TipsAndTricks/QuickStartOnMenderOTA: Difference between revisions

From Yocto Project
Jump to navigationJump to search
 
(5 intermediate revisions by the same user not shown)
Line 36: Line 36:


4. Run the script to pull docker image. The run script is a wrapper to help users to setup images with docker compose.
4. Run the script to pull docker image. The run script is a wrapper to help users to setup images with docker compose.
Creating certificates and keys
1. Prepare certificates using the helper script keygen (replacing mender.example.com and s3.example.com with your own DNS names)
$ CERT_API_CN=server.example.com CERT_STORAGE_CN=server.example.com ../keygen
2. The certs and keys generated in a separate directory named keys-generated:
├── keys-generated
│  ├── certs
│  │  ├── api-gateway
│  │  │  ├── cert.crt
│  │  │  └── private.key
│  │  └── server.crt
│  │  └── storage-proxy
│  │      ├── cert.crt
│  │      └── private.key
│  └── keys
│      ├── deviceauth
│      │  └── private.key
│      └── useradm
│          └── private.key
├── prod.yml
└── run
Persistent storage
Persistent storage of backend services' data is implemented using named Docker volumes. The template is configured to mount the following volumes:
mender-artifacts - artifact objects storage
mender-deployments-db - deployments service database data
mender-useradm-db - user administration service database data
mender-deviceauth-db - device authentication service database data
mender-deviceadm-db - device admission service database data
mender-inventory-db - inventory service database data
Note: There is no documentation on how server admin can access to Docker volumes for artifacts browsing or further inspection.
Each of these volumes need to be created manually:
$ docker volume create --name=mender-artifacts
$ docker volume create --name=mender-deployments-db
$ docker volume create --name=mender-useradm-db
$ docker volume create --name=mender-inventory-db
$ docker volume create --name=mender-deviceadm-db
$ docker volume create --name=mender-deviceauth-db
$ docker volume create --name=mender-elasticsearch-db
$ docker volume create --name=mender-dynomite-db
Final configurations
All configurations below were made in prod.yml:
1. Storage proxy
...
storage-proxy:
    networks:
        mender:
            aliases:
                - server.example.com
...
2. Minio
In mender-server directory, run "pwgen 16 1" command to generate the secret 16-character value. You will need the 16-character long value for settings in minio.
My testing secret key: ahshagheeD1ooPaeT8lut0Shaezeipoo
...
minio:
    environment:
        # access keys
        MINIO_ACCESS_KEY: mender-deployments
        # secret
        MINIO_SECRET_KEY: ahshagheeD1ooPaeT8lut0Shaezeipoo
...
3. Deployments service
...
mender-deployments:
    ...
    environment:
        DEPLOYMENTS_AWS_AUTH_KEY: mender-deployments
        DEPLOYMENTS_AWS_AUTH_SECRET: ahshagheeD1ooPaeT8lut0Shaezeipoo
        DEPLOYMENTS_AWS_URI: https://server.example.com:9000
...
4. API gateway
...
mender-api-gateway:
    ...
    environment:
        ALLOWED_HOSTS: server.example.com
...
5. Device authentication service
...
mender-device-auth:
    ...
    environment:
        DEVICEAUTH_MAX_DEVICES_LIMIT_DEFAULT: 15
...
Bring it UP!
$ ./run up -d
To verify the services are running, you can check via 'ps' command:
$ ./run ps
                    Name                                  Command              State          Ports
-------------------------------------------------------------------------------------------------------------
menderproduction_mender-api-gateway_1        /entrypoint.sh                  Up      0.0.0.0:443->443/tcp
menderproduction_mender-deployments_1        /entrypoint.sh                  Up      8080/tcp
menderproduction_mender-device-adm_1          /usr/bin/deviceadm -config ...  Up      8080/tcp
menderproduction_mender-device-auth_1        /usr/bin/deviceauth -confi ...  Up      8080/tcp
menderproduction_mender-gui_1                /entrypoint.sh                  Up
menderproduction_mender-inventory_1          /usr/bin/inventory -config ...  Up      8080/tcp
menderproduction_mender-mongo-deployments_1  /entrypoint.sh mongod            Up      27017/tcp
menderproduction_mender-mongo-device-adm_1    /entrypoint.sh mongod            Up      27017/tcp
menderproduction_mender-mongo-device-auth_1  /entrypoint.sh mongod            Up      27017/tcp
menderproduction_mender-mongo-inventory_1    /entrypoint.sh mongod            Up      27017/tcp
menderproduction_mender-mongo-useradm_1      /entrypoint.sh mongod            Up      27017/tcp
menderproduction_mender-useradm_1            /usr/bin/useradm -config / ...  Up      8080/tcp
menderproduction_minio_1                      minio server /export            Up      9000/tcp
menderproduction_storage-proxy_1              /usr/local/openresty/bin/o ...  Up      0.0.0.0:9000->9000/tcp
Create a user login account.
$ sudo ./run exec mender-useradm /usr/bin/useradm create-user --username=myusername@server.example.com --password=MySecretPassword
You can now browse the web UI via: https://server.example.com:9000


== 2nd Option: Using Hosted Mender ==
== 2nd Option: Using Hosted Mender ==


= Building Image with meta-mender =
= Building Image with meta-mender =
= Contribution to meta-mender =
[https://github.com/mendersoftware/meta-mender/commit/51e14248d5016ced20bd50c7c2a5c17f6ee12180] Fixed qemu wrapper script memory allocation for software upgrade

Latest revision as of 06:06, 1 February 2018

Mender Over-The-Air Software Update for Embedded Linux

Mender is an open source remote software updater for embedded Linux devices. It includes both a client and a management server. Mender allows you to deploy an image-based update from the server-side component to your connected devices. We have tried out on qemu for ARM and here are some BKMs to get start.

Mender Artifacts Server Setup Guide

1st Option: DIY Server Setup

Host machine requirements:

[1] OS : Ubuntu 16.04

[2] Google Chrome

[3] Docker Engine 1.11 & above

[4] Docker Compose 1.6 & above

Basic preparation setup

1. Start with cloning the Mender integration repo.

$ git clone -b 1.3.0 https://github.com/mendersoftware/integration mender-server
$ cd  mender-server
$ git checkout -b my-test-setup

2. Duplicate the deployment template to a new directory named production.

$ cp -a template production

3. Replace all template path to new production path.

$ cd production
$ ls
# Two files are included: prod.yml and run
$ sed -i -e 's#/template/#/production/#g' prod.yml

4. Run the script to pull docker image. The run script is a wrapper to help users to setup images with docker compose.

Creating certificates and keys

1. Prepare certificates using the helper script keygen (replacing mender.example.com and s3.example.com with your own DNS names)

$ CERT_API_CN=server.example.com CERT_STORAGE_CN=server.example.com ../keygen

2. The certs and keys generated in a separate directory named keys-generated:

├── keys-generated
│   ├── certs
│   │   ├── api-gateway
│   │   │   ├── cert.crt
│   │   │   └── private.key
│   │   └── server.crt
│   │   └── storage-proxy
│   │       ├── cert.crt
│   │       └── private.key
│   └── keys
│       ├── deviceauth
│       │   └── private.key
│       └── useradm
│           └── private.key
├── prod.yml
└── run

Persistent storage

Persistent storage of backend services' data is implemented using named Docker volumes. The template is configured to mount the following volumes:

mender-artifacts - artifact objects storage

mender-deployments-db - deployments service database data

mender-useradm-db - user administration service database data

mender-deviceauth-db - device authentication service database data

mender-deviceadm-db - device admission service database data

mender-inventory-db - inventory service database data

Note: There is no documentation on how server admin can access to Docker volumes for artifacts browsing or further inspection.

Each of these volumes need to be created manually:

$ docker volume create --name=mender-artifacts
$ docker volume create --name=mender-deployments-db
$ docker volume create --name=mender-useradm-db
$ docker volume create --name=mender-inventory-db
$ docker volume create --name=mender-deviceadm-db
$ docker volume create --name=mender-deviceauth-db
$ docker volume create --name=mender-elasticsearch-db
$ docker volume create --name=mender-dynomite-db

Final configurations

All configurations below were made in prod.yml:

1. Storage proxy

...
storage-proxy:
    networks:
        mender:
            aliases:
                - server.example.com
...

2. Minio

In mender-server directory, run "pwgen 16 1" command to generate the secret 16-character value. You will need the 16-character long value for settings in minio. My testing secret key: ahshagheeD1ooPaeT8lut0Shaezeipoo

...
minio:
    environment:
        # access keys
        MINIO_ACCESS_KEY: mender-deployments
        # secret
        MINIO_SECRET_KEY: ahshagheeD1ooPaeT8lut0Shaezeipoo
...

3. Deployments service

...
mender-deployments:
    ...
    environment:
        DEPLOYMENTS_AWS_AUTH_KEY: mender-deployments
        DEPLOYMENTS_AWS_AUTH_SECRET: ahshagheeD1ooPaeT8lut0Shaezeipoo
        DEPLOYMENTS_AWS_URI: https://server.example.com:9000
...

4. API gateway

...
mender-api-gateway:
    ...
    environment:
        ALLOWED_HOSTS: server.example.com
...

5. Device authentication service

...
mender-device-auth:
    ...
    environment:
        DEVICEAUTH_MAX_DEVICES_LIMIT_DEFAULT: 15
...

Bring it UP!

$ ./run up -d

To verify the services are running, you can check via 'ps' command:

$ ./run ps
                   Name                                  Command               State           Ports
-------------------------------------------------------------------------------------------------------------
menderproduction_mender-api-gateway_1         /entrypoint.sh                   Up      0.0.0.0:443->443/tcp
menderproduction_mender-deployments_1         /entrypoint.sh                   Up      8080/tcp
menderproduction_mender-device-adm_1          /usr/bin/deviceadm -config ...   Up      8080/tcp
menderproduction_mender-device-auth_1         /usr/bin/deviceauth -confi ...   Up      8080/tcp
menderproduction_mender-gui_1                 /entrypoint.sh                   Up
menderproduction_mender-inventory_1           /usr/bin/inventory -config ...   Up      8080/tcp
menderproduction_mender-mongo-deployments_1   /entrypoint.sh mongod            Up      27017/tcp
menderproduction_mender-mongo-device-adm_1    /entrypoint.sh mongod            Up      27017/tcp
menderproduction_mender-mongo-device-auth_1   /entrypoint.sh mongod            Up      27017/tcp
menderproduction_mender-mongo-inventory_1     /entrypoint.sh mongod            Up      27017/tcp
menderproduction_mender-mongo-useradm_1       /entrypoint.sh mongod            Up      27017/tcp
menderproduction_mender-useradm_1             /usr/bin/useradm -config / ...   Up      8080/tcp
menderproduction_minio_1                      minio server /export             Up      9000/tcp
menderproduction_storage-proxy_1              /usr/local/openresty/bin/o ...   Up      0.0.0.0:9000->9000/tcp

Create a user login account.

$ sudo ./run exec mender-useradm /usr/bin/useradm create-user --username=myusername@server.example.com --password=MySecretPassword

You can now browse the web UI via: https://server.example.com:9000

2nd Option: Using Hosted Mender

Building Image with meta-mender

Contribution to meta-mender

[1] Fixed qemu wrapper script memory allocation for software upgrade