There are two types of metadata relevant to FCOS releases. We should publish each type in a unified machine-readable format.
Proposal
Release metadata
Release metadata is associated with a particular OS version. It should include:
- The stream name, version number, and release notes
- The Pungi compose ID from which packages were sourced
- Image identifiers for each tuple of (platform, CPU architecture, region). For example, on AWS there is an AMI ID per region. On GCP there is one image name across the entire platform. On all platforms there is an associated image artifact; we could also include its content hash.
Release metadata is populated incrementally, but each field should be immutable once added. For example, we might need to publish an urgent security release while an AWS region is down. In this case, we'd provide the available AMI IDs, and backfill the metadata once we got an AMI published into the lagging region. Platforms with slow publishing processes (such as AWS Marketplace) might always need their image IDs backfilled after the release.
There's been some discussion of storing release metadata as ostree detached metadata (coreos/coreos-assembler#189 (comment)) or in a Git repo (coreos/coreos-assembler#203). Perhaps release metadata should be signed.
Stream metadata
Stream metadata is associated with a stream. It should give the currently-recommended OS version, image ID, and artifact URL for the stream, separately for each platform (and region, where appropriate). Most of the time, stream metadata will just be a refactored version of the release metadata for the current release on the stream. However, operational issues may require divergence from the current release, such as:
- Holding certain platforms or regions at a previous release
- Reverting certain platforms or regions to a previous release after updating them to the current release
Stream metadata might also include the target OS version for updates, to be consumed by the Cincinnati graph builder (#83). Operational issues may sometimes require this to be different from the target version for new installs.
Tooling should perform on-demand sync of stream metadata from current release metadata, subject to overrides specified via explicit configuration. Those overrides should allow replacing certain stream metadata elements with corresponding elements from a specified older release, or from manually specified metadata.
Stream metadata for each production stream should be available at a well-known HTTP endpoint, perhaps in the form of a static JSON document generated by a site builder. Perhaps it should be signed. Metadata history should be recorded, perhaps in a Git repo.
cc @cgwalters
There are two types of metadata relevant to FCOS releases. We should publish each type in a unified machine-readable format.
Proposal
Release metadata
Release metadata is associated with a particular OS version. It should include:
Release metadata is populated incrementally, but each field should be immutable once added. For example, we might need to publish an urgent security release while an AWS region is down. In this case, we'd provide the available AMI IDs, and backfill the metadata once we got an AMI published into the lagging region. Platforms with slow publishing processes (such as AWS Marketplace) might always need their image IDs backfilled after the release.
There's been some discussion of storing release metadata as ostree detached metadata (coreos/coreos-assembler#189 (comment)) or in a Git repo (coreos/coreos-assembler#203). Perhaps release metadata should be signed.
Stream metadata
Stream metadata is associated with a stream. It should give the currently-recommended OS version, image ID, and artifact URL for the stream, separately for each platform (and region, where appropriate). Most of the time, stream metadata will just be a refactored version of the release metadata for the current release on the stream. However, operational issues may require divergence from the current release, such as:
Stream metadata might also include the target OS version for updates, to be consumed by the Cincinnati graph builder (#83). Operational issues may sometimes require this to be different from the target version for new installs.
Tooling should perform on-demand sync of stream metadata from current release metadata, subject to overrides specified via explicit configuration. Those overrides should allow replacing certain stream metadata elements with corresponding elements from a specified older release, or from manually specified metadata.
Stream metadata for each production stream should be available at a well-known HTTP endpoint, perhaps in the form of a static JSON document generated by a site builder. Perhaps it should be signed. Metadata history should be recorded, perhaps in a Git repo.
cc @cgwalters