lucaong

lucaong

Best way to pull new firmware OTA into remote devices

Hi there :slight_smile:
I was wondering, what Nerves experts would suggest as a solution for OTA firmware updates to a fleet of remote devices. Of course there is nerves_firmware_ssh (and nerves_firmware_http), but it assumes one can SSH (or HTTP PUT) to the device, which means the device needs to have a known address. That’s easy on local networks, but harder when the device is deployed remotely on other networks.

What I think the best way would be, is deploying a release server and letting all the devices check periodically for updates, securely downloading them, and then updating themselves. This seems the most reasonable option to me, but I didn’t find a package for pulling a new firmware (only pushing it via SSH or HTTP). I can write something like that, but I wanted to ask before I re-invent the wheel.

What’s your opinion?

Most Liked

fhunleth

fhunleth

Co-author of Nerves

Thanks for pinging us on NervesHub. It’s technically private beta right now and we have a couple companies regularly using it in production. At the moment, our focus is on improving device authentication and first-time device registration. That has turned out to be more work than expected so we have been quieter on announcing progress. I expect that we’ll have something working fairly well by end-of-year, but with very rough docs.

If you’re building custom hardware right now and anticipate using NervesHub, I’d add an ATECC508A (~60-70 cent adder) to your board. That chip securely stores the private key used for authentication and locks down a couple other important pieces of device information in one-time-programmable memory. The chip can also be used with Amazon IoT, etc., so you’re not locked into NervesHub.

fhunleth

fhunleth

Co-author of Nerves

Hey - I somehow missed these, so sorry for the late replies.

Here’s the status of NervesHub:

  1. It’s currently in production use by several companies and has been working really well for the past year. There are details since we don’t have all of the features that all of us want for large numbers of devices, but it is possible to work around.
  2. The main programmatic APIs to NervesHub are pretty stable, but we’ve made some large changes to the UI this summer and we plan a few more large ones to improve usability.
  3. Our docs are slowly getting better at https://docs.nerves-hub.org/.
  4. We recently added some opt-in operational support features - like remote login. I.e., click on the device and get an IEx prompt on it.
  5. Work to support billing is in progress. This won’t affect low volume hobbyist/maker use. We have funding to support that use case. This is intended for companies who would prefer to not run their own instance of NervesHub so that we can sustain the service.

One could say that NervesHub is public already - every line of code used by it is open-source. It’s a fairly large Apache 2-licensed Phoenix/LiveView project. Our hosted NervesHub lets anyone register an account (albeit via using mix commands rather than via the web UI). The plan is still to remove the “beta” tag and make our hosted NervesHub look public.

I’d say that if you want to use NervesHub for a commercial device and are comfortable with Elixir tooling that there’s no reason to wait. If your deployment has special needs from the firmware update server that aren’t supported, please check with us. Our hosted NervesHub enforces quotas to keep our costs in line. We’ve been bumping quotas pretty liberally for those who have asked, and once billing is available, you’ll not have to talk with us.

If you’re at a company that is uncomfortable using our hosted NervesHub for firmware updates (no offense taken - my company is one of these), you can setup NervesHub on your own AWS servers. I’m not an AWS person and this doesn’t seem easy to me, but I’m told that if you’re familiar with AWS that it’s ok. We still need to add how to do this to our docs.

Finally, with regard to the security question and SSL settings, both Justin Schneck and I talk with voltone periodically regarding security. I’m sure that we can do better and we’re due for another review. Please DM us or email support@nerves-hub.com, or if it’s proactive/best practice kind of thing, then PRs/GitHub issues would be most appreciated.

omar

omar

We are currently working on additional documentation for this. You can find the PR here: Add docs for first time setup by Mrjaco12 · Pull Request #6 · nerves-hub/documentation · GitHub

Where Next?

Popular in Questions Top

aadeshere1
I have a another noob question about loop. Since elixir is immutable, while loop is not directly possible. total = 10 while total != 0 ...
New
Darmani72
If I have a post route which an argument: post /my_post_route/:my_param1, MyController.my_post_handler How would get the post params ...
New
Emily
I have VueJS GUIs with the project generated using Webpack. I have Elixir modules that will need to be used by the VueJS GUIs. I forese...
New
johnnyicon
Hi all, I’ve just started learning Elixir and Phoenix Framework, so please pardon my n00bness at this stage. I’m trying to use Postgres...
New
vac
Hi, I’m quite new in Elixir and I’m trying to format a string to a PEM format. I have the certificate value like MIIDBTCCAe2...... and I...
New
stefanluptak
Hello everybody, usually, I use a 29" ultra-wide monitor for VSCode which can easily accomodate explorer (files panel) + file with code ...
New
vrod
I am using the Starship cross-shell prompt – it seems pretty nice, but I get some errors: [WARN] - (starship::utils): Executing command ...
New
ashish173
I am using Ecto timestamps with postgres, I can see the timestamps() use the :naive_dateime but for my use case I wanted to store the ti...
New
vegabook
I’m brand new to Phoenix and I have stripped one of the demo applications to the bone. I just want to get an svg up on the screen. Here i...
New
svb
Hi! Currently I want to submit a form by pressing the Enter key. However, since my input field is of type “textarea” this is just adds a...
New

Other popular topics Top

vertexbuffer
Hello, can anybody help here..? I have a list of players and I what to delete an element, but every for loop the list is reverting to ori...
New
sen
Hi All, I set a environment variables in dev.exs , like below code. when i start server, how can i set the ${enable} value? thanks. d...
New
gshaw
What is the idiomatic way of matching for not nil in Elixir? E.g., First way: defp halt_if_not_signed_in(conn, signed_in_account) when...
New
Patoshizzle
After calling mix ecto.create I get this error: 17:00:32.162 [error] GenServer #PID<0.412.0> terminating ** (Postgrex.Error) FATAL...
New
minhajuddin
I have seen a lot of code which picks the first element from a list using Enum.at(0) instead of List.first. Is there a reason why people ...
New
fireproofsocks
Forgive me if this is obvious, but how does one delete a database record WITHOUT selecting it first? Ecto.Repo — Ecto v3.14.0 has exampl...
New
gausby
I asked this very same question on twitter and got some interesting feedback, but I thought it would be a good question to ask here as we...
1207 39523 209
New
nsuchy
Hi. I’ve noticed that Windows Powershell has it’s own IEX command and you cannot access Elixir’s IEX due to the conflict. This isn’t a cr...
New
shijith.k
I am trying to start a new phoenix project with elixir 1.9, but mix phx.new does not work. It says that ** (Mix) The task "phx.new" could...
New
sergio
Kind of like when jquery came out, it was super necessary. Existing drag and drop libraries have a bunch of baggage to support old browse...
New

We're in Beta

About us Mission Statement