Capabilities¶
This section provides information about device specific capabilities.
Overview¶
You can specify the set of capabilities of your device in a JSON formatted file while creating your device. These adjustments affect the behavior of the system and enable or disable some features for your device. This file is called "capabilities.json".
The file consists of different capabilities and properties. Each individual capability has its own set of properties. By adjusting the values inside, you can specify the behavior of your device for certain aspects, such as certificate handling, supported system operations like shutdown, restart and reset, or resource limits.
NOTICE
- The file, as it comes with the IEDK packages, already contains the default values. Do not change these values unless you know how the changes will affect your device. It is the stakeholder's responsibility to ensure that the capability file is not misconfigured.
- Please ensure that "capabilities.json" contains appropriate values for your device and is present during the installation phase of IEDK packages. The file should be available in /etc/ during the installation of IEDK packages.
Defined Capabilities¶
Check the details below to find available capabilities and their properties, types and limits.
| Capability ID | Description |
|---|---|
| host.certificates | Used for configuring the host OS reverse proxy server, which includes TLS certificates and how to handle their life cycle (renew). |
| host.runtime.logs | Manage logs for IE Runtime container and its services. It allows controlling if logs should be written to disk. |
| host.runtime | Properties related to IE Runtime scope and behaviour on the device. It controls how the IE Runtime should start. |
| host.runtime.nfr | Configure IE Runtime container and all applications with specified CPU and memory usage limits. |
| host.firmwareupdate | Manages firmware update functionality on the device, e.g., specifies if firmware update is supported. |
| host.authservice | Allows to use different kinds of auth services for user management. |
| host.runtime.externalstorage | Used to map external host system directory/path to the IE Runtime container. This path will be available in the Edge core container. |
| host.runtime.applimit | Manages installation limits and limits of applications running on the device. |
| host.securestorage | Specifyies if TPM or any other secure data management is supported on the device. |
| host.ntpservice | Manages NTP service functionality on the device, e.g., the NTP device kit service can be enabled or disabled as needed. |
| host.networkservice | Manages network service functionality on the device, e.g., the usage of REST API calls. |
| host.systemservice | Manages system service functionality on the device (specifies if the system device kit service is supported). |
| host.onboardservice | Manages onboard service functionality on the device (specifies if the onboard device kit service is supported). |
| host.edgemanagerservice | Manages proxy / docker configuration functionality on the device. Also, it reloads nginx if present on host. |
| host.resourcemanager | Specifies support for different kinds of hardware/software resources via resource manager plugins. |
| host.log.driver | Provide capability to expand log driver for different devices. |
| host.proxyservice | Manage proxy functionality on the Edge Devices. |
NOTICE
The values specified in the host.runtime.nfr capability hold for configurations without isolated CPUs. If you are using the Resource Manager's CPU plugin, the cpu property, which imposes an upper limit on the apps' CPU usage, may no longer be valid. Similarily, apps isolating CPUs are not bound to the memory property. To ensure that the specified limits are obeyed system-wide, any apps that have claimed isolated CPUs must be stopped.
Capabilities JSON Schema¶
{
"$id": "/",
"type": "array",
"title": "array of capabilities",
"description": "array of capabilities.",
"default": [],
"examples": [
[{
"capabilityId": "host.certificates",
"name": "Manage certificates of host reverse proxy",
"description": "...",
"scope": "protected",
"property": "mandatory",
"details": {
"keyFilePath": "/etc/pki/tls/private/",
"certFilePath": "/etc/pki/tls/certs/",
"allowExternal": "false",
"renewPolicy": "auto-renew"
}
},
{
"capabilityId": "host.runtime.logs",
"name": "Edge runtime logs",
"description": "...",
"scope": "protected",
"property": "optional",
"details": {
"defaultStatus": "enabled/disabled"
}
}
]
],
"items": {
"$id": "#/items",
"anyOf": [{
"$id": "#/items/anyOf/0",
"type": "capability",
"title": "capability details",
"description": "capability details which contains properties for individual features.",
"default": {},
"examples": [{
"capabilityId": "host.certificates",
"name": "Manage certificates of host reverse proxy",
"description": "...",
"scope": "protected",
"property": "mandatory",
"details": {
"keyFilePath": "/etc/pki/tls/private/",
"certFilePath": "/etc/pki/tls/certs/",
"allowExternal": "true/false",
"renewPolicy": "neverExpire"
}
}],
"required": [
"capabilityId",
"scope",
"details"
],
"properties": {
"capabilityId": {
"$id": "#/items/anyOf/0/properties/capabilityId",
"type": "string",
"title": "Unique id in this array",
"description": "Unique identification key of a capability. id is in hierarchical format and each level is saparated by '.'",
"examples": [
"host.certificates"
]
},
"name": {
"$id": "#/items/anyOf/0/properties/name",
"type": "string",
"title": "The name of capability",
"description": "Human readable name of the capability.",
"default": "",
"examples": [
"Manage certificates of host reverse proxy"
]
},
"description": {
"$id": "#/items/anyOf/0/properties/description",
"type": "string",
"title": "The description of capability",
"description": "Detailed description of the capability.",
"default": "",
"examples": [
"Manage certificates of host reverse proxy"
]
},
"scope": {
"$id": "#/items/anyOf/0/properties/scope",
"type": "string",
"title": "The scope of capability",
"description": "Scope of the capability visibility on device ( public - accecible to all, private - accecible on device only, protected - accecible on IEM and device) ",
"options": [
"public",
"private",
"protected"
]
},
"property": {
"$id": "#/items/anyOf/0/properties/property",
"type": "string",
"title": "The property of the capability",
"description": "requirenment of the capability is optional or mandatory",
"options": [
"optional",
"mandatory"
]
},
"details": {
"$id": "#/items/anyOf/0/properties/details",
"type": "object",
"title": "The details about the capability",
"description": "each capability has its own set of properties(please refer to another detailed document)."
}
}
}]
}
}