Snap devices
Configuring devices
You will need at least snapd 2.30 on your device and access to a registered Snap Store Proxy.
To configure snapd on a device to talk to the proxy, you need to snap
ack
the signed assertion that allows snapd to trust the proxy, e.g.:
curl -sL http://<domain>/v2/auth/store/assertions | sudo snap ack /dev/stdin
Once snapd knows about the store assertion, you then have to configure it to use the proxy:
sudo snap set core proxy.store=STORE_ID
You can retrieve the STORE_ID
using the status command on the Proxy server:
snap-proxy status
Disconnecting devices
If you want to later disconnect a device from the proxy:
sudo snap set core proxy.store=''
Note that the next time the device refreshes, it will get the upstream snap revisions (any overrides won't be in effect).
Obtaining serial assertions
Devices without a serial assertion are able to obtain one when using the Snap Store Proxy.
If your devices are configured to use a specific device-service.url
via your
gadget snap, then snapd
will send the
device registration request to that device service via the Snap Store Proxy.
This means that you can use a specific serial-vault service to obtain serial
assertions for your devices running behind a Snap Store Proxy. Make sure that
your Snap Store Proxy is able to connect to this specific serial-vault service.
Note: By default Snap Store Proxy allows only the https://serial-vault-partners.canonical.com
serial-vault requests to pass through it.
Since version 2.19 of the snap-store-proxy, the
proxy.device-auth.allowed-device-service-urls
setting can be used to control
the list of allowed device services (Serial Vaults), eg.:
sudo snap-proxy config \ proxy.device-auth.allowed-device-service-urls='["https://sv1.internal", "https://sv2.internal"]'
Next step
With devices connected to the proxy, you can create overrides to control snap updates on them.