| Policy Manager for COS(Container-Optimized OS) Image |
| ================================== |
| |
| # Overview |
| Policy Manager is the client for the COS control plane. It is responsible for reporting |
| current instance status and fetching device update config. |
| |
| It is designed to be a system daemon that's started immediately after boot. |
| It sends status update to an update manager, which will respond with the |
| appropriate update config. |
| |
| Using the update config, it will generate the appropriate update policy blobs |
| to enforce the update strategy set by the user. |
| |
| # How to run |
| - Policy Manager must be run with root privileges in order to access update_engine status and control device policy. |
| - It continuously reports status and fetches update policy from metadata server under `monitor` mode. |
| |
| # What's up with update [policy, strategy, config]? |
| Part of Policy Manager's features is to allow users to control the OS update behavior of |
| their COS instances. |
| |
| Instances will only receive updates within their major release version. For |
| example, if both 12.1.0 and 13.0.0 are available, an instance running 12.0.0 |
| will only get updated to 12.1.0 if it has this strategy. |
| |
| The actual enforcement of the strategies are done by the update *policy*, which |
| is a Chrome OS feature. An update policy is a protobuf blob that contains the |
| parameters that will be used to fetch updates from Omaha. Policy Manager is responsible |
| for deciding when to enable or disable the update engine. |
| |
| # Building |
| - To build and test Policy Manager, please run `FEATURES=test emerge-lakitu policymanager` |
| |
| # Protobufs |
| - To compile protobuf definitions, run `./gen_proto.sh`. |
| - Do NOT submit the generated protobufs into the repo. |
