b982039a74
* Introduce the AccessControlManager and use if for the TargetManagement and TargetTypeManagement. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Extend the access control manager by an API to serialize the current active context and persist it for scheduled background operations like auto-assignment. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Verify modification is permitted before performing automatic assignment Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Start with controlling distribution set type access. Perform some refactoring. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Support distribution set access control. Increase character limit to 512 chars for access control context. Refactor default implementations. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Introduce ContextRunner and define admin execution to check for duplicates before creating/updating entities. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Introduce Software Module, Module Type and Artifact control management. Fix tests. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Introduce access controlling test base. Add first test verifying the read operations for target types. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Finalize target type access controlling test. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Introduce ContextRunnerTest and TargetAccessControllingTest. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Introduce DistributionSetAccessControllingTest and fix missing access control specifications. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Extend test cases. Include only updatable targets into rollout. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Fix action visibility. Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> * Modifiable->Updatable & UPDATE check where needed Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> * ContextRunner superseded by ContextAware + ContextRunner remaned to ContextAware (move as a cenral entry/concept). It now extends (and replace) TenantAware + SecurityContextTenantAware becomes ContextAware + Pluggable serialization mechanism (default Java serialization of contexts) for SecurityContextTenantAware (using SecurityContextSerializer) + AccessControl methods are added to ensure no entities fill be retrieved just to call access control - so, if all permitted - no additional db queries will be made + <repo type>AccessControl classes removed and replaced with AccessControl <repo type> generics + AccessControlService removed - every AccessControl is registered and overiden independently + access_control_context in DB increased to 4k (in order to support java security context serialization) + needed adaptaion of implemtation and tests done Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> * Refactor SoftModules & DistSets Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> * Refactoring of the Repositories Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> * Repostiotory level permissions Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> * Improvements Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> * Simplification of AccessControl interface * Simplifications & management package Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> * Implementation improvements + Artifact management & repo reviewed and tuned + Action(Status) management & repo reviewed and tuned + SoftwareModule(Type/Meta) management & repo reviewed and tuned + DistributionSet(Type/Tag/Meta) management(+Invalidation) & repo reviewed and tuned + Target(Tag/Type/Meta) management & repo reviewed and tuned + TargetQueryFilter management & repo reviewed and tuned * Apply suggestions from code review Suggestions accepted. Thanks @herdt-michael Co-authored-by: Michael Herdt <michael.herdt@bosch.com> * Apply suggestions from code review 2 Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> --------- Signed-off-by: Michael Herdt <Michael.Herdt@bosch.io> Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com> Co-authored-by: Michael Herdt <Michael.Herdt@bosch.com>
Eclipse hawkBit™ - Update Server
Eclipse hawkBit is an domain independent back end solution for rolling out software updates to constrained edge devices as well as more powerful controllers and gateways connected to IP based networking infrastructure.
Build: 
Docker: 
Documentation
Contact us
- Having questions about hawkBit? Check Stack Overflow
- Want to chat with the team behind hawkBit?
- Having issues with hawkBit? Open a GitHub issue.
- You can also check out our Project Homepage for further contact options.
Examples and Extensions
Next to the hawkBit core hosted here the project maintains as well examples and extension repositories.
hawkBit sandbox
We offer a sandbox installation that is free for everyone to try out hawkBit. However, keep in mind that the sandbox database will be reset from time to time. It is also not possible to upload any artifacts into the sandbox. But you can use it to try out the Management UI, Management API and DDI API. Keep in mind as well that you are not permitted to store any kind of personal data in the sandbox.
https://hawkbit.eclipseprojects.io/UI/login
In addition the following vendors offer free trial accounts for their hawkBit compatible products:
Device Integration (Client libraries)
hawkBit exposes HTTP/JSON based Direct Device Integration (API) API that allow any update client to integrate quite easily.
The Eclipse Hara subproject aims to provide a reference agent software implementation of the Eclipse hawkBit device API. The hara-ddiclient repository provides:
- a Kotlin library that facilitates and speeds up the development of DDI API clients running on the JVM
- a virtual-device application which provides:
- a reference example on how to use the library
- a configurable virtual device that can be used for different testing scenarios
The hara-ddiclient library has reached version 2.x, and has been successfully used in production for years.
Additionally, the hawkBit project has the long term goal to provide Eclipse Hono integration which will provide connectivity through various IoT protocols and as a result will allow a wide range of clients to connect to hawkBit.
Other open-source hawkBit Clients
There are clients outside of the Eclipse IoT eco system as well, e.g.:
- SWupdate which is a Linux Update agent with focus on a efficient and safe way to update embedded systems.
- rauc-hawkbit-updater which is a hawkBit client for the RAUC update framework written in C/glib.
- rauc-hawkbit which is a python-based hawkBit client demo application and library for the RAUC update framework.
- hawkbit-rs provides a couple of Rust crates to help implement and test hawkBit clients.
- Zephyr-RTOS: The Zephyr OS is a small-footprint kernel designed for use on resource-constrained and embedded systems: from simple embedded environmental sensors and LED wearables to sophisticated embedded controllers, smart watches, and IoT wireless applications.
- ChirpStack: ChirpStack Gateway OS uses SWUpdate for handling updates which can be integrated with Eclipse hawkBit. ChirpStack is an open-source LoRaWAN Network Server which can be used to to setup private or public LoRaWAN networks.
Runtime dependencies and support
Java Runtime Environment: 17
SQL database
| Database | H2 | MySQL/MariaDB | MS SQL Server | PostgreSQL | IBM DB2 |
|---|---|---|---|---|---|
| DDLs maintained by project | ✅ | ✅ | ✅ | ✅ | ✅ |
| Test dependencies defined | ✅ | ✅ | ✅ | ✅ | |
| Versions tested | 2.1 | MySQL 8.0.23, AWS Aurora | MS SQL Server 2017/2019 | PostgreSQL 12/13 | DB2 Server v11.1 |
| Docker image with driver provided | ✅ | ✅ (Tag: "-mysql") | ✅ | ✅ | |
| JDBC driver | H2 2.1.214 | MariaDB Connector/J 2.7.8 | MSSQL-JDBC 10.2.3.jre8 | PostgreSQL JDBC Driver 42.3.8 | |
| Status | Test, Dev | Production grade | Production grade | Test, Dev | Test, Dev |
(Optional) RabbitMQ: 3.6,3.7,3.8
Getting Started
We are providing a Spring Boot based reference Update Server including embedded H2 DB for test and evaluation purposes. Run with docker:
docker run -d -p 8080:8080 hawkbit/hawkbit-update-server
Open the update server in your browser:
See below for how to build and run the update server on your own. In addition we have a guide for setting up a complete landscape.
Note: this docker image supports both DDI and DMF APIs. However, in order to have DMF API working you shall have started additionally RabbitMQ on localhost:5672 with user guest/guest. Then the DMF will use / vhost. See more at guide -> Configure RabbitMQ connection settings.
hawkBit (Spring boot) starters
Next to the Update Server we are also providing a set of Spring Boot Starters to quick start your own Spring Boot based application.
Clone, build and run hawkBit
Build and start hawkBit Update Server
git clone https://github.com/eclipse/hawkbit.git
cd hawkbit
mvn clean install
java -jar ./hawkbit-runtime/hawkbit-update-server/target/hawkbit-update-server-#version#.jar
Start hawkBit Device Simulator (optional)
git clone https://github.com/eclipse/hawkbit-examples.git
cd hawkbit-examples
mvn clean install
java -jar ./hawkbit-device-simulator/target/hawkbit-device-simulator-#version#.jar
Generate getting started data with the Management API example (optional)
java -jar ./hawkbit-example-mgmt-simulator/target/hawkbit-example-mgmt-simulator-#version#-exec.jar
Status and API stability
hawkBit is currently in '0.X' semantic version. That is due to the need that there is still content in hawkBit that is in need for refactoring. That includes the maven module structure, Spring Boot Properties, Spring Boot auto configuration as well as internal Java APIs (e.g. the repository API ).
However, the device facing DDI API is on major version 'v1' and will be kept stable.
Server facing and DMF API are Management API are on v1 as well. However, we cannot fully guarantee the same stability during hawkBit's 0.X development but we will try as best we can.