Dear Developer Community,
using Torizon 5.4.0 with your excellent documentation, we are already able to prepare a TEZI image with TorizonCore Builder and program it as initial software, bundled with /etc configuration, docker image and compose file. But, when the system is installed without Internet connectivity at all, has Torizon a recommended way to handle docker-compose and docker image updates? Of course we have local physical access to the device, local WiFi/BT and USB.
Thanks for the attention and best regards,
Hi @ldvp ,
thank you for using the Toradex community.
I am not sure if I fully understand your setup. Would it be possible for you to make a quick block diagram, to show which device has internet and which does not, as well as any other key information to tackle the issue.
How are you planning to update, without internet access? Is the device connected to some internal network on your end?
Hi @kevin.tx, thanks for the answer. I think the block diagram is not needed as the question is more like a short user story, but if it helps I can quickly try to sketch something, just let me know.
First, a board is flashed with a custom TorizonCore package by Toradex Easy Installer. That initial image include some version of TorizonCore and “pre-provisioned” custom docker compose and docker images for some applications, bundled in the initial installation package as explained here. Let’s say it is TorizonCore-Custom-v1.0.
Then, in this story the board is installed somewhere, in a place where no Internet connectivity is available for some reason. But we have to find a way to update its software from time to time. Without Internet connection, there is no way to access Torizon OTA platform, use Aktualizer-Uptane or a remote Docker Hub/Registry.
On the other hand, the USB and Ethernet ports are available and some update packages could arrive to the board via USB stick or local web interface, for example in the same form of then initial Toradex Easy Installer, let’s say now the update to apply is TorizonCore-Custom-v2.0. The missing part is a service to validate and install the package.
Have you considered such a case in the Torizon architecture or directly via ostree? Does Torizon support somehow this sort of “offline updating” or maybe in its roadmap? Or do you have recommended way or suggestions for this “offline update” in the meanwhile?
Hope it is more clear now, thanks again for the attention and best regards,
Hi @ldvp ,
Thank you for the description.
Indeed, we are currently implementing secure offline updates as a feature of the Torizon Platform. It will support both OS updates and container updates.
Our vision is to add a command in TorizonCore Builder that generates the update files, by fetching all required artifacts from the Torizon Platform Services (app.torizon.io), which will be referred to as a “takeout image” (exact phrasing to be defined). Then you can copy it to a USB stick and plug it into the board. The update process will start.
For illustration purposes, considering a takeout image named
TorizonCore-Custom-v2.0 in app.torizon.io, then you’d run a command similar to:
torizoncore-builder images takeout --credentials credentials.zip TorizonCore-Custom-v2.0
We are looking forward to your feedback about this.
Hello @kevin.tx ,
I am highly intrested in this solution but I have some additional questions:
- Will this type of update be available only via USB device or are you planning to provide such solution also via Ethernet (with only local access to Ethernet interface, not internet)? In some implementations we are not having USB port due to projet’s security requirements.
- Considering usage of Torizon Platform Services - is it necessary to use it? Our company policy does not allow to store/send our source code/final image on external servers (only company owned).
- In which version are you going to provide MVP? When there will be some documentation discribing the solution?
I hope you can clarify my concerns.
The initial release of the offline updates will only work with USB or SDCard but there is nothing inherent that precludes it from working over a local ethernet. The dev team has confirmed that it would just be another source for the OTA payload. I’ve passed that on as a feature request but it’s not in plan at the moment.
You don’t need to use the Torizon Platform with TorizonCore but if you want to do OTA or fleet management you will need to. We have discussed an on-premise option for hosting your own version of our server but it’s only in discussion at the moment with no concrete plans.
There will definitely be documentation for the offline updates and at the moment it will likely be available sometime in the first half of next year.
Thank you very much for your answer. You’ve explained all my concerns. I will monitor if any those features will be released in the future.
Just my thoughts on using USB update. If there are many units, it is expensive to have a service man running to all units with an USB disk and doing the update. It would be more effective sending it out over Ethernet to the units.
Hi @TJO ,
Thanks for sharing your thoughts.
As Drew mentioned, we’ve forwarded this as a feature request to the development team.