feat(edge): introduce support for Edge agent (#3031)

* feat(edge): fix webconsole and agent deployment command * feat(edge): display agent features when connected to IoT endpoint * feat(edge): add -e CAP_HOST_MANAGEMENT=1 to agent command * feat(edge): add -v /:/host and --name portainer_agent_iot to agent command * style(endpoint-creation): refactor IoT agent to Edge agent * refactor(api): rename AgentIoTEnvironment to AgentEdgeEnvironment * refactor(api): rename AgentIoTEnvironment to AgentEdgeEnvironment * feat(endpoint-creation): update Edge agent deployment instructions * feat(edge): wip edge * feat(edge): refactor key creation * feat(edge): update deployment instructions * feat(home): update Edge agent endpoint item * feat(edge): support dynamic ports * feat(edge): support sleep/wake and snapshots * feat(edge): support offline mode * feat(edge): host job support for Edge endpoints * feat(edge): introduce STANDBY state * feat(edge): update Edge agent deployment command * feat(edge): introduce EDGE_ID support * feat(edge): update default inactivity interval to 5min * feat(edge): reload Edge schedules after restart * fix(edge): fix execution of endpoint job against an Edge endpoint * fix(edge): fix minor issues with scheduling UI/UX * feat(edge): introduce EdgeSchedule version management * feat(edge): switch back to REQUIRED state from ACTIVE on error * refactor(edge): remove comment * feat(edge): updated tunnel status management * feat(edge): fix flickering UI when accessing Edge endpoint from home view * feat(edge): remove STANDBY status * fix(edge): fix an issue with console and Swarm endpoint * fix(edge): fix an issue with stack deployment * fix(edge): reset timer when applying active status * feat(edge): add background ping for Edge endpoints * fix(edge): fix infinite loading loop after Edge endpoint connection failure * fix(home): fix an issue with merge * feat(api): remove SnapshotRaw from EndpointList response * feat(api): add pagination for EndpointList operation * feat(api): rename last_id query parameter to start * feat(api): implement filter for EndpointList operation * fix(edge): prevent a pointer issue after removing an active Edge endpoint * feat(home): front - endpoint backend pagination (#2990) * feat(home): endpoint pagination with backend * feat(api): remove default limit value * fix(endpoints): fix a minor issue with column span * fix(endpointgroup-create): fix an issue with endpoint group creation * feat(app): minor loading optimizations * refactor(api): small refactor of EndpointList operation * fix(home): fix minor loading text display issue * refactor(api): document bolt services functions * feat(home): minor optimization * fix(api): replace seek with index scanning for EndpointPaginated * fix(api): fix invalid starting index issue * fix(api): first implementation of working filter * fix(home): endpoints list keeps backend pagination when it needs to * fix(api): endpoint pagination doesn't drop the first item on pages >=2 anymore * fix(home): UI flickering on page/filter load/change * feat(auth): login spinner * feat(api): support searching in associated endpoint group data * refactor(api): remove unused API endpoint * refactor(api): remove comment * refactor(api): refactor proxy manager * feat(api): declare EndpointList params as optional * feat(api): support groupID filter on endpoints route * feat(api): add new API operations endpointGroupAddEndpoint and endpointGroupDeleteEndpoint * feat(edge): new icon for Edge agent endpoint * fix(edge): fix missing exec quick action * fix(edge): add loading indicator when connecting to Edge endpoint * feat(edge): disable service webhooks for Edge endpoints * feat(endpoints): backend pagination for endpoints view (#3004) * feat(edge): dynamic loading for stack migration feature * feat(edge): wordwrap edge key * feat(endpoint-groups): backend pagination support for create and edit * feat(endpoint-groups): debounce on filter for create/edit views * feat(endpoint-groups): filter assigned on create view * (endpoint-groups): unassigned endpoints edit view * refactor(endpoint-groups): code clean * feat(endpoint-groups): remove message for Unassigned group * refactor(websocket): minor refactor associated to Edge agent * feat(endpoint-group): enable backend pagination (#3017) * feat(api): support groupID filter on endpoints route * feat(api): add new API operations endpointGroupAddEndpoint and endpointGroupDeleteEndpoint * feat(endpoint-groups): backend pagination support for create and edit * feat(endpoint-groups): debounce on filter for create/edit views * feat(endpoint-groups): filter assigned on create view * (endpoint-groups): unassigned endpoints edit view * refactor(endpoint-groups): code clean * feat(endpoint-groups): remove message for Unassigned group * refactor(api): endpoint group endpoint association refactor * refactor(api): rename files and remove comments * refactor(api): remove usage of utils * refactor(api): optional parameters * Merge branch 'feat-endpoint-backend-pagination' into edge # Conflicts: # api/bolt/endpoint/endpoint.go # api/http/handler/endpointgroups/endpointgroup_update.go # api/http/handler/endpointgroups/handler.go # api/http/handler/endpoints/endpoint_list.go # app/portainer/services/api/endpointService.js * fix(api): fix default tunnel server credentials * feat(api): update endpointListOperation behavior and parameters * fix(api): fix interface declaration * feat(edge): support configurable Edge agent checkin interval * feat(edge): support dynamic tunnel credentials * feat(edge): update Edge agent deployment commands * style(edge): update Edge agent settings text * refactor(edge): remove unused credentials management methods * feat(edge): associate a remote addr to tunnel credentials * style(edge): update Edge endpoint icon * feat(edge): support encrypted tunnel credentials * fix(edge): fix invalid pointer cast * feat(bolt): decode endpoints with jsoniter * feat(edge): persist reverse tunnel keyseed * refactor(edge): minor refactor * feat(edge): update chisel library usage * refactor(endpoint): use controller function * feat(api): database migration to DBVersion 19 * refactor(api): refactor AddSchedule function * refactor(schedules): remove comment * refactor(api): remove comment * refactor(api): remove comment * feat(api): tunnel manager now only manage Edge endpoints * refactor(api): clean-up and clarification of the Edge service * refactor(api): clean-up and clarification of the Edge service * fix(api): fix an issue with Edge agent snapshots * refactor(api): add missing comments * refactor(api): update constant description * style(home): remove loading text on error * feat(endpoint): remove 15s timeout for ping request * style(home): display information about associated Edge endpoints * feat(home): redirect to endpoint details on click on unassociated Edge endpoint * feat(settings): remove 60s Edge poll frequency option
2025-08-02 20:35:25 +02:00 · 2019-07-26 10:38:07 +12:00 · 2019-07-26 10:38:07 +12:00 · 12a512f01f
commit 12a512f01f
parent 2252ab9da7
86 changed files with 1568 additions and 225 deletions
--- a/api/http/handler/endpointproxy/handler.go
+++ b/api/http/handler/endpointproxy/handler.go
@ -11,9 +11,11 @@ import (
 // Handler is the HTTP handler used to proxy requests to external APIs.
 type Handler struct {
 	*mux.Router
-	requestBouncer  *security.RequestBouncer
-	EndpointService portainer.EndpointService
-	ProxyManager    *proxy.Manager
+	requestBouncer       *security.RequestBouncer
+	EndpointService      portainer.EndpointService
+	SettingsService      portainer.SettingsService
+	ProxyManager         *proxy.Manager
+	ReverseTunnelService portainer.ReverseTunnelService
 }

 // NewHandler creates a handler to proxy requests to external APIs.
--- a/api/http/handler/endpointproxy/proxy_azure.go
+++ b/api/http/handler/endpointproxy/proxy_azure.go
@ -29,7 +29,7 @@ func (handler *Handler) proxyRequestsToAzureAPI(w http.ResponseWriter, r *http.R
 	}

 	var proxy http.Handler
-	proxy = handler.ProxyManager.GetProxy(string(endpointID))
+	proxy = handler.ProxyManager.GetProxy(endpoint)
 	if proxy == nil {
 		proxy, err = handler.ProxyManager.CreateAndRegisterProxy(endpoint)
 		if err != nil {
--- a/api/http/handler/endpointproxy/proxy_docker.go
+++ b/api/http/handler/endpointproxy/proxy_docker.go
@ -3,6 +3,7 @@ package endpointproxy
 import (
 	"errors"
 	"strconv"
+	"time"

 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
@ -24,7 +25,7 @@ func (handler *Handler) proxyRequestsToDockerAPI(w http.ResponseWriter, r *http.
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find an endpoint with the specified identifier inside the database", err}
 	}

-	if endpoint.Status == portainer.EndpointStatusDown {
+	if endpoint.Type != portainer.EdgeAgentEnvironment && endpoint.Status == portainer.EndpointStatusDown {
 		return &httperror.HandlerError{http.StatusServiceUnavailable, "Unable to query endpoint", errors.New("Endpoint is down")}
 	}

@ -33,8 +34,32 @@ func (handler *Handler) proxyRequestsToDockerAPI(w http.ResponseWriter, r *http.
 		return &httperror.HandlerError{http.StatusForbidden, "Permission denied to access endpoint", err}
 	}

+	if endpoint.Type == portainer.EdgeAgentEnvironment {
+		if endpoint.EdgeID == "" {
+			return &httperror.HandlerError{http.StatusInternalServerError, "No Edge agent registered with the endpoint", errors.New("No agent available")}
+		}
+
+		tunnel := handler.ReverseTunnelService.GetTunnelDetails(endpoint.ID)
+		if tunnel.Status == portainer.EdgeAgentIdle {
+			handler.ProxyManager.DeleteProxy(endpoint)
+
+			err := handler.ReverseTunnelService.SetTunnelStatusToRequired(endpoint.ID)
+			if err != nil {
+				return &httperror.HandlerError{http.StatusInternalServerError, "Unable to update tunnel status", err}
+			}
+
+			settings, err := handler.SettingsService.Settings()
+			if err != nil {
+				return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve settings from the database", err}
+			}
+
+			waitForAgentToConnect := time.Duration(settings.EdgeAgentCheckinInterval) * time.Second
+			time.Sleep(waitForAgentToConnect * 2)
+		}
+	}
+
 	var proxy http.Handler
-	proxy = handler.ProxyManager.GetProxy(string(endpointID))
+	proxy = handler.ProxyManager.GetProxy(endpoint)
 	if proxy == nil {
 		proxy, err = handler.ProxyManager.CreateAndRegisterProxy(endpoint)
 		if err != nil {
--- a/api/http/handler/endpoints/endpoint_create.go
+++ b/api/http/handler/endpoints/endpoint_create.go
@ -1,8 +1,11 @@
 package endpoints

 import (
+	"errors"
 	"log"
+	"net"
 	"net/http"
+	"net/url"
 	"runtime"
 	"strconv"

@ -41,7 +44,7 @@ func (payload *endpointCreatePayload) Validate(r *http.Request) error {

 	endpointType, err := request.RetrieveNumericMultiPartFormValue(r, "EndpointType", false)
 	if err != nil || endpointType == 0 {
-		return portainer.Error("Invalid endpoint type value. Value must be one of: 1 (Docker environment), 2 (Agent environment) or 3 (Azure environment)")
+		return portainer.Error("Invalid endpoint type value. Value must be one of: 1 (Docker environment), 2 (Agent environment), 3 (Azure environment) or 4 (Edge Agent environment)")
 	}
 	payload.EndpointType = endpointType

@ -149,6 +152,8 @@ func (handler *Handler) endpointCreate(w http.ResponseWriter, r *http.Request) *
 func (handler *Handler) createEndpoint(payload *endpointCreatePayload) (*portainer.Endpoint, *httperror.HandlerError) {
 	if portainer.EndpointType(payload.EndpointType) == portainer.AzureEnvironment {
 		return handler.createAzureEndpoint(payload)
+	} else if portainer.EndpointType(payload.EndpointType) == portainer.EdgeAgentEnvironment {
+		return handler.createEdgeAgentEndpoint(payload)
 	}

 	if payload.TLS {
@ -195,6 +200,52 @@ func (handler *Handler) createAzureEndpoint(payload *endpointCreatePayload) (*po
 	return endpoint, nil
 }

+func (handler *Handler) createEdgeAgentEndpoint(payload *endpointCreatePayload) (*portainer.Endpoint, *httperror.HandlerError) {
+	endpointType := portainer.EdgeAgentEnvironment
+	endpointID := handler.EndpointService.GetNextIdentifier()
+
+	portainerURL, err := url.Parse(payload.URL)
+	if err != nil {
+		return nil, &httperror.HandlerError{http.StatusBadRequest, "Invalid endpoint URL", err}
+	}
+
+	portainerHost, _, err := net.SplitHostPort(portainerURL.Host)
+	if err != nil {
+		portainerHost = portainerURL.Host
+	}
+
+	if portainerHost == "localhost" {
+		return nil, &httperror.HandlerError{http.StatusBadRequest, "Invalid endpoint URL", errors.New("cannot use localhost as endpoint URL")}
+	}
+
+	edgeKey := handler.ReverseTunnelService.GenerateEdgeKey(payload.URL, portainerHost, endpointID)
+
+	endpoint := &portainer.Endpoint{
+		ID:      portainer.EndpointID(endpointID),
+		Name:    payload.Name,
+		URL:     portainerHost,
+		Type:    endpointType,
+		GroupID: portainer.EndpointGroupID(payload.GroupID),
+		TLSConfig: portainer.TLSConfiguration{
+			TLS: false,
+		},
+		AuthorizedUsers: []portainer.UserID{},
+		AuthorizedTeams: []portainer.TeamID{},
+		Extensions:      []portainer.EndpointExtension{},
+		Tags:            payload.Tags,
+		Status:          portainer.EndpointStatusUp,
+		Snapshots:       []portainer.Snapshot{},
+		EdgeKey:         edgeKey,
+	}
+
+	err = handler.EndpointService.CreateEndpoint(endpoint)
+	if err != nil {
+		return nil, &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist endpoint inside the database", err}
+	}
+
+	return endpoint, nil
+}
+
 func (handler *Handler) createUnsecuredEndpoint(payload *endpointCreatePayload) (*portainer.Endpoint, *httperror.HandlerError) {
 	endpointType := portainer.DockerEnvironment

--- a/api/http/handler/endpoints/endpoint_delete.go
+++ b/api/http/handler/endpoints/endpoint_delete.go
@ -41,7 +41,7 @@ func (handler *Handler) endpointDelete(w http.ResponseWriter, r *http.Request) *
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to remove endpoint from the database", err}
 	}

-	handler.ProxyManager.DeleteProxy(string(endpointID))
+	handler.ProxyManager.DeleteProxy(endpoint)

 	return response.Empty(w)
 }
--- a/api/http/handler/endpoints/endpoint_status_inspect.go
+++ b/api/http/handler/endpoints/endpoint_status_inspect.go
@ -0,0 +1,77 @@
+package endpoints
+
+import (
+	"errors"
+	"net/http"
+
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/libhttp/request"
+	"github.com/portainer/libhttp/response"
+	"github.com/portainer/portainer/api"
+)
+
+type endpointStatusInspectResponse struct {
+	Status          string                   `json:"status"`
+	Port            int                      `json:"port"`
+	Schedules       []portainer.EdgeSchedule `json:"schedules"`
+	CheckinInterval int                      `json:"checkin"`
+	Credentials     string                   `json:"credentials"`
+}
+
+// GET request on /api/endpoints/:id/status
+func (handler *Handler) endpointStatusInspect(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	endpointID, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid endpoint identifier route variable", err}
+	}
+
+	endpoint, err := handler.EndpointService.Endpoint(portainer.EndpointID(endpointID))
+	if err == portainer.ErrObjectNotFound {
+		return &httperror.HandlerError{http.StatusNotFound, "Unable to find an endpoint with the specified identifier inside the database", err}
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find an endpoint with the specified identifier inside the database", err}
+	}
+
+	if endpoint.Type != portainer.EdgeAgentEnvironment {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Status unavailable for non Edge agent endpoints", errors.New("Status unavailable")}
+	}
+
+	edgeIdentifier := r.Header.Get(portainer.PortainerAgentEdgeIDHeader)
+	if edgeIdentifier == "" {
+		return &httperror.HandlerError{http.StatusForbidden, "Missing Edge identifier", errors.New("missing Edge identifier")}
+	}
+
+	if endpoint.EdgeID != "" && endpoint.EdgeID != edgeIdentifier {
+		return &httperror.HandlerError{http.StatusForbidden, "Invalid Edge identifier", errors.New("invalid Edge identifier")}
+	}
+
+	if endpoint.EdgeID == "" {
+		endpoint.EdgeID = edgeIdentifier
+
+		err := handler.EndpointService.UpdateEndpoint(endpoint.ID, endpoint)
+		if err != nil {
+			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to Unable to persist endpoint changes inside the database", err}
+		}
+	}
+
+	settings, err := handler.SettingsService.Settings()
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve settings from the database", err}
+	}
+
+	tunnel := handler.ReverseTunnelService.GetTunnelDetails(endpoint.ID)
+
+	statusResponse := endpointStatusInspectResponse{
+		Status:          tunnel.Status,
+		Port:            tunnel.Port,
+		Schedules:       tunnel.Schedules,
+		CheckinInterval: settings.EdgeAgentCheckinInterval,
+		Credentials:     tunnel.Credentials,
+	}
+
+	if tunnel.Status == portainer.EdgeAgentManagementRequired {
+		handler.ReverseTunnelService.SetTunnelStatusToActive(endpoint.ID)
+	}
+
+	return response.JSON(w, statusResponse)
+}
--- a/api/http/handler/endpoints/handler.go
+++ b/api/http/handler/endpoints/handler.go
@ -35,6 +35,8 @@ type Handler struct {
 	ProxyManager                *proxy.Manager
 	Snapshotter                 portainer.Snapshotter
 	JobService                  portainer.JobService
+	ReverseTunnelService        portainer.ReverseTunnelService
+	SettingsService             portainer.SettingsService
 }

 // NewHandler creates a handler to manage endpoint operations.
@ -65,5 +67,8 @@ func NewHandler(bouncer *security.RequestBouncer, authorizeEndpointManagement bo
 		bouncer.AuthorizedAccess(httperror.LoggerHandler(h.endpointJob))).Methods(http.MethodPost)
 	h.Handle("/endpoints/{id}/snapshot",
 		bouncer.AuthorizedAccess(httperror.LoggerHandler(h.endpointSnapshot))).Methods(http.MethodPost)
+	h.Handle("/endpoints/{id}/status",
+		bouncer.PublicAccess(httperror.LoggerHandler(h.endpointStatusInspect))).Methods(http.MethodGet)
+
 	return h
 }
--- a/api/http/handler/motd/motd.go
+++ b/api/http/handler/motd/motd.go
@ -5,9 +5,9 @@ import (
 	"net/http"
 	"strings"

+	"github.com/portainer/libcrypto"
 	"github.com/portainer/libhttp/response"
 	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/crypto"
 	"github.com/portainer/portainer/api/http/client"
 )

@ -42,7 +42,7 @@ func (handler *Handler) motd(w http.ResponseWriter, r *http.Request) {

 	message := strings.Join(data.Message, "\n")

-	hash := crypto.HashFromBytes([]byte(message))
+	hash := libcrypto.HashFromBytes([]byte(message))
 	resp := motdResponse{
 		Title:         data.Title,
 		Message:       message,
--- a/api/http/handler/schedules/handler.go
+++ b/api/http/handler/schedules/handler.go
@ -12,12 +12,13 @@ import (
 // Handler is the HTTP handler used to handle schedule operations.
 type Handler struct {
 	*mux.Router
-	ScheduleService portainer.ScheduleService
-	EndpointService portainer.EndpointService
-	SettingsService portainer.SettingsService
-	FileService     portainer.FileService
-	JobService      portainer.JobService
-	JobScheduler    portainer.JobScheduler
+	ScheduleService      portainer.ScheduleService
+	EndpointService      portainer.EndpointService
+	SettingsService      portainer.SettingsService
+	FileService          portainer.FileService
+	JobService           portainer.JobService
+	JobScheduler         portainer.JobScheduler
+	ReverseTunnelService portainer.ReverseTunnelService
 }

 // NewHandler creates a handler to manage schedule operations.
--- a/api/http/handler/schedules/schedule_create.go
+++ b/api/http/handler/schedules/schedule_create.go
@ -1,9 +1,11 @@
 package schedules

 import (
+	"encoding/base64"
 	"errors"
 	"net/http"
 	"strconv"
+	"strings"
 	"time"

 	"github.com/asaskevich/govalidator"
@ -113,7 +115,7 @@ func (payload *scheduleCreateFromFileContentPayload) Validate(r *http.Request) e
 	return nil
 }

-// POST /api/schedules?method=file/string
+// POST /api/schedules?method=file|string
 func (handler *Handler) scheduleCreate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
 	settings, err := handler.SettingsService.Settings()
 	if err != nil {
@ -219,6 +221,46 @@ func (handler *Handler) createScheduleObjectFromFileContentPayload(payload *sche
 }

 func (handler *Handler) addAndPersistSchedule(schedule *portainer.Schedule, file []byte) error {
+	nonEdgeEndpointIDs := make([]portainer.EndpointID, 0)
+	edgeEndpointIDs := make([]portainer.EndpointID, 0)
+
+	edgeCronExpression := strings.Split(schedule.CronExpression, " ")
+	if len(edgeCronExpression) == 6 {
+		edgeCronExpression = edgeCronExpression[1:]
+	}
+
+	for _, ID := range schedule.ScriptExecutionJob.Endpoints {
+
+		endpoint, err := handler.EndpointService.Endpoint(ID)
+		if err != nil {
+			return err
+		}
+
+		if endpoint.Type != portainer.EdgeAgentEnvironment {
+			nonEdgeEndpointIDs = append(nonEdgeEndpointIDs, endpoint.ID)
+		} else {
+			edgeEndpointIDs = append(edgeEndpointIDs, endpoint.ID)
+		}
+	}
+
+	if len(edgeEndpointIDs) > 0 {
+		edgeSchedule := &portainer.EdgeSchedule{
+			ID:             schedule.ID,
+			CronExpression: strings.Join(edgeCronExpression, " "),
+			Script:         base64.RawStdEncoding.EncodeToString(file),
+			Endpoints:      edgeEndpointIDs,
+			Version:        1,
+		}
+
+		for _, endpointID := range edgeEndpointIDs {
+			handler.ReverseTunnelService.AddSchedule(endpointID, edgeSchedule)
+		}
+
+		schedule.EdgeSchedule = edgeSchedule
+	}
+
+	schedule.ScriptExecutionJob.Endpoints = nonEdgeEndpointIDs
+
 	scriptPath, err := handler.FileService.StoreScheduledJobFileFromBytes(strconv.Itoa(int(schedule.ID)), file)
 	if err != nil {
 		return err
--- a/api/http/handler/schedules/schedule_delete.go
+++ b/api/http/handler/schedules/schedule_delete.go
@ -42,6 +42,8 @@ func (handler *Handler) scheduleDelete(w http.ResponseWriter, r *http.Request) *
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to remove the files associated to the schedule on the filesystem", err}
 	}

+	handler.ReverseTunnelService.RemoveSchedule(schedule.ID)
+
 	handler.JobScheduler.UnscheduleJob(schedule.ID)

 	err = handler.ScheduleService.DeleteSchedule(portainer.ScheduleID(scheduleID))
--- a/api/http/handler/schedules/schedule_tasks.go
+++ b/api/http/handler/schedules/schedule_tasks.go
@ -3,6 +3,7 @@ package schedules
 import (
 	"encoding/json"
 	"errors"
+	"fmt"
 	"net/http"
 	"strconv"

@ -18,6 +19,7 @@ type taskContainer struct {
 	Status     string               `json:"Status"`
 	Created    float64              `json:"Created"`
 	Labels     map[string]string    `json:"Labels"`
+	Edge       bool                 `json:"Edge"`
 }

 // GET request on /api/schedules/:id/tasks
@ -64,6 +66,22 @@ func (handler *Handler) scheduleTasks(w http.ResponseWriter, r *http.Request) *h
 		tasks = append(tasks, endpointTasks...)
 	}

+	if schedule.EdgeSchedule != nil {
+		for _, endpointID := range schedule.EdgeSchedule.Endpoints {
+
+			cronTask := taskContainer{
+				ID:         fmt.Sprintf("schedule_%d", schedule.EdgeSchedule.ID),
+				EndpointID: endpointID,
+				Edge:       true,
+				Status:     "",
+				Created:    0,
+				Labels:     map[string]string{},
+			}
+
+			tasks = append(tasks, cronTask)
+		}
+	}
+
 	return response.JSON(w, tasks)
 }

@ -87,6 +105,7 @@ func extractTasksFromContainerSnasphot(endpoint *portainer.Endpoint, scheduleID
 	for _, container := range containers {
 		if container.Labels["io.portainer.schedule.id"] == strconv.Itoa(int(scheduleID)) {
 			container.EndpointID = endpoint.ID
+			container.Edge = false
 			endpointTasks = append(endpointTasks, container)
 		}
 	}
--- a/api/http/handler/schedules/schedule_update.go
+++ b/api/http/handler/schedules/schedule_update.go
@ -1,6 +1,7 @@
 package schedules

 import (
+	"encoding/base64"
 	"errors"
 	"net/http"
 	"strconv"
@ -58,7 +59,15 @@ func (handler *Handler) scheduleUpdate(w http.ResponseWriter, r *http.Request) *
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a schedule with the specified identifier inside the database", err}
 	}

-	updateJobSchedule := updateSchedule(schedule, &payload)
+	updateJobSchedule := false
+	if schedule.EdgeSchedule != nil {
+		err := handler.updateEdgeSchedule(schedule, &payload)
+		if err != nil {
+			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to update Edge schedule", err}
+		}
+	} else {
+		updateJobSchedule = updateSchedule(schedule, &payload)
+	}

 	if payload.FileContent != nil {
 		_, err := handler.FileService.StoreScheduledJobFileFromBytes(strconv.Itoa(scheduleID), []byte(*payload.FileContent))
@ -85,6 +94,46 @@ func (handler *Handler) scheduleUpdate(w http.ResponseWriter, r *http.Request) *
 	return response.JSON(w, schedule)
 }

+func (handler *Handler) updateEdgeSchedule(schedule *portainer.Schedule, payload *scheduleUpdatePayload) error {
+	if payload.Name != nil {
+		schedule.Name = *payload.Name
+	}
+
+	if payload.Endpoints != nil {
+
+		edgeEndpointIDs := make([]portainer.EndpointID, 0)
+
+		for _, ID := range payload.Endpoints {
+			endpoint, err := handler.EndpointService.Endpoint(ID)
+			if err != nil {
+				return err
+			}
+
+			if endpoint.Type == portainer.EdgeAgentEnvironment {
+				edgeEndpointIDs = append(edgeEndpointIDs, endpoint.ID)
+			}
+		}
+
+		schedule.EdgeSchedule.Endpoints = edgeEndpointIDs
+	}
+
+	if payload.CronExpression != nil {
+		schedule.EdgeSchedule.CronExpression = *payload.CronExpression
+		schedule.EdgeSchedule.Version++
+	}
+
+	if payload.FileContent != nil {
+		schedule.EdgeSchedule.Script = base64.RawStdEncoding.EncodeToString([]byte(*payload.FileContent))
+		schedule.EdgeSchedule.Version++
+	}
+
+	for _, endpointID := range schedule.EdgeSchedule.Endpoints {
+		handler.ReverseTunnelService.AddSchedule(endpointID, schedule.EdgeSchedule)
+	}
+
+	return nil
+}
+
 func updateSchedule(schedule *portainer.Schedule, payload *scheduleUpdatePayload) bool {
 	updateJobSchedule := false

--- a/api/http/handler/settings/settings_update.go
+++ b/api/http/handler/settings/settings_update.go
@ -22,6 +22,7 @@ type settingsUpdatePayload struct {
 	EnableHostManagementFeatures       *bool
 	SnapshotInterval                   *string
 	TemplatesURL                       *string
+	EdgeAgentCheckinInterval           *int
 }

 func (payload *settingsUpdatePayload) Validate(r *http.Request) error {
@ -103,6 +104,10 @@ func (handler *Handler) settingsUpdate(w http.ResponseWriter, r *http.Request) *
 		}
 	}

+	if payload.EdgeAgentCheckinInterval != nil {
+		settings.EdgeAgentCheckinInterval = *payload.EdgeAgentCheckinInterval
+	}
+
 	tlsError := handler.updateTLS(settings)
 	if tlsError != nil {
 		return tlsError
--- a/api/http/handler/websocket/attach.go
+++ b/api/http/handler/websocket/attach.go
@ -62,8 +62,10 @@ func (handler *Handler) handleAttachRequest(w http.ResponseWriter, r *http.Reque

 	r.Header.Del("Origin")

-	if params.nodeName != "" || params.endpoint.Type == portainer.AgentOnDockerEnvironment {
-		return handler.proxyWebsocketRequest(w, r, params)
+	if params.endpoint.Type == portainer.AgentOnDockerEnvironment {
+		return handler.proxyAgentWebsocketRequest(w, r, params)
+	} else if params.endpoint.Type == portainer.EdgeAgentEnvironment {
+		return handler.proxyEdgeAgentWebsocketRequest(w, r, params)
 	}

 	websocketConn, err := handler.connectionUpgrader.Upgrade(w, r, nil)
--- a/api/http/handler/websocket/exec.go
+++ b/api/http/handler/websocket/exec.go
@ -68,8 +68,10 @@ func (handler *Handler) websocketExec(w http.ResponseWriter, r *http.Request) *h
 func (handler *Handler) handleExecRequest(w http.ResponseWriter, r *http.Request, params *webSocketRequestParams) error {
 	r.Header.Del("Origin")

-	if params.nodeName != "" || params.endpoint.Type == portainer.AgentOnDockerEnvironment {
-		return handler.proxyWebsocketRequest(w, r, params)
+	if params.endpoint.Type == portainer.AgentOnDockerEnvironment {
+		return handler.proxyAgentWebsocketRequest(w, r, params)
+	} else if params.endpoint.Type == portainer.EdgeAgentEnvironment {
+		return handler.proxyEdgeAgentWebsocketRequest(w, r, params)
 	}

 	websocketConn, err := handler.connectionUpgrader.Upgrade(w, r, nil)
--- a/api/http/handler/websocket/handler.go
+++ b/api/http/handler/websocket/handler.go
@ -11,10 +11,11 @@ import (
 // Handler is the HTTP handler used to handle websocket operations.
 type Handler struct {
 	*mux.Router
-	EndpointService    portainer.EndpointService
-	SignatureService   portainer.DigitalSignatureService
-	requestBouncer     *security.RequestBouncer
-	connectionUpgrader websocket.Upgrader
+	EndpointService      portainer.EndpointService
+	SignatureService     portainer.DigitalSignatureService
+	ReverseTunnelService portainer.ReverseTunnelService
+	requestBouncer       *security.RequestBouncer
+	connectionUpgrader   websocket.Upgrader
 }

 // NewHandler creates a handler to manage websocket operations.
--- a/api/http/handler/websocket/proxy.go
+++ b/api/http/handler/websocket/proxy.go
@ -2,14 +2,37 @@ package websocket

 import (
 	"crypto/tls"
+	"fmt"
+	"net/http"
+	"net/url"
+
 	"github.com/gorilla/websocket"
 	"github.com/koding/websocketproxy"
 	"github.com/portainer/portainer/api"
-	"net/http"
-	"net/url"
 )

-func (handler *Handler) proxyWebsocketRequest(w http.ResponseWriter, r *http.Request, params *webSocketRequestParams) error {
+func (handler *Handler) proxyEdgeAgentWebsocketRequest(w http.ResponseWriter, r *http.Request, params *webSocketRequestParams) error {
+	tunnel := handler.ReverseTunnelService.GetTunnelDetails(params.endpoint.ID)
+
+	endpointURL, err := url.Parse(fmt.Sprintf("http://localhost:%d", tunnel.Port))
+	if err != nil {
+		return err
+	}
+
+	endpointURL.Scheme = "ws"
+	proxy := websocketproxy.NewProxy(endpointURL)
+
+	proxy.Director = func(incoming *http.Request, out http.Header) {
+		out.Set(portainer.PortainerAgentTargetHeader, params.nodeName)
+	}
+
+	handler.ReverseTunnelService.SetTunnelStatusToActive(params.endpoint.ID)
+	proxy.ServeHTTP(w, r)
+
+	return nil
+}
+
+func (handler *Handler) proxyAgentWebsocketRequest(w http.ResponseWriter, r *http.Request, params *webSocketRequestParams) error {
 	agentURL, err := url.Parse(params.endpoint.URL)
 	if err != nil {
 		return err