Final Checks before release

thesillywhat · September 24, 2020, 10:38pm

Hello,
I am trying check my understanding before deployment.

how mender downloads the update. Is it done in parts or is it one single download? It looks like it is one single download.

For example,
If I have an update which is 300 MB in size and is midway downloading, If I power cycle the unit and I have the retry set to 0 the update fails
2. Can I change my certificate and hosted mender api via a artifact update

Do I have to include anything specific to perform an rollback. I think there are two conditions
a. Normal delta update on the root file system update. I see that if the download fails then we don’t perform the update
b. But in the scenario where I have created my own specific state scripts then its my responsibility to create a rollback script and include it in my artifact update in case the state scripts fails?

oleorhagen · September 25, 2020, 8:48am

The client downloads the update in one single stream. However, if the connection is broken, the client should continue downloading the update from where it left off, if it is allowed to retry.
You can change your certificate (I’m not sure what changing the hosted API means), with a rootfs update (as long as the certificate is on one of the rootfs partitions. If it is not, it is possible to do something like a file update module, and have it replace it on the data-partition, although riskier, since a corruption or failure here will leave you in an undefined state.
I think you might be confusing State scripts with Update modules here. You can have state scripts which run in the ArtifactRollback state. But it is not required. This is entirely use-case dependent.

Rollbacks are different depending on what sort of an update you are doing. Since you mentioned deltas, I’m going to assume that this is a rootfs update. Which means that you don’t have to include anything special at all. The Mender client will perform the roll-back automatically, in case anything fails.

Does this make sense?

thesillywhat · September 25, 2020, 2:54pm

The connection broken in this case, would be, if I lost internet connection and I got it back after some time. Not the same as power loss. I would assume.

This retry that you are referring to is different than the retry on hosted.mender.io?

So right now I am setting two variable

MENDER_SERVER_URL=https://hosted.mender.io and MENDER_TENNANT_TOKEN So if in the future I need to change any of these variables to a some new value I can include them as new update
But I think I understand what you are trying to say for the certificate option. I have not looked into it. I will start looking into it

I think I am. I am very bad at remembering proper terminologies. but you understood it spot on.
So this post is an example of what I am trying to achieve

In the above case. I had created a script which ran as a part of update module. Since this was a specific use case.
If the script fails in the second or third step, will the artifact automatically revert the changes performed or do I have to do something to take care of it?

oleorhagen · September 28, 2020, 7:25am

In this case, the download should continue from where it was interrupted.

Yes, I was talking about the Mender clients ablility to retry on connection errors. The hosted.mender.io retries will retry the entire deployment from the start.

Great , note that the client can have one ‘global’ configuration file on the data partition, and then override these with a local config on the rootfs{a,b} partitions.

If I undestand you correctly:
Rollbacks are not performed automatically for changes you make using a state-script. The client only guarantees that the RollBack states will be run in the case of an error during the update. Hence it is your responsibility to have a state-script do the rollback if you have made a change to, like you did, systemd configuration.

thesillywhat · September 28, 2020, 2:39pm

Understood. Thanks for the clarification

thesillywhat · October 9, 2020, 7:07pm

Firstly I would like to thank everyone in this community for helping me out in releasing the product out so quickly. So thank you @drewmoseley @mirzak @oleorhagen @dellgreen @kacf

We have deployed 7 boards with mender. But now since I am including different projects. I would like some more help to understand.

How do people generally separate out mender delta releases for different projects. Is it by just specifying different version names?
We have a diagnostic screen as well in our UI something that lets the IT team know what URL I am using. Is it possible to send a curl request to https://hosted.mender.io and if yes what data will I receive.

Currently when I send a curl request I receive moved permanently as a response.

I know most of the people will be quick to point out just allow traffic on tcp port 443 and it will work. To them I say. I have already tried that and no one is buying that. So If I can send something to hosted.mender.io and receive some sort of an acknowledgment saying that communication to hosted.mender.io is indeed working I can sleep a little easy

dellgreen · October 9, 2020, 7:22pm

add the ‘-L’ switch to the curl command so that it follows http redirects

oleorhagen · October 12, 2020, 6:38am

For now you will have to follow a naming scheme for the delta releases. In the future this will be improved

thesillywhat · October 12, 2020, 2:43pm

I will try that out

thesillywhat · October 12, 2020, 2:55pm

naming scheme meaning release version name?

oleorhagen · October 13, 2020, 7:31am

Yes

thesillywhat · October 19, 2020, 7:54pm

Sorry for the delay in my response. This is what I receive?

blue@blue:~$ curl -L -X GET "https://hosted.mender.io"
<!doctype html><html lang="en"><head><meta charset="utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><title>Mender</title><style id="antiClickjack">body {
        display: none !important;
      }</style><script>if (self === top) {
        var antiClickjack = document.getElementById('antiClickjack');
        antiClickjack.parentNode.removeChild(antiClickjack);
      } else {
        top.location = self.location;
      }</script><link rel="icon" href="favicon.ico?c17fa574af205373d368"><link href="main.css?c17fa574af205373d368" rel="stylesheet"></head><body class="box-sizing"><div id="main"></div><script>mender_environment = {};</script><script src="env.js"></script><script src="main.js?c17fa574af205373d368"></script></body></html>

is this right?

dellgreen · October 19, 2020, 8:26pm

that’s the login screen html, its not clear from point 2 above what you are trying to achieve.

thesillywhat · October 20, 2020, 2:43pm

So, The Client wants a Diagnostic screen where he can see if the websites are whitelisted or not.
So that he can tell the other IT team to white list it.

We do a curl to google.com to see if DNS is working or not and TCP setting are in place.
Since we are communicating with mender.io . He wanted to have something similar to that. So that he can be assured that we are indeed able to communicate with mender server.

I thought the easiest way to do that, is to send a curl command to mender.

Am I able to explain this properly?

dellgreen · October 20, 2020, 3:20pm

oh i see, i get you now.
Then yes a simple curl command that follows redirects and just pulls the headers from the server sounds like one way to do it.

curl -L -I “https://hosted.mender.io”

Topic		Replies	Views
Understanding State Scripts General Discussions yocto , raspberrypi-cm3 , warrior	4	802	August 13, 2020
Forcing an update failure General Discussions	2	365	July 1, 2019
Correct way to update only after user's confirmation General Discussions	1	629	June 22, 2020
Initiating the update from the client General Discussions	6	682	November 4, 2020
Downgrade from yocto zeus to thud and state version incompatibilty General Discussions	3	416	May 4, 2020

Final Checks before release

Related Topics