kairos icon indicating copy to clipboard operation
kairos copied to clipboard

Published 20 hours ago verified publisher icon kairos-io

UKI: kairos-agent reset

Open mudler opened this issue 1 year ago • 3 comments

Follow-up of #1151 #872

Depends on: #2226

There should be a kairos-agent CLI command that allows to set the next boot selection entry in order to replace instructions using GRUB https://kairos.io/docs/reference/reset/#remotely-via-command-line.

the reset shim has also to take into account of things like setting up the next boot entry hybrid with GRUB/systemd-boot

Acceptance Criteria

  • There is a kairos-agent command that replaces this process both for UKI and non-UKI systems.
  • We have a separate binary that does implement the shim so it can be used for backward compatibility during upgrades cc @vipsharm

mudler avatar Dec 05 '23 18:12 mudler

We have "reset" but it doesn't work exactly like the "reset" in non-UKI installations. We need to discuss whether the current implementation is enough or if we need to do more work. We will plan a call for this one.

jimmykarily avatar Feb 06 '24 09:02 jimmykarily

Currently the non-UKI reset does:

  • formats the persistent partition by default this is all the user data in the bound persistent directories (e.g. containers, databases, whatever)
  • formats the oem partition if specified by the user (default: false) this is where user configuration lives (even the original installation config is gone if true)
  • makes the "recovery" image be the new "active"
  • creates extra directories in the rootfs if specified in the kairos config (which will be deleted if the above option is true)
  • installs grub again using the files from the recovery image

Currently the UKI reset does:

  • formats the persistent partition be default (like non-UKI does)
  • formats the oem partition if requested by the user (like non-UKI does)

What is missing:

  • change the default uefi entry to the "recovery" one, which is not well defined in uki mode. User can select whichever version they want from the menu.

TODO:

  • See if we can identify which EFI/config file we are booted in. If that's possible, by prefixing the efi/config file with "recovery-" and "active-" and "passive-" we can decide which image is which, without needing the cmdline to define that.

If the above works, we can then:

  • On first installation there is only one version (+additional cmdlines) which will be copied 3 times (active, passive, recovery)
  • As we keep upgrading, we rotate the active and passive (+additional cmdlines)
  • The recovery one is always the original one (unless the user upgrades with --recovery)
  • Keep only up to 3 versions around (+ all their cmdlines) when upgrading (like it happens in non-uki)

Finally, on reset we replace "active" with "recovery".

NOTE:

  • The extra dirs thing, is not possible in UKI because we can't change the image (it's signed).
  • systemd-boot resets whatsoever (as in grub re-installation).

jimmykarily avatar Feb 08 '24 09:02 jimmykarily

Also relevant information on how upgrade works in "legacy": https://github.com/kairos-io/kairos/issues/1286#issue-1666278081

jimmykarily avatar Feb 08 '24 09:02 jimmykarily

Keeping open until it's bumped in kairos

jimmykarily avatar Feb 21 '24 08:02 jimmykarily

this + shim is part of agent v2.7.13

Itxaka avatar Feb 21 '24 10:02 Itxaka

v2.7.13 merged into packages, should shortly be available under framework

Itxaka avatar Feb 21 '24 11:02 Itxaka

https://github.com/kairos-io/kairos/pull/2278

Itxaka avatar Feb 21 '24 22:02 Itxaka

Now in master

Itxaka avatar Feb 22 '24 07:02 Itxaka

I did a test from master and it works. All good.

jimmykarily avatar Feb 22 '24 07:02 jimmykarily