Skip to content

Latest commit

 

History

History
349 lines (247 loc) · 14.1 KB

README.md

File metadata and controls

349 lines (247 loc) · 14.1 KB

Mender logo

Build Status Coverage Status

Overview

Mender is an open-source, over-the-air (OTA) update manager for IoT and embedded Linux devices. Its client-server architecture enables the central management of software deployments, including functionality such as dynamic grouping, phased deployments, and delta updates. Mender also supports powerful extensions to configure, monitor, and troubleshoot devices. Features include remote terminal access, port forwarding, file transfer, and device configuration. It integrates with Azure IoT Hub and AWS IoT core.

Table of Contents

Why Mender?

Mender enables secure and robust over-the-air updates for all device software. Some of the core functionalities include:

  • 💻 Flexible management server and client architecture for secure OTA software update deployments and fleet management.
  • 💾 Standalone deployment support, triggered at the device-level (no server needed) for unconnected or USB delivered software updates.
  • 🔄 Automatic rollback upon update failure with an A/B partition design.
  • 🔀 Support for a full root file system, application, files, and containerized updates.
  • ✅ Dynamic grouping, phased rollouts to ensure update success.
  • ⚙️ Advanced configuration, monitoring, and troubleshooting for software updates.
  • 🔬 Extensive logging, audits, reporting, and security and regulatory compliance capabilities.

Our mission and goals

Embedded product teams often create homegrown updaters at the last minute due to the need to fix bugs in field-deployed devices. However, the essential requirement for an embedded update process is robustness. For example, loss of power at any time should not brick a device. This creates a challenge, given the time constraints to develop and maintain a homegrown updater.

Mender aims to address this challenge with a robust and easy to use updater for embedded Linux devices, which is open source and available to anyone.

Robustness is ensured with atomic image-based deployments using a dual A/B rootfs partition layout. This makes it always possible to roll back to a working state, even when losing power at any time during the update process.

Ease of use is addressed with an intuitive UI, comprehensive documentation, a meta layer for the Yocto Project for easy integration into existing environments, and high-quality software (see the test coverage badge).

Where to start?

Mender enterprise Mender Open Source
Ready to get started on an enterprise-grade OTA software update solution? Capabilities include advanced fleet management, security, and compliance: role-based access control (RBAC), dynamic groups, delta updates, and mutual TLS support. Get started with hosted Mender and evaluate Mender for free. Alternatively, the Mender open-source option allows you to start doing smart device updates in a quick, secure, and robust method. Check out how to get started.
In order to support rollback, the Mender client depends on integration with the boot loader and the partition layout. It is, therefore, most easily built as part of your Yocto Project image by using the meta layer for the Yocto Project.

If you want to compare the options available, look at our features page.

Mender documentation

The documentation is a great place to learn more, especially:

  • Overview — learn more about Mender, it's design, and capabilities.
  • Debian — get started with updating your Debian devices.
  • Yocto — take a look at our support for Yocto.

Would you rather dive into the code? Then you are already in the right place!


High-level architecture overview

Mender architecture

The chart above depicts a typical Mender architecture with the following elements:

  • Back End & User Interface: The shaded sky blue area is the Mender product which comprises the back end and the user interface (UI).
  • Clients: The Mender client runs on the devices represented by the devices icon.
  • Gateway: All communications between devices, users, and the back end occur through an API gateway. Traefik is used for the API gateway. The gateway routes the requests coming from the clients to the right micro-service(s) in the Mender back end.
  • NATS message broker: some of the micro-services use NATS as a message broker to support the Mender device update troubleshooting and the orchestration within the system.
  • Mongo DB: persistent database for the Mender back end micro-services.
  • Storage layer: in both hosted and on-premise Mender, an AWS S3 Bucket (or S3 API-compatible) or an Azure Storage Account storage layer is used to store the artifacts.
  • Redis: in-memory cache to enable device management at scale.

You can find more detailed information in our documentation.


About this repository

This repository contains the Mender client updater, which can be run in standalone mode (manually triggered through its command line interface) or managed mode (connected to the Mender server).

Mender provides both the client-side updater and the backend and UI for managing deployments as open source. The Mender server is designed as a microservices architecture and comprises several repositories.

Contributing

We welcome and ask for your contribution. As we have announced a rewrite of substantial client parts to C++, contributions need to be coordinated. For more details, please read our guide on how to best get started contributing code or documentation.

Please note:

The client is currently being rewritten to C++.

License

Mender is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.

Security disclosure

We take security very seriously. If you come across any issue regarding security, please disclose the information by sending an email to [email protected]. Please do not create a new public issue. We thank you in advance for your cooperation.

Installing from source

Requirements

  • C compiler
  • Go compiler
  • liblzma-dev, libssl-dev and libglib2.0-dev packages

LZMA support opt-out

If no LZMA Artifact compression support is desired, you can ignore the liblzma-dev package dependency and substitute the make commands in the instructions below for:

make TAGS=nolzma

D-Bus support opt-out

If no D-Bus support is desired, you can ignore the libglib2.0-dev package dependency and substitute the make commands in the instructions below for:

make TAGS=nodbus

Steps

To install Mender on a device from source, first clone the repository in the correct folder structure inside your $GOPATH (typically $HOME/go):

git clone https://github.com/mendersoftware/mender.git $GOPATH/src/github.com/mendersoftware/mender

Then run the following commands inside the cloned repository:

make
sudo make install

Installation notes

Installing this way does not offer a complete system updater. For this, you need additional integration steps. Depending on which OS you are using, consult one of the following:

However, it is possible to use Update Modules and update other parts of the system.

In order to connect to a Mender server, you either need to get a Mender Professional account, or set up a server environment. If you are setting up a demo environment, you will need to put the support/demo.crt file into /etc/mender/server.crt on the device and add the configuration line below to /etc/mender/mender.conf after the installation steps above:

  "ServerCertificate": "/etc/mender/server.crt"

Keep in mind that /etc/mender/mender.conf will be overwritten if you rerun the sudo make install command.

Important: demo.crt is not a secure certificate and should only be used for demo purposes, never in production.

Cross-compiling

Requirements

Build steps

Cross-compiler setup

Download the cross-compiler required for your device. Then add the cross-compiler bin/ subfolder in your path and set the CC variable accordingly using the commands:

export PATH=$PATH:<path_to_my_cross_compiler>/bin
export CC=<cross_compiler_prefix>

For instance, to cross-compiling for Raspberry Pi:

git clone https://github.com/raspberrypi/tools.git
export PATH="$PATH:$(pwd)/tools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian-x64/bin"
export CC=arm-linux-gnueabihf-gcc

libssl dependency

Download, extract, compile, and install libssl with the following commands:

wget -q https://www.openssl.org/source/openssl-1.1.1k.tar.gz
tar -xzf openssl-1.1.1k.tar.gz
cd openssl-1.1.1k
./Configure <target-arch> --prefix=$(pwd)/install
make
make install

Where target-arch should be one of the available targets specified by OpenSSL ( Run ./Configure for help ), for example, linux-armv4

Export an environment variable for later use:

export LIBSSL_INSTALL_PATH=$(pwd)/install

liblzma dependency

Download, extract, compile, and install liblzma with the following commands:

wget -q https://tukaani.org/xz/xz-5.2.4.tar.gz
tar -xzf xz-5.2.4.tar.gz
cd xz-5.2.4
./configure --host=<target-arch> --prefix=$(pwd)/install
make
make install

Where target-arch should match your device toolchain, for example, arm-linux-gnueabihf

Export an environment variable for later use:

export LIBLZMA_INSTALL_PATH=$(pwd)/install

Build steps

Now, to cross-compile Mender, run the following commands inside the cloned repository:

make CGO_CFLAGS="-I${LIBLZMA_INSTALL_PATH}/include -I${LIBSSL_INSTALL_PATH}/include" CGO_LDFLAGS="-L${LIBLZMA_INSTALL_PATH}/lib -L${LIBSSL_INSTALL_PATH}/lib" \
CGO_ENABLED=1 GOOS=linux GOARCH=<arch>

Where arch is the target architecture (for example, arm). See all possible values for GOARCH in the source code. Also, note that for arm architecture, you also need to specify which family to compile for with GOARM; for more information, see this link

You can deploy the mender client file tree in a custom directory in order to send it to your device afterward. To deploy all mender client files in a custom directory, run the command:

make prefix=<custom-dir> install

Where custom-dir is the destination folder for your file tree

Finally, copy this file tree into your target's device rootfs. You can do it remotely using SSH, for example.

See also Installation notes

Running

Once installed, Mender can be enabled by executing:

systemctl enable mender-client && systemctl start mender-client

D-Bus API

The introspection files for Mender D-Bus API can be found at documentation

Community

Authors

Mender was created by the team at Northern.tech AS, with many contributions from the community. Thanks everyone!

About Northern.tech

Northern.tech is the leader in device lifecycle management with a mission to secure the world's connected devices. Established in 2008, Northern.tech showcases a long history of enterprise technology management before IIoT and IoT became buzzwords. Northern.tech is the company behind CFEngine, a standard in server configuration management, to automate large-scale IT operations and compliance.

Learn more about device lifecycle management for industrial IoT devices.