Hands on Tutorial – Device Update for Azure IoT Hub Over the Air Updates with Pantavisor

The Pantacor team recently merged an update to the Device Update for IoT Hub repo allowing anyone to deploy containers over the air and to update IoT fleets at the intelligent edge. The Device Update for IoT Hub is based on the same reliable and secure technology created for Windows Software but is optimized for IoT devices. By combining Device Update (DU) with lightweight LXC containers on embedded Linux devices, release teams can now easily maintain and secure IoT device fleets across all architectures. 

“Device Update for IoT Hub supports a range of devices from the smallest sensors to your gateway class edge devices, including directly connected devices and those that are in complex topologies where they’re disconnected or nested on multiple levels. Now, thanks to the addition of the Pantavisor update handler for DU, our users benefit from end-to-end OTA deployments that bring LXC Linux container support to achieve modular and streamlined updates for both application containers and system firmware alike,” says Jeff Davis, Principal Group Program Manager, Microsoft. 

In this post, we’re going to show you how that works with a hands-on tutorial. We’ll show you how to prepare an update, export it and then apply it to your embedded Linux IoT devices through the Azure IoT Hub dashboard. 

Pantavisor – an embedded framework for building containerized Linux systems

Pantavisor turns the runtime on your embedded Linux IoT device into a set of containers. Any updates you push from the Device Update UI will result in a group of containers that can be added, updated, or removed. This includes the Device Update agent, which has also been containerized to be run on a Pantavisor-enabled device.

How Docker and Pantavisor work together 

The contents of each container are defined in the dockerfile.template file and built for arm32, arm64 and x64 architectures from GitLab CI with the help of container-ci. Containers on a Pantavisor enabled system are not natively run by Docker, but instead, Pantavisor offers a lightweight container engine to run them. The Dockerfile is only used to define the container root file system.

“We use Docker as our build environment for creating containers from source; however, we don’t use a docker-engine type of technology to run it. The reason for this is because Pantavisor is optimized to be universally applicable. This means you don’t want to limit the products by unnecessary high resource requirements. Also, we want to offer the ability to run your traditional root OS (which at a very high level usually is nothing but a set of middlewares, application runtimes, and management tools) in a container. Similarly, we want to allow all that currently have a monolithic firmware to also benefit from Pantavisor without having to rework their whole work first,” says Alexander Sack, Pantacor CTO

Before you begin

Prerequisites: 

Update your Pantavisor device from the Device Update for IoT Hub

To simplify this guide, a precompiled image with the DU client is provided. If you prefer, you can also set up a standard Pantavisor-enabled device first and then add the agent using the pvr2adu add-agent command.

  1. Set up Device Update in IoT Hub if you haven’t done that already.
  2. Download the image with the following:

    pvr2adu [options] download <arm-bpi-r64|arm-rpi64|x64-uefi> <connection-string> <manufacturer> <model>

    Where,

    options – can be help or verbose mode  -h or -v
    connection- string – A pre-provisioned connection string the device uses to connect to the IoT Hub.
    manufacturer – Reported by the device update agent as part of the ‘DeviceInformation` interface.
    model – Reported by the Device Update Agent as part of the DeviceInformation` interface.

See Device Update Configuration File – list of fields

For example, to download an arm-rpi64 compatible image, use the following:

pvr2adu download arm-rpi64 <your-connection-string-here> Fabrikam Toaster

  1. Next, flash the device storage with the downloaded image.
  2. Turn on the device and check that it successfully connected to DU IoT Hub.
  3. Clone the current running revision in your host computer with pvr cli.

    First, you will need to know your device IP. If your host computer is in the same network, you can use the PVR device scan command.

    After that, clone the revision into your computer with:

    pvr clone http://192.168.1.122:12368/cgi-bin/pvr my-checkout
  4. Make changes in the checkout. For example, we are going to install a new NGINX container from DockerHub.

    cd my-checkout
    pvr app add --from nginx:stable-alpine webserver
    pvr add .
    pvr commit

7. Convert the PVR checkout into ADU format with the pvr2adu script

pvr2adu -p Pantacor -n Toaster -m Fabrikam -d Toaster -v 1.1 -o out

8. Deploy the resulting manifest from the Device Update dashboard.  Below you can see how to upload the tar file to the device updater to complete the deployment. 

Note: For updates to this tutorial look to the GitLab source and Readme file.  

Final Thoughts

This tutorial demonstrated how to update containerized embedded Linux IoT devices through the Device Update dashboard.  With the support of containers and Pantavisor, you can now use DU IoT Hub to update your entire fleet regardless of the device architecture.  To learn more about how to manage firmware and software lifecycles for IoT reach out to us at sales@pantacor.com.