This folder contains snap packaging for the EdgeX Foundry reference implementation.
The snap contains Consul, MongoDB, all of the EdgeX Go-based micro services from this repository, device-virtual, as well as Vault, Kong, Cassandra, and the two go-based security micro services. The snap also contains a single OpenJDK JRE used to run device-virtual.
The project maintains a rolling release of the snap on the edge channel that is rebuilt and published at least once daily through the jenkins jobs setup for the EdgeX project. You can see the jobs run here specifically looking at the edgex-go-snap-{branch}-stage-snap.
The snap currently supports running on both amd64 and arm64 platforms. Once the project no longer depends on MongoDB as it's primary database, the snap should start working on armhf platforms that support snaps as well.
The snap can be installed on any system that supports snaps. You can see how to install snaps on your system here.
However for full security confinement, the snap should be installed on an Ubuntu 16.04 LTS or later Desktop or Server, or a system running Ubuntu Core 16 or later.
The snap is published in the snap store at https://snapcraft.io/edgexfoundry. You can see the current revisions available for your machine's architecture by running the command:
$ snap info edgexfoundryThe snap can be installed using snap install. To install the snap from the edge channel:
$ sudo snap install edgexfoundry --edgeYou can specify install specific releases using the --channel option. For example to install the Delhi release of the snap:
$ sudo snap install edgexfoundry --channel=delhiLastly, on a system supporting it, the snap may be installed using GNOME (or Ubuntu) Software Center by searching for edgexfoundry.
Note - the snap has only been tested on Ubuntu Desktop/Server versions 18.04 and 16.04, as well as Ubuntu Core versions 16 and 18.
WARNING - don't install the EdgeX snap on a system which is already running mongoDB or Consul.
Upon installation, the following EdgeX services are automatically and immediately started:
- consul
- mongod
- mongo-worker
- core-data
- core-command
- core-metadata
- core-config-seed
- security-services (see note below)
The following services are disabled by default:
- support-notifications
- support-logging
- support-scheduler
- device-virtual
Any disabled services can be enabled and started up using snap set:
$ sudo snap set edgexfoundry support-notifications=onTo turn a service off (thereby disabling and immediately stopping it) set the service to off:
$ sudo snap set edgexfoundry support-notifications=offAll services which are installed on the system as systemd units, which if enabled will automatically start running when the system boots or reboots.
All default configuration files are shipped with the snap inside $SNAP/config, however because $SNAP isn't writable, all of the config files are copied during snap installation (specifically during the install hook, see snap/hooks/install in this repository) to $SNAP_DATA/config. The configuration files in $SNAP_DATA may then be modified. You may wish to restart the snap's services to take configuration into account with:
$ sudo snap restart edgexfoundryCurrently, all log files for the snap's can be found inside $SNAP_COMMON, which is usually /var/snap/edgexfoundry/common. Once all the services are supported as daemons, you can also use sudo snap logs edgexfoundry to view logs.
Additionally, logs can be viewed using the system journal or snap logs. To view the logs for all services in the edgexfoundry snap use:
$ sudo snap logs edgexfoundryIndividual service logs may be viewed by specifying the service name:
$ sudo snap logs edgexfoundry.consulOr by using the systemd unit name and journalctl:
$ journalctl -u snap.edgexfoundry.consulCurrently, the security services are enabled by default. The security services consitute the following components:
- Vault
- Cassandra
- Kong
- vault-worker (from security-secret-store)
- kong-worker (from security-api-gateway)
All services are currently bundled in the singular service, security-services (see issue #485 for more details on why).
When security is enabled, Consul is secured using Vault for secret management, and Kong is used as an HTTPS proxy for all the services. The HTTPS keys for Kong and Vault are placed in $SNAP_DATA/vault/pki. Kong needs a database to manage itself, and can use either Postgres or Cassandra. Because Postgres cannot run inside of a snap due to issues running as root (currently all snap services must run as root, see this post for details), we use Cassandra.
To turn off security, use snap set:
$ sudo snap set edgexfoundry security-services=offSee the GitHub issues with label snap for current issues.
The snap is built with snapcraft, and the snapcraft.yaml recipe is located within edgex-go, so the first step for all build methods involves cloning this repository:
$ git clone https://github.com/edgexfoundry/edgex-go
$ cd edgex-goThere are a few different ways to install snapcraft and use it, depending on what OS you are building on. However after building, the snap can only be run on a Linux machine (either a VM or natively). To install snapcraft on a Linux distro, first install support for snaps, then install snapcraft as a snap with:
$ sudo snap install snapcraft(note you will be promted to acknowledge you are installing a classic snap - use the --classic flag to acknowledge this)
Note - currently the snap doesn't support cross-compilation, and must be built natively on the target architecture. Specifically, to support cross-compilation the kong/lua parts must be modified to support cross-compilation. The openresty part uses non-standard flags for handling cross-compiling so all the flags would have to manually passed to build that part. Also luarocks doesn't seem to easily support cross-compilation, so that would need to be figured out as well.
To install snapcraft on MacOS, see this link. After doing so, follow in the below build instructions for "Building with multipass"
To install snapcraft on Windows, you will need to run a Linux VM and follow the above instructions to install snapcraft as a snap. Note that if you are using WSL, only WSL2 with full Linux kernel support will work - you cannot use WSL with snapcraft and snaps. If you like, you can install multipass to launch a Linux VM if your Windows machine has Windows 10 Pro or Enterprise with Hyper-V support. See this forum post for more details.
The easiest way to build the snap is using the multipass VM tool that snapcraft knows to use directly. After installing multipass, just run
$ snapcraftAlternatively, you can instruct snapcraft to use LXD containers instead of multipass VM's. This requires installing LXD as documented here.
$ snapcraft --use-lxdNote that if you are building on non-amd64 hardware, snapcraft won't be able to use it's default LXD container image, so you can follow the next section to create an LXD container to run snapcraft in destructive-mode natively in the container.
Finally, snapcraft can be run inside a VM, container or other similar build environment to build the snap without having snapcraft manage the environment (such as in a docker container where snaps are not available, or inside a VM launched from a build-farm without using nested VM's).
This requires creating an Ubuntu 18.04 environment and running snapcraft (from the snap) inside the environment with --destructive-mode.
Snaps run inside LXD containers just like they do outside the container, so all you need to do is launch an Ubuntu 18.04 container, install snapcraft and run snapcraft like follows:
$ lxc launch ubuntu:18.04 edgex
Creating edgex
Starting edgex
$ lxc exec edgex /bin/bash
root@edgex:~# sudo apt update && sudo apt install snapd squashfuse git -y
root@edgex:~# sudo snap install snapcraft --classic
root@edgex:~# git clone https://github.com/edgexfoundry/edgex-go
root@edgex:~# cd edgex-go && snapcraft --destructive-modeSnapcraft is smart enough to detect when it is running inside a docker container specifically, to the point where no additional arguments are need to snapcraft when it is run inside the container. For example, the upstream snapcraft docker image can be used (only on x86_64 architectures unfortunately) like so:
$ docker run -it -v"$PWD":/build snapcore/snapcraft:stable bash -c "apt update && cd /build && snapcraft"Note that if you are building your own docker image, you can't run snapd inside the container, and so to install snapcraft, the docker image must download the snapcraft snap and extract it as if it was installed normally inside /snap (same goes for the core and core18 snaps). This is done by the Linux Foundation Jenkins server for the project's CI and you can see an example of that here. The upstream docker image also does this, but only for x86_64 architectures.
To use multipass to create an Ubuntu 18.04 environment suitable for building the snap (i.e. when running natively on windows):
$ multipass launch bionic -n edgex-snap-build
$ multipass shell edgex-snap-build
multipass@ubuntu:~$ git clone https://github.com/edgexfoundry/edgex-go
multipass@ubuntu:~$ cd edgex-go
multipass~ubuntu:~$ sudo snap install snapcraft --classic
multipass~ubuntu:~$ snapcraft --destructive-modeThe process should be similar for other VM's such as kvm, VirtualBox, etc. where you create the VM, clone the git repository, then install snapcraft as a snap and run with --destructive-mode.
After building the snap from one of the above methods, you will have a binary snap package called edgexfoundry_<latest version>_<arch>.snap, which can be installed locally with the --devmode flag:
$ sudo snap install --devmode edgexfoundry*.snapNote You can try installing a locally built snap with the --dangerous flag (instead of the --devmode flag), but there is a race condition with this method. Specifically Cassandra, MongoDB, and other services require accesses not provided by default to the snap, and these are provided by connecting the interfaces detailed below. The race condition occurs because if the services fail to start because the accesses were denied (because the interfaces weren't connected soon enough), the installation may be entirely aborted by snapd. If you do install with --dangerous, it is recommended to perform the connections detailed below in the same shell command to minimize the time between the installation (and hence service startup) and granting of accesses from interface connection. Note this race condition doesn't happen when installing the snap from the store because the interface connection automatically happens before starting the services.
In addition, if you are using snapcraft with multipass VM's, you can speedup development by not creating a *.snap file and instead running in "try" mode . This is done by running snapcraft try which results in a prime folder placed in the root project directory that can then be "installed" using snap try. For example:
$ snapcraft try # produces prime dir instead of *.snap file
...
You can now run `snap try /home/ubuntu/go/src/github.com/edgexfoundry/edgex-go/prime`.
$ sudo snap try --devmode prime # snap try works the same as snap install, but expects a directory
edgexfoundry 1.0.0-20190513+0620a8d1 mounted from /home/ubuntu/go/src/github.com/edgexfoundry/edgex-go/prime
$After installing the snap, you will need to connect interfaces and restart the snap. The snap needs the hardware-observe, mount-observe, and system-observe interfaces connected. These are automatically connected using snap store assertions when installing from the store, but when developing the snap and installing a revision locally, use the following commands to connect the interfaces:
$ sudo snap connect edgexfoundry:hardware-observe
$ sudo snap connect edgexfoundry:system-observe
$ sudo snap connect edgexfoundry:mount-observeAfter connecting these restart the services in the snap with:
$ sudo snap restart edgexfoundry