...
- Preconditioning a device
- Deployment conditioning
- Introspection of the device to derive the device capabilities and turn those capabilities into node properties.
- Creation of resources (folders, docker volumes, networks) required by applications. These resources would persist across application restarts.
- Installation of OS packages to ensure that the host has any packages that an application depends on.
- Scan the host for security vulnerabilities.
- Prevent installation of the OH agent or OH services based on the state of the device (e.g. it has software on it with a security vulnerability).
- Apply an Accuknox security policy to the device.
- ...
From the list above, it is clear that there are 2 points in the OH device lifecycle where conditioning is required. The first is near the point where the agent is initially installed. The second is where an agreement has been made and services are about to be deployed. Further, sometimes the required conditioning is not changing anything at all, just inspecting the device in various ways and possibly conditioning the OH metadata describing the device.
Is there a similar requirement for edge clusters?
Some really rough ideas at this point:
- Completely open pre and post conditioning - A device owner provides a bash script that executes before and after agent registration. A service developer provides a bash script that runs before and after a service is started.
- A framework that invokes specifically named bash script functions at various points in the lifecycle, more closely related to the use cases described in the overview.
- A completely metadata driven approach - There is no code to write, but instead the device owner and service developer provide a metadata description of what they want the system to do and how to handle the results.
Note to John W: the following user stories differ somewhat from the "conditioning" use cases in the overview. Applying user roles to the requirements helps focus the design by pointing to the point in the system where the requirement should be addressed.
As a device owner, I want the agent to discover custom device attributes and add them to the device's node policy.
As an application developer, I want OH to create system resources (folders, docker volumes, etc) that will persist beyond the boundaries of an agreement.
As an application deployer, I want to avoid nodes that have certain known security vulnerabilities.
As a device owner, I want to apply a security policy to the node before any applications are deployed.
...