Over-the-air Orchestrator service (OTAO) is a Kaa service that is responsible for endpoint (EP) over-the-air updates. OTAO does NOT persist software itself, but rather its specification.
OTAO operates “software update” term. The software update is a description of particular software which includes next vital parts:
- upgrade graph from other software;
- specification (free JSON format).
It can describe any software including firmware, device drivers, operating systems, etc. Software update is defined per application.
Software update specification has free JSON format, thus can include such information as image link(s), image checksum, checksum algorithm, etc. Specification is sent to an endpoint as is.
OTAO lets a user define whether the update(s) of a particular application needs additional consent to be sent to a device. This information is taken into account during endpoint pull / OTAO event broadcasts.
OTAO provides interfaces for managing and retrieving software updates.
OTAO supports a number of interfaces to perform its functional role. The key supported interfaces are summarized in the following diagram.
For inter-service communication, Kaa services mainly use REST APIs and pub-sub messaging protocols that run over NATS messaging system.
Gradual software rollout
OTAO supports gradual software rollout that is based on endpoint filters. It is possible to associate software updates with the endpoint filters. Only the endpoints that match at least one of the specified filters are eligible for receiving the specific software update.
EP software update management
OTAO provides REST APIs that can be used to manage software updates.
EP software update transport
EP software update transport interface is based on the Configuration Data Transport Protocol (6/CDTP) that runs on top of NATS. It is used for providing software update data to EP configuration data consumers.
EP unregistered lifecycle event
OTAO listens to Endpoint unregistered lifecycle event broadcast by EPR service over NATS. After OTAO received a message about that endpoint was deleted, it removes the data corresponding to this endpoint.
OTAO is integrated with the Kaa Tekton for centralized application configuration management. It receives configuration update messages from Tekton over 17/SCMP and uses Tekton REST API to retrieve current configs.
See configuration for more information.
Kaa Tenant Manager integration
OTAO supports multi-tenancy with each tenant using a separate OAuth 2.0 issuer for authentication, authorization, and resource management. The list of the existing tenants is managed by [the Kaa Tenant Manager][Tenant Manager], which provides REST API for retrieving tenant security configs.
See the security configuration for more details on how to enable multi-tenancy in OTAO.