7e348b..a4835a5 100644 (file)
--- a/Makefile-man.am
+++ b/Makefile-man.am
@@ -144,6 +144,7 @@ MANPAGES += \
        man/systemd.link.5 \
        man/systemd.mount.5 \
        man/systemd.nspawn.5 \
+       man/systemd.offline-updates.7 \
        man/systemd.path.5 \
        man/systemd.preset.5 \
        man/systemd.resource-control.5 \
@@ -2651,6 +2652,7 @@ EXTRA_DIST += \
        man/systemd.netdev.xml \
        man/systemd.network.xml \
        man/systemd.nspawn.xml \
+       man/systemd.offline-updates.xml \
        man/systemd.path.xml \
        man/systemd.preset.xml \
        man/systemd.resource-control.xml \

diff --git a/man/systemd.offline-updates.xml b/man/systemd.offline-updates.xml
new file mode 100644 (file)
index 0000000..dd4fad8
--- /dev/null
+++ b/man/systemd.offline-updates.xml
@@ -0,0 +1,151 @@
+<?xml version='1.0'?> <!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<!--
+  This file is part of systemd.
+
+  Copyright 2013 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+-->
+
+<refentry id="systemd.offline-updates">
+  <refentryinfo>
+    <title>systemd.offline-updates</title>
+    <productname>systemd</productname>
+
+    <authorgroup>
+      <author>
+        <contrib>Developer</contrib>
+        <firstname>Lennart</firstname>
+        <surname>Poettering</surname>
+        <email>lennart@poettering.net</email>
+      </author>
+    </authorgroup>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>systemd.offline-updates</refentrytitle>
+    <manvolnum>7</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>systemd.offline-updates</refname>
+    <refpurpose>Implementation of offline updates in systemd</refpurpose>
+  </refnamediv>
+
+  <refsect1>
+    <title>Implementing Offline System Updates</title>
+
+    <para>This is implemented starting with systemd 183.</para>
+
+    <para>Here are some guidelines how to implement "offline" OS updates with systemd. By "offline"
+    OS updates we mean package installations and updates that are run with the system booted into a
+    special system update mode, in order to avoid problems related to conflicts of libraries and
+    services that are currently running with those on disk. This document is inspired by this
+    <ulink url="https://wiki.gnome.org/Design/OS/SoftwareUpdates">GNOME design whiteboard</ulink>.
+    </para>
+
+    <para>The logic:</para>
+
+    <orderedlist>
+      <listitem>
+        <para>The package manager prepares system updates by downloading all (RPM or DEB or
+        whatever) packages to update off-line in a special directory
+        <filename noindex="true">/var/lib/system-update</filename> (or
+        another directory of the package/upgrade manager's choice).</para>
+      </listitem>
+
+      <listitem>
+        <para>When the user OK'ed the update, the symlink <filename>/system-update</filename> is
+        created that points to <filename noindex="true">/var/lib/system-update</filename>
+        (or wherever the upgrade package directory is called) and the system is rebooted. This
+        symlink is in the root directory, since we need to check for it very early at boot, at a
+        time where <filename>/var</filename> is not available yet.</para>
+      </listitem>
+
+      <listitem>
+        <para>Very early in the new boot a systemd generator checks whether
+        <filename>/system-update</filename> exists. If so, it (temporarily and for this boot only)
+        redirects (i.e. symlinks) <filename>default.target</filename> to
+        <filename>system-update.target</filename>, a new target that is intended to pull in the base
+        system (i.e. <filename>sysinit.target</filename>, so that all file systems are mounted but
+        little else) and the system update units.</para>
+      </listitem>
+
+      <listitem>
+        <para>The system now continues to boot into <filename>default.target</filename>, and thus
+        into <filename>system-update.target</filename>. This target pulls in the OS update script,
+        which is executed after all file systems are mounted.</para>
+      </listitem>
+
+      <listitem>
+        <para>The system update script now creates a btrfs snapshot (if possible), then installs all
+        RPMs. After completion (regardless whether the update succeeded or failed) the
+        /system-update symlink is removed. In addition, on failure it reverts to the old btrfs state
+        (modulo the aforementioned symlink), on success it leaves the newly made changes in
+        place.</para>
+      </listitem>
+
+      <listitem>
+        <para>The system is rebooted. Since the <filename>/system-update</filename> symlink is gone,
+        the generator won't redirect <filename>default.target</filename> after reboot and the
+        system now boots into the default target again.</para>
+      </listitem>
+    </orderedlist>
+  </refsect1>
+
+  <refsect1>
+    <title>Recommendations</title>
+
+    <orderedlist>
+      <listitem>
+        <para>To make things a bit more robust we recommend hooking the update script into
+        <filename>system-update.target</filename> via a <filename noindex='true'>.wants/</filename>
+        symlink in the distribution package, rather than depending on <command>systemctl
+        enable</command> in the postinst scriptlets of your package. More specifically, for your
+        update script create a .service file, without [Install] section, and then add a symlink like
+        <filename noindex='true'>/usr/lib/systemd/system-update.target.wants/foobar.service</filename>
+        → <filename noindex='true'>../foobar.service</filename> to your package.</para>
+      </listitem>
+
+      <listitem>
+        <para>Make sure to remove the <filename>/system-update</filename> symlink early in the
+        update script to avoid reboot loops in case the update fails.</para>
+      </listitem>
+
+      <listitem>
+        <para>Use <varname>OnFailure=reboot.target</varname> in the service file for your update
+        script to ensure that a reboot is automatically triggered if the update fails.
+        <varname>OnFailure=</varname> makes sure that the specified unit is activated if your script
+        exits uncleanly (by non-zero error code, or signal/coredump). If your script succeeds you
+        should trigger the reboot in your own code, for example by invoking logind's
+        <command>Reboot()</command> call. See
+        <ulink url="http://www.freedesktop.org/wiki/Software/systemd/logind">logind dbus API</ulink>
+        for details.</para>
+      </listitem>
+    </orderedlist>
+  </refsect1>
+
+  <refsect1>
+    <title>See also</title>
+
+    <para>
+      <ulink url="http://www.freedesktop.org/wiki/Software/systemd/SystemUpdates/">Implementing Offline System Updates</ulink>,
+      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+    </para>
+  </refsect1>
+</refentry>