particle-os/apt-ostree
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
apt-ostree/.notes/rpm-ostree/service-files/rpm-ostreed-automatic.service.md

3 KiB
Raw Blame History

rpm-ostreed-automatic.service

Overview

Automatic system update service that executes upgrades based on configured policies. This service runs silently in the background to maintain system security and stability.

Service File

[Unit]
Description=rpm-ostree Automatic Update
Documentation=man:rpm-ostree(1) man:rpm-ostreed.conf(5)
ConditionPathExists=/run/ostree-booted

[Service]
Type=simple
ExecStart=rpm-ostree upgrade --quiet --trigger-automatic-update-policy

Key Components

Unit Section

  • Description: Human-readable description of the service
  • Documentation: References to manual pages
  • ConditionPathExists=/run/ostree-booted: Only run on OSTree-booted systems

Service Section

  • Type=simple: Simple service type
  • ExecStart=rpm-ostree upgrade --quiet --trigger-automatic-update-policy: Execute automatic upgrade

What It Does

Core Functions

  1. Automatic Updates: Executes system upgrades without user intervention
  2. Policy Compliance: Follows configured update policies
  3. Security Maintenance: Keeps system up to date with security patches
  4. Background Operation: Runs silently without user interaction

Command Details

The rpm-ostree upgrade --quiet --trigger-automatic-update-policy command:

  • --quiet: Suppress output and run silently
  • --trigger-automatic-update-policy: Follow automatic update policies
  • Checks for available updates
  • Downloads and applies updates if policy allows
  • Creates new deployment with updates

Policy Integration

The service respects configuration in:

  • /etc/rpm-ostreed.conf: Main configuration file
  • Automatic update policies
  • Security update preferences
  • Update scheduling settings

Configuration

rpm-ostreed.conf

[Daemon]
AutomaticUpdatePolicy=check
AutomaticUpdateCheckSec=300

Policy Options

  • check: Check for updates but don't apply
  • stage: Stage updates for next boot
  • apply: Apply updates immediately
  • off: Disable automatic updates

Use Cases

Enterprise Environments

  • Security Compliance: Automatic security updates
  • Maintenance Windows: Scheduled update application
  • Policy Enforcement: Consistent update policies

Development Systems

  • Continuous Updates: Keep development environment current
  • Security: Automatic security patch application
  • Stability: Controlled update application

Production Systems

  • Zero Downtime: Background update staging
  • Rollback Safety: Safe update application with rollback
  • Monitoring: Update status monitoring and alerting

Dependencies

  • OSTree-booted system (/run/ostree-booted)
  • rpm-ostree command-line tool
  • rpm-ostreed configuration
  • Network connectivity for updates

apt-ostree Equivalent

For apt-ostree, this would be apt-ostreed-automatic.service with:

  • Command: apt-ostree upgrade --quiet --trigger-automatic-update-policy
  • APT-specific update policies
  • Debian/Ubuntu security update handling
  • APT configuration integration
  • Debian/Ubuntu update mechanisms