What is 'inventory.yaml` and is it required?

matthew49 · October 19, 2022, 9:27pm

I am getting started with arduino-cli. I created my first sketch with arduino-cli sketch new MyFirstSketch. It created a folder with a .ino inside of it alongside an inventory.yaml next to the folder:

installation:
  id: ***
  secret: ***

I am curious what the .yaml file is for. Is it required?

Also before I edited this post the full id and secret were written in the original draft. What are those? Should I be deleting this post? "secret" sounds sensitive but I have no idea what its for.

jfjlaros · October 22, 2022, 9:06am

My guess is that this is an Ansible or Puppet file. Are you sure it was arduino-cli that created this file? I just tested this with version 0.28.0 and I did not find anything of the sort.

matthew49 · October 22, 2022, 1:15pm

I have never used either of those, and I am on a Mac. Don't think I even have Ansible or Puppet installed.

jfjlaros · October 22, 2022, 1:43pm

Strange. As mentioned before, I have never seen this and I can not reproduce this with the latest version of arduino-cli. Maybe @ptillisch knows what might be going on.

ptillisch · October 22, 2022, 4:20pm

The purpose of inventory.yaml was explained by the developer who added it here:

https://github.com/arduino/arduino-cli/pull/573#issue-558211436

Module inventory
This module leverages an additional Viper instance, in order to create a configuration repository that contains values that may create confusion in the user-facing arduino-cli.yaml file, polluting it.

Arduino CLI has a configuration file named arduino-cli.yaml. This file is for user to configure Arduino CLI:

https://arduino.github.io/arduino-cli/latest/configuration/

Arduino CLI also has the need for a place to store persistent data for its internal use. Rather than adding some confusing things of no interest to the user in arduino-cli.yaml, the developer decided to made a dedicated file for this purpose, which they named inventory.yaml.

Arduino CLI automatically generates it if it does not exist already. So there is no way to stop Arduino CLI from creating this file, but you can safely delete it whenever you like.

These are arbitrary "Universally Unique Identifiers" (UUID) generated by Arduino CLI. They were added for use with the optional (disabled by default, but available for activation by the user via a setting in the arduino-cli.yaml file) telemetry feature:

github.com/arduino/arduino-cli

Export Prometheus telemetry in daemon mode

arduino:master ← arduino:rsora/stat

opened 03:50PM - 31 Jan 20 UTC

rsora

+479 -28

This PR implements the basis for a telemetry feature for the CLI in `daemon` mod…e. **Rationale:** Enhance the observability of the CLI internals at runtime, as we are proceeding internally to integrate the CLI as a gRPC server in all our services. **Module `telemetry`** Leverages https://github.com/segmentio/stats library to configure and expose a Prometheus endpoint when activated (in `cli/daemon/daemon.go`). It also provides helpers for transformation of `commands` input data in `stats.Tags` objects, using the installation id and secret generated by the `inventory` module. The telemetry activation and endpoint config are available via CLI configuration. **Module** ~`repertory` (feel free to ask for a name change :smile:)~ **`inventory`** This module leverages an additional Viper instance, in order to create a configuration repository that contains values that may create confusion in the user-facing `arduino-cli.yaml` file, polluting it. This is the case for the `installation` values stored in the `inventory.yaml` file, that are used to generate server specific UUIDs that help the monitoring tools to perform statistics aggregation, when monitoring multiple CLI gRPC server instances. The inventory file is created at the CLI first launch and it is stored in the `directories.Data` folder. **Instrumentation** Code instrumentation is done via standard `stats` apis for each command (only for the `compile` and `board list` in this PR): 1. Create the set of tags for the command ``` go tags := map[string]string{ "fqbn": req.Fqbn, "sketchPath": telemetry.SanitizeSketchPath(req.SketchPath), "showProperties": strconv.FormatBool(req.ShowProperties), "preprocess": strconv.FormatBool(req.Preprocess), "buildProperties": strings.Join(req.BuildProperties, ","), ... "success": "true", ``` 2. Modify the `success` tag according to each case ```go tags["success"] = "true" ``` 3. Push the data to the `stats` engine ```go stats.Incr("compile", stats.M(tags)...) ``` **Tests** - `test_inventory_creation`: python integ test - `test_inventory_prometheus_endpoint`: python integ test **Notes** - Upgraded dependencies (Viper, pyinvoke as https://github.com/pyinvoke/invoke/issues/660 was closed) - Updated README.rst adding details about telemetry endpoint and config

installation.id is used to associate the telemetry data with a specific installation of Arduino CLI.

installation.secret is used to anonymize personally identifiable information (in this case, the file paths used during the compilation process) in the telemetry data, as is best practices in such applications (and perhaps required by law depending on who is collecting the data).

Over time, it did not seem that users found the telemetry/metrics capability of Arduino CLI to be useful and it was a maintenance burden for the developers, so it was removed:

github.com/arduino/arduino-cli

Removed 'stats' library

arduino:master ← cmaglie:remove_stats

opened 08:42AM - 23 May 22 UTC

cmaglie

+46 -361

**Please check if the PR fulfills these requirements** - [x] The PR has no du…plicates (please search among the [Pull Requests](https://github.com/arduino/arduino-cli/pulls) before creating one) - [x] The PR follows [our contributing guidelines](https://arduino.github.io/arduino-cli/latest/CONTRIBUTING/#pull-requests) - [ ] Tests for the changes have been added (for bug fixes / features) - [ ] Docs have been added / updated (for bug fixes / features) - [ ] `UPGRADING.md` has been updated with a migration guide (for breaking changes) **What kind of change does this PR introduce?** Removed the stats collector, since it's not really used. **Does this PR introduce a breaking change, and is [titled accordingly](https://arduino.github.io/arduino-cli/latest/CONTRIBUTING/#breaking)?** No ### Related - https://github.com/arduino/arduino-cli/pull/573 - https://github.com/arduino/arduino-cli/pull/1108 ### Keywords - telemetry - metrics - prometheus

So at this time the installation.id and installation.secret values are not used for anything at all. They are just some random gibberish in the inventory.yaml file. I guess the developers thought they might eventually be useful for something else, or maybe they just forgot to remove that code when they removed the metrics feature.

The installation.secret value might be used to de-anonymize your personally identifiable information in a database created through the use of the Arduino CLI metrics feature. However, unless you set up such a data collection system using the metrics feature with an older version of Arduino CLI that supported it or used a 3rd party application that used the feature, then no such data exists and the secret is not something that must be protected.

If you are concerned about it, you can click the icon on the bottom of your post and request the moderators to hide the edit history so that the secret will no longer be publicly visible.

Now that I have explained the origin of this file and the obsolete installation field data, I will also tell you about the feature inventory.yaml is still used for by Arduino CLI:

github.com/arduino/arduino-cli

Add ways to let users verify if new CLI released

arduino:master ← arduino:scerza/update-checker

opened 11:24AM - 26 Aug 21 UTC

silvanocerza

+248 -42

**Please check if the PR fulfills these requirements** - [x] The PR has no du…plicates (please search among the [Pull Requests](https://github.com/arduino/arduino-cli/pulls) before creating one) - [x] The PR follows [our contributing guidelines](https://arduino.github.io/arduino-cli/latest/CONTRIBUTING/#pull-requests) - [ ] Tests for the changes have been added (for bug fixes / features) - [x] Docs have been added / updated (for bug fixes / features) - [ ] `UPGRADING.md` has been updated with a migration guide (for breaking changes) * **What kind of change does this PR introduce?** Adds a new feature and change behaviour of an existing command. - **What is the current behavior?** Users are never notified of new releases of the Arduino CLI. * **What is the new behavior?** If more than 24 hours have passed since the last check the Arduino CLI verifies if the currently executed version is the latest available, if not it notifies the user that a new release is available. e.g. ``` $ arduino-cli core list ID Installed Latest Name arduino:samd 1.8.10 1.8.11 Arduino SAMD Boards (32-bits ARM Cortex-M0+) esp32:esp32 1.0.6 1.0.6 esp32 SPRESENSE:spresense 2.0.2 2.2.1 Spresense Reference Board A new release of arduino-cli is available: 0.18.0 → 0.18.3 https://arduino.github.io/arduino-cli/latest/installation/#latest-packages $ arduino-cli version arduino-cli alpha Version: 0.18.0 Commit: 6507e27c Date: 2021-08-26T13:57:48Z A new release of arduino-cli is available: 0.18.0 → 0.18.3 https://arduino.github.io/arduino-cli/latest/installation/#latest-packages $ arduino-cli version --format json { "Application": "arduino-cli", "VersionString": "0.18.0", "LatestVersion": "0.18.3", "Commit": "6507e27c", "Status": "alpha", "Date": "2021-08-26T13:57:48Z" } ``` The message is printed on the `stderr` output so it won't disrupt existing parsers and the JSON output. This behaviour you can disable it by setting the `updater.disable_notification` config or the env var `ARDUINO_UPDATER_DISABLE_NOTIFICATION` to `true`. `arduino-cli version` command will always force a check for new versions even if the above config or env var are set. - **Does this PR introduce a breaking change, and is [titled accordingly](https://arduino.github.io/arduino-cli/latest/CONTRIBUTING/#breaking)?** Nope. * **Other information**: Heavily inspired by https://github.com/cli/cli. --- See [how to contribute](https://arduino.github.io/arduino-cli/latest/CONTRIBUTING/)

Arduino CLI periodically checks to see if a newer version is available (this behavior is configurable via arduino-cli.yaml), in which case it will print a message to notify you, something like this:

A new release of Arduino CLI is available: 0.26.0 → 0.28.0
https://arduino.github.io/arduino-cli/latest/installation/#latest-packages

That is a useful feature, but you wouldn't want the thing checking for it at every command. So it only checks once every 24 hours. In order to accomplish that, it must store the timestamp of the last update check. This is stored in the updater.last_check_time of inventory.yaml.

matthew49 · October 22, 2022, 8:52pm

Thank you so much @ptillisch !

ptillisch · October 23, 2022, 6:52am

You are welcome. I'm glad if I was able to be of assistance.

Regards,
Per

system · April 21, 2023, 6:52am

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Arduino command-line interface. Arduino Command Line Tools	21	9883	May 6, 2021
Arduino IDE repository opensource Generale	31	7119	May 7, 2021
Arduino 1.0 Soon - What do you want to see? General Discussion	72	21918	May 5, 2021
How to keep a copy of the uploaded program and be sure to find it months later? General Guidance	33	18032	May 5, 2021
Presentazione Generale	23	5446	May 7, 2021

What is 'inventory.yaml` and is it required?

Related topics