了解单设备或大规模的 IoT Edge 自动部署Understand IoT Edge automatic deployments for single devices or at scale

自动部署和分层部署可帮助你在大量 IoT Edge 设备上管理和配置模块。Automatic deployments and layered deployment help you manage and configure modules on large numbers of IoT Edge devices.

Azure IoT Edge 提供了两种方法来配置要在 IoT Edge 设备上运行的模块。Azure IoT Edge provides two ways to configure the modules to run on IoT Edge devices. 第一种方法是在每个设备上部署模块。The first method is to deploy modules on a per-device basis. 创建部署清单,并按名称将其应用到特定设备。You create a deployment manifest and then apply it to a particular device by name. 第二种方法是将模块自动部署到满足一组定义条件的任何已注册设备。The second method is to deploy modules automatically to any registered device that meets a set of defined conditions. 创建一个部署清单,然后根据设备孪生中的标记来定义应用它的设备。You create a deployment manifest and then define which devices it applies to based on tags in the device twin.

本文重点介绍如何配置和监视设备群(统称为 IoT Edge 自动部署)。 This article focuses on configuring and monitoring fleets of devices, collectively referred to as IoT Edge automatic deployments. 基本部署步骤如下所述: The basic deployment steps are as follows:

  1. 由操作员来定义部署,描述一组模块和目标设备。An operator defines a deployment that describes a set of modules and the target devices. 每个部署都有一个反映此信息的部署清单。 Each deployment has a deployment manifest that reflects this information.
  2. IoT 中心服务与所有目标设备通信,为其配置声明的模块。The IoT Hub service communicates with all targeted devices to configure them with the declared modules.
  3. IoT 中心服务从 IoT Edge 设备检索状态,然后将这些状态提供给操作员。The IoT Hub service retrieves status from the IoT Edge devices and makes them available to the operator.  例如,如果某个 Edge 设备配置不成功,或者某个模块在运行时发生故障,操作员就会看到。  For example, an operator can see when an Edge device isn't configured successfully or if a module fails during runtime.
  4. 随时对新的符合目标条件的 IoT Edge 设备进行部署配置。At any time, new IoT Edge devices that meet the targeting conditions are configured for the deployment.

本文将介绍配置和监视部署过程中涉及的每个组件。This article describes each component involved in configuring and monitoring a deployment. 如需创建和更新部署的详细介绍,请参阅大规模部署和监视 IoT Edge 模块For a walkthrough of creating and updating a deployment, see Deploy and monitor IoT Edge modules at scale.

部署Deployment

loT Edge 自动部署会分配 IoT Edge 模块映像,这些映像在一组 IoT Edge 目标设备上作为实例运行。An IoT Edge automatic deployment assigns IoT Edge module images to run as instances on a targeted set of IoT Edge devices. 操作方式是:配置一个 IoT Edge 部署清单,其中包括一系列模块和相应的初始化参数。It works by configuring an IoT Edge deployment manifest to include a list of modules with the corresponding initialization parameters. 部署可以分配给单个设备(根据设备 ID 分配),也可以分配给一组设备(根据标记)。 A deployment can be assigned to a single device (based on Device ID) or to a group of devices (based on tags). IoT Edge 设备在收到部署清单以后,就会从各个容器存储库下载并安装容器映像,并对其进行相应的配置。 Once an IoT Edge device receives a deployment manifest, it downloads and installs the container images from the respective container repositories, and configures them accordingly. 创建部署以后,操作员可以监视部署状态,看目标设备是否已正确配置。 Once a deployment is created, an operator can monitor the deployment status to see whether targeted devices are correctly configured.

只能通过部署配置 IoT Edge 设备。Only IoT Edge devices can be configured with a deployment. 设备在接收部署之前,必须具备以下先决条件:The following prerequisites must be on the device before it can receive the deployment:

  • 基础操作系统The base operating system
  • 容器管理系统,如 Moby 或 DockerA container management system, like Moby or Docker
  • 预配 IoT Edge 运行时Provisioning of the IoT Edge runtime

部署清单Deployment manifest

部署清单是一个 JSON 文档,用于描述要在目标 IoT Edge 设备上配置的模块。A deployment manifest is a JSON document that describes the modules to be configured on the targeted IoT Edge devices. 它包含所有模块的配置元数据,其中包括必需的系统模块(具体说来,就是 IoT Edge 代理和 IoT Edge 中心)。It contains the configuration metadata for all the modules, including the required system modules (specifically the IoT Edge agent and IoT Edge hub). 

每个模块的配置元数据包括:The configuration metadata for each module includes:

  • 版本Version
  • 类型Type
  • 状态(例如,正在运行或已停止)Status (for example, running or stopped)
  • 重启策略Restart policy
  • 映像和容器注册表Image and container registry
  • 数据输入和输出的路由Routes for data input and output

如果模块映像存储在专用容器注册表中,则 IoT Edge 代理会保留注册表凭据。If the module image is stored in a private container registry, the IoT Edge agent holds the registry credentials.

目标条件Target condition

在部署的整个生存期内会持续对目标条件进行评估。The target condition is continuously evaluated throughout the lifetime of the deployment. 将包括满足要求的任何新设备,并删除不再满足要求的任何现有设备。Any new devices that meet the requirements are included, and any existing devices that no longer do are removed. 如果服务检测到任何目标条件更改,则会重新激活部署。The deployment is reactivated if the service detects any target condition change.

例如,某个部署具有目标条件 tags.environment = 'prod'。For example, you have a deployment with a target condition tags.environment = 'prod'. 启动该部署时,共有 10 个生产设备。When you kick off the deployment, there are 10 production devices. 这 10 个设备都成功安装了模块。The modules are successfully installed in these 10 devices. IoT Edge 代理状态显示总共有 10 个设备,10 个成功响应,0 个失败响应,以及 0 个挂起响应。The IoT Edge agent status shows 10 total devices, 10 successful responses, 0 failure responses, and 0 pending responses. 现在,又添加 5 个 tags.environment = 'prod' 的设备。Now you add five more devices with tags.environment = 'prod'. 服务检测到更改,当它部署到 5 个新设备时,IoT Edge 代理状态变为总共 15 个设备,10 个成功响应,0 个失败响应,以及 5 个挂起响应。The service detects the change and the IoT Edge agent status becomes 15 total devices, 10 successful responses, 0 failure responses, and 5 pending responses while it deploys to the five new devices.

在设备克隆标记、设备孪生报告属性或 deviceId 中使用任何布尔条件来选择目标设备。Use any Boolean condition on device twin tags, device twin reported properties, or deviceId to select the target devices. 如果想将条件与标记结合使用,则需在设备孪生中与属性相同的级别下添加 "tags":{} 节。If you want to use condition with tags, you need to add "tags":{} section in the device twin under the same level as properties. 深入了解设备孪生中的标记Learn more about tags in device twin

目标条件的示例:Examples of target conditions:

  • deviceId ='linuxprod1'deviceId ='linuxprod1'
  • tags.environment ='prod'tags.environment ='prod'
  • tags.environment = 'prod' AND tags.location = 'chinaeast'tags.environment = 'prod' AND tags.location = 'chinaeast'
  • tags.environment = 'prod' OR tags.location = 'chinaeast'tags.environment = 'prod' OR tags.location = 'chinaeast'
  • tags.operator = 'John' AND tags.environment = 'prod' AND NOT deviceId = 'linuxprod1'tags.operator = 'John' AND tags.environment = 'prod' AND NOT deviceId = 'linuxprod1'
  • properties.reported.devicemodel = '4000x'properties.reported.devicemodel = '4000x'

构造目标条件时请注意以下约束:Consider these constraints when you construct a target condition:

  • 在设备孪生中,只能使用标记、报告属性或 deviceId 生成目标条件。In device twin, you can only build a target condition using tags, reported properties, or deviceId.
  • 目标条件的任何部分都不允许用双引号引起来。Double quotes aren't allowed in any portion of the target condition. 请使用单引号。Use single quotes.
  • 单引号表示目标条件的值。Single quotes represent the values of the target condition. 因此,如果某个单引号是设备名称的一部分,则必须使用另一个单引号对其转义。Therefore, you must escape the single quote with another single quote if it's part of the device name. 若要以名为 operator'sDevice 的设备为目标,请编写 deviceId='operator''sDevice'For example, to target a device called operator'sDevice, write deviceId='operator''sDevice'.
  • 目标条件值中允许使用数字、字母和以下字符:-:.+%_#*?!(),=@;$Numbers, letters, and the following characters are allowed in target condition values: -:.+%_#*?!(),=@;$.

优先级Priority

优先级定义相对于其他部署,是否更应将某个部署应用到目标设备。A priority defines whether a deployment should be applied to a targeted device relative to other deployments. 部署优先级是一个正整数,数字越大表示优先级越高。A deployment priority is a positive integer, with larger numbers denoting higher priority. 如果多个部署均以某个 IoT Edge 设备为目标,则应用优先级最高的部署。If an IoT Edge device is targeted by more than one deployment, the deployment with the highest priority applies.  不会应用或合并优先级较低的部署。  Deployments with lower priorities are not applied, nor are they merged.  如果两个或两个以上优先级相同的部署以某个设备为目标,则应用最近创建的部署(取决于创建时间戳)。  If a device is targeted with two or more deployments with equal priority, the most recently created deployment (determined by the creation timestamp) applies.

标签Labels

标签是字符串键/值对,可以用于部署的筛选和分组。Labels are string key/value pairs that you can use to filter and group deployments. 一个部署可能有多个标签。 A deployment may have multiple labels. 标签是可选的,不影响 IoT Edge 设备的实际配置。Labels are optional and don't impact the actual configuration of IoT Edge devices.

指标Metrics

默认情况下,所有部署都按四个指标进行报告:By default, all deployments report on four metrics:

  • 目标显示与部署目标条件匹配的 IoT Edge 设备。Targeted shows the IoT Edge devices that match the Deployment targeting condition.
  • 已应用显示的目标 IoT Edge 设备尚未成为另一优先级更高的部署的目标。Applied shows the targeted IoT Edge devices that are not targeted by another deployment of higher priority.
  • “报告成功”显示已报告了成功部署模块的 IoT Edge 设备。 Reporting Success shows the IoT Edge devices that have reported that the modules have been deployed successfully.
  • “报告失败”显示已报告未成功部署一个或多个模块的 IoT Edge 设备。 Reporting Failure shows the IoT Edge devices that have reported that one or more modules haven't been deployed successfully. 若要进一步调查此错误,请通过远程方式连接到这些设备并查看日志文件。To further investigate the error, connect remotely to those devices and view the log files.

此外,还可以定义自己的自定义指标来帮助监视和管理部署。Additionally, you can define your own custom metrics to help monitor and manage the deployment.

指标提供各种状态的摘要计数,设备可能在应用部署配置后报告这些状态。Metrics provide summary counts of the various states that devices may report back as a result of applying a deployment configuration. 指标可以查询 edgeHub 模块孪生报告属性,例如 lastDesiredStatuslastConnectTimeMetrics can query edgeHub module twin reported properties, like lastDesiredStatus or lastConnectTime. 例如:For example:

SELECT deviceId FROM devices
  WHERE properties.reported.lastDesiredStatus.code = 200

可选择添加自己的指标,这不影响 IoT Edge 设备的实际配置。Adding your own metrics is optional, and doesn't impact the actual configuration of IoT Edge devices.

分层部署Layered deployment

分层部署是自动部署,可将其组合在一起以减少需要创建的唯一部署数量。Layered deployments are automatic deployments that can be combined together to reduce the number of unique deployments that need to be created. 在许多自动部署的不同组合中重复使用相同的模块时,分层部署非常有用。Layered deployments are useful in scenarios where the same modules are reused in different combinations in many automatic deployments.

分层部署具有与所有自动部署相同的基本组件。Layered deployments have the same basic components as any automatic deployment. 它们基于设备孪生中的标记定位设备,并在标签、指标和状态报告方面提供相同的功能。They target devices based on tags in the device twins, and provide the same functionality around labels, metrics, and status reporting. 分层部署也分配有优先级,但不会使用优先级来确定将哪个部署应用于设备,而是确定在设备上如何对多个部署进行排序。Layered deployments also have priorities assigned to them, but instead of using the priority to determine which deployment is applied to a device, the priority determines how multiple deployments are ranked on a device. 例如,如果两个分层部署具有相同名称的模块或路由,则将应用优先级较高的分层部署,同时覆盖较低的优先级。For example, if two layered deployments have a module or a route with the same name, the layered deployment with the higher priority will be applied while the lower priority is overwritten.

系统运行时模块 edgeAgent 和 edgeHub 未配置为分层部署的一部分。The system runtime modules, edgeAgent and edgeHub, are not configured as part of a layered deployment. 对于分层部署所针对的任何 IoT Edge 设备,需要先向其应用标准自动部署。Any IoT Edge device targeted by a layered deployment needs a standard automatic deployment applied to it first. 自动部署提供添加分层部署的基础。The automatic deployment provides the base upon which layered deployments can be added.

IoT Edge 设备只能应用一个标准自动部署,但它可以应用多个分层自动部署。An IoT Edge device can apply one and only one standard automatic deployment, but it can apply multiple layered automatic deployments. 任何针对设备的分层部署都必须具有比该设备的自动部署更高的优先级。Any layered deployments targeting a device must have a higher priority than the automatic deployment for that device.

例如,请考虑下面管理建筑物的公司的情况。For example, consider the following scenario of a company that manages buildings. 他们开发 IoT Edge 模块,用于收集监控摄像机、运动传感器和电梯的数据。They developed IoT Edge modules for collecting data from security cameras, motion sensors, and elevators. 但是,并非所有建筑物都可以使用这三个模块。However, not all their buildings can use all three modules. 对于标准自动部署,公司需要为建筑所需的所有模块组合创建单独的部署。With standard automatic deployments, the company needs to create individual deployments for all the module combinations that their buildings need.

标准自动部署需要容纳每个模块组合

但是,一旦公司切换到分层自动部署,他们就会发现,他们可以为建筑物创建相同的模块组合,而且需要管理的部署更少。However, once the company switches to layered automatic deployments they find that they can create the same module combinations for their buildings with fewer deployments to manage. 每个模块都有其自己的分层部署,设备标记用于识别添加到每个建筑中的模块。Each module has its own layered deployment, and the device tags identify which modules get added to each building.

分层自动部署简化了以不同方式组合相同模块的方案

模块孪生配置Module twin configuration

使用分层部署时,可能有意或无意地对针对设备的同一模块使用两个部署。When you work with layered deployments, you may, intentionally or otherwise, have two deployments with the same module targeting a device. 在这些情况下,可以决定较高优先级的部署是否应覆盖模块孪生或进行追加。In those cases, you can decide whether the higher priority deployment should overwrite the module twin or append to it. 例如,你可能有一个将同一模块应用于 100 个不同设备的部署。For example, you may have a deployment that applies the same module to 100 different devices. 但是,其中 10 个设备位于安全设施中,需要额外配置才能通过代理服务器进行通信。However, 10 of those devices are in secure facilities and need additional configuration in order to communicate through proxy servers. 你可以使用分层部署来添加模块孪生属性,以便这 10 个设备可安全通信,而不会覆盖基本部署中现有的模块孪生信息。You can use a layered deployment to add module twin properties that enable those 10 devices to communicate securely without overwriting the existing module twin information from the base deployment.

可以在部署清单中追加模块孪生所需属性。You can append module twin desired properties in the deployment manifest. 在标准部署中,你可以在模块孪生的 properties.desired 部分中添加属性,而在层部署中,你可以声明所需属性的新子集 。Where in a standard deployment you would add properties in the properties.desired section of the module twin, in a layered deployment you can declare a new subset of desired properties.

例如,在标准部署中,可以添加具有以下所需属性的模拟温度传感器模块,这些属性指示在 5 秒的时间间隔内发送数据:For example, in a standard deployment you might add the simulated temperature sensor module with the following desired properties that tell it to send data in 5-second intervals:

"SimulatedTemperatureSensor": {
  "properties.desired": {
    "SendData": true,
    "SendInterval": 5
  }
}

在针对一部分或全部相同设备的分层部署中,可以添加一个属性,用于告知模拟传感器发送 1000 条消息,然后停止。In a layered deployment that targets some or all of the same devices, you could add a property that tells the simulated sensor to send 1000 messages and then stop. 如果你不希望覆盖现有的属性,可以在名为 layeredProperties 的所需属性(其中包含新属性)中创建一个新节:You don't want to overwrite the existing properties, so you create a new section within the desired properties called layeredProperties, which contains the new property:

"SimulatedTemperatureSensor": {
  "properties.desired.layeredProperties": {
    "StopAfterCount": 1000
  }
}

如果设备同时应用了这两个部署,则将在模拟温度传感器的模块孪生中反映以下属性:A device that has both deployments applied will reflect the following properties in the module twin for the simulated temperature sensor:

"properties": {
  "desired": {
    "SendData": true,
    "SendInterval": 5,
    "layeredProperties": {
      "StopAfterCount": 1000
    }
  }
}

如果在分层部署中设置模块孪生的 properties.desired 字段,它将覆盖任何较低优先级的部署中该模块的所需属性。If you do set the properties.desired field of the module twin in a layered deployment, it will overwrite the desired properties for that module in any lower priority deployments.

分阶段推出Phased rollout

分阶段推出是指操作员将更改逐渐部署到更大范围内的 IoT Edge 设备这一整个过程。A phased rollout is an overall process whereby an operator deploys changes to a broadening set of IoT Edge devices. 这样做的目的是逐渐进行更改,降低进行大规模重大更改的风险。The goal is to make changes gradually to reduce the risk of making wide scale breaking changes. 自动部署有助于管理 IoT Edge 设备群中的分阶段推出。Automatic deployments help manage phased rollouts across a fleet of IoT Edge devices.

分阶段推出按以下阶段和步骤执行:A phased rollout is executed in the following phases and steps:

  1. 建立一个 IoT Edge 设备的测试环境,方法是对设备进行预配,并设置类似 tag.environment='test' 的设备孪生标记。Establish a test environment of IoT Edge devices by provisioning them and setting a device twin tag like tag.environment='test'. 该测试环境应镜像最终会成为部署目标的生产环境。 The test environment should mirror the production environment that the deployment will eventually target.
  2. 创建包含所需模块和配置的部署。Create a deployment including the desired modules and configurations. 目标条件应针对测试型 IoT Edge 设备环境。The targeting condition should target the test IoT Edge device environment.
  3. 在测试环境中验证新的模块配置。Validate the new module configuration in the test environment.
  4. 更新部署,使之包括部分生产型 IoT Edge 设备,方法是向目标条件添加新标记。Update the deployment to include a subset of production IoT Edge devices by adding a new tag to the targeting condition. 另请确保部署的优先级高于其他目前以这些设备为目标的部署。Also, ensure that the priority for the deployment is higher than other deployments currently targeted to those devices
  5. 通过查看部署状态,验证部署是否已在目标 IoT 设备上成功完成。Verify that the deployment succeeded on the targeted IoT Devices by viewing the deployment status.
  6. 更新部署,使之以所有剩余的生产型 IoT Edge 设备为目标。Update the deployment to target all remaining production IoT Edge devices.

回退Rollback

在出现错误或配置不当的情况下,可以回退部署。Deployments can be rolled back if you receive errors or misconfigurations. 由于部署为 IoT Edge 设备定义绝对的模块配置,因此即使目的是删除所有模块,也必须有另一优先级较低的部署以该设备为目标。 Because a deployment defines the absolute module configuration for an IoT Edge device, an additional deployment must also be targeted to the same device at a lower priority even if the goal is to remove all modules. 

删除部署不会从目标设备中删除模块。Deleting a deployment doesn't remove the modules from targeted devices. 此外,还必须有另一个部署,用于为设备定义新配置,即使它是空部署也无所谓。There must be another deployment that defines a new configuration for the devices, even if it's an empty deployment.

请按以下顺序执行回退:Perform rollbacks in the following sequence:

  1. 确认另一部署也以同一设备集为目标。Confirm that a second deployment is also targeted at the same device set. 如果回退的目的是删除所有模块,则再次部署时不应包括任何模块。If the goal of the rollback is to remove all modules, the second deployment should not include any modules.
  2. 修改或删除要回退的部署的目标条件表达式,使设备不再符合目标条件。Modify or remove the target condition expression of the deployment you wish to roll back so that the devices no longer meet the targeting condition.
  3. 通过查看部署状态,验证回退是否成功。Verify that the rollback succeeded by viewing the deployment status.
    • 回退的部署不应再显示已回退设备的状态。The rolled-back deployment should no longer show status for the devices that were rolled back.
    • 现在,再次进行的部署应包含已回退设备的部署状态。The second deployment should now include deployment status for the devices that were rolled back.

后续步骤Next steps