-
Does anyone happen to know what process or timeline is in place for when a new OS version is released and the release information making it's way into the TUF repository at https://updates.bottlerocket.aws ? With the recent CVE effecting 1.18.0, I was eager to see the bottlerocket-update-operator having updated the nodes overnight in my clusters, but it sees no updates. After connecting to the node and executing |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
Hello @sethfduke, this is a great question. There are a couple things going on so I'll try to address both the general and the specific. Generally how updates workA wave schedule is chosen for each release and encoded to the repo. See https://github.com/bottlerocket-os/bottlerocket/tree/develop/sources/updater/waves for a bit more about these files. What this means is that each release has its own dates encoded into it about when waves start and finish. By default, tools like brupop (bottlerocket-update-operator) will respect the setting for waves since under the hood, they are calling Skipping wavesIf you want to ignore this wave schedule, you can configure this in the api: https://bottlerocket.dev/en/os/1.18.x/api/settings/updates/#ignore-waves. This will have the update system ignore the waves and determine what the latest is from the TUF repo directly without accounting for the wave schedule for any given release. This can be useful to speed up an update so that all nodes will see the latest update immediately. Just keep in mind this will remain set after the update and the nodes will continue to ignore waves until the setting is removed. Specifics about 1.19.0We chose the accelerated wave schedule and it starts on 2024-02-05 to avoid folks being surprised by an aggressive update right before most people's weekend. You can find the wave schedule by downloading the
Now that you have the file, you can look at the data for a particular release (1.19.0 in this case) if you parse it with
As you can see, the wave starts at 2024-02-05T19:00:00Z and will move through quickly to provide the update to all nodes. So if you don't choose to skip the window, all the nodes will see 1.19.0 sometime over that window. So if you want to take 1.19.0 more quickly, you would need to set |
Beta Was this translation helpful? Give feedback.
Hello @sethfduke, this is a great question. There are a couple things going on so I'll try to address both the general and the specific.
Generally how updates work
A wave schedule is chosen for each release and encoded to the repo. See https://github.com/bottlerocket-os/bottlerocket/tree/develop/sources/updater/waves for a bit more about these files. What this means is that each release has its own dates encoded into it about when waves start and finish. By default, tools like brupop (bottlerocket-update-operator) will respect the setting for waves since under the hood, they are calling
apiclient update check
like you called out.Skipping waves
If you want to ignore this wave schedule, yo…