Skip to content

Mender over-the-air software updater client.

License

Notifications You must be signed in to change notification settings

SebOpsahl/mender

Β 
Β 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

Mender logo

Build Status Coverage Status

Overview

Mender is an open-source, over-the-air (OTA) update manager for IoT and embedded Linux devices. Its client-server architecture enables the central management of software deployments, including functionality such as dynamic grouping, phased deployments, and delta updates. Mender also supports powerful extensions to configure, monitor, and troubleshoot devices. Features include remote terminal access, port forwarding, file transfer, and device configuration. It integrates with Azure IoT Hub and AWS IoT core.

Table of Contents

Why Mender?

Mender enables secure and robust over-the-air updates for all device software. Some of the core functionalities include:

  • πŸ’» Flexible management server and client architecture for secure OTA software update deployments and fleet management.
  • πŸ’Ύ Standalone deployment support, triggered at the device-level (no server needed) for unconnected or USB delivered software updates.
  • πŸ”„ Automatic rollback upon update failure with an A/B partition design.
  • πŸ”€ Support for a full root file system, application, files, and containerized updates.
  • βœ… Dynamic grouping, phased rollouts to ensure update success.
  • βš™οΈ Advanced configuration, monitoring, and troubleshooting for software updates.
  • πŸ”¬ Extensive logging, audits, reporting, and security and regulatory compliance capabilities.

Our mission and goals

Embedded product teams often create homegrown updaters at the last minute due to the need to fix bugs in field-deployed devices. However, the essential requirement for an embedded update process is robustness. For example, loss of power at any time should not brick a device. This creates a challenge, given the time constraints to develop and maintain a homegrown updater.

Mender aims to address this challenge with a robust and easy to use updater for embedded Linux devices, which is open source and available to anyone.

Robustness is ensured with atomic image-based deployments using a dual A/B rootfs partition layout. This makes it always possible to roll back to a working state, even when losing power at any time during the update process.

Ease of use is addressed with an intuitive UI, comprehensive documentation, a meta layer for the Yocto Project for easy integration into existing environments, and high-quality software (see the test coverage badge).

Where to start?

Mender enterprise Mender Open Source
Ready to get started on an enterprise-grade OTA software update solution? Capabilities include advanced fleet management, security, and compliance: role-based access control (RBAC), dynamic groups, delta updates, and mutual TLS support. Get started with hosted Mender and evaluate Mender for free. Alternatively, the Mender open-source option allows you to start doing smart device updates in a quick, secure, and robust method. Check out how to get started.
In order to support rollback, the Mender client depends on integration with the boot loader and the partition layout. It is, therefore, most easily built as part of your Yocto Project image by using the meta layer for the Yocto Project.

If you want to compare the options available, look at our features page.

Mender documentation

The documentation is a great place to learn more, especially:

  • Overview β€” learn more about Mender, it's design, and capabilities.
  • Debian β€” get started with updating your Debian devices.
  • Yocto β€” take a look at our support for Yocto.

Would you rather dive into the code? Then you are already in the right place!


High-level architecture overview

Mender architecture

The chart above depicts a typical Mender architecture with the following elements:

  • Back End & User Interface: The shaded sky blue area is the Mender product which comprises the back end and the user interface (UI).
  • Clients: The Mender client runs on the devices represented by the devices icon.
  • Gateway: All communications between devices, users, and the back end occur through an API gateway. Traefik is used for the API gateway. The gateway routes the requests coming from the clients to the right micro-service(s) in the Mender back end.
  • NATS message broker: some of the micro-services use NATS as a message broker to support the Mender device update troubleshooting and the orchestration within the system.
  • Mongo DB: persistent database for the Mender back end micro-services.
  • Storage layer: in both hosted and on-premise Mender, an AWS S3 Bucket (or S3 API-compatible) or an Azure Storage Account storage layer is used to store the artifacts.
  • Redis: in-memory cache to enable device management at scale.

You can find more detailed information in our documentation.


About this repository

This repository contains the Mender client updater, which can be run in standalone mode (manually triggered through its command line interface) or managed mode (connected to the Mender server).

Mender provides both the client-side updater and the backend and UI for managing deployments as open source. The Mender server is designed as a microservices architecture and comprises several repositories.

Contributing

We welcome and ask for your contribution. As we have announced a rewrite of substantial client parts to C++, contributions need to be coordinated. For more details, please read our guide on how to best get started contributing code or documentation.

Please note:

The client is currently being rewritten to C++.

License

Mender is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.

Security disclosure

We take security very seriously. If you come across any issue regarding security, please disclose the information by sending an email to [email protected]. Please do not create a new public issue. We thank you in advance for your cooperation.

Installing from source

Requirements

  • C++ compiler
  • cmake
  • libarchive-dev, libboost-all-dev, liblmdb-dev, libdbus-1-dev, libssl-dev and libsystemd-dev packages

For Debian/Ubuntu, the prerequisites can be installed by

sudo apt install git build-essential cmake libarchive-dev liblmdb-dev libboost-all-dev libssl-dev libdbus-1-dev libsystemd-dev

Adjust as needed for other distributions.

Steps

To install Mender C++ client on a device from source, first clone the repository:

git clone https://github.com/mendersoftware/mender.git

Change into the cloned repository:

cd mender

Use git submodule to fetch additional dependencies:

git submodule update --init --recursive

Create a build directory and enter it:

mkdir build
cd build

Configure and start the build:

cmake -DCMAKE_INSTALL_PREFIX:PATH=/usr ..
make

Make sure you configure installation to the /usr path prefix, as the executables required by systemd units and D-Bus policy file must be placed in the canonical paths.

Install the client:

sudo make install

Client setup

The required configuration files for client operation can be created in several ways.

  • for an interactive setup process, use the mender-setup tool.
  • in a Yocto-based set up, those are generated as part of the build process

Installation notes

Installing this way does not offer a complete system updater. For this, you need additional integration steps. Depending on which OS you are using, consult one of the following:

However, it is possible to use Update Modules and update other parts of the system.

In order to connect to a Mender server, you either need to get a Mender Professional account, or set up a server environment. If you are setting up a demo environment, you will need to put the support/demo.crt file into /etc/mender/server.crt on the device and add the configuration line below to /etc/mender/mender.conf after the installation steps above:

  "ServerCertificate": "/etc/mender/server.crt"

Important: demo.crt is not a secure certificate and should only be used for demo purposes, never in production.

Cross-compiling

Generic cross-compilation procedures using cmake apply.

During the current, early stage of development using a higher, cross-compilation aware build system such as Yocto is advisable. Once things are sufficiently stabilized, a set of steps for manual cross-compilation will be added here.

QNX

Note that QNX support is still experimental, and not supported.

mkdir build && cd build
QNX_TARGET_ARCH=aarch64le cmake .. -DCMAKE_TOOLCHAIN_FILE=../cmake/qnx.cmake
make

Running

Once installed, Mender can be enabled by executing:

systemctl enable mender-authd mender-uptdated && systemctl start mender-authd mender-updated

D-Bus API

The introspection files for Mender D-Bus API can be found at documentation

Community

Authors

Mender was created by the team at Northern.tech AS, with many contributions from the community. Thanks everyone!

About Northern.tech

Northern.tech is the leader in device lifecycle management with a mission to secure the world's connected devices. Established in 2008, Northern.tech showcases a long history of enterprise technology management before IIoT and IoT became buzzwords. Northern.tech is the company behind CFEngine, a standard in server configuration management, to automate large-scale IT operations and compliance.

Learn more about device lifecycle management for industrial IoT devices.

About

Mender over-the-air software updater client.

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C++ 94.5%
  • CMake 2.8%
  • Shell 2.2%
  • Python 0.5%