Question about going to production

I’ve been playing around with the Ubuntu Core for a few days, and it seems fairly simple to create an image and install snaps. However I’m struggling finding precise information on how this all should be done when creating a mass market iot product with the Ubuntu Core. Basically, what is the correct way to a) remove the first-boot console-conf, b) remove the Ubuntu SSO login and c) Start some specific snap automatically?

So basically have your device to boot up to the actual app it supposed to start with out from the box. I’ve read the production model articles, but they don’t really answer this question.

Edit: And I’ve searched / found a few forum topics and blog posts that touch this question, but those seem very unofficial or hacky. I’m assuming this is a very basic use case for an IoT OS, thus asking.

Edit2: And by removing the SSO login I mean hiding it from the end user. If I understand correctly the SSO is required, but what is the correct way of hiding it?

Thanks!

1 Like

Just to clarify, not gonna bump this up anymore:

What is the correct way to create an Ubuntu Core image that first-time-boots to a certain snap app?

This from the perspective of creating an actual mass market IoT product. I’m happy for any link / resource to study. I just can’t wrap my head around how the SSO concept should be implemented in this scenario. For sure there can’t be a Ubuntu SSO login required for every user for let’s say a Chromecast type of device.

I don’t know the nitty-gritty details, and have poked some people who do to have a look at your question, but essentially: you define a model that lists what snaps your device should have, create an image with that. The snaps are seeded onto the image, snapd brings it up on first boot, everything working. You can also arrange so that the device comes with networking preconfigured, and with ssh disabled.

Edit: @ogra says you might be interested in

1 Like

Thanks for the answer! These 2 points are pretty much what I’m after.

  • I’ve found some posts about the network config, would be awesome to have a tutorial simply focusing on this. I’m once again assuming it’s a question most of the devs planning an IoT device is gonna be facing at some point.

  • I would really like to have a bit better high level understanding of the SSO concept here… Does it enable the ssh? If it’s disabled, does the updating of the snaps still work? As you see I’m a bit in the woods here :slight_smile:

In general, ubuntu-core works without any additional user. The first boot experience (provided by console-conf) allows you provide an initial network config and to provide an email address for an Ubuntu SSO (login.ubuntu.com) account that (if it has an SSH public key uploaded) creates a “system-user” on the device. That user can then ssh to the device and can run commands, including with sudo. However, this user is not required at all. Applications (provided through snaps) run as root user but strictly confined (by apparmor and seccomp). snaps are updated on the system without any such system user.

1 Like

Thanks this explains a lot! A gui snap to define the network would be awesome to have, but that’s another story.

One more question regarding to this topic: how it is defined which snap is started first?

Only snaps which declare daemons will be automatically run, and the order in which the daemons from snaps start is not well defined (AFAIK it’s not deterministic though there is some design work done by the snapd team to accommodate this see Cross snap service ordering)

Note that you can control the start order of daemons within a single snap by using after and before in the snap, but this requires that you be the author of the snap. See Service ordering for more details

1 Like

Regarding network configuration, if you could live with having a prepared netplan.yaml imported via USB when provisioning a newly installed device, the “netplan-import” part of:

might be of interest for you … it will automatically mount a plugged in USB key, look for a file called “netplan.yaml” in the toplevel dir, import it if it finds it and reboot with a new network configuration.

has some more background info.