Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

podman machine: disable zincati update service #20190

Merged
merged 1 commit into from
Sep 29, 2023
Merged

podman machine: disable zincati update service #20190

merged 1 commit into from
Sep 29, 2023

Conversation

baude
Copy link
Member

@baude baude commented Sep 28, 2023

As explained in #21022, there are all kinds of downsides to a machine updating itself (via zincati) automatically, like interuption of service, lost mounts, etc.

disabling zincati will at least allow stop these downsides. we are likely to contemplate if podman will take over the update process externally where interuption of services will not occur etc.

Fixes #20122

Does this PR introduce a user-facing change?

Disable auto-updates in podman machine vms that use FCOS

@openshift-ci openshift-ci bot added release-note approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Sep 28, 2023
giuseppe
giuseppe approved these changes Sep 28, 2023
View reviewed changes
Copy link
Member

@giuseppe giuseppe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Sep 28, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: baude, giuseppe

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@Luap99
Copy link
Member

Luap99 commented Sep 28, 2023

How are machines updated then? Leaving machines on old versions seems like a bad idea. At the very least these expectations should be documented somewhere if the user is responsible for updating the VM manually and how to do so. And you need to remove the auto update from the docs:

podman/docs/source/markdown/podman-machine-init.1.md.in

Lines 27 to 30 in 87dd939

By default, the VM distribution is [Fedora CoreOS](https://getfedora.org/en/coreos?stream=testing).
Fedora CoreOS upgrades come out every 14 days and are detected and installed automatically. The VM is rebooted during the upgrade.
For more information on updates and advanced configuration,
see the Fedora CoreOS documentation about [auto-updates](https://docs.fedoraproject.org/en-US/fedora-coreos/auto-updates/) and [update strategies](https://coreos.github.io/zincati/usage/updates-strategy/).

@baude
podman machine: disable zincati update service
94818f5 
As explained in containers#21022, there are all kinds of downsides to a machine
updating itself (via zincati) automatically, like interuption of
service, lost mounts, etc.

disabling zincati will at least allow stop these downsides.  we are
likely to contemplate if podman will take over the update process
externally where interuption of services will not occur etc.

Fixes containers#20122

Signed-off-by: Brent Baude <[email protected]>
@baude
Copy link
Member Author

baude commented Sep 28, 2023

How are machines updated then? Leaving machines on old versions seems like a bad idea. At the very least these expectations should be documented somewhere if the user is responsible for updating the VM manually and how to do so. And you need to remove the auto update from the docs:

podman/docs/source/markdown/podman-machine-init.1.md.in

Lines 27 to 30 in 87dd939

By default, the VM distribution is [Fedora CoreOS](https://getfedora.org/en/coreos?stream=testing).
Fedora CoreOS upgrades come out every 14 days and are detected and installed automatically. The VM is rebooted during the upgrade.
For more information on updates and advanced configuration,
see the Fedora CoreOS documentation about [auto-updates](https://docs.fedoraproject.org/en-US/fedora-coreos/auto-updates/) and [update strategies](https://coreos.github.io/zincati/usage/updates-strategy/).

better ?

ashley-cui
ashley-cui reviewed Sep 28, 2023
View reviewed changes
Copy link
Member

@ashley-cui ashley-cui left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rhatdan
Copy link
Member

rhatdan commented Sep 28, 2023

/lgtm
/hold

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 28, 2023
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Sep 28, 2023
TomSweeneyRedHat
TomSweeneyRedHat reviewed Sep 28, 2023
View reviewed changes
docs/source/markdown/podman-machine-init.1.md.in

Note: Updating as described above can result in version mismatches between Podman on the host and Podman in the
machine. Executing `podman info` should reveal versions of both. A configuration where the Podman host and machine
mismatch are unsupported.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
mismatch are unsupported.
mismatch is unsupported.

TomSweeneyRedHat
TomSweeneyRedHat reviewed Sep 28, 2023
View reviewed changes
docs/source/markdown/podman-machine-init.1.md.in
WSL which is based on a custom Fedora image. While Fedora CoreOS upgrades come out every 14 days, the automatic
update mechanism Zincata is disabled by Podman machine.

To check if there is an upgrade available for your machine os, you can run the following command:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd suggest machine os -> machine OS

@rhatdan
Copy link
Member

rhatdan commented Sep 29, 2023

/hold cancel
Fix @TomSweeneyRedHat in a different PR

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 29, 2023
@openshift-merge-robot openshift-merge-robot merged commit 26ae0ba into containers:main Sep 29, 2023
97 checks passed
@edsantiago edsantiago mentioned this pull request Oct 25, 2023
Closed
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Dec 29, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 29, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ashley-cui ashley-cui ashley-cui left review comments

@TomSweeneyRedHat TomSweeneyRedHat TomSweeneyRedHat left review comments

@giuseppe giuseppe giuseppe approved these changes

Assignees

@rhatdan rhatdan

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. release-note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Podman Machine VM should not auto update and reboot without user interaction
7 participants
@baude @Luap99 @rhatdan @giuseppe @TomSweeneyRedHat @ashley-cui @openshift-merge-robot