Suricatta daemon mode
Introduction
Suricatta is – like mongoose – a daemon mode of SWUpdate, hence the name suricatta (engl. meerkat) as it belongs to the mongoose family.
Suricatta regularly polls a remote server for updates, downloads, and
installs them. Thereafter, it reboots the system and reports the update
status to the server, based on an update state variable currently stored
in bootloader’s environment ensuring persistent storage across reboots. Some
U-Boot script logics or U-Boot’s bootcount feature may be utilized
to alter this update state variable, e.g., by setting it to reflect
failure in case booting the newly flashed root file system has failed
and a switchback had to be performed.
Suricatta is designed to be extensible in terms of the servers supported as described in Section The Suricatta Interface. Currently, support for the hawkBit server is implemented via the hawkBit Direct Device Integration API alongside a simple general purpose HTTP server. The support for suricatta modules written in Lua is not a particular server support implementation but rather an option for writing such in Lua instead of C.
Running suricatta
After having configured and compiled SWUpdate with enabled suricatta support for hawkBit,
./swupdate --help
lists the mandatory and optional arguments to be provided to suricatta when using hawkBit as server. As an example,
./swupdate -l 5 -u '-t default -u http://10.0.0.2:8080 -i 25'
runs SWUpdate in suricatta daemon mode with log-level TRACE, polling
a hawkBit instance at http://10.0.0.2:8080 with tenant default
and device ID 25.
If multiple server support is compiled in, the -S / --server
option or a server entry in the configuration file’s [suricatta]
section selects the one to use at run-time. For convenience, when having
support for just one server compiled-in, this is chosen automatically.
Note that on startup when having installed an update, suricatta tries to report the update status to its upstream server, e.g., hawkBit, prior to entering the main loop awaiting further updates. If this initial report fails, e.g., because of a not (yet) configured network or a currently unavailable hawkBit server, SWUpdate may exit with an according error code. This behavior allows one to, for example, try several upstream servers sequentially. If suricatta should keep retrying until the update status is reported to its upstream server irrespective of the error conditions, this has to be realized externally in terms of restarting SWUpdate on exit.
After an update has been performed, an agent listening on the progress
interface may execute post-update actions, e.g., a reboot, on receiving
DONE.
Additionally, a post-update command specified in the configuration file or
given by the -p command line option can be executed.
Note that at least a restart of SWUpdate has to be performed as post-update action since only then suricatta tries to report the update status to its upstream server. Otherwise, succinct update actions announced by the upstream server are skipped with an according message until a restart of SWUpdate has happened in order to not install the same update again.
The Suricatta Interface
Support for servers other than hawkBit or the general purpose HTTP server can be
realized by implementing the “interfaces” described in include/channel.h and
include/suricatta/server.h, the latter either in C or in Lua.
The channel interface abstracts a particular connection to the server, e.g.,
HTTP-based in case of hawkBit. The server interface defines the logics to poll
and install updates. See corelib/channel_curl.c / include/channel_curl.h
and suricatta/server_hawkbit.{c,h} for an example implementation in C targeted
towards hawkBit.
include/channel.h describes the functionality a channel
has to implement:
typedef struct channel channel_t;
struct channel {
...
};
channel_t *channel_new(void);
which sets up and returns a channel_t struct with pointers to
functions for opening, closing, fetching, and sending data over
the channel.
include/suricatta/server.h describes the functionality a server has
to implement:
typedef struct {
server_op_res_t has_pending_action(int *action_id);
server_op_res_t install_update(void);
server_op_res_t send_target_data(void);
unsigned int get_polling_interval(void);
server_op_res_t start(const char *cfgfname, int argc, char *argv[]);
server_op_res_t stop(void);
server_op_res_t ipc(int fd);
void (*help)(void);
} server_t;
These functions constituting a particular suricatta server implementation
have to be registered for being selectable at run-time by calling
register_server() (see include/suricatta/server.h) with
a name and a server_t struct pointer implemented in a
__attribute__((constructor)) marked function, see
suricatta/server_hawkbit.c as example.
The type server_op_res_t is defined in include/suricatta/suricatta.h.
It represents the valid function return codes for a server’s implementation.
In addition to implementing the particular channel and server, the
suricatta/Config.in file has to be adapted to include a new option
so that the new implementation becomes selectable in SWUpdate’s
configuration. In the simplest case, adding an option like the following
one for hawkBit into the menu "Server" section is sufficient.
config SURICATTA_HAWKBIT
bool "hawkBit support"
default y
select JSON
help
Support for hawkBit server.
https://projects.eclipse.org/projects/iot.hawkbit
Having included the new server implementation into the configuration,
edit suricatta/Makefile to specify the implementation’s linkage into
the SWUpdate binary, e.g., for the hawkBit example implementation, the
following lines add server_hawkbit.o to the resulting SWUpdate binary
if SURICATTA_HAWKBIT was selected while configuring SWUpdate.
ifneq ($(CONFIG_SURICATTA_HAWKBIT),)
obj-$(CONFIG_SURICATTA) += server_hawkbit.o
endif
Support for wfx
The wfx server is supported by the Lua Suricatta module
suricatta/server_wfx.lua (cf. Section Support for Suricatta Modules in Lua).
Specifically, it implements a binding to the Device Artifact Update (DAU) workflow
family.
If enabled via CONFIG_SURICATTA_WFX, the wfx Lua Suricatta module is embedded
into the SWUpdate binary so that no extra deployment steps are required. Note that
this is purely a convenience shortcut for the installation of a Lua Suricatta module
as described in Support for Suricatta Modules in Lua.
Job Definition
As being a general purpose workflow executor, wfx doesn’t impose a particular job definition nor schema, except that it’s in JSON format. Instead, the job definition is a contract between the operator creating jobs, each possibly following a different workflow, and the client(s) executing those jobs in lock-step with the wfx.
The wfx Lua Suricatta module understands job definitions as in the following
example (see job.definition.json_schema in suricatta/server_wfx.lua):
{
"version": "1.0",
"type": ["firmware", "dummy"],
"artifacts": [
{
"name": "Example Device Firmware Artifact",
"version": "1.1",
"uri": "http://localhost:8080/download/example_artifact.swu"
}
]
}
The type list field allows to label update jobs. Labels are sent :-concatenated
to the progress interface on Update Activation. The only predefined label firmware
instructs the wfx Lua Suricatta module to record an installed update to the bootloader
environment (see Bootloader Interface).
Within the artifacts list, only the uri field is strictly required for each artifact
while the fields name and version are used for informational purposes, if provided.
Further fields, including top-level fields, are ignored on purpose and may be freely used,
e.g., to enrich the job definition with metadata for update management.
Since wfx is not concerned with the job definition except for conveying it to the
client (i.e. SWUpdate), it can be adapted to specific needs by feeding a different
job definition into the wfx on job creation and adapting the verification and job
handling methods in the wfx Lua Suricatta module’s job.definition = {...} Table.
Workflows
The two Device Artifact Update (DAU) workflows wfx.workflow.dau.direct and
wfx.workflow.dau.phased are supported by the wfx Lua Suricatta module.
Hint: Use wfx’s wfx-viewer command line tool to visualize the YAML
workflows in SVG or PlantUML format.
For each transition in a workflow for which the eligible field contains
CLIENT, e.g.,
transitions:
- from: <FROM_STATE>
to: <TO_STATE>
eligible: CLIENT
there has to be a matching transition execution function defined in the wfx Lua
Suricatta module. It executes the client actions to go from state <FROM_STATE>
to state <TO_STATE> and finally sends the new job status to the wfx, updating it:
job.workflow.dispatch:set(
"<FROM_STATE>",
"<TO_STATE>",
--- @param self job.workflow.transition
--- @param job job
--- @return transition.result
function(self, job)
if not job.status
:set({
state = self.to.name, -- resolves to `<TO_STATE>`
message = ("[%s] <TO_STATE> reached"):format(self.to.name),
progress = 100,
})
:send() then
-- Do not try to execute further transitions, yield to wfx.
return transition.result.FAIL_YIELD
end
return transition.result.COMPLETED
end
)
See suricatta/server_wfx.lua for examples of such transition execution functions.
New or adapted workflows are supported by appropriately defining/modifying the
transition execution functions in suricatta/server_wfx.lua – or taking it as
inspiration and creating a new wfx Lua Suricatta module as described in Support
for Suricatta Modules in Lua.
Update Activation
The Device Artifact Update (DAU) workflows offer a dedicated activation step in the update steps sequence to decouple artifact installation and activation times so to not, e.g., upon a power-cut, prematurely test-boot into the new firmware after installation until the activation is actually due.
When the activation step is executed, the wfx Lua Suricatta module sends a progress
message (see Getting information on running update) upon which a progress client executes or schedules
activation measures. For example, the following JSON is sent as the progress
message’s .info field on activation of the Job Definition example given above:
{
"state": "ACTIVATING",
"progress": 100,
"message": "firmware:dummy"
}
The progress message’s .status is PROGRESS, see tools/swupdate-progress.c
for details on how a progress client can be implemented.
Note: The activation message may be sent multiple times if the update activation is pending, namely on each wfx poll operation and if a new update job is enqueued while the current one is not activated.
Because of the (predefined) firmware label present, the progress client should
initiate or schedule a reboot of the device in order to test-boot the new firmware.
Also because of the firmware label present, the wfx Lua Suricatta module records
the installed update to the bootloader environment. If this label was missing, no such
recording would’ve been made which is suitable for, e.g., configuration or
application updates.
In order for the this mechanism to work, SWUpdate must not record the update to the bootloader environment after it has installed it or, in case of configuration or application updates, must not touch the bootloader environment at all (see the Sections Update Transaction and Status Marker and bootloader in SWUpdate: syntax and tags with the default parser).
Hence, for firmware updates requiring a test-boot into the new firmware, the
following properties should be set in the .swu file’s sw-description:
software =
{
bootloader_transaction_marker = true;
bootloader_state_marker = false;
...
For configuration or application updates, the following properties apply:
software =
{
bootloader_transaction_marker = false;
bootloader_state_marker = false;
...
Support for general purpose HTTP server
This is a very simple backend that uses standard HTTP response codes to signal if
an update is available. There are closed source backends implementing this interface,
but because the interface is very simple interface, this server type is also suitable
for implementing an own backend server. For inspiration, there’s a simple (mock)
server implementation available in examples/suricatta/server_general.py.
The API consists of a GET with Query parameters to inform the server about the installed version. The query string has the format:
http(s)://<base URL>?param1=val1¶m2=value2...
As examples for parameters, the device can send its serial number, MAC address and the running version of the software. It is duty of the backend to interpret this - SWUpdate just takes them from the “identify” section of the configuration file and encodes the URL.
The server answers with the following return codes:
HTTP Code |
Text |
Description |
|---|---|---|
302 |
Found |
A new software is available at URL in the Location header |
400 |
Bad Request |
Some query parameters are missing or in wrong format |
403 |
Forbidden |
Client certificate not valid |
404 |
Not found |
No update is available for this device |
503 |
Unavailable |
An update is available but server can’t handle another update process now. |
Server’s answer can contain the following headers:
Header’s name |
Codes |
Description |
|---|---|---|
Retry-after |
503 |
Contains a number which tells the device how long to wait until ask the next time for updates. (Seconds) |
Content-MD5 |
302 |
Contains the checksum of the update file which is available under the url of location header |
Location |
302 |
URL where the update file can be downloaded. |
The device can send logging data to the server. Any information is transmitted in a HTTP PUT request with the data as plain string in the message body. The Content-Type Header need to be set to text/plain.
The URL for the logging can be set as separate URL in the configuration file or via –logurl command line parameter:
The device sends data in a CSV format (Comma Separated Values). The format is:
value1,value2,...
The format can be specified in the configuration file. A format For each event can be set. The supported events are:
Event |
Description |
|
|---|---|---|
check |
dummy. It could send an event each time the server is polled. |
|
started |
A new software is found and SWUpdate starts to install it |
|
success |
A new software was successfully installed |
|
fail |
Failure by installing the new software |
|
The general server has an own section inside the configuration file. As example:
gservice =
{
url = ....;
logurl = ;
logevent : (
{event = "check"; format="#2,date,fw,hw,sp"},
{event = "started"; format="#12,date,fw,hw,sp"},
{event = "success"; format="#13,date,fw,hw,sp"},
{event = "fail"; format="#14,date,fw,hw,sp"}
);
}
date is a special field and it is interpreted as localtime in RFC 2822 format. Each Comma Separated field is looked up inside the identify section in the configuration file, and if a match is found the substitution occurs. In case of no match, the field is sent as it is. For example, if the identify section has the following values:
identify : (
{ name = "sp"; value = "333"; },
{ name = "hw"; value = "ipse"; },
{ name = "fw"; value = "1.0"; }
);
with the events set as above, the formatted text in case of “success” will be:
Formatted log: #13,Mon, 17 Sep 2018 10:55:18 CEST,1.0,ipse,333
Support for Suricatta Modules in Lua
The server_lua.c C-to-Lua bridge enables writing suricatta modules in Lua. It
provides the infrastructure in terms of the interface to SWUpdate “core” to the Lua
realm, enabling the “business logic” such as handling update flows and communicating
with backend server APIs to be modeled in Lua. To the Lua realm, the server_lua.c
C-to-Lua bridge provides the same functionality as the other suricatta modules
written in C have, realizing a separation of means and control. Effectively, it lifts
the interface outlined in Section The Suricatta Interface to the Lua realm.
As an example server implementation, see examples/suricatta/server_general.py for
a simple (mock) server of a backend that’s modeled after the “General Purpose HTTP
Server” (cf. Section Support for general purpose HTTP server). The matching Lua
suricatta module is found in examples/suricatta/swupdate_suricatta.lua. Place it in
Lua’s path so that a require("swupdate_suricatta") can load it or embed it into the
SWUpdate binary by enabling CONFIG_EMBEDDED_SURICATTA_LUA and setting
CONFIG_EMBEDDED_SURICATTA_LUA_SOURCE accordingly.
The interface specification in terms of a Lua (suricatta) module is found in
suricatta/suricatta.lua.
suricatta
The suricatta table is the module’s main table housing the exposed functions and
definitions via the sub-tables described below.
In addition, the main functions suricatta.install() and suricatta.download()
as well as the convenience functions suricatta.getversion(), suricatta.sleep(),
and suricatta.get_tmpdir() are exposed:
The function suricatta.install(install_channel) installs an update artifact from
a remote server or a local file. The install_channel table parameter designates
the channel to be used for accessing the artifact plus channel options diverging
from the defaults set at channel creation time. For example, an install_channel
table may look like this:
{ channel = chn, url = "https://artifacts.io/update.swu" }
where chn is the return value of a call to channel.open(). The other table
attributes, like url in this example, are channel options diverging from or
omitted while channel creation time, see suricatta.channel. For installing
a local file, an install_channel table may look like this:
{ channel = chn, url = "file:///path/to/file.swu" }
The function suricatta.download(download_channel, localpath) just downloads an
update artifact. The parameter download_channel is as for suricatta.install().
The parameter localpath designates the output path for the artifact. The
suricatta.get_tmpdir() function (see below) is in particular useful for this case
to supply a temporary download location as localpath. A just downloaded artifact
may be installed later using suricata.install() with an appropriate file://
URL, realizing a deferred installation.
Both, suricatta.install() and suricatta.download() return true, or, in
case of error, nil, a suricatta.status value, and a table with messages in
case of errors, else an empty table.
The function suricatta.getversion() returns a table with SWUpdate’s version
and patchlevel fields. This information can be used to determine API
(in-)compatibility of the Lua suricatta module with the SWUpdate version running it.
The function suricatta.sleep(seconds) is a wrapper around SLEEP(3) for, e.g.,
implementing a REST API call retry mechanism after a number of given seconds have
elapsed.
The function suricatta.get_tmpdir() returns the path to SWUpdate’s temporary
working directory where, e.g., the suricatta.download() function may place the
downloaded artifacts.
suricatta.status
The suricatta.status table exposes the server_op_res_t enum values defined in
include/util.h to the Lua realm.
suricatta.notify
The suricatta.notify table provides the usual logging functions to the Lua
suricatta module matching their uppercase-named pendants available in the C realm.
One notable exception is suricatta.notify.progress(message) which dispatches the
message to the progress interface (see Getting information on running update). Custom progress client
implementations listening and acting on custom progress messages can be realized
using this function.
All notify functions return nil.
suricatta.pstate
The suricatta.pstate table provides a binding to SWUpdate’s (persistent) state
handling functions defined in include/state.h, however, limited to the bootloader
environment variable STATE_KEY defined by CONFIG_UPDATE_STATE_BOOTLOADER and
defaulting to ustate. In addition, it captures the update_state_t enum values.
The function suricatta.pstate.save(state) requires one of suricatta.pstate’s
“enum” values as parameter and returns true, or, in case of error, nil.
The function suricatta.pstate.get() returns one of suricatta.pstate’s
“enum” values or, in case of error, STATE_ERROR.
suricatta.server
The suricatta.server table provides the sole function
suricatta.server.register(function_p, purpose). It registers a Lua function
“pointed” to by function_p for the purpose purpose which is defined by
suricatta.server’s “enum” values. Those enum values correspond to the functions
defined in the interface outlined in the Section on The Suricatta Interface.
In addition to these functions, the two callback functions CALLBACK_PROGRESS and
CALLBACK_CHECK_CANCEL can be registered optionally: The former can be used to upload
progress information to the server while the latter serves as dwlwrdata function
(see include/channel_curl.h) to decide on whether an installation should be aborted
while the download phase.
For details on the (callback) functions and their signatures, see the interface
specification suricatta/suricatta.lua and the documented example Lua suricatta
module found in examples/suricatta/swupdate_suricatta.lua.
The suricatta.server.register() function returns true, or, in case of error,
nil.
suricatta.channel
The suricatta.channel table captures channel handling for suricatta Lua modules.
The single function suricatta.channel.open(options) creates and opens a channel
to a server. Its single parameter options is a table specifying the channel’s
default options such as proxy, retries, usessl, strictssl, or
headers_to_send. For convenience, options that may change per request such as
url, content-type, or headers_to_send may be set as defaults on channel
creation time while being selectively overruled on a per request basis. The channel
options currently supported to be set are listed in the suricatta.channel.options
table. In essence, the options parameter table is the Lua table equivalent of
include/channel_curl.h’s channel_data_t.
The suricatta.channel.open(options) function returns a channel table which is
either passed to the suricatta.install() and suricatta.download() functions
or used directly for communication with a server. More specifically, it has the three
functions
get(options)for retrieving information from the server,put(options)for sending information to the server, andclose()for closing the channel.
The get() and put() functions’ single parameter options is a per-request
channel option table as described above.
The functions get() and put() return true, or, in case of error, nil,
a suricatta.status value, and an operation result table.
The latter contains the fields:
http_response_codecarrying the HTTP error code,formatas one ofsuricatta.channel.content’s options,raw_replyifoptionscontainedformat = suricatta.channel.content.RAW,json_replyifoptionscontainedformat = suricatta.channel.content.JSON, andthe HTTP headers received in the
received_headerstable, if any.
The suricatta.channel.content “enum” table defines the “format”, i.e., the response
body content type and whether to parse it or not:
NONEmeans the response body is discarded.RAWmeans the raw server’s reply is available asraw_reply.JSONmeans the server’s JSON reply is parsed into a Lua table and available asjson_reply.
The suricatta.channel.method “enum” table defines the HTTP method to use for
a request issued with the put(options) function, i.e., POST, PATCH, or PUT as
specified in the options parameter table via the method attribute.
In addition to the HTTP method, the request body’s content is set with the
request_body attribute in the options parameter table.
As a contrived example, consider the following call to a channel’s put() function
...
local res, _, data = channel.put({
url = string.format("%s/%s", base_url, device_id),
content_type = "application/json",
method = suricatta.channel.method.PATCH,
format = suricatta.channel.content.NONE,
request_body = "{ ... }"
})
...
that issues a HTTP PATCH to some URL with a JSON content without having interest in the response body.
More examples of how to use a channel can be found in the example suricatta Lua
module examples/suricatta/swupdate_suricatta.lua.
suricatta.bootloader
The suricatta.bootloader table exposes SWUpdate’s bootloader environment
modification functions to suricatta Lua modules.
The enum-like table suricatta.bootloader.bootloaders holds the bootloaders
SWUpdate supports, i.e.
suricatta.bootloader.bootloaders = { EBG = "ebg", NONE = "none", GRUB = "grub", UBOOT = "uboot", },
The function suricatta.bootloader.get() returns the currently selected
bootloader in terms of a suricatta.bootloader.bootloaders field value.
The function suricatta.bootloader.is(name) takes one of
suricatta.bootloader.bootloaders’s field values as name and returns
true if it is the currently selected bootloader, false otherwise.
The functions in the suricatta.bootloader.env table interact with the
currently selected bootloader’s environment:
The function suricatta.bootloader.env.get(variable) retrieves the value
associated to variable from the bootloader’s environment.
The function suricatta.bootloader.env.set(variable, value) sets the
bootloader environment’s key variable to value.
The function suricatta.bootloader.env.unset(variable) deletes the bootloader
environment’s key variable.
The function suricatta.bootloader.env.apply(filename) applies
all key=value lines of a local file filename to the currently selected
bootloader’s environment.