Offline Container Upgrades

Feature Requests
,
1

I’m looking for a way to do offline updates. I’m not really concerned about Host OS upgrades, as those I’m ok with doing a full reflash, but I would like a way to upgrade the container(s) on a Balena device, either over the local network (but not Internet), or via USB stick. Basically I’d like to be able to assign/pick a version of my application’s docker image to a device, just like the dashboard does, but put the relevant files on a USB stick (which I can make available online for my customers to download themselves). The files could be essentially what gets downloaded when a device is online, like some description of what should be running on the device (I assume that’s what’s in the API current) and the actual docker images. Optionally it would be nice to allow an upgrade to the supervisor as well.
Once those files are on the USB stick (I assume they could be protected with some asymmetric key for security) and inserted into the Balena device, I can trigger the upgrade via my container’s web api, web up, or if it has a display, via the UI. One could also wish for a watch script that does the upgrade, or a way to upload the files via a Web Api (which is already in my container’s code).

The use case is this:

  1. Customer buys my product (custom device) with BalenaCloud image flashed.
  2. Optionally: Customer connects device to internet and it gets registered with BalenaCloud.
  3. Customer runs device in isolated network, or simply prefers that it doesn’t connect to BalenaCloud/internet.
  4. I release a new version of the application and the customer would like to receive that upgrade, without connecting the device to the internet (as it’s permanently installed in a building).
  5. Customer downloads the upgrade-files, puts on USB stick and sticks it into the device which upgrades the application (or any other desired method, see above).

I don’t really need/want to know the device id that receives the upgrade, the downloaded files should be generic (however if they could be secured to a key put on the device during initial flash that would be preferable).

2

Hi,

Is there any update on this?

Thanks!

3

We’d like to share an update on Offline Updates, a feature we’ve been working on, perhaps a bit too quietly. Instead of jumping directly into implementing the update, we took time to analyze all the systems requiring intervention. This approach ensures that Offline Updates—and related features—are robust, cohesive, and valuable individually and as a part of the whole product.

Here’s what we’ve accomplished so far:

  1. Exporting Release Bundles: We’ve implemented the ability to export release bundles, enabling their use as exports or imports across different fleets or organizations.
  2. Creating Update Bundles: We developed specialized bundles focused on updating devices.
  3. API, CLI, and SDK Enhancements: We made modifications to these tools to support the new workflows.
  4. Supervisor Updates: Currently, we are enhancing the supervisor to use alternative source of updates, like external media, specifically designed for handling update bundles.

Once these steps are complete, we will move on to signing the bundles, completing the security loop and ensuring the integrity of the process.

As you can see, what might seem like a straightforward feature request requires multiple steps to align with our commitment to delivering solutions that are reliable, simple to use, secure, and widely usable by our community. We will continue to keep you updated as we progress.

If you have any questions or need more information in the meantime, please reach out!