Snap devices¶
Configuring devices¶
You will need at least snapd
2.30 on your device and access to a
registered Snap Store Proxy.
To configure snapd
on a device to talk to the proxy, you need to snap ack
the signed assertion that allows snapd
to trust the proxy, e.g.:
curl -sL http://<domain>/v2/auth/store/assertions | sudo snap ack /dev/stdin
Once snapd
knows about the store assertion, you then have to configure it to use the proxy:
sudo snap set core proxy.store=STORE_ID
You can retrieve the STORE_ID
using the status command on the Proxy server:
snap-proxy status
Disconnecting devices¶
If you want to later disconnect a device from the proxy:
sudo snap set core proxy.store=''
Note that the next time the device refreshes, it will get the upstream snap revisions (any overrides won’t be in effect).
Obtaining serial assertions¶
Devices without a serial assertion are able to obtain one when using the Snap Store Proxy.
If your devices are configured to use a specific device-service.url
via your
gadget snap, then snapd
will send the
device registration request to that device service via the Snap Store Proxy.
This means that you can use a specific serial-vault service to obtain serial
assertions for your devices running behind a Snap Store Proxy. Make sure that
your Snap Store Proxy is able to connect to this specific serial-vault service.
!!! NOTE:
By default Snap Store Proxy allows only the
https://serial-vault-partners.canonical.com
serial-vault requests to pass
through it.
Since version 2.19 of the snap-store-proxy, the
proxy.device-auth.allowed-device-service-urls
setting can be used to control
the list of allowed device services (Serial Vaults), e.g.:
sudo snap-proxy config \
proxy.device-auth.allowed-device-service-urls='["https://sv1.internal", "https://sv2.internal"]'
Next step¶
With devices connected to the proxy, you can create overrides to control snap updates on them.