Imagine the following scenario: A new software update was distributed to many thousands of devices using the auto-assignment feature. After a few hundred devices have downloaded the update, a major software issue is detected, and any further software rollout needs to be stopped immediately.

In Bosch IoT Rollouts, it is possible to stop the rollout of an assigned distribution set and thus mass-cancel pending updates on further devices.

Table of contents:

Mass cancel through distribution set invalidation

The mass-cancellation of running update actions can be achieved by invalidating the distribution set on which the major issue was detected. The invalidation can be done either via the Management API or the UI.

The Management API provides an endpoint for invalidating a distribution set. In the UI, you can select the distribution set by clicking Assigned Distribution Set in the Target Details view or by selecting it from the distribution set list and invalidating it.

Consequences of invalidating a distribution set

An invalidated distribution set cannot be used for future deployments:

  • The distribution set cannot be assigned to targets, neither through a rollout, auto-assignment, nor a single assignment.
  • Invalidated distribution sets cannot be valid again, but remain invalid.
  • The invalidation is not repeatable. If no cancellation type was selected during invalidation, it is not possible to execute the mass cancellation retrospectively.


Invalidating a distribution set will affect other entities that reference the distribution set, depending on the options that are selected during invalidation:

  • auto-assignment
  • rollouts
  • actions

The invalidation options and their effects on those entities are described in more detail in the next section.

Invalidation options

For invalidating a distribution set, several options can be set to define the consequences for entities that already relate to that distribution set. Those options allow performing a mass-cancel on running updates or keeping them alive until the target finishes them.

The following table provides an overview of the different scenarios and their effects on other entities:

Type of cancellation


None

  • Auto-assignments are removed
  • Rollouts remain running
  • Actions remain running until the device finishes the update, as usual

Soft

  • Auto-assignments are removed
  • Rollouts are put into the STOPPING state, which eventually will lead tothe  STOPPED rollout state
  • Regardless of the state, all open actions of this distribution set are soft-canceled
    • This option requires the device to support cancel flow
    • The device will be informed about the cancellation. The action remains running in state CANCELING. When the device confirms the cancellation, the action will be closed withthe  state CANCELED
  • In the action history of the Deployment view, this option corresponds to the cancel icon for a single action:

Force


  • Auto-assignments are removed
  • Rollouts are put into the DELETING state, which will lead to the deletion of the rollout
  • Regardless of the state or whether the device supports the cancel flow, each action is force-quit
    • The action is closed, and the CANCELED state is displayed
    • No further feedback is expected from the device
    • The displayed status can differ from the actual status of the device
  • In the action history of the Deployment view, this option corresponds to the force quit icon for a single action:


Required permissions

The invalidation of a distribution set requires different permissions, depending on the chosen options during invalidation:

  • UPDATE_REPOSITORY - always required to set the distribution state to the invalid state
  • UPDATE_TARGET - required, if running actions shall be canceled
  • UPDATE_ROLLOUT - required, if rollouts shall be stopped
  • DELETE_ROLLOUT - required, if rollouts shall be deleted


The permissions can be adapted in the User management view. Read more about permissions in the Authorization chapter.