12.08.2014 11:49, Matthias G. Eckermann пишет:
In that context several options have been considered how to implement this. As described, we have two cases: 1. Boot fails -> reboot into an RO snapshot 2. From a running system reboot into an older state
In the case #2, you can (by accident) reboot the system into an older state remotely (via ssh), but network does not start with RO root. That could be the problem.
We consider #2 the case which more often will be used (Actively rollback), while #1 (Boot totally fails) is considered a "worst case" situation, which hopefully nobody ever runs into, yet where having a RO snapshot to boot into is more than any, let's say, "mainstream" Linux distribution offered in the past.
No doubts.
There are a few challenges on the way though, e.g. how to realize that boot failed (without special hardware), how to implement this on all hardware architectures (there is a world beyond x86-64!). Ideas welcome, ...
For ARM, u-boot probably can boot from btrfs also, but not sure. The single one possibility I see is to mark somehow the snapshot. Then bootloader clear the flag before the booting and systemd set the flag after the boot (or doesn't mark if the boot was failed). Then the question is how to return to bootloader after failed boot. I see two possibilities here either reboot_on_panic or use watchdog timer. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org