Device goes into pending state again

General Discussions
1

Hi, i notice one more problem, when my device goes offline for some time ( like one day ) and I enable it than i get new device pending to be authorization, will same device was authorized by me like 20h ago and i didnt touch the device, what could be the reason of that problem?
Device authorized 20h ago

image
image696×313 21.5 KB

And same device waiting for authorization
image
image696×313 16.7 KB

This bug appears every time when i enable device after some time ( like day or something like that )

2

image
image1874×685 311 KB

Here are some logs from authd which are around time which that pending request came ( im in GMT + 2 so ignore timezone differences in logs )

3

Hi @livelove1987,

If you look at your screenshot, then you can see that the MAC address changes, from c0:74:2b:ff:22:26 to c0:74:2b:ff:22:27. By default the MAC address is used as the device identity, and hence if it changes the devices is understood as a new one.

Solutions:

  • either make sure that the MAC address is assigned permanently
  • or choose some other unique identifier for the device ID. You can do this through the device identity script hook, as documented here: Identity | Mender documentation

Greets,
Josef

4

Oh okay it makes sens, im just curios why is it used as default identifier while it can be dynamically rotated while there ids like the one from cat /proc/cpuinfo | grep Serial Which make those number always unique for device

5

@livelove1987 that’s why we encourage people to use a unique identifier for their product.

Two comments:

  • the MAC address is by definition unique, and for real hardware assigned by the manufacturer. The manufacturer has to buy dedicated addresses from the IEEE, so it’s technically a really sound choice. If your device, which is possibly a virtual one chooses one dynamically, then it’s up to you to either make it fixed or provide a different unique identifier.
  • the /proc/cpuinfo serial is by no means unique, see for example https://forums.raspberrypi.com/viewtopic.php?t=183474

Greets,
Josef

6

Okay that make sens, btw im no using raspberry pi but orange pi i will check if /proc/cpuinfo is not unique as well. Are there any different id’s stored on device which should be unique?

7

Very technically speaking, I personally consider it a bug if a device is not shipped with a fixed MAC address assigned.

What else might be there on the Orange Pis, I don’t know as I have no experience with that platform. I gave SID Register Guide - linux-sunxi.org a quick skim, and it does not seem to have a unique identifier.

In a product use case, it would be up to you now to create one and store it in an appropriate place. It might be some EEPROM, fuse bits of the SoC, or similar. This must be part of the device provisioning process, and it’s up to the device manufacturer respectively integrator to figure it out.

Like said, the MAC address is a technically sound choice for the vast majority of cases. If you need something else, please work with your hardware supplier and provisioning process and then add an adjusted identity script as documented.

Greets,
Josef

8

I found also one weird think about that MAC addresses, enP3p49s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 - Mac address: c0:74:2b:ff:22:27
enP4p65s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 - Mac address c0:74:2b:ff:22:26 so it’s not like the Address aren’t static but mender just chooses once to use first one and then to use second one …

9

And thats because my controller has two netwok interfaces ( because it has two ethernet connectors )

10

If there are multiple interfaces, then you might need to adjust mender/support/mender-device-identity at master · mendersoftware/mender · GitHub to always choose the same one, indeed.

Greets,
Josef