Brussels / 31 January & 1 February 2015


Live atomic updates

Installing new software without the need for packages or a reboot

If you install packages on a running system you need to be careful to not break running software, or leave the filesystem in an invalid state. This is why Android, Baserock, CoreOS and Project atomic do atomic updates for system software. Currently this requires a reboot, so it's an offline atomic update, but if we can solve online atomic updates, there's no need for packages any more.

I work for Codethink on a project called Baserock, the goal of which is to solve problems in embedded systems development.

With package-based upgrades you need to be careful to not remove anything that a running program is using, and you need to avoid moving the file-system through invalid states. Distributions generally get this right, but it's a lot of work, and the complicated dance required to make this work, also makes it slow.

We decided to do away with packages to simplify things, so we do image-based updates by applying a binary delta to a snapshot and atomically flip to the new version. Currently the way to do this is reboot or kexec, but requires a service outage, so for Baserock I've been looking at a better way to do this.

In this talk I'm going to explain the various alternative approaches, why I settled on my current approach, the limitations of this approach, and future work to make this more reliable.


Richard Maw