Getting started documentation #127
Conversation
danielskinstad
force-pushed
the
get-started-docs
branch
from
4dfaec8 to
8a711d3
Compare
danielskinstad
force-pushed
the
get-started-docs
branch
from
8a711d3 to
c3e9c6b
Compare
There was a problem hiding this comment.
Done now with the review. Overall looks pretty comprehensive to me. You are covering everything that I listed in the JIRA task so from that side is good.
I added few more comments.
I suggest you first do now a round of small fixing (based on my comments) and then besides us the developers ping also our PO an docs owner for final review. We might get more feedback wrt the technical level of this guide and we might need to either write more stuff and/or create follow-up tasks to refactor some parts (example: I could see the PO suggesting to move the HM certs to mender-mcu)
Thank you for tackling this one 🍿
danielskinstad
force-pushed
the
get-started-docs
branch
from
c3e9c6b to
1c0b4c6
Compare
danielskinstad
changed the title
danielskinstad
force-pushed
the
get-started-docs
branch
from
1c0b4c6 to
2de4c32
Compare
| ``` | ||
| cmake -C cmake/CMake_posix_defaults.txt -B build tests/smoke | ||
| ``` | ||
| The `mender-mcu` client can take up to two certificates; typically one for the Server API calls, and |
There was a problem hiding this comment.
Good you document this clearly but this seems like a limit we need to increase. If certificates need rotation we need to have the building blocks. I think we at least need support for 4 (two for each).
There was a problem hiding this comment.
This brings a point that we should rather move all the certs handling into mender-mcu core repo. Right now in the core we define if there will be one or two, but then is the application (mender-mcu-integration or any other user application) that will add the certs via tls_credential_add(...). Instead, we can (and should?) have the mender client init function add the certs.
I suggest we create a task for this and do not modify the README further. In the task we shall write that the README needs to be updated accordingly.
There was a problem hiding this comment.
I don't quite see how this is part of the mender-mcu (client) scope. In my eyes, this is part of the "environment", just like the network setup (including TLS support) and other similar things.
There was a problem hiding this comment.
That is a valid point (and the original point for having it out of Mender hands).
But it gets tricky for us when down in the code zsock_setsockopt needs to know the CA tags (up to 4).
At least we should think about how to simplify this part 🤔 We could maybe have yet another callback to get this TLS_SEC_TAG_LIST from the user.
To move the topic forward: discuss in next client team meeting and create a task either for moving it to mender-mcu (most likely not) or other ideas for decoupling it a bit (like mine above or others).
danielskinstad
force-pushed
the
get-started-docs
branch
from
2de4c32 to
74a70b1
Compare
Ticket: MEN-7871 Signed-off-by: Daniel Skinstad Drabitzius <[email protected]>
danielskinstad
force-pushed
the
get-started-docs
branch
from
74a70b1 to
cc3f69b
Compare
No description provided.