kubesolo-os/update/main.go

// kubesolo-update is the atomic update agent for KubeSolo OS.
//
// It manages A/B partition updates with automatic rollback:
//
//	kubesolo-update check          Check for available updates
//	kubesolo-update apply          Download + write update to passive partition
//	kubesolo-update activate       Set passive partition as next boot target
//	kubesolo-update rollback       Force rollback to other partition
//	kubesolo-update healthcheck    Post-boot health verification
//	kubesolo-update status         Show current A/B slot and boot status
//	kubesolo-update sign           Sign update artifacts with Ed25519 key
//	kubesolo-update genkey         Generate new Ed25519 signing key pair
//	kubesolo-update metrics        Start Prometheus-compatible metrics server
package main

import (
	"fmt"
	"log/slog"
	"os"

	"github.com/portainer/kubesolo-os/update/cmd"
)

func main() {
	slog.SetDefault(slog.New(slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{
		Level: slog.LevelInfo,
	})))

	if len(os.Args) < 2 {
		usage()
		os.Exit(1)
	}

	var err error
	switch os.Args[1] {
	case "check":
		err = cmd.Check(os.Args[2:])
	case "apply":
		err = cmd.Apply(os.Args[2:])
	case "activate":
		err = cmd.Activate(os.Args[2:])
	case "rollback":
		err = cmd.Rollback(os.Args[2:])
	case "healthcheck":
		err = cmd.Healthcheck(os.Args[2:])
	case "status":
		err = cmd.Status(os.Args[2:])
	case "sign":
		err = cmd.Sign(os.Args[2:])
	case "genkey":
		err = cmd.GenKey(os.Args[2:])
	case "metrics":
		err = cmd.Metrics(os.Args[2:])
	default:
		fmt.Fprintf(os.Stderr, "unknown command: %s\n\n", os.Args[1])
		usage()
		os.Exit(1)
	}

	if err != nil {
		slog.Error("command failed", "command", os.Args[1], "error", err)
		os.Exit(1)
	}
}

func usage() {
	fmt.Fprintf(os.Stderr, `Usage: kubesolo-update <command> [options]

Commands:
  check        Check for available updates
  apply        Download and write update to passive partition
  activate     Set passive partition as next boot target
  rollback     Force rollback to other partition
  healthcheck  Post-boot health verification (marks boot successful)
  status       Show current A/B slot and boot status
  sign         Sign artifacts with Ed25519 private key (build system)
  genkey       Generate new Ed25519 signing key pair
  metrics      Start Prometheus-compatible metrics HTTP server

Options:
  --server URL          HTTP update server (mutually exclusive with --registry)
  --registry REPO       OCI registry repository, e.g. ghcr.io/portainer/kubesolo-os
                        (mutually exclusive with --server)
  --tag TAG             OCI tag to pull (default: channel name, then "stable")
  --conf PATH           update.conf path (default: /etc/kubesolo/update.conf)
  --state PATH          Update state file (default: /var/lib/kubesolo/update/state.json)
  --channel NAME        Update channel (default: "stable", or value from update.conf)
  --maintenance-window  HH:MM-HH:MM local time window; apply refuses outside it
  --force               Bypass maintenance-window check
  --grubenv PATH        Path to grubenv file (default: /boot/grub/grubenv)
  --timeout SECS        Health check timeout in seconds (default: 120)
  --pubkey PATH         Ed25519 public key for signature verification (optional)
  --json                For 'status': emit JSON instead of human-readable output

Examples:
  kubesolo-update apply --server https://updates.example.com
  kubesolo-update apply --registry ghcr.io/portainer/kubesolo-os --tag stable
  kubesolo-update apply --force                      # uses /etc/kubesolo/update.conf
  kubesolo-update healthcheck
  kubesolo-update status --json
`)
}