Red Hat SummitOperating system configuration for edge devices
You can include an operating system-level host configuration in the image to give maximum consistency and repeatability. To update the configuration, create a new operating system image and update devices with the new image.
However, updating devices with a new image can be impractical in the following cases:
- The configuration is missing in the image.
- The configuration needs to be specific to a device.
- The configuration needs to be updateable at runtime without updating the operating system image and rebooting.
For these cases, you can declare a set of configuration files that are present on the file system of the device. The Red Hat Edge Manager agent applies updates to the configuration files while ensuring that either all files are successfully updated in the file system, or rolled back to their pre-update state. If the user updates both an operating system and configuration set of a device at the same time, the Red Hat Edge Manager agent updates the operating system first. It then applies the specified set of configuration files.
You can also specify a list of configuration sets that the Red Hat Edge Manager agent applies in sequence. In case of a conflict, the last applied configuration set is valid.
After the Red Hat Edge Manager agent updates the configuration on the disk, the running applications need to reload the new configuration into memory for the configuration to become effective. If the update involves a reboot, systemd automatically restarts the applications with the new configuration and in the correct order. If the update does not involve a reboot, many applications can detect changes to their configuration files and automatically reload the files. When an application does not support change detection, you can use device lifecycle hooks to run scripts or commands if certain conditions are met.
Configuration providers
You can provide configuration from many sources, called configuration providers, in Red Hat Edge Manager. The Red Hat Edge Manager currently supports the following configuration providers:
- Git Config Provider
- Fetches device configuration files from a Git repository.
- Kubernetes Secret Provider
- Fetches a secret from a Kubernetes cluster and writes the content to the file system of the device.
- HTTP Config Provider
- Fetches device configuration files from an HTTP(S) endpoint.
- Inline Config Provider
- Allows specifying device configuration files inline in the device manifest without querying external systems.
Configuration from a Git repository
You can store device configuration in a Git repository such as GitHub or GitLab. You can then add a Git Config Provider so that the Red Hat Edge Manager synchronizes the configuration from the repository to the file system of the device.
The Git Config Provider takes the following parameters:
| Parameter | Description |
|---|---|
| |
The name of a |
| |
The branch, tag, or commit of the repository to checkout. |
| |
The absolute path to the directory in the repository from which files and subdirectories are synchronized to the file system of the device. The |
| |
Optional. The absolute path to the directory in the file system of the device to write the content of the repository to. By default, the value is the file system root ( |
The Repository resource defines the Git repository, the protocol, and the access credentials that the Red Hat Edge Manager must use. You only need to set up the repository once. After setting up, you can use the repository to configure individual devices or device fleets.
Secrets from a Kubernetes cluster
The Red Hat Edge Manager can query only the Kubernetes cluster that the Red Hat Edge Manager is running on for a Kubernetes secret. You can write the content of that secret to a path on the device file system.
The Kubernetes Secret Provider takes the following parameters:
| Parameter | Description |
|---|---|
| |
The name of the secret. |
| |
The namespace of the secret. |
| |
The directory in the file system of the device to write the secret contents to. |
The Red Hat Edge Manager needs permission to access secrets in the defined namespace. For example, creating a ClusterRole and ClusterRoleBinding allows the flightctl-worker service account to get and list secrets in that namespace.
Configuration from an HTTP server
The Red Hat Edge Manager can query an HTTP server for configuration. The HTTP server can serve static or dynamically generated configuration for a device.
The HTTP Config Provider takes the following parameters:
| Parameter | Description |
|---|---|
| |
The name of a |
| |
The suffix to append to the base URL defined in the |
| |
The absolute path to the file in the file system of the device to write the response of the HTTP server to. |
The Repository resource specifies the HTTP server for the Red Hat Edge Manager to connect to, and the protocol and access credentials to use. You must set up the repository needs once, and then you can use the repository to configure many devices or device fleets.
Configuration inline in the device specification
You can specify configuration inline in a device specification. When you use the inline device specification, the Red Hat Edge Manager does not need to connect to external systems to fetch the configuration.
The Inline Config Provider takes a list of file specifications, where each file specification takes the following parameters:
| Parameter | Description |
|---|---|
| |
The absolute path to the file in the file system of the device to write the content to. If a file already exists in the specified path, the file is overwritten. |
| |
The UTF-8 or base64-encoded content of the file. |
| |
Defines how the contents are encoded. Must be either |
| |
Optional. The permission mode of the file. You can specify the octal with a leading zero, for example |
| |
Optional. The owner of the file. Specified either as a name or numeric ID. Default value is set to |
| |
Optional. The group of the file. Specified either as a name or numeric ID. |
Manage the device configuration from a Git repository on the CLI
Integrate your device configuration files with standard Git workflows by defining a Repository resource by using the CLI. This enables the Red Hat Edge Manager to automatically synchronize configuration file updates from the repository onto the device’s file system.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}