public
/
bootc-base-images
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #245 from mrguitar/patch-2 

Update usage.md for air-gapped & disconnected updates
This commit is contained in:
Colin Walters 2024-02-05 11:07:25 -05:00 committed by GitHub
parent 04424cc59c 68bfea510c
commit d344254dd5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
docs/usage.md
View File

@ -57,6 +57,10 @@ First, one can disable the timer entirely as part of a container build:
RUN systemctl mask bootc-fetch-apply-updates.timer
```
This is useful for environments where manually updating the systems is
preferred, or having another tool perform schedule and execute the
updates, e.g. Ansible.
Alternatively, one can use systemd "drop-ins" to override the timer
(for example, to schedule updates for once a week), create a file
like this, named e.g. `50-weekly.conf`:
@ -74,6 +78,43 @@ RUN mkdir -p /usr/lib/systemd/system/bootc-fetch-apply-updates.timer.d
COPY 50-weekly.conf /usr/lib/systemd/system/bootc-fetch-apply-updates.timer.d
```
## Air-gapped and dissconnected updates
For environments without a direct connection to a centralized container
registry, we encourage mirroring an on-premise registry if possible or manually
moving container images using `skopeo copy`. See [this blog](https://www.redhat.com/sysadmin/manage-container-registries) for example.
For systems that require manual updates via USB drives, this procedure
describes how to use `skopeo` and `bootc switch`.
Copy image to USB Drive:
```skopeo copy docker://[registry]/[path to image] dir://run/media/$USER/$DRIVE/$DIR```
*note, Using the dir transport will create a number of files,
and it's recommended to place the image in it's own directory.
If the image is local the containers-storage transport will transfer
the image from a system directly to the drive:
```skopeo copy containers-storage:[image]:[tag] dir://run/media/$USER/$DRIVE/$DIR```
From the client system, insert the USB drive and mount it:
```mount /dev/$DRIVE /mnt```
`bootc switch` will direct the system to look at this mount point for future
updates, and is only necessary to run one time if you wish to continue
consuming updates from USB devices. note that if the mount point changes,
simply run this command to point to the alternate location. We recommend
using the same location each time to simplfy this.
```bootc switch --transport dir /mnt/$DIR```
Finally `bootc upgrade` will 1) check for updates and 2) reboot the system
when --apply is used.
```bootc upgrade --apply```
## Filesystem interaction and layout
At "build" time, this image runs the same as any other OCI image where