Identification for update

We started an update (on the mender-server) for one device and the update started on two devices. One of the device is an image copy of the other one for which we wanted to update. I thought mender will check the identity and the public key for verification if the update is for this device. Is that wrong, or why it can happen, that the update starts on both devices? I checked that the identity is not the same on both devices. Of course the key is the same (copy of the image).

How did you start the deployment? Was it using the “CREATE DEPLOYMENT FOR THIS DEVICE” or did you do it trough the “Deployments” tab? Which group where you targeting?

Can you share how they the devices are listed in GUI? Also so that one can see identities.

Also share the information that is displayed from deployment history for that specific deployment.

I thought mender will check the identity and the public key for verification if the update is for this device

I am not sure what you mean here, and it depends a bit on how you create a deployment. Mender Artifacts “per see” are not bound to specific devices, and what devices are to get the deployment is decided when you create an actual deployment. Hence my many questions above :slight_smile:

I started the deployment with “CREATE DEPLOYMENT FOR THIS DEVICE”.
I have forgotten to write, that the other device was not yet accepted (see screenshot).

Screenshot for the device which should be updated:

Screenshot of the device which was also updated:

Forgot to ask, which server version are you running?

Can you also share a picture of the deployment?

We are using hosted.mender.io (master).
Here is the picture of the deployment:

But your picture only shows one device was being updated.

But you said,

I think I have enough information and I will try to reproduce this as well, I am not quite sure what happens when you have the same public key bound to different device identities. This is not something we would recommended you to do from a security perspective anyway and I need to investigate if it is “valid” to do so if you choose to do so.

On the mender-server it is only one device which is deployed. But we saw on the device, that it starts deployment.

On the mender-server it is only one device which is deployed. But we saw on the device, that it starts deployment.

I suspect that there something else going on. Because a device in “Pending” state is not able to community with the server and would never be able to see that there is a deployment ready for it (it wont even be asking the server for updates until it is authorized)

But I could image if you have two devices that have the same identity and public key, these would be represented as one device on the server and might explain what you saw. Could this be the case?

The script on the device for the identity gives different values. Therefore the identity is not the same, but the public key is the same.
Is there something which is persistent for the identiy? Because the image is copied from the first one which was already accepted.

Unclear to me. I do not know what you use for identity as it does not seem to be the default (which is MAC address and this typically is different on different devices, but this also depends on how your device sets the MAC address).

But the identity is decided by a script on the device, e.g:

$ /usr/share/mender/identity/mender-device-identity 
using interface /sys/class/net/eth0     
mac=00:14:2d:62:d3:a8 

We use a custom script for the identity, which is depending on CPU Serial Number and the MAC address. I was not sure if you store this information somewhere. If it is only this script, then it is what I have expected.