Combining "full filesystem updates" and "application updates"

Dear Mender Team & Community,

I read (e.g. on Overview | Mender documentation) that Mender supports 2 different modes of updating - “full filesystem updates” using multiple partitions and “application updates” using scripts & Linux package managers.

Is there a possibility to combine these two modes, i.e., roll out base
image updates to all devices via the bootloader-and-filesystem-based option, and then
configure individual devices slightly different by applying scripts to
them on top of that? Or would we rather do that by giving the device 2 identities, one used by each of the two modes, basically rolling out base images via the “full filesystem update” approach which include the Mender client software used to do “application updates” on top of that?

Best & thanks
Christian Eder

Hi @christianeder,

Combining system and application updates is a common practise for sure. How both are interacting, respectively integrated depends on the specific use case.

There’s a number of things to consider:

  • first, the application update is usually not using the package manager of the underlying linux distribution. In many cases, namely the Yocto based ones, there often isn’t one around anyways. It can rather be anything that you can put into code.
  • second, it does not necessarily have to be separate identities. Dynamic groups could be helpful here.

Hope this helps, if you need more let me know.


1 Like

Thanks for the fast answer.

Regarding your points:

  • Although we will most likely not have a Yocto but more something like an Ubuntu / Debian, we don’t plan to make use of the package manager, but rather “just” deploy some scripts that configure networking or deploy additional certificates
  • I just read up a bit on dynamic groups. To me, they still sound like the device having 2 different identities (i.e. 2 different devices in the Mender backend, 2 different private keys), but can be managed / targeted as a group. Did I get that right?

Thanks again

Hi @christianeder ,

that actually sounds like you just want the configuration add on. :slight_smile:

Concerning the identities, I’ll look into it and get back to you.


1 Like

Hi @christianeder,

after thinking a bit about the identity topic, I think there is a misunderstanding concerning the term “identity”. In the mender context, a device almost always has “only” one identity.

The key about the dynamic groups is that you can select a number of devices matching specific criteria, and then deploy some form of artifact to the group, therefore all devices that fulfill that predicate.

Concerning the identity, there is no difference if you deploy a system update or an application update to a device. A single, accepted device will perfectly accept both kinds of update.

Hope that helps,

Ah thanks for that clarification. I had been under the impression its more an “either / or” for the 2 approaches per identity, but this seems to not be true then. Thanks, this helps!