feature: enable manual rollback

.pipelines/templates/stages/testing_rollback/testing-template.yml

@@ -41,13 +41,18 @@ parameters:
   - name: skipManualRollbackTesting
     displayName: "Skip manual rollback testing"
     type: string
-    default: "true"
+    default: "false"
 
   - name: skipRuntimeUpdateTesting
     displayName: "Skip runtime update testing"
     type: string
     default: "false"
 
+  - name: skipNetplanRuntimeTesting
+    displayName: "Skip netplan runtime testing"
+    type: string
+    default: "false"
+
 jobs:
   - job: RollbackTesting_${{ replace(parameters.flavor, '-', '_') }}
     displayName: Rollback Testing - ${{ parameters.flavor }}
@@ -135,6 +140,10 @@ jobs:
             # Allow testing for non-extension scenarios
             STORM_DYNAMIC_FLAGS="$STORM_DYNAMIC_FLAGS --skip-extension-testing"
           fi
+          if [ "${{ parameters.skipNetplanRuntimeTesting }}" == "true" ]; then
+            # skip netplan runtime testing
+            STORM_DYNAMIC_FLAGS="$STORM_DYNAMIC_FLAGS --skip-netplan-runtime-testing"
+          fi
 
           sudo ./bin/storm-trident run rollback -a $STORM_DYNAMIC_FLAGS \
             --artifacts-dir $(Build.ArtifactStagingDirectory) \

.pipelines/templates/stages/testing_rollback/vm-testing.yml

@@ -118,25 +118,24 @@ stages:
               verboseLogging: ${{ parameters.verboseLogging }}
               platform: qemu
               flavor: qemu-grub
-              skipExtensionTesting: false
-              skipRuntimeUpdateTesting: false
       - ${{ if eq(parameters.includeQemu, true) }}:
           - template: testing-template.yml
             parameters:
               updateCheckTimeoutInMinutes: ${{ parameters.updateCheckTimeoutInMinutes }}
               verboseLogging: ${{ parameters.verboseLogging }}
               platform: qemu
               flavor: qemu
-              # qemu image is grub + root verity. in this setup, Image Customizer cannot add
-              # an extension to the servicing qcow2
+              # For qemu w/ root-verity, only test rollback of A/B update because:
+              #   * extensions cannot be added to qcow2; IC cannot modify verity volume
+              #   * netplan runtime changes cannot be made to config file on verity rootfs
+              #   * without extensions and netplan, runtime updates will service nothing
               skipExtensionTesting: true
-              skipRuntimeUpdateTesting: false
+              skipRuntimeUpdateTesting: true
+              skipNetplanRuntimeTesting: true
       - ${{ if eq(parameters.includeUKI, true) }}:
           - template: testing-template.yml
             parameters:
               updateCheckTimeoutInMinutes: ${{ parameters.updateCheckTimeoutInMinutes }}
               verboseLogging: ${{ parameters.verboseLogging }}
               platform: qemu
               flavor: uki
-              skipExtensionTesting: false
-              skipRuntimeUpdateTesting: false

Cargo.toml

@@ -65,7 +65,7 @@ reqwest = { version = "0.12.9", features = [
     "default-tls",
 ], default-features = false } # "http2" is enabled by default but causes a (false positive) CG alert
 schemars = { version = "0.8.21", features = ["url", "uuid1"] }
-semver = "1.0.23"
+semver = { version = "1.0.23", features = ["serde"] }
 serde = { version = "1.0.215", features = ["derive"] }
 serde_json = "1.0.133"
 serde_variant = "0.1.3"

crates/osutils/src/efivar.rs

@@ -136,7 +136,7 @@ pub fn read_current_var() -> Result<String, TridentError> {
     Ok(decode_utf16le(&data))
 }
 
-/// Sets the LoaderEntryDefault EFI variable to the current boot entry
+/// Sets the LoaderEntryDefault EFI variable to the current boot entry.
 pub fn set_default_to_current() -> Result<(), TridentError> {
     let current = read_efi_variable(BOOTLOADER_INTERFACE_GUID, LOADER_ENTRY_SELECTED)?;
     debug!(

crates/osutils/src/netplan.rs

@@ -1,4 +1,9 @@
-use std::{fs, path::Path};
+use std::{
+    fs::{self, OpenOptions},
+    io::Write,
+    os::unix::fs::OpenOptionsExt,
+    path::Path,
+};
 
 use anyhow::{Context, Error};
 use const_format::formatcp;
@@ -19,7 +24,16 @@ pub const NETPLAN_BACKUP_FILE: &str = formatcp!("{NETPLAN_BACKUP_DIR}{TRIDENT_NE
 /// Writes the given network configuration to Trident's netplan config file.
 pub fn write(value: &NetworkConfig) -> Result<(), Error> {
     debug!("Writing netplan config to {}", TRIDENT_NETPLAN_FILE);
-    fs::write(TRIDENT_NETPLAN_FILE, render_netplan_yaml(value)?)
+    OpenOptions::new()
+        .write(true)
+        .create(true)
+        .truncate(true)
+        .mode(0o600)
+        .open(TRIDENT_NETPLAN_FILE)
+        .with_context(|| {
+            format!("Failed to open netplan configuration file {TRIDENT_NETPLAN_FILE}")
+        })?
+        .write_all(render_netplan_yaml(value)?.as_bytes())
         .with_context(|| format!("Failed to write netplan config to {TRIDENT_NETPLAN_FILE}"))
 }
 

crates/trident/Cargo.toml

@@ -31,6 +31,7 @@ procfs = { workspace = true }
 rayon = { workspace = true }
 regex = { workspace = true }
 reqwest = { workspace = true }
+semver = { workspace = true }
 serde = { workspace = true }
 serde_json = { workspace = true }
 serde_yaml = { workspace = true }

crates/trident/src/cli.rs

@@ -166,6 +166,37 @@ pub enum Commands {
         history_path: Option<PathBuf>,
     },
 
+    /// Trigger a manual rollback to previous state
+    Rollback {
+        /// Check operation that would be performed
+        #[arg(long)]
+        check: bool,
+
+        /// Invoke rollback only if next available rollback is runtime rollback.
+        /// If allowed-operations is specified, this argument is only applicable for
+        /// stage operation and will be ignored for finalize.
+        #[arg(long, conflicts_with = "ab")]
+        runtime: bool,
+
+        /// Invoke next available A/B rollback.
+        /// If allowed-operations is specified, this argument is only applicable for
+        /// stage operation and will be ignored for finalize.
+        #[arg(long, conflicts_with = "runtime")]
+        ab: bool,
+
+        /// Comma-separated list of operations that Trident will be allowed to perform
+        #[clap(long, value_delimiter = ',', num_args = 0.., default_value = "stage,finalize")]
+        allowed_operations: Vec<AllowedOperation>,
+
+        /// Path to save the resulting Host Status
+        #[clap(short, long)]
+        status: Option<PathBuf>,
+
+        /// Path to save an eventual fatal error
+        #[clap(short, long)]
+        error: Option<PathBuf>,
+    },
+
     #[cfg(feature = "dangerous-options")]
     StreamImage {
         /// URL of the image to stream
@@ -216,6 +247,7 @@ impl Commands {
             #[cfg(feature = "dangerous-options")]
             Commands::StreamImage { .. } => "stream-image",
             Commands::Daemon { .. } => "daemon",
+            Commands::Rollback { .. } => "rollback",
         }
     }
 }
@@ -231,4 +263,6 @@ pub enum GetKind {
     Configuration,
     Status,
     LastError,
+    RollbackChain,
+    RollbackTarget,
 }

crates/trident/src/datastore.rs

@@ -1,14 +1,17 @@
 use std::{fs, path::Path};
 
 use log::debug;
+use sqlite::State;
 
 use trident_api::{
     error::{
         DatastoreError, InternalError, ReportError, ServicingError, TridentError, TridentResultExt,
     },
-    status::{decode_host_status, HostStatus},
+    status::{decode_host_status, HostStatus, TridentVersion},
 };
 
+use crate::TRIDENT_SEMVER_VERSION;
+
 pub struct DataStore {
     db: Option<sqlite::Connection>,
     host_status: HostStatus,
@@ -75,6 +78,45 @@ impl DataStore {
         })
     }
 
+    /// Retrieve all HostStatus entries from the datastore, sorted from oldest to newest.
+    pub(crate) fn get_host_statuses(&self) -> Result<Vec<HostStatus>, TridentError> {
+        let mut all_rows_data: Vec<HostStatus> = Vec::new();
+
+        // Read all HostStatus entries from the datastore, parse them into
+        // HostStatus structs, and return a slice of them.
+        let mut query_statement = self
+            .db
+            .as_ref()
+            .structured(ServicingError::from(DatastoreError::OpenDatastore))?
+            .prepare("SELECT contents FROM hoststatus ORDER BY id ASC")
+            .structured(ServicingError::Datastore {
+                inner: DatastoreError::InitializeDatastore,
+            })
+            .message("Failed to read all database host statuses")?;
+
+        while let State::Row = query_statement
+            .next()
+            .structured(ServicingError::Datastore {
+                inner: DatastoreError::ReadDatastore,
+            })
+            .message("Failed to get next datastore row")?
+        {
+            let host_status_yaml = query_statement
+                .read::<String, _>(0)
+                .structured(ServicingError::Datastore {
+                    inner: DatastoreError::ReadDatastore,
+                })
+                .message("Failed to read datastore row")?;
+            let host_status = serde_yaml::from_str(&host_status_yaml)
+                .structured(ServicingError::Datastore {
+                    inner: DatastoreError::ReadDatastore,
+                })
+                .message("Failed to parse Host Status as YAML")?;
+            all_rows_data.push(host_status);
+        }
+        Ok(all_rows_data)
+    }
+
     pub(crate) fn is_persistent(&self) -> bool {
         !self.temporary
     }
@@ -101,6 +143,8 @@ impl DataStore {
         if self.temporary {
             let persistent_db = Self::make_datastore(path)?;
             self.host_status.is_management_os = false;
+            self.host_status.trident_version =
+                TridentVersion::SemVer(TRIDENT_SEMVER_VERSION.clone());
             Self::write_host_status(&persistent_db, self.host_status())?;
 
             self.db = Some(persistent_db);
@@ -114,13 +158,17 @@ impl DataStore {
         db: &sqlite::Connection,
         host_status: &HostStatus,
     ) -> Result<(), TridentError> {
+        // Create a mutable copy of the Host Status to add Trident version before writing.
+        let mut host_status_with_trident_version = host_status.clone();
+        host_status_with_trident_version.trident_version =
+            TridentVersion::SemVer(TRIDENT_SEMVER_VERSION.clone());
         let mut statement = db
             .prepare("INSERT INTO hoststatus (contents) VALUES (?)")
             .structured(ServicingError::from(DatastoreError::WriteToDatastore))?;
         statement
             .bind((
                 1,
-                &*serde_yaml::to_string(host_status)
+                &*serde_yaml::to_string(&host_status_with_trident_version)
                     .structured(InternalError::SerializeHostStatus)?,
             ))
             .structured(ServicingError::from(DatastoreError::WriteToDatastore))?;

crates/trident/src/engine/ab_update.rs

@@ -109,6 +109,7 @@ pub(super) fn stage_update(
             install_index: ctx.install_index,
             last_error: None,
             is_management_os: false,
+            trident_version: Default::default(),
         };
     })?;