Mender is an open-source, over-the-air (OTA) update manager for IoT and embedded Linux devices. Its client-server architecture enables the central management of software deployments, including functionality such as dynamic grouping, phased deployments, and delta updates. Mender also supports powerful extensions to configure, monitor, and troubleshoot devices. Features include remote terminal access, port forwarding, file transfer, and device configuration. It integrates with Azure IoT Hub and AWS IoT core.
- Why Mender?
- Where to start?
- Mender documentation
- About this repository
- Contributing
- License
- Security disclosure
- Installing from source
- Cross-compiling
- Community
- Authors
Mender enables secure and robust over-the-air updates for all device software. Some of the core functionalities include:
- 💻 Flexible management server and client architecture for secure OTA software update deployments and fleet management.
- 💾 Standalone deployment support, triggered at the device-level (no server needed) for unconnected or USB delivered software updates.
- 🔄 Automatic rollback upon update failure with an A/B partition design.
- 🔀 Support for a full root file system, application, files, and containerized updates.
- ✅ Dynamic grouping, phased rollouts to ensure update success.
- ⚙️ Advanced configuration, monitoring, and troubleshooting for software updates.
- 🔬 Extensive logging, audits, reporting, and security and regulatory compliance capabilities.
Embedded product teams often create homegrown updaters at the last minute due to the need to fix bugs in field-deployed devices. However, the essential requirement for an embedded update process is robustness. For example, loss of power at any time should not brick a device. This creates a challenge, given the time constraints to develop and maintain a homegrown updater.
Mender aims to address this challenge with a robust and easy to use updater for embedded Linux devices, which is open source and available to anyone.
Robustness is ensured with atomic image-based deployments using a dual A/B rootfs partition layout. This makes it always possible to roll back to a working state, even when losing power at any time during the update process.
Ease of use is addressed with an intuitive UI, comprehensive documentation, a meta layer for the Yocto Project for easy integration into existing environments, and high-quality software (see the test coverage badge).
| Mender enterprise | Mender Open Source |
|---|---|
| Ready to get started on an enterprise-grade OTA software update solution? Capabilities include advanced fleet management, security, and compliance: role-based access control (RBAC), dynamic groups, delta updates, and mutual TLS support. Get started with hosted Mender and evaluate Mender for free. | Alternatively, the Mender open-source option allows you to start doing smart device updates in a quick, secure, and robust method. Check out how to get started. In order to support rollback, the Mender client depends on integration with the boot loader and the partition layout. It is, therefore, most easily built as part of your Yocto Project image by using the meta layer for the Yocto Project. |
If you want to compare the options available, look at our features page.
The documentation is a great place to learn more, especially:
- Overview — learn more about Mender, it's design, and capabilities.
- Debian — get started with updating your Debian devices.
- Yocto — take a look at our support for Yocto.
Would you rather dive into the code? Then you are already in the right place!
The chart above depicts a typical Mender architecture with the following elements:
- Back End & User Interface: The shaded sky blue area is the Mender product which comprises the back end and the user interface (UI).
- Clients: The Mender client runs on the devices represented by the devices icon.
- Gateway: All communications between devices, users, and the back end occur through an API gateway. Traefik is used for the API gateway. The gateway routes the requests coming from the clients to the right micro-service(s) in the Mender back end.
- NATS message broker: some of the micro-services use NATS as a message broker to support the Mender device update troubleshooting and the orchestration within the system.
- Mongo DB: persistent database for the Mender back end micro-services.
- Storage layer: in both hosted and on-premise Mender, an AWS S3 Bucket (or S3 API-compatible) or an Azure Storage Account storage layer is used to store the artifacts.
- Redis: in-memory cache to enable device management at scale.
You can find more detailed information in our documentation.
This repository contains the Mender client updater, which can be run in standalone mode (manually triggered through its command line interface) or managed mode (connected to the Mender server).
Mender provides both the client-side updater and the backend and UI for managing deployments as open source. The Mender server is designed as a microservices architecture and comprises several repositories.
We welcome and ask for your contribution. As we have announced a rewrite of substantial client parts to C++, contributions need to be coordinated. For more details, please read our guide on how to best get started contributing code or documentation.
Please note:
The client is currently being rewritten to C++.
Mender is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.
We take security very seriously. If you come across any issue regarding security, please disclose the information by sending an email to [email protected]. Please do not create a new public issue. We thank you in advance for your cooperation.
- C compiler
- Go compiler
- liblzma-dev, libssl-dev and libglib2.0-dev packages
If no LZMA Artifact compression support is desired, you can ignore the liblzma-dev package
dependency and substitute the make commands in the instructions below for:
make TAGS=nolzma
If no D-Bus support is desired, you can ignore the libglib2.0-dev package dependency and
substitute the make commands in the instructions below for:
make TAGS=nodbus
To install Mender on a device from source, first clone the repository in the correct folder
structure inside your $GOPATH (typically $HOME/go):
git clone https://github.com/mendersoftware/mender.git $GOPATH/src/github.com/mendersoftware/mender
Then run the following commands inside the cloned repository:
make
sudo make install
Installing this way does not offer a complete system updater. For this, you need additional integration steps. Depending on which OS you are using, consult one of the following:
However, it is possible to use Update Modules and update other parts of the system.
In order to connect to a Mender server, you either need to get a Mender
Professional account, or set up a server
environment. If
you are setting up a demo environment, you will need to put the
support/demo.crt file into /etc/mender/server.crt on the device and add the
configuration line below to /etc/mender/mender.conf after the installation
steps above:
"ServerCertificate": "/etc/mender/server.crt"
Keep in mind that /etc/mender/mender.conf will be overwritten if you rerun the
sudo make install command.
Important: demo.crt is not a secure certificate and should only be used for demo purposes,
never in production.
- C cross-compiler for the target platform
- Go compiler
Download the cross-compiler required for your device. Then add the cross-compiler bin/
subfolder in your path and set the CC variable accordingly using the commands:
export PATH=$PATH:<path_to_my_cross_compiler>/bin
export CC=<cross_compiler_prefix>
For instance, to cross-compiling for Raspberry Pi:
git clone https://github.com/raspberrypi/tools.git
export PATH="$PATH:$(pwd)/tools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian-x64/bin"
export CC=arm-linux-gnueabihf-gcc
Download, extract, compile, and install libssl with the following commands:
wget -q https://www.openssl.org/source/openssl-1.1.1k.tar.gz
tar -xzf openssl-1.1.1k.tar.gz
cd openssl-1.1.1k
./Configure <target-arch> --prefix=$(pwd)/install
make
make install
Where target-arch should be one of the available targets specified by OpenSSL ( Run ./Configure
for help ), for example, linux-armv4
Export an environment variable for later use:
export LIBSSL_INSTALL_PATH=$(pwd)/install
Download, extract, compile, and install liblzma with the following commands:
wget -q https://tukaani.org/xz/xz-5.2.4.tar.gz
tar -xzf xz-5.2.4.tar.gz
cd xz-5.2.4
./configure --host=<target-arch> --prefix=$(pwd)/install
make
make install
Where target-arch should match your device toolchain, for example, arm-linux-gnueabihf
Export an environment variable for later use:
export LIBLZMA_INSTALL_PATH=$(pwd)/install
Now, to cross-compile Mender, run the following commands inside the cloned repository:
make CGO_CFLAGS="-I${LIBLZMA_INSTALL_PATH}/include -I${LIBSSL_INSTALL_PATH}/include" CGO_LDFLAGS="-L${LIBLZMA_INSTALL_PATH}/lib -L${LIBSSL_INSTALL_PATH}/lib" \
CGO_ENABLED=1 GOOS=linux GOARCH=<arch>
Where arch is the target architecture (for example, arm). See all possible values for GOARCH
in the source code. Also, note
that for arm architecture, you also need to specify which family to compile for with GOARM; for
more information, see this link
You can deploy the mender client file tree in a custom directory in order to send it to your device afterward. To deploy all mender client files in a custom directory, run the command:
make prefix=<custom-dir> install
Where custom-dir is the destination folder for your file tree
Finally, copy this file tree into your target's device rootfs. You can do it remotely using SSH, for example.
See also Installation notes
Once installed, Mender can be enabled by executing:
systemctl enable mender-client && systemctl start mender-client
The introspection files for Mender D-Bus API can be found at documentation
- Join the Mender Hub discussion forum
- Follow us on Twitter. Please feel free to tweet us questions.
- Fork us on GitHub
- Create an issue in the bugtracker
- Email us at [email protected]
- Connect to the #mender IRC channel on Libera
Mender was created by the team at Northern.tech AS, with many contributions from the community. Thanks everyone!
Northern.tech is the leader in device lifecycle management with a mission to secure the world's connected devices. Established in 2008, Northern.tech showcases a long history of enterprise technology management before IIoT and IoT became buzzwords. Northern.tech is the company behind CFEngine, a standard in server configuration management, to automate large-scale IT operations and compliance.
Learn more about device lifecycle management for industrial IoT devices.