Skip to main content

Locksmith: Removing the "best-effort" strategy in favor of the "reboot" strategy

 

Locksmith is the component included in CoreOS Container Linux that manages machine reboots after an update has been downloaded. This is a critical part of the operating system that we’ve had in place since the launch of our distribution, and today is part of the reason why when a security vulnerability is released we can update every auto-updating Container Linux machine on the order of hours.

Locksmith has four update strategies:

  • etcd-lock: acquire a lock in etcd before rebooting and release it after the reboot is successful, to ensure that only a set number of machines are down at one time
  • reboot: simply reboot after an update
  • off: don’t reboot after an update (this is not recommended since it will delay the application of updates)
  • best-effort: if etcd is running on the current host, then follow the etcd-lock strategy, otherwise follow the reboot strategy

Today the best-effort strategy is what a Container Linux machine will do without any configuration. Unfortunately, there are issues with this strategy which makes it difficult to understand exactly how the software will behave; and these issues are fundamental to the design of the best-effort configuration.

The best-effort strategy has been marked as deprecated for over a year now, and will be removed from Locksmith beginning on September 14, 2017 starting in the Container Linux Alpha channel and subsequently removed from the Beta and Stable channels. The reboot strategy will become the default behavior for Locksmith. Users that rely on an unconfigured Container Linux machine defaulting to the etcd-lock strategy will need to configure their machines to explicitly use etcd-lock by this date, by running the command echo “REBOOT_STRATEGY=etcd-lock” | sudo tee --append /etc/coreos/update.conf. This configuration can also be done via a Container Linux Config.

Moving forward we are working to better integrate Locksmith functionality into the rest of the CoreOS stack, including Kubernetes. If you are using Locksmith with Kubernetes today, please sign up to get notified about our upcoming CoreOS Tectonic for Kubernetes release, which will include an improved Locksmith-like feature that integrates directly with Kubernetes.

Learn about Container Linux and more at CoreOS Fest, May 31-June 1, in San Francisco.