If you are packaging your IoT applications as snaps or containers, you are aware of the benefits of bundling an application with its dependencies. Publishing snaps across different operating system versions and even distributions is much easier than maintaining package dependencies. Automated IoT software updates make managing fleets of devices more efficient. While you can avoid the dependency hell between software packages, how could you ensure that the diverse applications on an IoT device work well together?
Ubuntu Core 22 introduces the feature of validation sets that makes IoT device management easier. A validation set is a secure policy (assertion) that is signed by your brand and distributed by your dedicated Snap Store. With validation sets you can specify which snaps are required, permitted or forbidden to be installed together on a device. Optionally, specific snap revisions can be set too.
Applying a validation set
An IoT gateway device, for example, will often run various applications that come from different teams or vendors. This software can be released and updated at different intervals. Moreover, how applications interface with each other can change in ways that are unpredictable. Even loosely coupled applications need to be tested to observe how well they perform together.
With validation sets, you can describe verified combinations of software. It is your decision if you want such a policy to be optional and monitored when needed or enforced by snapd. When enforcing a validation set, snapd will ensure that:
- Snaps required by a validation set are both present and, if specified, at the correct revision. Attempting to remove a required snap will result in an error and the process will be rejected.
- Snaps are only refreshed to newer revisions if they continue to satisfy the applied validation sets.
- Invalid snaps are not allowed to be installed. Attempting to install them will result in an error.
By enforcing validation sets you can ensure that your devices maintain testing and certification integrity over time and across software changes.
Fine control for your IoT software updates
With effective use of validation sets, you can orchestrate how IoT software updates are performed to your fleet of devices. Even if applications are released and updated at different times, changes to installed software will be kept consistent according to the validation set policy. Application updates in Ubuntu Core are automatic and distributed through the Snap Store. By default, the snapd daemon checks for updates multiple times per day. Each update check is called a refresh. Validation sets provide an elegant alternative to refresh control or using the Snapd REST API to control the conditions under which software updates are performed on a device. Just like updating snaps, rolling out policy updates to your devices can happen automatically through your dedicated Snap Store. This makes managing large scale deployments easier and verifiable.
Be sure to read the validation sets and validation-set assertion documentation for more information on how to use this feature with your dedicated Snap Store. This new feature is still under active development. Questions and feedback are always appreciated in the Snapcraft.io forum. If you want to learn more about using snaps, the Snapcraft docs are also a good place to start.
Watch the Ubuntu Core 22 webinar on June 28th, 2022 at 4:00PM CET.
Curious how your existing project or exciting new idea can benefit from the new features of Ubuntu Core 22, get in touch with us.