docs: Add boot failure detection documentation #1981
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,54 @@ | ||||||||||||
| # Upgrade/rollback failure detection in bootc | ||||||||||||
|
|
||||||||||||
| This document describes how to detect when a reboot failed to enable the staged image in bootc. | ||||||||||||
|
|
||||||||||||
| ## Overview | ||||||||||||
|
|
||||||||||||
| bootc uses different mechanisms to detect boot failures depending on the backend (OSTree vs. composefs+UKI) and the specific point of failure. Understanding these mechanisms is crucial for system administrators and automated tooling that needs to detect failed updates. | ||||||||||||
|
|
||||||||||||
| ## OSTree Backend Boot Failure Detection | ||||||||||||
|
|
||||||||||||
| For systems using the traditional OSTree backend, bootc relies on OSTree's built-in boot failure detection mechanisms. | ||||||||||||
|
|
||||||||||||
| ### Key Services | ||||||||||||
|
|
||||||||||||
| 1. **`ostree-finalize-staged.service`** - Runs during shutdown to finalize staged deployments | ||||||||||||
| 2. **`ostree-boot-complete.service`** - Runs early in boot to detect finalization failures | ||||||||||||
|
|
||||||||||||
| When `ostree-finalize-staged.service` fails during shutdown/reboot, this will create | ||||||||||||
| a stamp file in `/boot`, and then on a subsequent reboot the `ostree-boot-complete.service` | ||||||||||||
| service will detect it, and then itself exit with a failure mode. | ||||||||||||
|
|
||||||||||||
| You can monitor the success of both services, though for `ostree-finalize-staged.service` | ||||||||||||
| note that the failure occurred during the previous boot's shutdown. | ||||||||||||
|
Comment on lines
+22
to
+23
Contributor
There was a problem hiding this comment. This sentence is a bit long and could be clearer. Consider splitting it or rephrasing the latter part for improved readability.
Suggested change
|
||||||||||||
|
|
||||||||||||
|
|
||||||||||||
| ## Composefs Backend Boot Failure Detection | ||||||||||||
|
|
||||||||||||
| ### Key Services | ||||||||||||
|
|
||||||||||||
| There is a `bootc-finalize-staged.service` which is similar to `ostree-finalize-staged.service`, | ||||||||||||
| but there is not currently a similar `-boot-complete.service`. There is also a `bootc-root-setup.service` | ||||||||||||
| that runs during initramfs to mount the composefs image and set up `/etc` and `/var` - but if this | ||||||||||||
| service fails, the system will not boot at all (emergency mode or hang). | ||||||||||||
|
Comment on lines
+30
to
+33
Contributor
There was a problem hiding this comment. This sentence is quite long and contains multiple clauses. Splitting it into two or more sentences would significantly improve readability.
Suggested change
|
||||||||||||
|
|
||||||||||||
| At the current time then, it is recommended to check the journal for failures from the previous boot: | ||||||||||||
|
Contributor
There was a problem hiding this comment. The word "then" in "At the current time then" is redundant and can be removed for conciseness.
Suggested change
|
||||||||||||
|
|
||||||||||||
| ```bash | ||||||||||||
| # Check for finalization failures from previous boot | ||||||||||||
| journalctl -u bootc-finalize-staged.service -b -1 | ||||||||||||
| ``` | ||||||||||||
|
|
||||||||||||
| ### Systemd Boot Assessment Integration | ||||||||||||
|
|
||||||||||||
| As of a recent OSTree with [this commit](https://github.com/ostreedev/ostree/commit/08487091256b93493f8d692e37ab3d892c758da1) | ||||||||||||
| it is possible to configure the boot loader entry counting. | ||||||||||||
|
|
||||||||||||
| At the current time, the composefs backend does not configure boot entry counting, this is likely to be added in the future. | ||||||||||||
|
Contributor
There was a problem hiding this comment. Statements about future plans like "this is likely to be added in the future" can quickly become outdated in documentation. It's generally better to state the current facts or phrase it more cautiously, e.g., "This feature is planned for future releases" or simply omit it if it's not critical for understanding the current state.
Suggested change
|
||||||||||||
|
|
||||||||||||
| ## See Also | ||||||||||||
|
|
||||||||||||
| - [systemd Automatic Boot Assessment](https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT/) | ||||||||||||
| - [OSTree Manual](https://ostreedev.github.io/ostree/) | ||||||||||||
| - [bootc-rollback(8)](man/bootc-rollback.8.md) | ||||||||||||
| - [bootc-status(8)](man/bootc-status.8.md) | ||||||||||||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The phrasing "and then itself exit with a failure mode" is a bit awkward. Consider rephrasing for better clarity and flow.