35 Commits

Author SHA1 Message Date
20k-ultra
aad5a9efc5 Use locks before shutdown/reboot instead of stopping containers
Closes: #1940
Change-type: patch
Signed-off-by: 20k-ultra <3946250+20k-ultra@users.noreply.github.com>
2022-06-02 00:31:42 -04:00
Felipe Lalanne
8bf8792583 Only uninstall 'fleet' apps when localMode is set
Local mode is still a device level config. Eventually it will become a
property of an app, but for now, we don't want the supervisor trying to
uninstall supervisor or host app when local mode is set
2022-03-22 19:28:43 -03:00
Felipe Lalanne
7425d1110b Add support for GET v3 target state
This change updates types and database format in order to allow
receiving the new format of the target state from the cloud and allow
applications to keep working.

This change also updates metadata in the containers, meaning services
will need to be restarted on supervisor update

Change-type: major
2022-03-22 19:08:02 -03:00
Felipe Lalanne
9c6e5ee11f Remove apps.json after initial preload
This avoids the supervisor trying to get back to the preloaded target
state if the database is deleted by any reason. It does this by moving the
used apps.json to a backup location.

Change-type: patch
Depends-on: #1841
2021-12-13 20:11:42 +00:00
Felipe Lalanne
f1bd4b8d9b Use tags to track supervised images in docker
The image manager module now uses tags instead of docker IDs as the main
way to identify docker images on the engine. That is, if the target
state image has a name `imageName:tag@digest`, the supervisor will always use
the given `imageName` and `tag` (which may be empty) to tag the image on
the engine after fetching. This PR also adds checkups to ensure
consistency is maintained between the database and the engine.

Using tags allows to simplify query and removal operations, since now
removing the image now means removing tags matching the image name.

Before this change the supervisor relied only on information in the
supervisor database, and used that to remove images by docker ID. However, the docker
id is not a reliable identifier, since images retain the same id between
releases or between services in the same release.

List of squashed commits
- Remove custom type NormalizedImageInfo
- Remove dependency on docker-toolbelt
- Use tags to traack supervised images in docker
- Ensure tag removal occurs in sequence
- Only save database image after download confirmed

Relates-to: #1616 #1579
Change-type: patch
2021-07-26 09:52:25 -04:00
Christina Wang
17e740a4ba
Allow users to override HUP lock if device is stuck in invalid state
This functionality is needed when breadcrumbs aren't deleted after a HUP
rollback for whatever reason. Also rename HUP lock function.

Change-type: patch
Connects-to: #1459
Signed-off-by: Christina Wang <christina@balena.io>
2021-07-08 12:43:32 +09:00
Christina Wang
a9028e58ec
Prevent updates/reboots with locks when HUP breadcrumbs present
On HUP, some healthceck services need to complete before
it's safe for the Supervisor to reboot the device when
applying state changes. rollback-{health|altboot}-breadcrumb
are the two files that Supervisor looks for and locks the device
on when present in this patch.

Not closing issue 1459 because there is a possible case where,
on altboot rollback, the breadcrumbs are not present. 1459
may be closed when this edge case is investigated.

Change-type: patch
Connects-to: #1459
See: https://www.flowdock.com/app/rulemotion/r-supervisor/threads/cL7YfNOLSfTPfw05h59GEW0kfOt
Signed-off-by: Christina Wang <christina@balena.io>
2021-06-30 13:27:03 +09:00
Pagan Gazzard
ee4d919fca Improve target state typings
Change-type: patch
2021-06-08 13:45:44 +01:00
Christina Wang
ea3e50e96e
Create & unify src/device-state/current-state tests
Signed-off-by: Christina Wang <christina@balena.io>
2021-05-12 18:33:01 +09:00
Christina Wang
62375c907f
Upgrade mocha to v8, use mocha fixtures for chai plugins
Remove chai-events and add explicit chai devDependency

Change-type: patch
Signed-off-by: Christina Wang <christina@balena.io>
2021-05-12 17:10:57 +09:00
Christina Wang
4a2ac557ef
Remove mz, mkdirp, body-parser dependencies
'mz' can be safely replaced with fs.promises
and util.promisify for faster native methods.
'mkdirp' after Node v8 uses native fs.mkdir, thus
is redundant. 'body-parser' is deprecated and
contained within express v4.x.

Closes: #1567
Change-type: patch
Signed-off-by: Christina Wang <christina@balena.io>
2021-04-28 07:20:15 +09:00
Rich Bayliss
c08de8701e api: Implement scoped Supervisor API keys
Each service, when requesting access to the Supervisor API, will
now get an individual key which can be scoped to specific resources.
In this iteration the default scope will be to the application that
the service belongs to.

We also have a `global` scope which is used by the cloud API when in
managed mode.

Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
2020-09-17 11:25:56 +00:00
Rich Bayliss
96c68166a1
application-manager: Convert to a singleton
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-09-14 11:23:36 +01:00
Rich Bayliss
e3864915bc
device-state: Convert to a singleton
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-09-14 09:31:12 +01:00
Miguel Casqueira
ff404456b3 Refactor configurable backend class names
Change-type: patch
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-08-12 14:29:58 -04:00
Matthew McGinn
15c57a86b4
fix up "atleast" -> "at least"
Change-type: patch
Signed-off-by: Matthew McGinn <matthew@balena.io>
2020-07-29 11:55:22 -04:00
Cameron Diver
5337c0102c Convert deviceConfig module to a singleton
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-07-08 12:05:09 +01:00
Cameron Diver
03ca0ee9ad
avahi: Control with HOST_DISCOVERABILITY
The host config variable HOST_DISCOVERABILITY can be set to
true or false, controlling the state of the avahi service. This
determines if the device advertises it's presence over mDNS.

Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
Signed-off-by: Rich Bayliss <rich@balena.io>
2020-07-06 13:02:29 +01:00
Rich Bayliss
28c5a44e71
firewall: Add Host Firewall functionality
Controlled by BALENA_HOST_FIREWALL_MODE, the firewall can
either be 'on' or 'off'.

- In the 'off' state, all traffic is allowed.
- In the 'on' state, only traffic for the core services provided
  by Balena is allowed.

Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
2020-07-01 18:43:08 +01:00
Miguel Casqueira
3098abeca5 Refactor backends into seperate files and added tests for extlinux
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-06-23 15:56:10 -04:00
Cameron Diver
b31d5007fb Move database app processing out to its own module
This is part of the work to make the application-manager module much
less monolithic, in preperation for system apps and more generally
multi-app.

Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-06-11 11:55:11 +01:00
Cameron Diver
2b3dc2fbce Make images module a singleton
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-06-10 11:29:28 +01:00
Cameron Diver
651e48b1bd Make logger module a singleton
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-06-08 17:19:20 +01:00
Cameron Diver
389e14ec6b Make the event-tracker module a singleton
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-06-08 10:13:33 +01:00
Cameron Diver
aad20e2c2f Make docker module a singleton
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-06-02 17:57:18 +01:00
Cameron Diver
ff4a31a0e6 Make the config module a singleton
Change-type: patch
Co-authored-by: Pagan Gazzard <page@balena.io>
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-06-02 14:29:05 +01:00
Miguel Casqueira
5550a3a330 Refactor device-state healthchecks to log reason for failure
Closes: #1292
Change-type: minor
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-05-29 16:24:01 -04:00
Cameron Diver
1d7381327e Make the db module a singleton
We were treating the database class as a singleton, but still having to pass
around the db instance. Now we can simply require the db module and have
access to the database handle.

Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-05-29 15:02:38 +01:00
Pagan Gazzard
758f3caa48 Update to @balena/lint 5.x
Change-type: patch
2020-05-15 12:08:42 +01:00
Cameron Diver
c9c0e650cb Support matching on device type within contracts
Closes: #1191
Change-type: minor
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-04-09 10:45:07 +01:00
Pagan Gazzard
a2ec35456b Convert application-manager.coffee to javascript
Change-type: patch
2020-04-08 12:15:06 +01:00
Pagan Gazzard
7e6d32516d Tests: Add missing await
Change-type: patch
2020-03-23 19:02:17 +00:00
Cameron Diver
c21da8f3db
Convert device-state module to typescript
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-02-25 14:50:21 +07:00
Cameron Diver
09a8231fde
Extract loadTargetFromFile function to preload module
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2019-11-07 09:47:19 +00:00
Cameron Diver
b5a427f2b9
Convert some coffeescript tests to typescript
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2019-10-30 10:58:32 +00:00