FCOS auto updates from a private image

Is it possible to configure Zincati to auto-update system based on a new version of a hand-made image (ostree --repo=path init --mode=archive-z2)? And where do I have to store images (Cincinnati Server requires image registry to be specified)?

Example of a needed scenario:

  1. Add a package to the base image
  2. Push new image (to somewhere?)
  3. Zincati daemon auto-updates all nodes images to the new version

Are there any tutorials for this? :slight_smile:

There is a related thread on this:

but basically the easiest thing to do is do a derived container build (see GitHub - coreos/layering-examples) and then rebase the system to that container. When you push new updates to the container registry you can then rpm-ostree upgrade and the system will get the update. You can automate the update with a systemd unit on a timer.

1 Like

Thanks for your answer!

Zincati is preinstalled on the system so I think I’ll better use it with Cincinnati server for auto updates. Or Zincati now is only an experimental solution and it’s not that stable?

Zincati has been around since the beginning of FCOS. Container based updates didn’t exist then, though OSTree based updates did. It is stable.

The benefits of Cincinnati+Zincati is that there is an Update Graph that is traversed (see Fedora CoreOS updates graph) when systems update. However, this architecture is more complicated for individuals to set up, because it requires a server that you have customized, stream and update metadata to be published etc… We are looking at making this easier in the future (i.e. making zincati client smarter and requiring no dynamic server, but rather a stored yaml/json file somewhere), but for now…

If you have a specific use case and control a fixed number of servers (i.e. you don’t have many different users with many different use cases) the much simpler thing to do is just build a container and put it in a registry and then keep those systems up to date based on that.

1 Like