Mender blog

Mender 2.3 released: Easily update both system and applications

We are excited to release Mender 2.3 and 2.2.2!

The focus for Mender 2.3 is to easily update all your device software.

The key features of Mender 2.3 are covered below, and you can see the detailed items in the release notes of Mender 2.3.0 and Mender 2.2.2.

This Mender release includes a ready-to-flash OTA-enabled Raspbian image, a new way to snapshot into system updates and support for generating application updates directly from the Mender server! All new features of Mender 2.3 are fully open source under the permissive Apache 2.0 license.

The key features of Mender 2.3 are covered below, and you can see the detailed items in the Mender 2.3.0 release notes.

Rasbian image with system-level OTA update support

System updates are needed in order to update the kernel, system libraries, application frameworks or even more complex applications. Losing power or connectivity during these types of updates can leave the device "bricked", unless a robust update process is used, like the one provided by Mender that does dual A/B system updates and support rollback in case of any type of failure.

Supporting this type of advanced system update, however, requires integration with bootloaders and several low-level changes. Thus, getting started with robust OTA system updates on Raspbian has never been easy -- until now.

Mender 2.3 comes with a ready-to-flash Rasbian image for the Raspberry Pi 3. The only difference between the official Raspbian image is that Mender has been integrated and it is fully enabled to receive robust system updates! Note that this image only works with Raspberry Pi 3.

This Raspbian image is available for download in the Mender documentation.

If you are looking for or are interested in testing and contributing board support for other Debian family of OSes, take a look at the Debian family board integration category in the Mender Hub community forums.

Broader Debian family board support with mender-convert v2

mender-convert is the tool that enables system update support for boards running a Debian family OS, such as Debian, Raspbian and Ubuntu. In fact, it is how the Raspbian image above has been created.

In its initial release it supported BeagleBone and Raspberry Pi 3 boards, but with the new mender-convert v2, it has become fully generic and does not have any limitations on which boards it can support!

Given the heterogeneous nature of embedded devices, however, there might be specific configurations that are needed for different boards. This is now supported by board-specific configuration files, rather than having any specific board support in mender-convert itself.

For an example, take a look at the Raspberry Pi 4 Raspbian board integration.

To start using this new version of mender-convert, take a look at the documentation for Debian family boards.

Wizard for Mender client configuration: mender setup

Once you have the Mender client installed on your device, it should be connected to a Mender server, so that remote updates can be deployed. This used to mean locating configuration files, reading about the different options and changing configuration settings.

Mender 2.3 greatly simplifies this with a new setup command. To trigger the command on an existing installation of Mender, simply run mender setup, which will launch a CLI wizard as shown below:

# mender setup

Mender Client Setup
===================

Setting up the Mender client: The client will regularly poll the server to check for updates and report its inventory data.
Get started by first configuring the device type and settings for communicating with the server.

The device type property is used to determine which Mender Artifact are compatible with this device.
Enter a name for the device type (e.g. raspberrypi3-raspbian): [raspberrypi3-raspbian] 

Are you connecting this device to hosted.mender.io? [Y/n] Y
Enter your credentials for hosted.mender.io
Email: user@example.com
Password: 

Demo mode uses short poll intervals and assumes the default demo server setup. (Recommended for testing.)
Do you want to run the client in demo mode? [Y/n] Y
Mender setup successfully.

This command can be triggered after flashing an image with Mender integrated, like the Raspbian image above, and is also run by default after you install the Mender Debian package (support for application level updates only).

Easily generate system updates: mender snapshot

With Mender integrated and running on the devices a way to generate system updates is needed.

On the Debian family of OSes, like Raspbian, it is common to start off with the "golden image" workflow to generate system updates. In this workflow, one device or SD card, acts as the source that is later replicated to all the other devices. All changes, such as updating libraries, changing configurations and installing applications are applied run-time at the golden image.

This used to be a quite cumbersome workflow because you would have to boot the golden device, do the modifications needed, shut down the device, move the SD card into a workstation/laptop, dump it to a image file, shrink and compress it, and finally generate an update based on this image. Phew!

Mender 2.3 introduces a new client-side feature to reduce this to a single step: mender snapshot. This feature is best used when you have the golden device connected to a workstation / laptop and you can SSH into it, which is usually the case.

Running mender snapshot on the device itself will temporarily suspend all writes to the device storage and dump the contents of the currently running system, which can be forwarded to a file or network location.

To make this system update generation into a single step, a complementary option has been added to mender-artifact, the tool used to generate Mender Artifact (.mender) files for update deployment. It now supports taking the input over SSH, so you can generate a Mender Artifact from your golden device by running a command like this on your workstation/laptop:

mender-artifact write rootfs-image -f ssh://pi@192.168.1.10 \
                                   -n release-1 \
                                   -o release-1.mender \
                                   -t raspberrypi3

After a few minutes, the Mender Artifact (release-1.mender) can be uploaded to the Mender server and deployed to all of the devices, which would essentially replicate the system of the golden device!

Since this is a full root file system snapshot, it enables other use cases as well, such as backup and restore of the running system.

Upload applications and configurations directly to the Mender server

To deploy new software or configuration with Mender, it needs to be packaged in the Mender Artifact (.mender) format. This format contains meta-data to ensure the compatibility and integrity of your software updates, and it can be managed with the mender-artifact tool.

However, for simple use cases like updating a single python application or configuration file across all the devices, working with the mender-artifact tool can become a bit tedious.

This is why Mender 2.3 introduces a new way to easily generate application-based updates, right from the Mender server web UI itself. You can simply upload the file you want to deploy (e.g. ui-app.py) and the Mender server will package it and make it available for deployment!

Upload python application

The screenshot above shows a python application file uploaded to the Mender server, you can choose where it should be deployed.

In this first version, single files can be packaged. However, as this feature is built around Update Modules, there will be server-support for many more types of updates in future versions; check out the other Update Modules enabling support for docker, directory and package managers. It is even possible to create custom Update Modules, to update any type of software with Mender.

Prebuilt binaries

The downloads section of the documentation is growing to cover more tools and architectures, so you do not have to compile them yourself.

Mender 2.3 introduces new prebuilt binaries for the following tools and target architectures:

  • Mender client: arm64 and amd64
  • mender-cli: Linux and MacOS

Yocto Project support

Mender 2.3 continues to support the warrior (2.7) Yocto Project release. Support for zeus (2.8) is in progress and will be added to a future release.

Server-side dependency updates

Mender 2.3 uses the new, official version of the MongoDB Golang driver and MongoDB 3.6, which improves general performance for database access. It also comes with ElasticSearch 6 to take advantage of new features and performance improvements.

Try Mender 2.3

The documentation has a new 2.3 section that includes all the necessary resources. To test the new features, start with these pages:

Support for your board

If you are getting started with OTA updates, or do not have time to integrate the Mender client with your board for robust A/B system updates, there are several resources available to you!

The Board Integrations category in Mender Hub is a community site to contribute, reuse and maintain Mender board integrations.

We are also happy to help with consulting services to enable verified Mender support for your board!

Share your feedback

We appreciate your general feedback on Mender, be it positive or need for improvement, in the Mender Hub General Discussions forum. Your continued feedback ensures Mender will meet your needs even better in the future!

If you believe you have encountered a bug, please submit your report at the Mender JIRA issue tracker.

We hope you enjoy the new features and are looking forward to hearing from you!

Recent articles

Driving secure innovation: ISO/SAE 21434 & UNECE compliance

Driving secure innovation: ISO/SAE 21434 & UNECE compliance

ISO/SAE 21434 and UNECE R155/R156 standards reshape cybersecurity in software-defined vehicles. Compliance with these frameworks is essential for protecting consumers, ensuring vehicle safety, and driving innovation in the automotive industry.
CVE-2024-46947 & CVE-2024-47190 - SSRF issues in Mender Enterprise Server

CVE-2024-46947 & CVE-2024-47190 - SSRF issues in Mender Enterprise Server

Recently discovered security vulnerabilities in Mender Server have been fixed.
CVE-2024-46948 - Missing filtering based on RBAC device groups

CVE-2024-46948 - Missing filtering based on RBAC device groups

A customer recently notified us of a security issue in Mender. For users of RBAC and device groups, one specific API did not filter devices correctly.
View more articles

Learn why leading companies choose Mender

Discover how Mender empowers both you and your customers with secure and reliable over-the-air updates for IoT devices. Focus on your product, and benefit from specialized OTA expertise and best practices.

 
sales-pipeline_295756365