How to actually enable automatic updates in Fedora Iot?

Fedora CoreOS has Zincati for automatic updates. Fedora IoT, however, only describes enabling automatic updates via rpm-ostree.

BTW it also misses to describe the steps you need to use to enable the rpm-ostree timer, actually.

I agree AutomaticUpdatePolicy=check or better even AutomaticUpdatePolicy=stage make sense on Fedora Silverblue or so, whcih you regularly restart. However, as a “server” use case Fedora IoT has, there should likely be automated restarts, should not it?

How is that intended to be used? How to make “full” automatic updates possible? Write another systemd timer just for random restarts once a day? Install Zincati? (if that is even possible, as Fedora IoT of course does not have the “streams” concept Fedora CoreOs has.)

I really wonder whether using Fedora CoreOS for a Raspberry Pi would be the better idea

1 Like

Related discussion in the other Fedora forum regarding potential solutions…

So, unfortunately there is currently no built-in way to do this as rpm-ostree cannot automatically reboot with the current automatic AutomaticUpdatePolicy and Fedora Iot does not ship with Zicanti by default.

As such, you need to create your own system service and timer to trigger this.
Note that rpm-ostree upgrade --reboot at least only reboots when it downloaded and upgrade or one is already downloaded.

Run sudo systemctl edit --force --full rpm-ostreed-upgrade-reboot.service to create new services.

# workaround for missing reboot policy
# https://github.com/coreos/rpm-ostree/issues/2843
[Unit]
Description=rpm-ostree upgrade and reboot
ConditionPathExists=/run/ostree-booted

[Service]
Type=simple
ExecStart=/usr/bin/rpm-ostree upgrade --reboot
#StandardOutput=null

And as for rpm-ostreed-upgrade-reboot.timer we just copy the existing `rom-ostreed update service timer:

[Unit]
Description=rpm-ostree upgrade and reboot trigger
ConditionPathExists=/run/ostree-booted

[Timer]
OnBootSec=1h
OnUnitInactiveSec=1d

[Install]
WantedBy=timers.target

Or, of course, you edit the existing timer and modify the command it runs.

Important: If you do not override the existing timer rpm-ostreed-automatic.service, you need to disable it, so it does not run it, because when it stages an update the next rpm-ostree upgrade –reboot command may not have another update available and thus it does not do anything and thus does not even think of rebooting the system… :wink:

Also maybe consider running podman auto-update in the same way, if you use podman containers and want to keep them updated. :slightly_smiling_face:

2 Likes

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.