updates: Enable air-gapped updating via a USB drive #235
Comments
ethanjli
changed the title
ethanjli
changed the title
ethanjli
changed the title
|
We should also add a GitHub Actions workflow to automatically build update bundles for each CPU architecture, so that they can be attached to GitHub Releases. Then we can tell Forklift to Note that PlanktoScope OS should add some mechanism to make it easy for users to mount USB drives - either automatically or with some easy web interface (e.g. Cockpit or some preexisting project). |
|
If we choose to include container image archives in staged pallet bundles, perhaps a compact on-disk layout for them could be to hard-link them into Forklift's container image cache (see #245). We'd probably want to gzip them (see #245 (comment)). We'd need to make sure that the hard link is resolved so that the archives get copied into the staged pallet bundles when they're compressed into a .tar.gz file, instead of just being saved as links. If we can somehow include container images via OCI image layering (but in such a way that the container images are stored in subdirectories), that could introduce some storage efficiencies for shared base layers. idk if that's even possible though. |
|
If we publish staged pallet bundles as OCI artifacts (either OCI container images or custom OCI artifacts), it might be worth showing how to add them to the ArtifactHub OCI artifact index. See https://universal-blue.discourse.group/t/listing-your-custom-image-on-artifacthub/6446 for details. |
Devices without an internet connection need a way to get software updates via a USB drive. This would mean updating the local pallet (in a way that the updated pallet is still customizable) and all of its dependencies, which would include:
If we deliver the archive of everything needed as a custom OCI artifact or as an OCI container image (I prefer the latter, for compatibility with skopeo and crane), then we could use cosign to authenticate our archives (e.g. as in this example).
If it's reasonably simple to rehydrate things from a pallet bundle into our caches, e.g. by providing container images and file downloads from an optional
cachesubdirectory in the bundle and providing some additional metadata in acachessection of the bundle manifest (or maybe having the manifest'scachessection record where each exported download file should be copied to in the downloads cache), that may be a really elegant approach - because then the bundle could also be dropped directly into the stage store for use even if the cache files aren't loaded into the Forklift cache. Such a bundle would be fully self-contained for deployment anywhere (assuming a compatible CPU architecture, Forklift version, Docker, etc.). And then on systems where user customization isn't important (e.g. a fleet of uniform devices) and we don't need to runpltsubcommands, we would just drop bundles into Forklift's stage store with astage import-bundlesubcommand without having a local pallet or caches.Ideally, the subcommands for air-gapped updates would look like:
plt switch --from-bundle {tarball path}if we want to rehydrate things from a bundle into the local pallet and the cachestage import-bundle {tarball path}(with an optional flag to set it as the next staged bundle) if we just want to copy the bundle into the stage storeIdeally, the subcommands for making update bundles would look like:
plt export-bundle {output path}with an optional--include-cachesflag which is enabled by defaultstage export-bundle {bundle name or index} {output path}(orstage plt --bun={bundle name or index} export-bundle {output path}) with an optional--include-cachesflag which is enabled by default and which, if enabled for a bundle without a completecachesdirectory, may require downloading some additional filesWe should probably establish a convention that the bundle should be named
{pallet path}@{version or pseudoversion with a "dirty" indicator}+{cpu architecture}.forklift-bundle.tar.gzThe text was updated successfully, but these errors were encountered: