Setup Mender Server

The Mender server is run on a host machine OS which is formed of small container services. Pull the Mender utility Docker image and launch the container on the host machine.

Note

The Mender server currently runs exclusively on x86_64 architecture, and its build process has been tested and validated on Ubuntu 22.04 LTS.

These are the required environment variables, refer here for more details.

MENDER_SERVER_DIR

MACHINE

BRANCH

docker pull registry.gitlab.com/linaro/cassini/meta-cassini/mender-utility-image:${BRANCH}
docker run --rm \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v ${MENDER_SERVER_DIR}:${MENDER_SERVER_DIR} \
  -it registry.gitlab.com/linaro/cassini/meta-cassini/mender-utility-image:${BRANCH}

This opens a shell environment and these are the required environment variables, refer here for more details.

MENDER_SERVER_DIR

MACHINE

MENDER_SERVER_IP

MENDER_SERVER_HTTPS_PORT

MENDER_SERVER_HTTP_PORT

Also, these are only required for full capsule update:

MENDER_FW_GUID

MENDER_FW_VERSION

MENDER_CAPSULE_VERSION

Configure the Mender Server :

export MENDER_SERVER_NAME="ms-${MACHINE}"
cd ${MENDER_SERVER_DIR}
cp -r /home/mender-server/. ${MENDER_SERVER_DIR}/
source ./mender_env_server.sh
source ./docker-compose-override.sh

Start the Mender server :

docker compose --project-name "${MENDER_SERVER_NAME}" up -d --quiet-pull
docker compose --project-name "${MENDER_SERVER_NAME}" ps

User Setup :

Create a test user for the Mender server UI/API

docker compose --project-name "${MENDER_SERVER_NAME}" exec useradm \
  useradm create-user --username "${MENDER_SERVER_USERNAME}" \
--password "${MENDER_SERVER_PASSWORD}"

Authenticate using mender-cli

mender-cli login \
  --server "${MENDER_SERVER_URL_HTTPS_PORT}" \
  --skip-verify \
  --username "${MENDER_SERVER_USERNAME}" \
  --password "${MENDER_SERVER_PASSWORD}"

Artifact Upload :

These are the requirements to perform a mender system update.

Upload an unsigned mender artifact

cp ${MENDER_SERVER_DIR}/artifacts/${MACHINE}.mender ${MENDER_SERVER_DIR}/artifacts/${MACHINE}-unsigned.mender
mender-artifact modify -n unsigned-image ${MENDER_SERVER_DIR}/artifacts/${MACHINE}-unsigned.mender
mender-cli artifacts upload -k --server ${MENDER_SERVER_URL_HTTPS_PORT} ${MENDER_SERVER_DIR}/artifacts/${MACHINE}-unsigned.mender

Upload a signed mender artifact

mender-artifact modify -n release-2 -k ${MENDER_SERVER_DIR}/keys/private.key ${MENDER_SERVER_DIR}/artifacts/${MACHINE}.mender
mender-cli artifacts upload -k --server ${MENDER_SERVER_URL_HTTPS_PORT} ${MENDER_SERVER_DIR}/artifacts/${MACHINE}.mender

These are the requirements to perform a mender capsule update.

Upload a compatible mender capsule

# Set GUID and versions
export MENDER_FW_GUID=<guid>
export MENDER_FW_VERSION=<old-version>
export MENDER_CAPSULE_VERSION=<new-version>

mender-artifact write module-image \
  -T uefi-capsule \
  -n compatible-capsule-update \
  -o ${MENDER_SERVER_DIR}/artifacts/${MACHINE}-compatible-capsule-update.mender \
  -f ${MENDER_SERVER_DIR}/artifacts/${MACHINE}.uefi.capsule \
  -t ${MACHINE} \
  -k ${MENDER_SERVER_DIR}/keys/private.key \
  --provides "uefi-firmware.${MENDER_FW_GUID}.version:${MENDER_CAPSULE_VERSION}" \
  --depends "uefi-firmware.${MENDER_FW_GUID}.version:${MENDER_FW_VERSION}"

mender-cli artifacts upload \
  -k --server ${MENDER_SERVER_URL_HTTPS_PORT} \
  "${MENDER_SERVER_DIR}/artifacts/${MACHINE}-compatible-capsule-update.mender"

These are the requirements to perform a mender rollback capsule update.

Use capsule-tool.py to generate a tampered capsule

${MENDER_SERVER_DIR}/systemready-scripts/capsule-tool.py --tamper \
  --output ${MENDER_SERVER_DIR}/artifacts/tampered-${MACHINE}.uefi.capsule \
  ${MENDER_SERVER_DIR}/artifacts/${MACHINE}.uefi.capsule

Upload a compatible rollback mender capsule

# Set GUID and versions
export MENDER_FW_GUID=<guid>
export MENDER_FW_VERSION=<old-version>
export MENDER_CAPSULE_VERSION=<new-version>

mender-artifact write module-image \
  -T uefi-capsule \
  -n compatible-rollback-capsule-update \
  -o ${MENDER_SERVER_DIR}/artifacts/${MACHINE}-compatible-rollback-capsule-update.mender \
  -f ${MENDER_SERVER_DIR}/artifacts/tampered-${MACHINE}.uefi.capsule \
  -t ${MACHINE} \
  -k ${MENDER_SERVER_DIR}/keys/private.key \
  --provides "uefi-firmware.${MENDER_FW_GUID}.version:${MENDER_CAPSULE_VERSION}" \
  --depends "uefi-firmware.${MENDER_FW_GUID}.version:${MENDER_FW_VERSION}"

mender-cli artifacts upload \
  -k --server ${MENDER_SERVER_URL_HTTPS_PORT} \
  "${MENDER_SERVER_DIR}/artifacts/${MACHINE}-compatible-rollback-capsule-update.mender"

To check the uploaded artifacts

mender-cli artifacts list -k --server ${MENDER_SERVER_URL_HTTPS_PORT}