We would like to add geolocation information by default to Mender as this is often used to make decisions and about software updates and ordering the deployments (e.g. deploy to Europe first, then east coast US). It turns out this can be achieved quite easily with a inventory script run on the device, you can see the PR here: https://github.com/mendersoftware/mender/pull/539
It does raise a potential privacy/security question though. In this PR the device would periodically call https://ipvigilante.com to convert the device IP to location information.
Our current thinking is that as long as this is clear and easy to disable (simply remove the script) we can provide it as part of the default installation of Mender.
We would like to hear your opinion on this, and if you have seen similar cases for other tools or products you are working with.
Adding geolocation from 3rd party to the default is good. However, we should explicitly mentioned the same in the document - easily accessible and visible to the people to avoid the confusion.
How about adding this change and how to remove if required in the production version page?
We already mentioned mender demo layer removal and default security changes here.
Also, I would like to know how to handle this feature if someone using proxy servers or VPN for their connection (where actual Geo location might be different) ?
In this case it probably will not work as it is based on the IP address and other means have to be used for Geo location.
I consider the script we add mostly for demonstration purposes (as is really with all the inventory scripts we install) to show one (simple) way of Geo locations.
Objective: How to disable geo location ("/usr/share/mender/inventory/mender-inventory-geo" script) in mender OTA deployment. Problem: Getting Issue of Blocked URL https://ipvigilante.com
ISO Image: Ubuntu 18.04.3 LTS (Bionic beaver) Desktop image Device architecture: x86_64 Mender Server version: integration-2.1.0 (Hosted on EC2 instance)
Currently I was using mender-convert (2.0.X) to generate sdimg & .mender artifacts But from last few days, we are getting the issue of blocked URL https://ipvigilante.com in the mender OTA deployment.
Could you please assist me or suggestion that how to disable/Remove this geo location inventory for mender OTA artifacts deployment?
I had removed this script in the system booted with mender .sdimg & then restart the mender-client. service. the device was notified on the mender server UI, I have accepted this device but after that “Device inventory” is freeze as "Waiting for inventory data from the device. It is waiting a long time 4-5 hours but still the same status. Means the updating inventory fails, the deployment also does not work.
Please any suggestion on this issue.
Is there any way to remove from the mender-convert tool, B’coz I have observed that the mender-convert tool is using *.deb file to fetch mender components e.g. mender-client etc from the mender-convert-modify script file?
When I decommission the device and connect again, then mender UI is not fatching device inventory data as showing in below screenshot “Waiting for inventory data from the device”
The authorization requests are being rejected. This normally means that there is an authentication set needing approval on the server. Basically, if the identity or mender-agent.pem change then the server will no longer recognize the device. I don’t know how this happened in your case but I suspect if you go into the device details there will be an authentication set you can approve. It should be available as a link on the text “Reject, Dismiss or Decomission this device”.
But in case the issue is something else, it looks like your journalctl output is truncated and we are not seeing the full output. I think if you add the --no-pager option to the command it will show more details.
"Waiting for inventory data from the device" issue has resolved by After changing the version of mender client to 2.4.0 (from master) in mender_convert. Now I am able to see inventory data on the mender server UI successfully.
