Default update strategy deletes original images after network failure

When we cut network connection in the middle of an upgrade, the unfinished download is treated as complete and the original images get deleted. When the device is rebooted, the images are gone and no containers are running except the supervisor and health check. Is this the expected behavior?

We thought the original image would be used to start the containers again when the device is rebooted because the update never finished downloading. One of our containers is responsible for creating and maintaining the wireless connection so we need it running in order to receive the update. The device is effectively bricked until we directly connect to it via ethernet to trigger the update again.

Hi @pollenmb,

Thanks for reaching out about this. We actually offer multiple update strategies for balenaOS. The default is download-then-kill which it doesn’t sound like is the right fit for you. If you have enough space on your partition, you might consider using the hand-over strategy instead; details for all four options can be found here: Fleet update strategy - Balena Documentation

Let us know if that gets you into a better place or if there is a gap we need to consider filling.

Hi @the-real-kenna,

Thanks for your response. I think the update process is not working as intended during network failure. When I disconnect the network mid-download the original images get deleted and there are no images to roll-back the containers to a working condition. Shouldn’t the original images only be deleted if the download was successful? The same issue seems to happen when I use the hand-over strategy. Any clues as to what I might be doing wrong?

Thanks!

Hi @the-real-kenna,

It looks like this is only happening when switching the device between fleets. When updating the device within the same fleet, it doesn’t happen.

Thanks,
Mayur