Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
How to upgrade CoreOS manually

Before upgrading, make sure you are allowing insecure registry access, or your newer docker won't be able to talk to the Deis registry:

sudo bash -c 'mkdir -p /etc/systemd/system/docker.service.d/; cat <<EOF > /etc/systemd/system/docker.service.d/50-insecure-registry.conf
[Service]
Environment="DOCKER_OPTS=--insecure-registry 10.0.0.0/8 --insecure-registry 172.16.0.0/12 --insecure-registry 192.168.0.0/16"
EOF
'

To kick off the upgrade:

sudo bash -ec 'uname -a && cat /etc/lsb-release && \
echo GROUP=stable > /etc/coreos/update.conf && \
systemctl unmask update-engine.service && \
systemctl start update-engine.service && \
update_engine_client -update && \
reboot'

After the reboot, wait a few minutes until you see that the grub boot flags have been updated:

journalctl -u update-engine.service | grep "boot flags"

After grub has been updated, stop the update-engine service and re-mask it:

sudo bash -ec 'systemctl stop update-engine.service && \
systemctl mask update-engine.service'

More information is available in Deis issue #3155 and CoreOS issue #262

@jobinar

This comment has been minimized.

Copy link

commented Aug 4, 2016

How is this better than just doing a update_engine_client -update?

@FranklinYu

This comment has been minimized.

Copy link

commented Aug 14, 2016

+1 to @jobinar

@KenanSulayman

This comment has been minimized.

Copy link

commented Jun 1, 2017

@jobinar well, at least it allows you to change the update channel of coreOS in one shot

@bhperry

This comment has been minimized.

Copy link

commented Feb 12, 2019

What should the boot flag update look like? I'm trying to script a manual update, and I want the update engine to turn off when it is done, but I'm not sure how to detect when the boot flags have been set (other than when the update has been run twice, and then I see Already updated boot flags. Skipping.).

@bhperry

This comment has been minimized.

Copy link

commented Feb 12, 2019

Nevermind, after reading the Deis issue linked above, I found:

Only after this output from `journalctl -u update-engine.service`
`[0226/232543:INFO:update_attempter.cc(674)] Updating boot flags...`
is safe to disable the update-engine service.

I had assumed the ... meant it was still working on it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.