Is it possible to support/manage devices which for various reasons are no longer connected to the internet and only on LAN hence manually update.
All connected devices will get their updates as expected, but all offline devices will not.
I know of the ‘resin local’ calls, but it does not seems to allow management of applications (docker containers). It is possible to stop applications via ‘resin local stop’, but as I understand it is not possible to start/update existing applications. ‘resin local push’ talks about some form of update of a container, but is unsure if this is applicable. Is this possible in some way to manage/update applications (docker container) on LAN only device?
Manually started applications (docker containers) are not recognized by the dashboard after reconnection. Is it possible to start existing or new applications on a LAN device and ensure these are discovered after reconnect to the dashboard?
resin local push is only for development at this stage. We are looking at ways of performing resin.io updates without an internet connection, and I’ve attached this topic as a +1 on that. This should also mean that this topic gets updated with progress.
So further to the details on that issue the multicontainer update has happened and gone well, but otherwise that issue has no secrets and is transparent.
I would like to use balena for devices that always has a user interface and an operator on location.
Some of these machines may be required to be offline for security reasons.
I never use rolling updates, I point each single machine to a specific application release.
Most important would be to update the containers. It could be that someone inserts a USB stick in the device, logs on and performs some commands to apply an image from the USB stick.
I would this to be as close to a normal “online” upgrade as possible. So the persistent /data should be preserved, the device ID and Balena environment variables should be preserved. If the device later comes online it should not reappear as online in the balena backend, and of course report its current release.
Hi @krix, that is not a use case that we support at the moment. I’ve taken note, as this was something indeed that was requested before, and to signal towards the team that there are more people wanting it.
I have played around with a few ideas, but so far can’t think of a way that you could work around this in an offline environment, unfortunately…
What kind of security reasons the devices need to be completely offline for, by the way? Are they fully offline, or could e.g. connect through a proxy that is controlled by the location? Maybe we have some more ideas along the way.
The devices we have in the field will have data stored on the disk that is very confidential and sensitive for our end user.
We can promise and explain a lot about encryption and NDAs etc, but for some customers that just doesn’t make it. As soon as we ask for any internet connection they become concerned.
Can you explain more about what you mean by a proxy and how that could mitigate the concern?
It’s interesting that you bring this up, because we’ve been discussing such a feature internally. We have some ideas about how it could work, and a few customers interested in it. One option we’re considering is something USB-based, like you describe. It’s nice to know that you’re interested in this as well.
If you’d like, I can connect you with someone from our customer success team for further conversation.
Hi @brownjohnf, I’m interested in doing updates from a USB stick as well. Our use case is a fleet of devices installed in a field medical context where there is no Internet access or unreliable, low-bandwidth access that cannot handle large downloads. We’d like to be able to distribute updates to our devices via sneakernet, i.e. to provide update packages that people can download onto a USB stick and physically take into the field to apply the updates.
Could you please loop me into the conversation about this? Thank you!
Wauv, I am happy to see there is a big interest for this. I think this could be a killer feature for Balena. And without being too dramatic, the lack of offline upgrade options could potentially be a showstopper for us, forcing us to migrate to another solution.
Is there any thing we as a community can do to help or encourage work on this?
Thank you for the feedback everyone, this feature request is in our radar and I’ve bumped it up for a product discussion. We will keep this thread updated.
Thank you for the feedback everyone, this feature request is in our radar and I’ve bumped it up for a product discussion. We will keep this thread updated.
Is it possible to (mis)use local mode to upgrade a device which is offline? I found that some new features have been introduced around local mode, so I wondered if I am overlooking a possible work around?
Besides that: Any news about this from your roadmap discussions?
Its certainly possible to use local mode to upgrade a device that is not connected to our API, provided you can connect to it using a local IP. However local mode requires that you use a development image and for security reasons, development images should not be used in the field ( see https://www.balena.io/docs/reference/OS/overview/2.x/#dev-vs-prod-images ).
I’ve reached out to the rest of the team to see if they have suggestions that I’m not aware of and we’ll update you once we have more information
Hi,
looks like offline updates - e.g. from USB - are on the road map but are not expected to be implemented this year.
So for now it seems your best chance would be local mode or getting the devices online for a short period of time.
Only other option I could think of would be using your own ‘trusted’ environment using open-balena: https://www.balena.io/open/. It is probably a bit of an overkill though…
Regards
Thomas
Yeah, I think local mode is a no-go, because of the security concerns.
Another work-around I am considering is to do a reinstall from a USB disk image, just like I normally do when setting up a new device.
The challenges here would be:
How can I preserve or restore the /persistent partition in a safe way?
Can I preserve/restore the device ID and other persistent Balena data as well?