Skip to content

Setup next generation supervisor #2426

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
pipex wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

Setup next generation supervisor #2426

pipex wants to merge 3 commits into from

Conversation

@pipex
Copy link
Contributor

@pipex pipex commented Jun 23, 2025
edited
Loading

This adds a new service to the supervisor composition. This new service supervisor-next, proxies communications between this supervisor, the API and app containers. The new service will little by little take over features of this supervisor until we can drop it entirely.

The new service is written in Rust for better memory safety and lower resource usage. It will also feature a new planning engine based on mahler, which removes the need for hard-coding workflows (no more application manager and infer next steps), but can automatically derive a plan from the target and task definitions. The new engine also features better logging and is easier to test.

Testing the new service

Run the following commands in your hostOS, replacing the correct architecture in the supervisor_release variable

# Set necessary variables
api_key=$(cat /mnt/boot/config.json | jq -r .deviceApiKey)
uuid=$(cat /mnt/boot/config.json | jq -r .uuid)
api_endpoint=$(cat /mnt/boot/config.json | jq -r .apiEndpoint)

# Supervisor releases
amd64_supervisor=3651653
aarch64_supervisor=3651650
armv7_supervisor=3651652
# Make sure to use the right id for your architecture here
supervisor_release="${aarch64_supervisor}"

supervisor_img=$(\
  curl -X GET \
    "$api_endpoint/v7/release($supervisor_release)?\$expand=contains__image(\$expand=image(\$select=is_stored_at__image_location))" \
    -H  "Content-Type: application/json" \
    -H "Authorization: Bearer $api_key" | jq -r .d[0].contains__image[0].image[0].is_stored_at__image_location \
)

# Patch the device to the draft release
curl -X PATCH -H "Authorization: Bearer $api_key" -H  "Content-Type: application/json" "$api_endpoint/v6/device?\$filter=uuid%20eq%20'$uuid'" -d "{\"should_be_managed_by__supervisor_release\": $supervisor_release}"

# Update the supervisor to the target image
update-balena-supervisor -i "$supervisor_img"

Change-type: minor

@flowzone-app flowzone-app bot enabled auto-merge June 23, 2025 19:16
@pipex pipex marked this pull request as draft June 23, 2025 19:37
auto-merge was automatically disabled June 23, 2025 19:37

Pull request was converted to draft

@pipex pipex force-pushed the supervisor-next branch 5 times, most recently from a2e8137 to a02c54a Compare June 26, 2025 03:30
@pipex pipex mentioned this pull request Jun 26, 2025
Closed
@pipex pipex force-pushed the supervisor-next branch 4 times, most recently from 93d5426 to 642c730 Compare July 8, 2025 21:05
@pipex pipex mentioned this pull request Jul 15, 2025
Merged
@pipex pipex force-pushed the supervisor-next branch 10 times, most recently from 5b3b550 to 055f8d5 Compare July 18, 2025 15:03
@pipex pipex force-pushed the supervisor-next branch 3 times, most recently from 3b2acbd to 260efbc Compare July 25, 2025 21:47
@pipex pipex force-pushed the supervisor-next branch 2 times, most recently from 25f50bd to 3ffe276 Compare August 6, 2025 21:10
@pipex pipex force-pushed the supervisor-next branch 7 times, most recently from e167a3c to 59117c3 Compare September 8, 2025 13:50
@pipex pipex force-pushed the supervisor-next branch 3 times, most recently from b50d446 to 4729cab Compare September 11, 2025 20:31
@pipex pipex force-pushed the supervisor-next branch 2 times, most recently from 70a433f to 91a8ce5 Compare November 3, 2025 19:57
pipex added 2 commits December 4, 2025 12:05
@pipex
Allow overriding apiEndpoint from a database field
34dc883 
This is an experimental change to allow an external service to intercept
API calls of the supervisor as a potential path for migration

Change-type: patch
@pipex
Add firewall configurations for the override port
ffb22f3 
When the override port is set, the firewall is configured to only allow
traffic on `supervisor0` interface for that port. In that case a new
chain `BALENA-SUPERVISOR` is added to `DOCKER-USER`, that chain blocks
access to the regular listen port from any interface other than
resin-vpn when in non-local-mode and allows any traffic on local-mode.

Change-type: patch
@pipex
Add helios service to composition
07007aa 
Helios is the experimental supervisor replacement. The service acts as
a proxy for the existing supervisor and will slowly take over supervisor features

This also adds a `helios-api` service to listen on port 48484

Change-type: minor
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pipex