1RPM-OSTREE(1) rpm-ostree RPM-OSTREE(1)
2
6 rpm-ostree - Hybrid image/package system for host operating system
7 updates
8
10 rpm-ostree {COMMAND} [OPTIONS...]
11
13 rpm-ostree is a hybrid image and package system; as the name suggests,
14 it uses OSTree for the image side, and RPM for the package side. It
15 supports composing RPMs server-side into an OSTree commit (like an
16 image), and clients can replicate that bit-for-bit, with fast
17 incremental updates. Additionally, the hybrid nature comes to the fore
18 with client-side package layering and overrides.
19 On an rpm-ostree managed system, the traditional yum (if installed) and
21 rpm tools operate in a read-only state; the RPM database is stored in
22 /usr/share/rpm which is underneath a read-only bind mount.
23 Instead of live package-by-package upgrades, the underlying OSTree
25 layer replicates a complete filesystem tree from a compose server into
26 a new deployment, available on the next reboot. One benefit of this is
27 that there will always be a previous deployment, available for
28 rollback. This also makes it easier to reliably "queue" an update
29 without destabilizing the running system at all. (Currently though
30 there's an experimental livefs command that supports changing the
31 running filesystem).
32 Note in this "pure replication" model, there is no per-client packaging
34 overhead. Dependency resolution, SELinux labeling, all of the scripts
35 etc. were run on the server side and captured in the OSTree commit.
36
38 cancel
39 Cancel a pending transaction. Exits successfully and does nothing
40 if no transaction is running. Note that it is fully safe to cancel
41 transactions such as upgrade in general.
42 db
44 Gives information pertaining to rpm data within the file system
45 trees within the ostree commits. There are three sub-commands:
46 diff to see how the packages are different between the trees in two
48 revs. If no revs are provided, the booted commit is compared to the
49 pending commit. If only a single rev is provided, the booted commit
50 is compared to that rev. The --format=diff option uses - for
51 removed packages, + for added packages, and finally ! for the old
52 version of an updated package, with a following = for the new
53 version.
54 list to see which packages are within the commit(s) (works like yum
56 list). At least one commit must be specified, but more than one or
57 a range will also work.
58 version to see the rpmdb version of the packages within the commit
60 (works like yum version nogroups). At least one commit must be
61 specified, but more than one or a range will also work.
62 deploy
64 Takes version, branch, or commit ID as an argument, and creates a
65 new deployment using it, setting it up as the default for the next
66 boot. Unlike most other commands, this will automatically fetch and
67 traverse the origin history to find the target. By design, this has
68 no effect on your running filesystem tree. You must reboot for any
69 changes to take effect.
70 This will also queue an update for any layered packages.
72 --unchanged-exit-77 to exit status 77 to indicate that the system
74 is already on the specified commit. This tristate return model is
75 intended to support idempotency-oriented systems automation tools
76 like Ansible.
77 --reboot or -r to initiate a reboot after the upgrade is prepared.
79 --preview download enough metadata to inspect the RPM diff, but do
81 not actually create a new deployment.
82 --cache-only or -C to perform the operation without trying to
84 download the target tree from the remote nor the latest packages.
85 --download-only to only download the target ostree and layered RPMs
87 without actually performing the deployment. This can be used with a
88 subsequent --cache-only invocation to perform the operation
89 completely offline.
90 install
92 Takes one or more packages as arguments. The packages are fetched
93 from the enabled repositories in /etc/yum.repos.d/ and are
94 overlayed on top of a new deployment. It is also possible to
95 specify a local RPM package that resides on the host. Overlayed
96 packages can later be removed with the uninstall command.
97 If this is the first time a machine-local change is made, note that
99 this will change rpm-ostree to operate in full hybrid mode.
100 Concretely, rpm-ostree will also start fetching all enabled rpm-md
101 (yum) repositories and use those for package updates every time
102 rpm-ostree upgrade is invoked, as well as during other operations
103 such as rebase.
104 rpm-ostree remembers these requests even if a later host update
106 includes those packages already: if the packages are subsequently
107 dropped out again, rpm-ostree will go back to layering them.
108 Note that by default, specifying a package that is already in the
110 base layer is an error unless the --allow-inactive option is
111 provided. This can be useful when anticipating the removal of a
112 base package.
113 --idempotent to do nothing if a package request is already present
115 instead of erroring out.
116 --reboot or -r to initiate a reboot after the deployment is
118 prepared.
119 --dry-run or -n to exit after printing the transaction rather than
121 downloading the packages and creating a new deployment.
122 --allow-inactive to allow requests for packages that are already in
124 the base layer.
125 --cache-only or -C to perform the operation without trying to
127 download the latest packages.
128 --download-only to only download the target layered RPMs without
130 actually performing the deployment. This can be used with a
131 subsequent --cache-only invocation to perform the operation
132 completely offline.
133 --apply-live will perform a subsequent apply-live operation to
135 apply changes to the booted deployment.
136 uninstall
138 Takes one or more packages as arguments. The packages are removed
139 from the set of packages that are currently overlayed. The
140 remaining packages in the set (if any) are fetched from the enabled
141 repositories in /etc/yum.repos.d/ and are overlayed on top of a new
142 deployment.
143 --reboot or -r to initiate a reboot after the deployment is
145 prepared.
146 --dry-run or -n to exit after printing the transaction rather than
148 downloading the packages and creating a new deployment.
149 rebase
151 Switch to a different branch (possibly using a new remote), while
152 preserving all of the state that upgrade does, such as /etc
153 changes, any layered RPM packages, etc.
154 The full syntax is rebase REMOTENAME:BRANCHNAME. Alternatively, you
156 can use the --branch or --remote options mentioned below. With the
157 argument syntax, specifying just BRANCHNAME will reuse the same
158 remote. You may also omit one of REMOTENAME or BRANCHNAME (keeping
159 the colon). In the former case, the branch refers to a local
160 branch; in the latter case, the same branch will be used on a
161 different remote.
162 This will also queue an update for any layered packages.
164 --branch or -b to pick a branch name.
166 --remote or -m to pick a remote name.
168 --cache-only or -C to perform the rebase without trying to download
170 the target tree from the remote nor the latest packages.
171 --download-only to only download the target ostree and layered RPMs
173 without actually performing the deployment. This can be used with a
174 subsequent --cache-only invocation to perform the operation
175 completely offline.
176 rollback
178 OSTree manages an ordered list of bootloader entries, called
179 "deployments". The entry at index 0 is the default bootloader
180 entry. Each entry has a separate /etc, but they all share a single
181 /var. You can use the bootloader to choose between entries by
182 pressing Tab to interrupt startup.
183 This command then changes the default bootloader entry. If the
185 current default is booted, then set the default to the previous
186 entry. Otherwise, make the currently booted tree the default.
187 --reboot or -r to initiate a reboot after rollback is prepared.
189 status
191 Gives information pertaining to the current deployment in use.
192 Lists the names and refspecs of all possible deployments in order,
193 such that the first deployment in the list is the default upon
194 boot. The deployment marked with * is the current booted
195 deployment, and marking with 'r' indicates the most recent upgrade
196 (the newest deployment version).
197 upgrade
199 Download the latest version of the current tree, and deploy it,
200 setting it up as the default for the next boot. By design, this has
201 no effect on your running filesystem tree. You must reboot for any
202 changes to take effect.
203 --unchanged-exit-77 to exit status 77 to indicate that the system
205 is already up to date. This tristate return model is intended to
206 support idempotency-oriented systems automation tools like Ansible.
207 --reboot or -r to initiate a reboot after upgrade is prepared.
209 --allow-downgrade to permit deployment of chronologically older
211 trees.
212 --preview to download only /usr/share/rpm in order to do a
214 package-level diff between the two versions.
215 --check to just check if an upgrade is available, without
217 downloading it or performing a package-level diff. Using this flag
218 will force an update of the RPM metadata from the enabled repos in
219 /etc/yum.repos.d/, if there are any layered packages.
220 --cache-only or -C to perform the upgrade without trying to
222 download the latest tree from the remote nor the latest packages.
223 --download-only to only download the target ostree and layered RPMs
225 without actually performing the deployment. This can be used with a
226 subsequent --cache-only invocation to perform the operation
227 completely offline.
228 override
230 Provides subcommands for overriding (modifying) the base OSTree
231 layer. Such modifications should be done with care and are normally
232 not intended to be long-lasting. For example, one might replace a
233 base package with its older version to avoid a regression.
234 Overrides are automatically carried over during new deployments.
235 The subcommands are:
236 remove to remove base packages.
238 replace to replace base packages. Requires explicitly specifying a
240 set of RPMs to install via HTTP or local file paths. On Fedora
241 systems, it is also supported to pull from the Fedora Koji/Bodhi
242 systems. For example, rpm-ostree override replace
243 https://objstore.int.example.com/hotfixes/kernel.rpm, rpm-ostree
244 override replace ./podman.rpm, rpm-ostree override replace
245 https://bodhi.fedoraproject.org/updates/FEDORA-2020-XXXXXXX or
246 rpm-ostree override replace
247 https://koji.fedoraproject.org/koji/buildinfo?buildID=XXXXXXX
248 reset to reset previous overrides. Currently, the full NEVRA of the
250 target packages must be specified.
251 refresh-md
253 Download the latest rpm repo metadata if necessary and generate the
254 cache.
255 kargs
257 Without options, display current default kernel arguments. Modify
258 arguments using the following parameters which will create a new
259 deployment with the modified kernel arguments. Previous deployments
260 are never changed.
261 --editor to use an editor to modify the kernel arguments.
263 --append to append a kernel argument. For example,
265 --append=panic=1.
266 --append-if-missing to append a kernel argument if it is not
268 present.
269 --delete to delete a kernel argument. For example,
271 --delete=panic=1.
272 --delete-if-present to delete a kernel argument if it is already
274 present. For example, --delete-if-present=panic=1.
275 --replace to replace an existing kernel argument, it allows you to
277 pass a KEY=VALUE. Also, it supports "KEY=VALUE=NEWVALUE" to replace
278 the value of an argumnet only if one value exist for that argument.
279 For example, --replace=panic=1. or --replace=panic=1=0.
280 --unchanged-exit-77 to exit status 77 to indicate that the kernel
282 arguments have not changed.
283 By default, modifications are applied to the kernel arguments of
285 the default deployment to get the final arguments. Use
286 --deploy-index or --import-proc-cmdline to instead base them off of
287 a specific deployment or the current boot.
288 cleanup
290 Commands such as upgrade create new deployments, which affect the
291 next boot, and take up additional storage space. In some cases, you
292 may want to undo and clean up these operations. This command
293 supports both removing additional deployments such as the "pending"
294 deployment (the next boot) as well as the default rollback
295 deployment. Use -p/--pending to remove the pending deployment, and
296 -r/--rollback to remove the rollback.
297 The -b/--base option does not affect finished deployments, but will
299 clean up any transient allocated space that may result from
300 interrupted operations. If you want to free up disk space safely,
301 use this option first.
302 The -m/--repomd option cleans up cached RPM repodata and any
304 partially downloaded (but not imported) packages.
305 NOTE: the cleanup will not affect any deployments that have been
307 "pinned" via the ostree admin pin operation.
308 reload
310 Some configuration and state data such as /etc/ostree/remotes.d
311 changes may not be reflected until a daemon reload is invoked. Use
312 this command to initiate a reload.
313 usroverlay
315 Mount a writable overlay filesystem on /usr which is active only
316 for the remainder of the system boot. This is intended for
317 development, testing, and debugging. Changes will not persist
318 across upgrades, or rebooting in general.
319 One important goal of this is to support traditional rpm -Uvh
321 /path/to/rpms or equivalent where changes are applied live.
322 However, an intended future feature for rpm-ostree will be a
323 variant of rpm-ostree override which also supports applying changes
324 live, for the cases which one wants persistence as well.
325 This command is equivalent to ostree admin unlock.
327 initramfs
329 By default, the primary use case mode for rpm-ostree is to
330 replicate an initramfs as part of a base layer. However, some use
331 cases require locally regenerating it to add configuration or
332 drivers. Use rpm-ostree initramfs to inspect the current status.
333 Use --enable to turn on client side initramfs regeneration. A new
335 deployment will be generated, and after reboot, further upgrades
336 will continue regenerating. You must reboot for the new initramfs
337 to take effect.
338 To append additional custom arguments to the initramfs program
340 (currently dracut), use --arg. For example, --arg=-I
341 --arg=/etc/someconfigfile.
342 The --disable option will disable regeneration. You must reboot for
344 the change to take effect.
345 ex
347 This command offers access to experimental features; command line
348 stability is not guaranteed. The available subcommands will be
349 listed by invoking rpm-ostree ex. For example, there is rpm-ostree
350 ex apply-live which is an experimental interface for applying
351 changes to the booted deployment.
352 ex apply-live
354 Experimental feature; subject to change.
355 Given a target OSTree commit (defaults to the pending deployment),
357 create a transient overlayfs filesystem for /usr, and synchronize
358 the changes to the booted filesystem tree. By default, to ensure
359 safety, only package additions are allowed.
360 --reset to reset the filesystem tree to the booted commit.
362 --target may be used to target an arbitrary OSTree commit. This is
364 an advanced feature, exposed mainly for testing.
365 --allow-replacement enables live updates and removals for existing
367 packages.
368 Example 1. Install postgresql live
370 $ rpm-ostree install postgresql-server
372 $ rpm-ostree ex apply-live
373 $ systemctl start postgresql # Some setup required
374 Currently, this just synchronizes the filesystem; no systemd units
377 are restarted for example.
378 A major implicit benefit of the overlayfs approach is that if
380 something goes wrong in the middle of a apply-live operation, a
381 system reboot will implicitly remove the overlay, restoring the
382 system to the pristine deployment state.
383 ex initramfs-etc
385 Experimental feature; subject to change.
386 Add configuration (/etc) files into the initramfs without
388 regenerating the entire initramfs. This is useful to be able to
389 configure services backing the root block device as well as
390 early-boot services like systemd and journald.
391 Use --track to start tracking a specific file. Can be specified
393 multiple times. A new deployment will be generated. Use --untrack
394 or --untrack-all to stop tracking files.
395 When there are tracked files, any future created deployment (e.g.
397 when doing an upgrade) will ensure that they are synced. You can
398 additionally use --force-sync to simply generate a new deployment
399 with the latest versions of tracked files without upgrading.
400
402 compose
403 Entrypoint for tree composition; most typically used on servers to
404 prepare trees for replication by client systems. The tree
405 subcommand processes a treefile, installs packages, and commits the
406 result to an OSTree repository. There are also split commands
407 install, postprocess, and commit.
408
410 rpm-ostreed.conf(5) ostree(1), rpm(8)
411rpm-ostree RPM-OSTREE(1)