How to upgrade CoreOS manually

upgrade-coreos.md

Before upgrading, make sure you are allowing insecure registry access, or your newer docker won't be able to talk to the Deis registry:

sudo bash -c 'mkdir -p /etc/systemd/system/docker.service.d/; cat <<EOF > /etc/systemd/system/docker.service.d/50-insecure-registry.conf
[Service]
Environment="DOCKER_OPTS=--insecure-registry 10.0.0.0/8 --insecure-registry 172.16.0.0/12 --insecure-registry 192.168.0.0/16"
EOF
'

To kick off the upgrade:

sudo bash -ec 'uname -a && cat /etc/lsb-release && \
echo GROUP=stable > /etc/coreos/update.conf && \
systemctl unmask update-engine.service && \
systemctl start update-engine.service && \
update_engine_client -update && \
reboot'

After the reboot, wait a few minutes until you see that the grub boot flags have been updated:

journalctl -u update-engine.service | grep "boot flags"

After grub has been updated, stop the update-engine service and re-mask it:

sudo bash -ec 'systemctl stop update-engine.service && \
systemctl mask update-engine.service'

More information is available in Deis issue #3155 and CoreOS issue #262

How is this better than just doing a update_engine_client -update?

+1 to @jobinar

@jobinar well, at least it allows you to change the update channel of coreOS in one shot

What should the boot flag update look like? I'm trying to script a manual update, and I want the update engine to turn off when it is done, but I'm not sure how to detect when the boot flags have been set (other than when the update has been run twice, and then I see Already updated boot flags. Skipping.).

Nevermind, after reading the Deis issue linked above, I found:

Only after this output from `journalctl -u update-engine.service`
`[0226/232543:INFO:update_attempter.cc(674)] Updating boot flags...`
is safe to disable the update-engine service.

I had assumed the ... meant it was still working on it.