Manage/update applications on an offline device


#1

Question:

Is it possible to support/manage devices which for various reasons are no longer connected to the internet and only on LAN hence manually update.

All connected devices will get their updates as expected, but all offline devices will not.

I know of the ‘resin local’ calls, but it does not seems to allow management of applications (docker containers). It is possible to stop applications via ‘resin local stop’, but as I understand it is not possible to start/update existing applications. ‘resin local push’ talks about some form of update of a container, but is unsure if this is applicable. Is this possible in some way to manage/update applications (docker container) on LAN only device?

Manually started applications (docker containers) are not recognized by the dashboard after reconnection. Is it possible to start existing or new applications on a LAN device and ensure these are discovered after reconnect to the dashboard?


#3

resin local push is only for development at this stage. We are looking at ways of performing resin.io updates without an internet connection, and I’ve attached this topic as a +1 on that. This should also mean that this topic gets updated with progress.


#5

Update:

Found https://github.com/resin-io/resin-cli/issues/613 which is related. Seems to provide a CLI interface change proposal for update of LAN only devices. Status of issue is unknown


#6

So further to the details on that issue the multicontainer update has happened and gone well, but otherwise that issue has no secrets and is transparent.


#7

I vote for this: a way to update an offline device. We really need this!


#10

Can you elaborate more on:

  1. What exactly you mean by “offline”? Is it broken-offline, or merely intermittently offline?
  2. What your use case is?
  3. Which part do you want to update? The OS? Containers? Config?

I don’t really see a way to update a truly offline device, since there’d be no way of reaching it.


#14

I would like to use balena for devices that always has a user interface and an operator on location.
Some of these machines may be required to be offline for security reasons.
I never use rolling updates, I point each single machine to a specific application release.

Most important would be to update the containers. It could be that someone inserts a USB stick in the device, logs on and performs some commands to apply an image from the USB stick.

I would this to be as close to a normal “online” upgrade as possible. So the persistent /data should be preserved, the device ID and Balena environment variables should be preserved. If the device later comes online it should not reappear as online in the balena backend, and of course report its current release.


#15

Hi @krix, that is not a use case that we support at the moment. I’ve taken note, as this was something indeed that was requested before, and to signal towards the team that there are more people wanting it.

I have played around with a few ideas, but so far can’t think of a way that you could work around this in an offline environment, unfortunately…

What kind of security reasons the devices need to be completely offline for, by the way? Are they fully offline, or could e.g. connect through a proxy that is controlled by the location? Maybe we have some more ideas along the way.


#16

The devices we have in the field will have data stored on the disk that is very confidential and sensitive for our end user.
We can promise and explain a lot about encryption and NDAs etc, but for some customers that just doesn’t make it. As soon as we ask for any internet connection they become concerned.

Can you explain more about what you mean by a proxy and how that could mitigate the concern?


#40

It’s interesting that you bring this up, because we’ve been discussing such a feature internally. We have some ideas about how it could work, and a few customers interested in it. One option we’re considering is something USB-based, like you describe. It’s nice to know that you’re interested in this as well.

If you’d like, I can connect you with someone from our customer success team for further conversation.


#42

We would also love the USB-based updating, just in case there is no internet connection at a customer and we would like to update their device.

So keep me posted!


#43

Hi @brownjohnf, I’m interested in doing updates from a USB stick as well. Our use case is a fleet of devices installed in a field medical context where there is no Internet access or unreliable, low-bandwidth access that cannot handle large downloads. We’d like to be able to distribute updates to our devices via sneakernet, i.e. to provide update packages that people can download onto a USB stick and physically take into the field to apply the updates.

Could you please loop me into the conversation about this? Thank you!


#44

If any open discussion will be offered I’d like to join too: by adding this feature balena offers a complete distribution mechanism ^^


#51

Wauv, I am happy to see there is a big interest for this. I think this could be a killer feature for Balena. And without being too dramatic, the lack of offline upgrade options could potentially be a showstopper for us, forcing us to migrate to another solution.
Is there any thing we as a community can do to help or encourage work on this?


#56

Thank you for the feedback everyone, this feature request is in our radar and I’ve bumped it up for a product discussion. We will keep this thread updated.


#57

Thank you for the feedback everyone, this feature request is in our radar and I’ve bumped it up for a product discussion. We will keep this thread updated.