The Pantacor team recently merged an update to the Device Update for IoT Hub repo allowing anyone to deploy containers over the air and to update IoT fleets at the intelligent edge. The Device Update for IoT Hub is based on the same reliable and secure technology created for Windows Software but is optimized for IoT devices. By combining Device Update (DU) with lightweight LXC containers on embedded Linux devices, release teams can now easily maintain and secure IoT device fleets across all architectures.
“Device Update for IoT Hub supports a range of devices from the smallest sensors to your gateway class edge devices, including directly connected devices and those that are in complex topologies where they’re disconnected or nested on multiple levels. Now, thanks to the addition of the Pantavisor update handler for DU, our users benefit from end-to-end OTA deployments that bring LXC Linux container support to achieve modular and streamlined updates for both application containers and system firmware alike,” says Jeff Davis, Principal Group Program Manager, Microsoft.
In this post, we’re going to show you how that works with a hands-on tutorial. We’ll show you how to prepare an update, export it and then apply it to your embedded Linux IoT devices through the Azure IoT Hub dashboard.
Pantavisor – an embedded framework for building containerized Linux systems
Pantavisor turns the runtime on your embedded Linux IoT device into a set of containers. Any updates you push from the Device Update UI will result in a group of containers that can be added, updated, or removed. This includes the Device Update agent, which has also been containerized to be run on a Pantavisor-enabled device.
How Docker and Pantavisor work together
The contents of each container are defined in the dockerfile.template file and built for arm32, arm64 and x64 architectures from GitLab CI with the help of container-ci. Containers on a Pantavisor enabled system are not natively run by Docker, but instead, Pantavisor offers a lightweight container engine to run them. The Dockerfile is only used to define the container root file system.
“We use Docker as our build environment for creating containers from source; however, we don’t use a docker-engine type of technology to run it. The reason for this is because Pantavisor is optimized to be universally applicable. This means you don’t want to limit the products by unnecessary high resource requirements. Also, we want to offer the ability to run your traditional root OS (which at a very high level usually is nothing but a set of middlewares, application runtimes, and management tools) in a container. Similarly, we want to allow all that currently have a monolithic firmware to also benefit from Pantavisor without having to rework their whole work first,” says Alexander Sack, Pantacor CTO.
- Device Update service with PVControl content handler
- Delivery Optimization service: dependency of DU agent used to download the updates
- PVcontrol: used by the DU PVControl Handler that communicates with Pantavisor on the device
Before you begin
- Before you begin, create a Device Update account and instance, and configure access controls for it.
- PVR cli: used to interact with your device from your host computer
- pvr2adu: a script to download images and prepare images
Update your Pantavisor device from the Device Update for IoT Hub
To simplify this guide, a precompiled image with the DU client is provided. If you prefer, you can also set up a standard Pantavisor-enabled device first and then add the agent using the pvr2adu add-agent command.
- Set up Device Update in IoT Hub if you haven’t done that already.
- Download the image with the following:
pvr2adu [options] download <arm-bpi-r64|arm-rpi64|x64-uefi> <connection-string> <manufacturer> <model>
options– can be help or verbose mode -h or -v
connection- string– A pre-provisioned connection string the device uses to connect to the IoT Hub.
manufacturer– Reported by the device update agent as part of the ‘DeviceInformation` interface.
model– Reported by the Device Update Agent as part of the DeviceInformation` interface.
See Device Update Configuration File – list of fields
For example, to download an arm-rpi64 compatible image, use the following:
pvr2adu download arm-rpi64 <your-connection-string-here> Fabrikam Toaster
- Next, flash the device storage with the downloaded image.
- Turn on the device and check that it successfully connected to DU IoT Hub.
- Clone the current running revision in your host computer with pvr cli.
First, you will need to know your device IP. If your host computer is in the same network, you can use the PVR device scan command.
After that, clone the revision into your computer with:
pvr clone http://192.168.1.122:12368/cgi-bin/pvr my-checkout
- Make changes in the checkout. For example, we are going to install a new NGINX container from DockerHub.
pvr app add --from nginx:stable-alpine webserver
pvr add .
7. Convert the PVR checkout into ADU format with the pvr2adu script
pvr2adu -p Pantacor -n Toaster -m Fabrikam -d Toaster -v 1.1 -o out
8. Deploy the resulting manifest from the Device Update dashboard. Below you can see how to upload the tar file to the device updater to complete the deployment.
Note: For updates to this tutorial look to the GitLab source and Readme file.
This tutorial demonstrated how to update containerized embedded Linux IoT devices through the Device Update dashboard. With the support of containers and Pantavisor, you can now use DU IoT Hub to update your entire fleet regardless of the device architecture. To learn more about how to manage firmware and software lifecycles for IoT reach out to us at email@example.com.