Software version unknown for devices that came offline before they were authorized

General Discussions
1

I’m on Mender Client V2.0 and fave following annoying use case:

(Assume using pre-authorization is not possible in my case)

  • device boots for the first time, creates pending authentification request
  • this requests gets manually accepted some time later

Having inventory refresh intervals quite rare, to force sync it, I should either reboot the device (which I want to avoid), or restart Mender client (from V2.1 you can issue a command to the client), but this requires ssh communication to the device which I don’t have.

Otherwise, if the device is turned off before inventory was synced for the first time, Mender backend is now aware of device’s current software and thus I can include this device in a deployment so it could be updated when it comes online at the customer.

I suppose simply sending inventory information would solve this and would make the authorization process more flexible: device can be turned off right after it finished first boot, without waiting to be authorized and still be included in the deployments while offline.

2

thus I can include this device in a deployment so it could be updated when it comes online at the customer.

There is an upcoming feature, “dynamic deployments” that would solve this use-case for you as well I believe.

But for now, I suppose one way to achieve this would be to use a state-script, e.g on first time entry of Idle state do an mender -check-inventory

I suppose simply sending inventory information would solve this and would make the authorization process more flexible

What do you mean here? How would it send it if it is not authorized?

3

That’s the thing, now you can’t =) But it would be nice if the backend could accept and store inventory information even for unauthorized devices.

I’m not sure if i explained my use case clearly enough. Let me try to rephrase:
What I want to acheive is to have the ability to know software version and thus include in deployments (after authorization of course) those devices that came offline before they were manually authorized, but after they contacted the server for the first time

4

As I briefly mentioned I think this will be possible with an already planned feature, “dynamic deployments” where you will be able to create deployments based on inventory data information (e.g software version) and once the device connects for the first time and sends inventory data it would be possible to automatically add it to an “dynamic deployment” and hence it would get the software defined there.

It is the reverse of what you are asking for I believe, but solves the same use-case.

5

This would not be secure as you are allowing unauthorized devices write access to your database which can easily be exploited.

6

True, not safe… It was just an idea.
Yes it sounds like the feature you described should work for my case.
But I suppose it won’t be a part of Open-Source mender? :sweat_smile:

In any case, thanks a lot for reactive support. I’ll rename this topic so the people with similar use cases could find it.

7

True, not safe… It was just an idea.

Ideas are always welcome :smiley:

Yes it sounds like the feature you described should work for my case.
But I suppose it won’t be a part of Open-Source mender?

You assumptions are correct :slight_smile: