Having created a working mender device installation based on Ubuntu Server 19.4 and having it working with the Mender Demo server, we are now moving over to a Mender production server.
If set-up my initial Mender production server as a test in a VirtualBox following the instructions in the documentation. But now I have to modify my device so that it can connect to that server. This has proven somewhat more challenging as there are no instructions given in the documentation how to do this.
From the information I found in the docs it seemed as if I only needed to copy over the new server certificates in order make this work, but my tests have show that this is not the case.
Can anybody tell me what needs to be copied to the running rootfs and where it needs to be copied? That would complete the last step before we can start with using Mender in our daily work.
Hi @PJK, I think there are just two items that need to change:
ServerURL in your mender.conf file (usually /etc/mender/mender.conf or /data/mender/mender.conf)
Server Cert for the new server: Look for ServerCertificate in your mender.conf file to tell you where that file is loaded from
Once you do that “systemctl restart mender-client” should get it up and running. Of course you will need to admit the device to the new server fleet as it will show up pending initially.
I thought that I’d done that, but maybe I used the wrong server.cert file. It should be the one under the production directory, or not? There was another one that was identical to the demo server one in the main directory of the server project. So I didn’t use that one (the device was using that one initially and the server didn’t see it as a recognized device, so I assumed that that wasn’t the correct one).
It should be the one you generated in your production setup. If you follow the steps here then it is the file located in keys-generated/certs/server.crt.
I found the issue. It was my own fault for not ensuring the URL set in the mender.conf file was the same one as used for generating the certificate. Since the URL was targeting the correct IP address in the /etc/host file I though it didn’t matter. But it does.