Transactional Roll-backs and upgrades [preview]

Energia Open Source

Powered by Open Source

Transactional Roll-backsand Upgrades

John Thomson: [email protected]

Paulo Trezentos: [email protected]

http://twitter.com/PauloTrezentosPartner / Technical Director

Monday 1st February [preview][Sunday, 7th February 2010]

Presented by:

mailto:[email protected]

mailto:[email protected]

Energia Open Source

07.02.2010 Transactional Rollbacks and Upgrades 2


OverviewAn overview of what Caixa Mágica does.MANCOOSI projectRoll-back

DefinitionTypes of roll-backAs part of a bigger system

DSLDefinitionExample

ApproachImplementationConclusion[Demonstration] + Q&A

Energia Open Source



A brief summary of Caixa Mágica Software and an overview of what we do:Caixa Mágica is a software and solutions providerfor GNU/Linux based Free/Open Source Software(FOSS) Systems, based in Lisbon, Portugal.Linux- Caixa Mágica 14 is the main LinuxDistribution available in Portugal.Caixa Mágica work with national companies, the Government

and with European partners to promote Open Source in all aspects of work.

Over 600,000 Linux CM systems installed (single & dual boot)Next slides One of the key projects that we are working on is →

the MANCOOSI project. Working on various aspects of Package Upgrade problems including solvers, distribution independent meta-data as well as Transactional Roll-back that I will be discussing.

Energia Open Source



European based research projectsCaixa Mágica works in many multi-national European based

research projects. After the conclusion of the EDOS (EU FP6 STREP) based project it is now actively working on another, MANCOOSI.

Many other projects in the pipeline and that have been bidded for.

Work with a multitude of top-tier Universities and research institutions.

Energia Open Source



About MANCOOSI

MANCOOSI - Managing the complexity of open source software. www.mancoosi.org - Many branches of work to solve package management issues that have been identified through EDOS project.

Jeff Johnson will present Transactionally Protected Package Management for @rpm5.org implementation of roll-back.

Stefano Zacchiroli will present Cross-distro dependency resolution as part of the work for MANCOOSI in a different stream.

Aim is to investigate package upgrades on computer systems and to develop a framework from which roll-back and pre-analysed upgrade plans are possible.

Energia Open Source



Roll-back as simple as traversing time?

Energia Open Source



What does roll-back mean, really?In terms of package configuration, roll-back is the process of

inverting the changes to the system made by package upgrades to get back to a particular system state.

Many other mechanisms out there that work on using file system snapshots/saving the state, (next slide).

The mechanism is one part of Transactionally Protected Package Management that Jeff Johnson will speak about in his presentation later. Our method for allowing roll-back is one part of a much bigger mechanism that allows for deterministic system configurations.

Installation TimelinePkgFoo v 1.00Time: 10.00pm

PkgFoo v 2.00Time: 10.20pm

Roll-back, possible?

S1 S2

Energia Open Source



Different types of roll-backConary as a 2nd Generation Package Manager, aims to

meet many short-comings of current meta-installers. Used in Linux Distributions such as Foresight Linux.

Augeas, is a configuration management tool thatmakes manipulating config files from the shell much easier

and possible through other language bindings.ZFS, used by Nexenta is an example of a file-system,

snapshot mechanism that uses the storage available to snapshot several system states.

NixOS is a non-LSB based system that re-thinks how files and resources are used to try and make all files purely functional and so don't require installing per-se.

Other mechanisms e.g. etckeeper being developed by Fedora also try and capture configuration files into a VCS.

Energia Open Source



Difficulties of Roll-backPackage maintainers tend to think in the forward direction of

upgrading packages and trying to maintain compatibility for subsequent versions. Working in the reverse direction is a relatively unheard of concept.

The idea of roll-back is squarely placed against the idea that programs and their maintainers improve upon packages in each iteration. Downgrade is seen as a negative process.

If it was neccessary it would have already have been done, or would it?

Rolling-back changes is 'only' needed when a package fails to work on the system, so a better dependency and conflict checker is more important than roll-back?

There may be cases where roll-back is impossible using the techniques that we have investigated, or possibly at all.

Energia Open Source



Roll-back is one part of a bigger pictureAbility to undo package upgrade/install is just one benefit of

having a system that can capture the package configuration state and maintain a deterministic transition model of the system.

By examining the current maintainer scripts and templates provided by programs such as deb-helper and rpm-helper we have defined a language that can assist which cannot be addressed by current meta-installers or maintainer scripts.

Transactionaly Protected Package Management (TPPM) is what we are aiming to move towards. Presentation of same topic name by Jeff Johnson at 2:45pm, in the same room.

roll-back TPPM

roll-back

Energia Open Source



What is the Domain Specific Language (DSL) and what does it achieve?The DSL is a language used to abstract from the system and

represent it in such a way as to be able to solve a particular problem that we identified.

In our case, the DSL is focused on analysing package maintainer scripts and detecting how they interoperate on a system that we have modelled as well.

We designed the DSL not to be a Turing Complete Language like BASH but rather something where we can focus on particular details we wish to examine.

The DSL is a language designed to capture the details of the vast majority of common maintainer scripts and then to be refined with subsequent versions and to increase coverage.

We wish to capture the functional aims of a large number of maintainer scripts and to improve coverage until cases where DSL will work is the norm.

Energia Open Source



Domain Specific Language (DSL) ExampleThe DSL has been created to assist with some of the problems

discovered and analysed by prior research.Using cups.spec %post example from CUPS-1.4.2%post

dslstart postinst_init(cups)/sbin/chkconfig add cups

/sbin/chkconfig cups on

dslend postinst_init(cups)

# Restart cupsd if we are upgrading...

dslstart post_init_restart(cups)

if test $1 gt 1; then

/sbin/service cups stop

/sbin/service cups start

fi

dslend post_init_restart(cups)

Matched DSL Pair

Matched DSL Pair

Energia Open Source



Example continued, Log

dslID TID parentID DSL_CMD bhINVERSE

1 1 1 start postinst_init(cups) TRUE

2 1 1 end postinst_init(cups) TRUE

3 1 1 start post_init_restart(cups) TRUE

4 1 1 end post_init_restart(cups) TRUE

rbHist

id parent op pkgName pkgVer1 pkgVer2 dateTime

1 1 inst cups 0 1.4.2 2010-01-30pkgHist

Energia Open Source



Transactions- what happens if a maintainer script fails?If a maintainer script fails in the middle of one of the operations

will have a log like this

Transaction has quite obviously failed. No matching end for a DSL command reached. Odd number of elements etc.

Perform a roll-back for all matching sub-transaction ID elements, but in the reverse order with certain constraints.

If a set of script elements cannot perform roll-back in the middle of operating, then don't create a dsl tag.

dslID TID parentID DSL_CMD bhINVERSE

1 1 1 start postinst_init(cups) TRUE

2 1 1 end postinst_init(cups) TRUE

3 1 1 start post_init_restart(cups) TRUE

Energia Open Source



Our approach for roll-backAfter investigation into the problem and looking at state-of-the-

art systems we decided on an approach where we use a Domain Specific Language (DSL).

By creating a model of the system in terms of the new language and by representing the changes in the state of the system performed by package upgrades in terms of DSL we aim to be able to a-priori investigate the target configuration.

If a package upgrade fails, at that moment, we leave our system potentially in an un-known state and run the risks of having an inconsistent amount of files in an upgraded state.

We propose a hybrid mechanism where we use DSL to monitor the package configuration state and if that does not work, to revert back to a system-call trapping mechanism.

Energia Open Source



Our approach as a diagramAiming to add to apt-rpm (and eventually

other meta-installers) a branch.From that branch:

Pre-check/simulate the possible outcome of a package upgrade

Use the additional syntax to drive package state transitions.

Many methods for tackling the problem. We are trying to amalgamate some of the methods that we think work.

Energia Open Source



Modifying apt-rpm to include roll-back features.DSL approach uses many new elements built into apt-rpm.We first want to check if the simulator that is possible using our new approach, detects whether or not there is likely to be a package configuration failure.Even if the simulator does not detect a failure it does not mean that the actual configuration will fail on the system. This is a compromise taken to abstract from the system in the model.Next we replace the traditional configuration script running, which is run by an agnostic meta-installer and instead run our DSL commands.By keeping our commands in a log and knowing how the system modified we should be able to perform roll-back.

model_simulator ( )

DSL_interpreter_pre ( )

run_transaction ()

Apt

DSL_interpreter_post ( )

Energia Open Source



System Integration

model_simulator ( )

DSL_reverse_post ( )

run_transaction ()

Apt

DSL_reverse_pre ( )

For executing the roll-back statements we will have a log of the DSL commands executed in-sequence. To perform the roll-back we need to run the inverse statements associated with those commands in the reverse order.The reason for having the simulator at this stage is to pre-check that if the package configuration can be rolled-back whether it will leave an erroneus state. As we upgraded from that state we hope in most cases the answer will be that it is possible.As we are performing a LIFO style roll-back we run post commands before we run the pre statements.

Energia Open Source



WP2

ArchitectureModified Package as input -> DSL extracted -> Log storage and

simulator -> Mechanism for executing roll-backs -> Maintenance of scripts etc.

.spec file%post/sbin/chkconfig --add cups/sbin/chkconfig cups on...

Inject DSLdslstart postinst_init(cups)dslend postinst_init(cups) Logs

SQLite DB

Simulator

Roll-back

Modified System State

User I/P

Apt-rpm

Energia Open Source



Overall approachAnalyse maintainer scripts for common themes as per work

D3.2.Identify common themes in scripts and functional elements.Use these common elements as the basis for a first version of

the DSL and release that version.Modify standard maintainer scripts to include DSL commands

link to binary files or some other mechanism. We have →chosen to add dsl commands into the modified .spec files.

Log DSL elements into a SQLite database so that they can be captured, replayed or otherwise analysed.

Develop a roll-back mechanism that uses the log + stored info in the VCS to recover the original state of the machine →ACID?

Energia Open Source



ResultsInsert a table comparing approaches (snapshot, syscall, DSL)

with advantages & disadvantages

* Not sure how this would work quite yet. *

Energia Open Source



ConclusionRoll-back for package configuration is not as simple as it might

initially seem. There are certain commands which use information out of the grasp and control of the system, such as opening sockets to external servers and modifying information held on them.

Need to consider the problems oflibraries being upgraded andimplicit dependencies onparticular versions that may nothave explicit connections.Using the DSL we aim to removea lot of the failures in packageupgrades that occur when files areupdated out of order.

Energia Open Source



Questions?Thank you for listening. I hope that it was interesting and that

you have some questions to ask.

Technology

Transactional Roll-backs and upgrades [preview]