Mender is an open-source, over-the-air (OTA) update manager for IoT and embedded Linux devices. Its client-server architecture enables the central management of software deployments, including functionality such as dynamic grouping, phased deployments, and delta updates. Mender also supports powerful extensions to configure, monitor, and troubleshoot devices. Features include remote terminal access, port forwarding, file transfer, and device configuration. It integrates with Azure IoT Hub and AWS IoT core.
- Why Mender?
- Where to start?
- Mender documentation
- About this repository
- Contributing
- License
- Security disclosure
- Installing from source
- Cross-compiling
- Community
- Authors
Mender enables secure and robust over-the-air updates for all device software. Some of the core functionalities include:
- 💻 Flexible management server and client architecture for secure OTA software update deployments and fleet management.
- 💾 Standalone deployment support, triggered at the device-level (no server needed) for unconnected or USB delivered software updates.
- 🔄 Automatic rollback upon update failure with an A/B partition design.
- 🔀 Support for a full root file system, application, files, and containerized updates.
- ✅ Dynamic grouping, phased rollouts to ensure update success.
- ⚙️ Advanced configuration, monitoring, and troubleshooting for software updates.
- 🔬 Extensive logging, audits, reporting, and security and regulatory compliance capabilities.
Embedded product teams often create homegrown updaters at the last minute due to the need to fix bugs in field-deployed devices. However, the essential requirement for an embedded update process is robustness. For example, loss of power at any time should not brick a device. This creates a challenge, given the time constraints to develop and maintain a homegrown updater.
Mender aims to address this challenge with a robust and easy to use updater for embedded Linux devices, which is open source and available to anyone.
Robustness is ensured with atomic image-based deployments using a dual A/B rootfs partition layout. This makes it always possible to roll back to a working state, even when losing power at any time during the update process.
Ease of use is addressed with an intuitive UI, comprehensive documentation, a meta layer for the Yocto Project for easy integration into existing environments, and high-quality software (see the test coverage badge).
Mender enterprise | Mender Open Source |
---|---|
Ready to get started on an enterprise-grade OTA software update solution? Capabilities include advanced fleet management, security, and compliance: role-based access control (RBAC), dynamic groups, delta updates, and mutual TLS support. Get started with hosted Mender and evaluate Mender for free. | Alternatively, the Mender open-source option allows you to start doing smart device updates in a quick, secure, and robust method. Check out how to get started. In order to support rollback, the Mender client depends on integration with the boot loader and the partition layout. It is, therefore, most easily built as part of your Yocto Project image by using the meta layer for the Yocto Project. |
If you want to compare the options available, look at our features page.
The documentation is a great place to learn more, especially:
- Overview — learn more about Mender, it's design, and capabilities.
- Debian — get started with updating your Debian devices.
- Yocto — take a look at our support for Yocto.
Would you rather dive into the code? Then you are already in the right place!
The chart above depicts a typical Mender architecture with the following elements:
- Back End & User Interface: The shaded sky blue area is the Mender product which comprises the back end and the user interface (UI).
- Clients: The Mender client runs on the devices represented by the devices icon.
- Gateway: All communications between devices, users, and the back end occur through an API gateway. Traefik is used for the API gateway. The gateway routes the requests coming from the clients to the right micro-service(s) in the Mender back end.
- NATS message broker: some of the micro-services use NATS as a message broker to support the Mender device update troubleshooting and the orchestration within the system.
- Mongo DB: persistent database for the Mender back end micro-services.
- Storage layer: in both hosted and on-premise Mender, an AWS S3 Bucket (or S3 API-compatible) or an Azure Storage Account storage layer is used to store the artifacts.
- Redis: in-memory cache to enable device management at scale.
You can find more detailed information in our documentation.
This repository contains the Mender client updater, which can be run in standalone mode (manually triggered through its command line interface) or managed mode (connected to the Mender server).
Mender provides both the client-side updater and the backend and UI for managing deployments as open source. The Mender server is designed as a microservices architecture and comprises several repositories.
We welcome and ask for your contribution. As we have announced a rewrite of substantial client parts to C++, contributions need to be coordinated. For more details, please read our guide on how to best get started contributing code or documentation.
Please note:
The client is currently being rewritten to C++.
Mender is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.
We take security very seriously. If you come across any issue regarding security, please disclose the information by sending an email to [email protected]. Please do not create a new public issue. We thank you in advance for your cooperation.
- C++ compiler
- cmake
- libarchive-dev, libboost-all-dev, liblmdb-dev, libdbus-1-dev, libssl-dev and libsystemd-dev packages
For Debian/Ubuntu, the prerequisites can be installed by
sudo apt install git build-essential cmake libarchive-dev liblmdb-dev libboost-all-dev libssl-dev libdbus-1-dev libsystemd-dev
Adjust as needed for other distributions.
To install Mender C++ client on a device from source, first clone the repository:
git clone https://github.com/mendersoftware/mender.git
Change into the cloned repository:
cd mender
Use git submodule
to fetch additional dependencies:
git submodule update --init --recursive
Create a build directory and enter it:
mkdir build
cd build
Configure and start the build:
cmake -DCMAKE_INSTALL_PREFIX:PATH=/usr ..
make
Make sure you configure installation to the /usr
path prefix, as the executables required by systemd units and
D-Bus policy file must be placed in the canonical paths.
Install the client:
sudo make install
The required configuration files for client operation can be created in several ways.
- for an interactive setup process, use the
mender-setup
tool. - in a Yocto-based set up, those are generated as part of the build process
Installing this way does not offer a complete system updater. For this, you need additional integration steps. Depending on which OS you are using, consult one of the following:
However, it is possible to use Update Modules and update other parts of the system.
In order to connect to a Mender server, you either need to get a Mender
Professional account, or set up a server
environment. If
you are setting up a demo environment, you will need to put the
support/demo.crt
file into /etc/mender/server.crt
on the device and add the
configuration line below to /etc/mender/mender.conf
after the installation
steps above:
"ServerCertificate": "/etc/mender/server.crt"
Important: demo.crt
is not a secure certificate and should only be used for demo purposes,
never in production.
Generic cross-compilation procedures using cmake
apply.
During the current, early stage of development using a higher, cross-compilation aware build system such as Yocto is advisable. Once things are sufficiently stabilized, a set of steps for manual cross-compilation will be added here.
Note that QNX support is still experimental, and not supported.
mkdir build && cd build
QNX_TARGET_ARCH=aarch64le cmake .. -DCMAKE_TOOLCHAIN_FILE=../cmake/qnx.cmake
make
Once installed, Mender can be enabled by executing:
systemctl enable mender-authd mender-uptdated && systemctl start mender-authd mender-updated
The introspection files for Mender D-Bus API can be found at documentation
- Join the Mender Hub discussion forum
- Follow us on Twitter. Please feel free to tweet us questions.
- Fork us on GitHub
- Create an issue in the bugtracker
- Email us at [email protected]
- Connect to the #mender IRC channel on Libera
Mender was created by the team at Northern.tech AS, with many contributions from the community. Thanks everyone!
Northern.tech is the leader in device lifecycle management with a mission to secure the world's connected devices. Established in 2008, Northern.tech showcases a long history of enterprise technology management before IIoT and IoT became buzzwords. Northern.tech is the company behind CFEngine, a standard in server configuration management, to automate large-scale IT operations and compliance.
Learn more about device lifecycle management for industrial IoT devices.