Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Changelog

Notable changes to this project are documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

When upgrading between versions of CARL, do not skip versions, since migrations are only provided from one version to the next. Always create a database backup before upgrading CARL.

Unreleased

tbd.

[0.8.0] - 2025-11-20

Added

  • VIPER: Initial code for a test execution engine has been included.
    It evaluates Python syntax and runs in a sandboxed environment. An initial CLI and basic testing capabilities have been included, which allow for running scripts locally. The next steps are to integrate it into openDuT itself, to allow sourcing test code, parametrizing it in LEA & CLEO and finally execute test runs in EDGAR.
    See issue #357 for more information.
  • Localenv: Allow to overwrite domain names (.opendut.local) by setting the Ansible inventory variable opendut_compose_environment_config.
  • Network interfaces can now be configured explicitly as VCAN.
    VCAN interfaces will be auto-created, if they are missing on the target device.
  • EDGAR: Introduced opendut-edgar setup logs command for printing the setup logs.
  • EDGAR: opendut-edgar setup managed can now read the Setup-String from stdin and does so when nothing is specified as argument, as well as with the environment variable OPENDUT_EDGAR_SETUP_STRING.
  • EDGAR: There is a new expert flag --skip-can-setup for the EDGAR Setup for hardware where installing CAN support is not possible.
  • EDGAR: A troubleshooting guide was added into the documentation: https://opendut.eclipse.dev/book/user-manual/edgar/troubleshooting.html
  • EDGAR: Enable Setup plugin support on ARM32.
  • LEA: Show name of Peer or Cluster in the title of the respective configuration views.
  • LEA: Rework top bar to include openDuT logo, navigation buttons and a display for the logged-in user.
  • LEA: The hamburger menu now highlights the selected page.
  • LEA: Browser tabs now show a favicon and more useful titles, allowing the tabs to be distinguished.
  • LEA: Clusters are now deployed by flipping a toggle switch, which also shows the currently requested state. This frees up the traffic light from showing the actual cluster health, once we implement that.
  • LEA: There is now a delete-button in the overviews for Peers and Clusters.
  • CLEO: It is now possible to control the log level by passing multiple --verbose flags.

Fixed

  • Increased the default MTU to 1542 Bytes to allow a VLAN tag by default.
  • LEA: Fix cluster configuration being reset when switching between UI tabs, while editing an already-saved cluster.
  • EDGAR: Setup now works when started from the already-installed EDGAR binary. This allows easily connecting the EDGAR to a different CARL. See issue #373.
  • It is now possible to control the log level of openDuT code via the environment variable OPENDUT_LOG, as intended.
  • CLEO: When specifying a peer via opendut-cleo apply, the tags heading is now optional when the device has no tags.

Changed

  • We use a newer database format. When running the new version of CARL for the first time, it will upgrade the database format. Be sure to create a database backup before upgrading, as you should anyways.
  • EDGAR: When a peer joins or leaves the cluster, the connections between the other peers are not anymore recreated, which avoids potentially problematic network interrupts.
  • EDGAR: Rename service user from opendut to opendut_service.
  • Localenv: Set retention of logs/metrics/traces to 7 days by default (168h). Definition of retention in days is not yet possible due to Grafana Tempo. This can be increased by setting Ansible inventory variable OPENDUT_TELEMETRY_RETENTION_TIME=336h.
  • Testenv: Utilizes the containers of the localenv deployment now.
    • All names in testenv were changed to end with .opendut.local.
    • Old testenv passwords are no longer valid. New passwords are now generated and loaded from ./.ci/deploy/localenv/data/secrets/.env.
    • Destroying the testenv will reset the passwords.
    • Containers belonging to the localenv are started at boot due to docker restart policy.
    • Migration: Destroy old opendut-vm: cargo theo vagrant destroy and re-create with cargo theo vagrant up.

Breaking changes

CARL API changes

The CARL API (grpc + protobuf) has breaking changes:

  • Renamed opendut.types to opendut.model. This affects all clients using the protobuf definitions.
  • Renamed field target to target_state in PeerConfigurationParameter message to better distinguish from the detected_state field sent by EDGAR.

Updated authentication method for NetBird

The authentication method for NetBird has been changed to OAuth with API token creation. The following setting indicates this: OPENDUT_CARL_VPN_NETBIRD_AUTH_TYPE=oauth-create-api-token. This is only supported with a new CARL version. Don't forget to update the CARL version in your deployment.

OPENDUT_CARL_IMAGE_VERSION=0.8.0

Localenv deployment changes

There are breaking changes in the Localenv deployment. Please read the instructions below to update your Localenv deployment.

  • Stop the Localenv deployment:
cd /data/opendut
docker compose -f .ci/deploy/localenv/docker-compose.yml down
  • Update Git repository:
git checkout development
git pull
  • Rename environment variable OPENDUT_USER_OPENDUT to OPENDUT_USER_OPENDUT_PASSWORD in the Docker volume. Update the .env file in the Docker volume opendut_provision-secrets-data:
docker volume inspect opendut_provision-secrets-data | jq -r .[0].Mountpoint  #shows directory with .env file
vim /var/lib/docker/volumes/opendut_provision-secrets-data/_data/.env         #edit this .env file
  • Update secrets on host:
rm -rf .ci/deploy/localenv/data/secrets/  # remove old secrets
docker compose --file .ci/deploy/localenv/docker-compose.yml --env-file .ci/deploy/localenv/.env.development up --build provision-secrets
docker cp opendut-provision-secrets:/provision/ .ci/deploy/localenv/data/secrets/
# ensure this yields the correct passwords
cat .ci/deploy/localenv/data/secrets/.env
  • The Docker network was renamed from local to opendut_local. This requires deleting the old network.
docker network ls
docker network rm local
  • Restart the localenv deployment
docker compose -f .ci/deploy/localenv/docker-compose.yml --env-file .ci/deploy/localenv/data/secrets/.env --env-file .ci/deploy/localenv/.env.development up --detach

[0.7.0] - 2025-06-25

Breaking Changes

  • The ClusterConfiguration has been renamed to ClusterDescriptor for consistency. (The user describes what they want.)

Added

  • CARL: A CLI has been added for viewing the contents of the database.
  • CLEO now has a --verbose flag to enable more detailed logging.
  • CARL, EDGAR and CLEO now log when there's version incompatibilities between them.

Changed

  • Localenv: opendut-carl-postgres container removed, might need manual removal when updating.

  • CLEO: Deleting a resource which doesn't exist does not anymore produce an error code. If you need the previous behaviour, use the --error-when-missing flag.

  • EDGAR: No longer re-creates the peer network configuration in case one peer in the cluster comes back online. #343

  • Monitoring: Scraping logs of Docker containers is now done with Grafana Alloy, since Promtail has been deprecated. (Thanks to @brtmax!)

# ensure you remove the old promtail container
docker stop opendut-promtail
docker rm opendut-promtail
  • Updated keycloak version in testenv and localenv to version 26.2.5. Backup of the keycloak database is recommended.

Fixed

  • The web-UI now shows peers, clusters and devices sorted by name.
  • Deleting clusters in the web-UI works again.
  • Resolved issue where the telemetry logs were not transmitted because a lock on the Confidential Client could not be acquired. #347

[0.6.0] - 2025-04-22

Breaking Changes

  • The database backend was swapped out for a Key-Value Store.
    Before upgrading, create a backup. Then run the following on the target host within the openDuT repository:

    git fetch
git checkout v0.6.0

docker stop opendut-carl

export OPENDUT_REPO_ROOT=$(git rev-parse --show-toplevel)
docker compose --file ${OPENDUT_REPO_ROOT:-.}/.ci/deploy/localenv/docker-compose.yml --env-file ${OPENDUT_REPO_ROOT:-.}/.ci/deploy/localenv/data/secrets/.env run --env OPENDUT_CARL_POSTGRES_MIGRATION=true --env OPENDUT_CARL_IMAGE_VERSION=0.6.0 carl

    Then trigger a rollout as normal. If you're using the Ansible deployment, make sure to increment the version there before doing so.

    If you plan to upgrade to a future/newer version, you cannot skip upgrading to v0.6.0 as the migration code is only contained herein.

Added

  • Localenv: Add environment variable OPENDUT_CARL_IMAGE_VERSION to override the CARL image in use.
  • When a user deletes a peer that is still connected, the peer will be disconnected.
  • CLEO now offers to await the online status of a set of peers with the await command.

Fixed

  • Updating a cluster descriptor does not anymore remove its deployment status.
  • Fixed deleting peer group and setup key in the API for NetBird.
  • THEO: The test environment is now destroyed at the end, allowing subsequent runs.

[0.5.1] - 2025-02-28

Added

  • Backups include PKI and other credentials now
  • Backups include NetBird Management database now

Fixed

  • The web-UI now loads much faster when there are many peers.
  • CLEO now outputs network interfaces as a list when running opendut-cleo list peers --output=json.
  • Localenv deployment provisioning scripts persist PKI secrets on host now.

[0.5.0] - 2025-02-12

Added

  • Automation of the backend and edge rollout.
  • Automation of database backups.

Changed

  • Major upgrade of frontend framework and clean-up of authentication flow.

Fixed

  • The monitoring dashboard now shows data from all services.
  • Logs from third-party libraries don't get filtered out anymore.

[0.4.0] - 2024-12-20

Breaking Changes
  • The LocalEnv deployment now uses different volume names. Make sure to back up your database and restore the backup after the upgrade.

Added

  • CLEO now comes with a new subcommand opendut-cleo apply. You may load cluster and peer configurations from a YAML file, similar to how resources are loaded with kubectl apply in Kubernetes. For more information, see Applying Configuration Files.

  • A monitoring dashboard is now available in the deployment environment at https://monitoring.opendut.local.

Fixed

  • A major upgrade of the networking libraries has been completed.
    This affects HTTP and gRPC, server- and client-side usage, as well as the OpenTelemetry monitoring.

  • CARL does not anymore send duplicate Executor and Ethernet bridge name configurations to EDGAR when re-deploying a cluster.
    This may have caused EDGAR to repeatedly delete and recreate these.

[0.3.1] - 2024-11-15

Fixed

  • Restarting EDGAR while a cluster is deployed doesn't lead to an invalid state anymore.
  • CARL doesn't forget about Ethernet bridges and executors anymore, when sending the configuration to a reconnecting EDGAR.
  • EDGAR Setup now loads plugins correctly.

[0.3.0] - 2024-10-28

Breaking Changes * The API for listing peers on the PeerMessagingBroker has been removed.

Added

  • CARL can now persist its state into a database.
  • EDGAR Setup now has support for plugins, which can perform hardware- or use-case specific setup tasks.

Changed

  • EDGAR Setup now prompts whether to overwrite a mismatched configuration, when used interactively.
  • The NetBird server and client was updated to 0.28.9.

Fixed

  • EDGAR Service does not require root permissions anymore, if CAN is not used.

Known Issues

  • Stopping an EDGAR that has a cluster deployed, does not undeploy the cluster, therefore blocking other EDGARs in the cluster.

[0.2.0] - 2024-09-10

Breaking Changes

CARL API

  • The API for listing peers on the PeerMessagingBroker is now marked as deprecated.

Operations

  • An additional configuration value needs to be passed to CARL. You can do so, for example, via environment variable:
OPENDUT_CARL_NETWORK_OIDC_CLIENT_ISSUER_ADMIN_URL=https://keycloak/admin/realms/opendut/

The value has to be your Keycloak's Admin URL.

  • The environment variable for the Keycloak database's password was renamed from POSTGRES_PASSWORD to KEYCLOAK_POSTGRES_PASSWORD.
  • An additional password environment variable needs to be provided called CARL_POSTGRES_PASSWORD.

Added

  • CARL can now require clients to be authenticated.
  • A download button for CLEO and EDGAR has been added in the LEA web-UI.
  • LEA and CLEO show when a peer or device is already used in a cluster.
  • You can now configure frequently used CAN parameters in LEA and CLEO.
  • Setup-Strings can now be copied to the clipboard in LEA.

Changed

  • The health of Clusters marked as deployed is now displayed as yellow in LEA.
    This is to reflect that determining the actual cluster state is not yet implemented.
  • It's not anymore possible to configure deployment of a peer into two clusters.
    This was never supported to begin with, but the UIs didn't prevent it.
  • Various quality-of-life improvements.

Fixed

  • Generating a Setup-String now works for peers which had previously been set up.

[0.1.0] - 2024-06-05

Added

  • Client credentials added to peer setup
Development

Test environment

Notable changes to the test environment are documented in this section. Changes to the test environment may require re-provisioning the virtual machine.

Added

  • New administrative privileges for keycloak client opendut-carl-client
  • Added linux-generic package to opendut-vm (keeps vcan module up-to-date when kernel is updated)