-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC: Offline Updates #8
Comments
Hey! This stuff is all pretty interesting. It's not clear to me, though, how all these things fit together.
Is there a draft text or proposal somewhere around for this? I'm not aware of how that might work, so it's hard for me to judge the appropriateness of these changes relative to enabling support for that. I like the idea, and this isn't the first time offline updates in libaktualizr have come up, but I'm not quite sure why an offline update couldn't be provided with a new API call and some new internal functionality.
Why? Is this necessary if you want to have an offline update before any online updates have taken place?
I don't think it's necessary to retry to initialize on every external call into SotaUptaneClient.
I don't think I understand why the CommandQueue concept is necessary. What is that bringing?
libaktualizr is pretty messy with thread safety. However, I don't think it was expected that there'd be any reason to want to do multiple things at the same time. I still don't really see why you would. Is the problem you envision that you want to use
That was definitely a goal at one point in time. I'm very much in favor of doing a better job with some of this. Also beware that some of the numbering schemes might've diverged some over time. |
I think @tkfu is working on the proposed spec change, but the rough approach is to have a set of metadata similar to the Director, but which applies to any matching ECU rather than a specific ECU. I understand the PURE be ready very soon, so I won't try a poor summary here. Overall I'd hope the change can be reasonably self-contained, modulo a bit of refactoring :)
Yes. Supporting offline updates for a device that has never seen the Internet is a key use case (and drives quite a bit of the complexity).
That makes sense. The other public calls that depend on initialization can do a simple check and return a failure if initialization isn't complete yet. I haven't got through them all in detail to figure out which do/don't yet, but I think it will be pretty obvious.
I'm referring to the existing The repeated code like this from aktualizr.cc is an unfortunate effect of CommandQueue std::future<result::Install> Aktualizr::Install(const std::vector<Uptane::Target> &updates) {
std::function<result::Install()> task([this, updates] { return uptane_client_->uptaneInstall(updates); });
return api_queue_->enqueue(task);
}
One thing that we have to be careful here is that the
Did you have any thoughts on how that should work?
Ack. While I've got the lid off I will try and drop those in. |
Thanks for all the explanations. I got a brief overview of the offline update concept from Jon at the Uptane meeting, so I have a decent idea of what's going on here. I want to be really careful with opening up new doors, but I also think this is a feature that's long been needed.
I see. As it is now, calling
Oops, sorry, completely forgot that already existed!
Ignoring the case where two threads are calling the update code at the same time, does this not already work? If it doesn't, why not just call |
Perhaps the next step is to make that change to |
Sure, sounds fine to me! |
The purpose of this change is to allow SotaUptaneClient to operate offline (before provisioning has completed on-line). At the moment SotaUptaneClient still requires provisioning to complete (see SotaUptaneClient::initialize()), but this refactor is a step along the path outlined in uptane/aktualizr#8 Signed-off-by: Phil Wise <[email protected]>
The purpose of this change is to allow SotaUptaneClient to operate offline (before provisioning has completed on-line). At the moment SotaUptaneClient still requires provisioning to complete (see SotaUptaneClient::initialize()), but this refactor is a step along the path outlined in uptane/aktualizr#8 Signed-off-by: Phil Wise <[email protected]>
The purpose of this change is to allow SotaUptaneClient to operate offline (before provisioning has completed on-line). At the moment SotaUptaneClient still requires provisioning to complete (see SotaUptaneClient::initialize()), but this refactor is a step along the path outlined in uptane/aktualizr#8 Signed-off-by: Phil Wise <[email protected]>
The purpose of this change is to allow SotaUptaneClient to operate offline (before provisioning has completed on-line). At the moment SotaUptaneClient still requires provisioning to complete (see SotaUptaneClient::initialize()), but this refactor is a step along the path outlined in uptane/aktualizr#8 Signed-off-by: Phil Wise <[email protected]>
The purpose of this change is to allow SotaUptaneClient to operate offline (before provisioning has completed on-line). At the moment SotaUptaneClient still requires provisioning to complete (see SotaUptaneClient::initialize()), but this refactor is a step along the path outlined in uptane/aktualizr#8 Signed-off-by: Phil Wise <[email protected]>
The purpose of this change is to allow SotaUptaneClient to operate offline (before provisioning has completed on-line). At the moment SotaUptaneClient still requires provisioning to complete (see SotaUptaneClient::initialize()), but this refactor is a step along the path outlined in uptane/aktualizr#8 Signed-off-by: Phil Wise <[email protected]>
The purpose of this change is to allow SotaUptaneClient to operate offline (before provisioning has completed on-line). At the moment SotaUptaneClient still requires provisioning to complete (see SotaUptaneClient::initialize()), but this refactor is a step along the path outlined in uptane/aktualizr#8 Signed-off-by: Phil Wise <[email protected]>
Step 1, refactor the initialization process is done in #25 (now merged) |
PURE-2: Offline Updates is now officially approved :). |
This finally breaks the dependency on network connectivity and on-line provisioning and allows SotaUptaneClient to start with no network. Part of uptane/aktualizr#8 Signed-off-by: Phil Wise <[email protected]>
This finally breaks the dependency on network connectivity and on-line provisioning and allows SotaUptaneClient to start with no network. Part of uptane/aktualizr#8 Signed-off-by: Phil Wise <[email protected]>
This finally breaks the dependency on network connectivity and on-line provisioning and allows SotaUptaneClient to start with no network. Part of uptane/aktualizr#8 Signed-off-by: Phil Wise <[email protected]>
I'd like to extend Aktualizr to support offline updates. I understand that the Uptane standard is likely to be extended
soon to support this.
Looking at the Aktualizr code, I think there are some significant refactors needed to implement this. The purpose of this ticket is to open up discussion on what will be necessary and to make an initial proposal for those changes.
These changes are independent of the updated Uptane metadata evolution rules that will also be need to implemented (although probably after this refactor).
This refactor would be in the following areas:
Initializer
CommandQueue
SotaUptaneClient
Aktualizr
classInitializer
At the moment SotaUptaneClient doesn't really 'start' until the Initializer class has completed, which requires online communication with the server. I propose that we refactor the logic from the Initializer ctor into an 'void AttemptInitialize()' member function that makes one attempt at initialization and provides status (OK / Perm Failure / Temporary Failure) and an error description string via member functions.
For backwards compatibility this would be called on the entry to SotaUptaneClient::fetchMeta() (and the other external entry points to SotaUptaneClient.
Command Queue
For safety, I think it is important to make a very clear distinction between member functions that should be called via the command queue and those which can be called on any thread. One solution here would be to make SotaUptaneClient explicitly not thread-safe in all cases, and make the Aktualizr class provide thread safety on all calls (serializing via the Command Queue if necessary).
In think there is an opportunity here to simplify Aktualizr::RunForever() here: instead of calling UptaneCycle() in a loop (in a separate thread!) we can have a smarter CommandQueue that automatically schedules Update cycles when it has nothing in the queue. This can also have logic to attempt both online and offline updates.
SotaUptaneClient
I'm thinking that a good way to handle the complexity in this class is to add comments that link the member functions to parts of the Uptane spec. There are already a good number of references throughout the codebase, but I wonder if we can make more member function calls map 1:1 to steps in the Uptane spec.
We'd then add a new set of member functions that map to the upcoming Uptane Offline updates PURE, and finally wire it into the top level Aktualizr class.
Does that make sense?
The text was updated successfully, but these errors were encountered: