prevent reboot on environment variable updates?

Hi,

We are working on an AWS IoT client solution for which we need to integrate rotating keys. Now, I found this article: Rotate keys and certificates for IoT which suggests making use of balena environment variables. The problem is, the device must not reboot when its env variables are updated. Is there a way to use/update balena environment variables without the need to reboot the device? The problem is, we have spotty internet coverage which ultimately will mean, that device reboots happen at random times & locations which we cannot allow for.

Thanks for and ideas, inputs & suggestions

Hi,

The device is not rebooted when normal environment variables change (except when device configuration settings are changed, which need to be there during the boot process). But the application container is restarted to pick up the changes of the environment variables.

I hope this helps with your problem and fits your use case. If an application container restart is also a problem please let us know, although I would not have a solution yet. :wink:

I really would like to see variables that - when changed - does not restart even the container. So far I have managed to get by using device tags, but this is not an elegant solution.

Hi,
Yes, sorry about the confusion reboot vs. container restart.
Yes, it is a problem for us that the container might restart “unpredictably”.

As for a solution, I’m thinking either of the following:
If balena is open to add such a feature, there may be a way to set a “restart window”, I’m thinking start time and end time, when a container is actually allowed to restart or provide a local environment variablae within the container that can be set to RESTART_ALLOWED=1 or =0 or maybe you think of a better idea altogether…?
As an intermediate “work around”, I was thinking of setting up a firewall rule that would not allow the device to communicate with the balena servers at all when outside areas with reliable internet connection . Can you please elaborate on that plan and let me know, what other unintended effects that might have?
I would prefer if we didn’t have to “hack” a third party solution just to make it work for us and I can see how a “no container restart” feature would be beneficial for other balena users too.
Thank you!

Actually while the above request would be a good addition, I believe we should be able to work around our current problem by only allowing certificate renewal at times when the containers are allowed to be restarted.
Nonetheless, a feature that allows to set restart conditions would be nice!

@stdcerr I think currently the best way to do this would be to make use of the update locks ( https://www.balena.io/docs/learn/deploy/release-strategy/update-locking/#application-update-locks ) which essentially only allow the container to restart/update at times when the device decides its not doing critical things. This would allow you to implement a “maintence window” based on the devices local time and if it is in that window then it would allow changes to happen. Otherwise tags is the way to go, since these are variables/meta data that can change and be read at runtime, where as env vars need to be changed/set at container creation, so its not possible to change an env var without recreating the container.