Client state and artifact install scripts - i2
Description
Risk & mitigation
Market Goal
Attachments
Checklist
Activity
Kristian AmlieApril 26, 2017 at 9:29 AM
Just one script per state? This does not sound that good to me, I would keep a directory.
Ok. I will change the acceptance criteria to include the indexed/ordered scripts.
Different "types" of scripts (check vs. do)? I would not distinguish; simply decide what to do next based on the script return code.
Right... We are not distinguishing right now. Check is anyway ambiguous in this context, because there can be automatic checks as well (check that a certain connection can be made, for example). In the first proposal I called it approval scripts, but Marcin and I decided to drop that distinction to keep the complexity down. So the sole differing factor will be whether you return a "retry code" or not, which I think enables a good script flow.
eystein.maloy.stenbergApril 25, 2017 at 6:16 PM
Now that is done, we should update the description here.
In particular;
Just one script per state? This does not sound that good to me, I would keep a directory.
Different "types" of scripts (check vs. do)? I would not distinguish; simply decide what to do next based on the script return code.
Kristian AmlieApril 24, 2017 at 11:08 AM
This is not development ready due to the new requirements in .
Mirza KrakApril 18, 2017 at 6:35 AM
Getting involved here
I have mentioned something similar on the mailing-list/googlegroup [1] and I believe that there is all ready an JIRA issue for this [2].
[1]. https://groups.google.com/a/lists.mender.io/forum/#!topic/mender/UwaBs1047go
Kristian AmlieApril 18, 2017 at 6:19 AM
Take one example: WiFi. Let's say that the device is battery powered and you want to keep WiFi on for as short a time as possible. If Mender enters the download state, the system should be informed about this. Otherwise it will kill the WiFi antenna after only a short time, and not allowing any update to complete.
Pre- and postinstall scripts are needed for the same reasons as they are in normal package management (deb, rpm, ipkg); to migrate settings, change application configuration, overlay some data, start services, etc. In addition, they can be used to update subsystem firmware of embedded device (a "poor man's installer modules").
Today we do check if the client is able to report success and roll back otherwise. This should ensure that no matter what happens you are able to deploy another update (will not lose control). However, custom sanity checkings are needed after preforming the update. This is because custom applications may be required to run successfully before the update is considered successful; e.g. an application that brings up the user interface of the device. A common way to ensure this is to use a Dead Man's Switch - positive acknowledgement - for example the application is expected to put a specific file in place after it successfully starts. If the file is not in place within a timeout (e.g. 1 minute), rollback must be performed. We can implement this using custom sanity checking scripts that are must all return 0 before deployment is considered successful.
See the image below for how these scripts all fit in the picture.
Acceptance criteria
The user can create directories for 1) preinstall and 2) postinstall and 3) sanity checking executables and point the YP Mender build to it for inclusion when building a mender artifact
Mender runs preinstall scripts in order according to filename prefix and aborts update if any of them fails (returns nonzero)
Mender runs postinstall scripts in order according to filename prefix and rolls back update if any of them fails (returns nonzero)
Mender runs sanity checking scripts in order according to filename prefix after the postinstall scripts and rolls back if any of them fails (returns nonzero)
If a script hangs, Mender must detect this, kill the script and treat it as a failure. Timeout value must be configurable.
Deployment log is not sent to server until all of the above scripts have completed (necessary because the log report is the final verification step, and thus all the scripts must have finished by then).
The output and return code from the scripts (also successful ones) is kept in the mender deployment log and available on the server in case of failure (see , )