更新 IoT Edge 安全守护程序和运行时Update the IoT Edge security daemon and runtime

当 IoT Edge 服务发布新版本时,可能需要更新 IoT Edge 设备,使其获得最新功能并改善安全性。As the IoT Edge service releases new versions, you'll want to update your IoT Edge devices for the latest features and security improvements. 本文提供有关在新版本推出时如何更新 IoT Edge 设备的信息。This article provides information about how to update your IoT Edge devices when a new version is available.

若要转移到较新的版本,需要更新 IoT Edge 设备的两个组件。Two components of an IoT Edge device need to be updated if you want to move to a newer version. 第一个组件是安全守护程序,它在设备上运行并在设备启动时启动运行时模块。The first is the security daemon, which runs on the device and starts the runtime modules when the device starts. 目前,只能从设备本身更新安全守护程序。Currently, the security daemon can only be updated from the device itself. 第二个组件是由 IoT Edge 中心和 IoT Edge 代理模块组成的运行时。The second component is the runtime, made up of the IoT Edge hub and IoT Edge agent modules. 根据部署的构造方式,可以从设备或者远程更新运行时。Depending on how you structure your deployment, the runtime can be updated from the device or remotely.

若要查找最新版本的 Azure IoT Edge,请参阅 Azure IoT Edge 版本To find the latest version of Azure IoT Edge, see Azure IoT Edge releases.

更新安全守护程序Update the security daemon

IoT Edge 安全守护程序是一个本机组件,需要使用 IoT Edge 设备上的包管理器进行更新。The IoT Edge security daemon is a native component that needs to be updated using the package manager on the IoT Edge device.

使用命令 iotedge version 检查设备上运行的安全守护程序的版本。Check the version of the security daemon running on your device by using the command iotedge version.

Linux 设备Linux devices

在 Linux x64 设备上,请使用 apt-get 或相应的包管理器将安全守护程序更新到最新版本。On Linux x64 devices, use apt-get or your appropriate package manager to update the security daemon to the latest version.

apt-get update
apt-get install libiothsm iotedge

若要更新到安全守护程序的特定版本,请在 IoT Edge 版本中查找目标版本。If you want to update to a specific version of the security daemon, find the version you want to target from IoT Edge releases. 在该版本中,找到设备的相应 libiothsm-stdiotedge 文件。In that version, locate the appropriate libiothsm-std and iotedge files for your device. 右键单击每个文件对应的链接,并复制链接地址。For each file, right-click the file link and copy the link address. 使用链接地址安装这些组件的特定版本:Use the link address to install the specific versions of those components:

curl -L <libiothsm-std link> -o libiothsm-std.deb && sudo dpkg -i ./libiothsm-std.deb
curl -L <iotedge link> -o iotedge.deb && sudo dpkg -i ./iotedge.deb

Windows 设备Windows devices

在 Windows 设备上,请使用 PowerShell 脚本更新安全守护程序。On Windows devices, use the PowerShell script to update the security daemon. 脚本会自动提取最新版本的安全守护程序。The script automatically pulls the latest version of the security daemon.

. {Invoke-WebRequest -useb aka.ms/iotedge-win} | Invoke-Expression; Update-IoTEdge -ContainerOs <Windows or Linux>

运行 Update-IoTEdge 命令会从设备中删除并更新安全守护程序以及两个运行时容器映像。Running the Update-IoTEdge command removes and updates the security daemon from your device, along with the two runtime container images. config.yaml 文件以及 Moby 容器引擎中的数据会保留在设备上(如果使用 Windows 容器)。The config.yaml file is kept on the device, as well as data from the Moby container engine (if you're using Windows containers). 保留配置信息意味着,在更新过程中,不需再次为设备提供连接字符串或设备预配服务信息。Keeping the configuration information means that you don't have to provide the connection string or Device Provisioning Service information for your device again during the update process.

若要更新到安全守护程序的特定版本,请在 IoT Edge 版本中查找目标版本。If you want to update to a specific version of the security daemon, find the version you want to target from IoT Edge releases. 在该版本中,下载 Microsoft-Azure-IoTEdge.cab 文件。In that version, download the Microsoft-Azure-IoTEdge.cab file. 然后,使用 -OfflineInstallationPath 参数指向本地文件位置。Then, use the -OfflineInstallationPath parameter to point to the local file location. 例如:For example:

. {Invoke-WebRequest -useb aka.ms/iotedge-win} | Invoke-Expression; Update-IoTEdge -ContainerOs <Windows or Linux> -OfflineInstallationPath <absolute path to directory>

备注

-OfflineInstallationPath 参数将在提供的目录中查找名为 Microsoft-Azure-IoTEdge.cab 的文件。The -OfflineInstallationPath parameter looks for a file named Microsoft-Azure-IoTEdge.cab in the directory provided. 从 IoT Edge 版本 1.0.9-rc4 开始,可以使用两个 .cab 文件,一个用于 AMD64 设备,另一个用于 ARM32。Starting with IoT Edge version 1.0.9-rc4, there are two .cab files available to use, one for AMD64 devices and one for ARM32. 下载适用于设备的正确文件,然后重命名该文件以删除体系结构后缀。Download the correct file for your device, then rename the file to remove the architecture suffix.

有关更新选项的详细信息,请使用命令 Get-Help Update-IoTEdge -full,或参考所有安装参数For more information about update options, use the command Get-Help Update-IoTEdge -full or refer to all installation parameters.

更新运行时容器Update the runtime containers

更新 IoT Edge 代理和 IoT Edge 中心容器的方式取决于在部署中使用的是滚动标记(如 1.0)还是特定标记(如 1.0.7)。The way that you update the IoT Edge agent and IoT Edge hub containers depends on whether you use rolling tags (like 1.0) or specific tags (like 1.0.7) in your deployment.

使用 iotedge logs edgeAgentiotedge logs edgeHub 命令检查设备上目前安装的 IoT Edge 代理和 IoT Edge 中心模块的版本。Check the version of the IoT Edge agent and IoT Edge hub modules currently on your device using the commands iotedge logs edgeAgent or iotedge logs edgeHub.

在日志中查找容器版本

了解 IoT Edge 标记Understand IoT Edge tags

IoT Edge 代理和 IoT Edge 中心映像使用与之关联的 IoT Edge 版本进行标记。The IoT Edge agent and IoT Edge hub images are tagged with the IoT Edge version that they are associated with. 可通过两种不同的方法对运行时映像使用标记:There are two different ways to use tags with the runtime images:

  • 滚动更新标记 - 仅使用版本号的前两个值来获取匹配这些数字的最新映像。Rolling tags - Use only the first two values of the version number to get the latest image that matches those digits. 例如,每当有新版本指向最新的 1.0.x 版时,就更新 1.0。For example, 1.0 is updated whenever there's a new release to point to the latest 1.0.x version. 如果 IoT Edge 设备的容器运行时重新提取映像,则运行时模块会更新到最新版本。If the container runtime on your IoT Edge device pulls the image again, the runtime modules are updated to the latest version. 建议在开发时使用此方法。This approach is suggested for development purposes. Azure 门户中的部署默认使用滚动更新标记。Deployments from the Azure portal default to rolling tags.

  • 特定标记 - 使用版本号的所有三个值,以显式设置映像版本。Specific tags - Use all three values of the version number to explicitly set the image version. 例如,1.0.7 在其初始版本发布后不会更改。For example, 1.0.7 won't change after its initial release. 准备好更新时,可以在部署清单中声明新的版本号。You can declare a new version number in the deployment manifest when you're ready to update. 建议在生产环境中使用此方法。This approach is suggested for production purposes.

更新滚动更新标记映像Update a rolling tag image

如果在部署中使用滚动更新标记(例如 mcr.microsoft.com/azureiotedge-hub:1.0),则需要在设备上强制实施容器运行时,以提取最新版本的映像。If you use rolling tags in your deployment (for example, mcr.microsoft.com/azureiotedge-hub:1.0) then you need to force the container runtime on your device to pull the latest version of the image.

从 IoT Edge 设备中删除本地版本的映像。Delete the local version of the image from your IoT Edge device. 在 Windows 计算机上,卸载安全守护程序时也会删除运行时映像,因此不需再次执行此步骤。On Windows machines, uninstalling the security daemon also removes the runtime images, so you don't need to take this step again.

docker rmi mcr.microsoft.com/azureiotedge-hub:1.0
docker rmi mcr.microsoft.com/azureiotedge-agent:1.0

可能需要使用 -f(强制)标志来删除映像。You may need to use the force -f flag to remove the images.

IoT Edge 服务将提取最新版本的运行时映像,并自动在设备上将其重新启动。The IoT Edge service will pull the latest versions of the runtime images and automatically start them on your device again.

更新特定标记映像Update a specific tag image

如果在部署中使用特定标记(例如 mcr.microsoft.com/azureiotedge-hub:1.0.8),则只需更新部署清单中的标记,并将更改应用到设备即可。If you use specific tags in your deployment (for example, mcr.microsoft.com/azureiotedge-hub:1.0.8) then all you need to do is update the tag in your deployment manifest and apply the changes to your device.

  1. 在 Azure 门户的 IoT 中心,选择 IoT Edge 设备,然后选择“设置模块” 。In the IoT Hub in the Azure portal, select your IoT Edge device, and select Set Modules.

  2. 在“IoT Edge 模块”部分中,选择“运行时设置” 。In the IoT Edge Modules section, select Runtime Settings.

    配置运行时设置

  3. 在”运行时设置”中,将“Edge 中心”的“映像”值更新为所需的版本 。In Runtime Settings, update the Image value for Edge Hub with the desired version. 暂时不要选择“保存” 。Don't select Save just yet.

    更新 Edge 中心的映像版本

  4. 折叠“Edge 中心”设置,或向下滚动,将“Edge 代理”的“映像”值更新为所需的相同版本 。Collapse the Edge Hub settings, or scroll down, and update the Image value for Edge Agent with the same desired version.

    更新 Edge 中心的代理版本

  5. 选择“保存” 。Select Save.

  6. 选择“查看 + 创建”,检查部署,然后选择“创建” 。Select Review + create, review the deployment, and select Create.

脱机更新或更新到特定版本Update offline or to a specific version

若要脱机更新设备,或者更新到特定版本的 IoT Edge 而不是最新版本,则可使用 -OfflineInstallationPath 参数执行该操作。If you want to update a device offline, or update to a specific version of IoT Edge rather than the most recent version, you can do so with the -OfflineInstallationPath parameter.

用于更新 IoT Edge 设备的两个组件:Two components are used to update an IoT Edge device:

  • 一个 PowerShell 脚本,其中包含安装说明A PowerShell script, which contains the installation instructions
  • Microsoft Azure IoT Edge cab,其中包含 IoT Edge 安全守护程序 (iotedged)、Moby 容器引擎和 Moby CLIMicrosoft Azure IoT Edge cab, which contains the IoT Edge security daemon (iotedged), Moby container engine, and Moby CLI
  1. 有关最新的 IoT Edge 安装文件以及旧版本,请参阅 Azure IoT Edge 版本For the latest IoT Edge installation files along with previous versions, see Azure IoT Edge releases.

  2. 找到要安装的版本,然后从发行说明的“资产” 部分将以下文件下载到 IoT 设备上:Find the version that you want to install, and download the following files from the Assets section of the release notes onto your IoT device:

    • IoTEdgeSecurityDaemon.ps1IoTEdgeSecurityDaemon.ps1
    • 1.0.9 或更高版本中的 Microsoft-Azure-IoTEdge-amd64.cab,或者 1.0.8 或更低版本中的 Microsoft-Azure-IoTEdge.cab。Microsoft-Azure-IoTEdge-amd64.cab from releases 1.0.9 or newer, or Microsoft-Azure-IoTEdge.cab from releases 1.0.8 and older.

    从 1.0.9 开始,也可以使用 Microsoft-Azure-IotEdge-arm32.cab(仅用于测试目的)。Microsoft-Azure-IotEdge-arm32.cab is also available beginning in 1.0.9 for testing purposes only. Windows ARM32 设备目前不支持 IoT Edge。IoT Edge is not currently supported on Windows ARM32 devices.

    请务必使用与所使用的 .cab 文件的版本相同的 PowerShell 脚本,因为功能会进行更改以支持每个版本中的特性。It's important to use the PowerShell script from the same release as the .cab file that you use because the functionality changes to support the features in each release.

  3. 如果下载的 .cab 文件在其上有体系结构后缀,则只需将该文件重命名为“Microsoft-Azure-IoTEdge.cab”即可 。If the .cab file you downloaded has an architecture suffix on it, rename the file to just Microsoft-Azure-IoTEdge.cab.

  4. 若要使用脱机组件进行更新,请使用点获取 PowerShell 脚本本地副本的来源To update with offline components, dot source the local copy of the PowerShell script. 然后,使用 -OfflineInstallationPath 参数作为 Update-IoTEdge 命令的一部分,并提供文件目录的绝对路径。Then, use the -OfflineInstallationPath parameter as part of the Update-IoTEdge command and provide the absolute path to the file directory. 例如,For example,

    . <path>\IoTEdgeSecurityDaemon.ps1
    Update-IoTEdge -OfflineInstallationPath <path>
    

更新到候选发布版本Update to a release candidate version

Azure IoT Edge 定期发布新版 IoT Edge 服务。Azure IoT Edge regularly releases new versions of the IoT Edge service. 在发布每个稳定版本之前,会有一个或多个候选发布 (RC) 版本。Before each stable release, there is one or more release candidate (RC) versions. RC 版本包括发布版的所有计划内功能,但仍需进行测试和验证。RC versions include all the planned features for the release, but are still going through testing and validation. 若要提前测试某项新功能,可以安装 RC 版本,然后通过 GitHub 提供反馈。If you want to test a new feature early, you can install an RC version and provide feedback through GitHub.

候选发布版本遵循相同的版本编号约定,但会在末尾追加 -rc 和一个增量数字。Release candidate versions follow the same numbering convention of releases, but have -rc plus an incremental number appended to the end. 可以在与稳定版本相同的 Azure IoT Edge 版本列表中查看候选发布版本。You can see the release candidates in the same list of Azure IoT Edge releases as the stable versions. 例如,可以找到 1.0.7-rc11.0.7-rc2 这两个在 1.0.7 之前发布的候选发布版本。For example, find 1.0.7-rc1 and 1.0.7-rc2, the two release candidates that came before 1.0.7. 还可以看到 RC 版本带有预发行版标签。You can also see that RC versions are marked with pre-release labels.

IoT Edge 代理和中心模块包含根据相同约定标记的 RC 版本。The IoT Edge agent and hub modules have RC versions that are tagged with the same convention. 例如 mcr.microsoft.com/azureiotedge-hub:1.0.7-rc2For example, mcr.microsoft.com/azureiotedge-hub:1.0.7-rc2.

充当预览版的候选发布版本不会包括在常规安装程序所针对的最新版本中。As previews, release candidate versions aren't included as the latest version that the regular installers target. 需要手动将要测试的 RC 版资产设为目标。Instead, you need to manually target the assets for the RC version that you want to test. 大多数情况下,安装或更新到 RC 版本的过程与将目标设为任何其他特定版本的 IoT Edge 相同。For the most part, installing or updating to an RC version is the same as targeting any other specific version of IoT Edge.

使用本文中的部分了解如何将 IoT Edge 设备更新到特定版本的安全守护程序或运行时模块。Use the sections in this article to learn how to update an IoT Edge device to a specific version of the security daemon or runtime modules.

如果在新计算机上安装 IoT Edge,请使用以下链接了解如何根据设备操作系统安装特定的版本:If you're installing IoT Edge on a new machine, use the following links to learn how to install a specific version depending on your device operating system:

后续步骤Next steps

查看最新的 Azure IoT Edge 版本View the latest Azure IoT Edge releases.

持续关注物联网博客中的最新更新和公告Stay up-to-date with recent updates and announcement in the Internet of Things blog