CoreOS believes the ability to easily and automatically update software is the most effective way to improve server security.
To do so, they have implemented the Omaha update protocol, defined by Google for the Chrome web browser on Windows. The features provided by this protocol are:
- Atomicity
- Coordination
- Automatic rollback
The disturbing concepts are :
- Updates are "pushed"
- Updates are automatically installed
Official links from CoreOS:
The update-engine
is the program in charge of:
- Downloading the update
- Installing the update
- And asking for a reboot to apply the update
The Omaha protocol has a concept of "coordination" with "canary" servers, update window, ... but the
update-engine
is not in charge of it. This task is delegated to thelocksmith
utility tool.
locksmith is a reboot manager for the CoreOS update engine which uses etcd to ensure that only a subset of a cluster of machines are rebooting at any given time.
locksmithd
runs as a daemon on CoreOS machines and is responsible for controlling the reboot behaviour after updates.
CoreOS "pushes" the updates... but,
- How can I control which update is pushed to my clusters ?
- How can I control when the updates are applied ?
- How can I see and visualize the state of the nodes ?