Internal error: Failed to propagate device identity to inventory service on mender server 2.5.0

conker00 · November 6, 2020, 12:18am

Internal error when using devauth api to add preauthorized new device. https://docs.mender.io/api/2.5/#preauthorize
The POST call is done with a Authorization Bearer jwt token in the header and PreAuthSet containing both identity_data and pubkey in the body as show in the coed snipet. The jwt token is taken from a POST call to …/useradm/auth/login using basic auth.
The device does seem to be added correctly but error 500 is returned with the request id.
Following the request id in the logs I find these log entries:

logs from mendersoftware/deviceauth container

time="2020-11-02T22:39:00Z" level=error msg="request PATCH http://mender-inventory:8080/api/internal/v1/inventory/tenants//device/e4e4289e-b6db-4554-8434-87183eee14b7/attribute/scope/identity failed with status 400 Bad Request, response: {\"error\":\"value: supported types are string, float64, and arrays thereof.\",\"request_id\":\"8fdb2f63-c94e-493c-98fe-999c6035f6fe\"}" file=entry.go func="logrus.(*Entry).Errorf" line=362 request_id=3d3d6f2b-e854-4d3f-aeb9-e62f478d6d86 user_id=007bc2d1-7919-5568-b934-e6c5cdd546f5
time="2020-11-02T22:39:00Z" level=error msg="internal error: failed to propagate device identity to inventory service: PATCH http://mender-inventory:8080/api/internal/v1/inventory/tenants//device/e4e4289e-b6db-4554-8434-87183eee14b7/attribute/scope/identity request failed with status 400 Bad Request" file=response_helpers.go func=rest_utils.restErrWithLogMsg line=110 request_id=3d3d6f2b-e854-4d3f-aeb9-e62f478d6d86 user_id=007bc2d1-7919-5568-b934-e6c5cdd546f5
time="2020-11-02T22:39:00Z" level=info msg="500 25014μs POST /api/management/v2/devauth/devices HTTP/1.1 - PostmanRuntime/7.26.5" byteswritten=103 file=entry.go func="logrus.(*Entry).Print" line=300 method=POST path=/api/management/v2/devauth/devices qs= request_id=3d3d6f2b-e854-4d3f-aeb9-e62f478d6d86 responsetime=0.025014599 status=500 ts="2020-11-02 22:39:00.75230408 +0000 UTC" type=http user_id=007bc2d1-7919-5568-b934-e6c5cdd546f5

logs from mendersoftware/inventory container

time="2020-11-02T22:39:00Z" level=warning msg="Failed to extract identity from header: malformed authorization data" file=entry.go func="logrus.(*Entry).Warnf" line=354 request_id=8fdb2f63-c94e-493c-98fe-999c6035f6fe
time="2020-11-02T22:39:00Z" level=error msg="value: supported types are string, float64, and arrays thereof." file=response_helpers.go func=rest_utils.restErrWithLogMsg line=110 request_id=8fdb2f63-c94e-493c-98fe-999c6035f6fe
time="2020-11-02T22:39:00Z" level=info msg="400 921μs PATCH /api/internal/v1/inventory/tenants//device/e4e4289e-b6db-4554-8434-87183eee14b7/attribute/scope/identity HTTP/1.1 - Go-http-client/1.1" byteswritten=138 file=entry.go func="logrus.(*Entry).Print" line=300 method=PATCH path=/api/internal/v1/inventory/tenants//device/e4e4289e-b6db-4554-8434-87183eee14b7/attribute/scope/identity qs= request_id=8fdb2f63-c94e-493c-98fe-999c6035f6fe responsetime=0.000921416 status=400 ts="2020-11-02 22:39:00.760744792 +0000 UTC" type=http

Logs seem to lead to an authorization error in the header of the internal PATCH call.
All suggestions and troubleshooting ideas are greatly appreciated.
My apologizes if there is an enforced forum format which I have not followed.

conker00 · November 6, 2020, 3:21pm

Attempting the preauthorization on mender server 2.4.1 does not return an internal error.
I thought this might be useful information.

drewmoseley · November 9, 2020, 6:27pm

@tranchitella @merlin any thoughts here?

peter · December 3, 2020, 4:59pm

hello @conker00

thanks for using Mender and for a detailed report.
I am unable to replicate the issue, could you send the exact postman command you are using?
I tried with:

curl -vvv -d '{ "identity_data": { "mac": "00:02:02:02:02:02", "sku": "My Device 2", "sn": "SN1232567890" }, "pubkey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzogVU7RGDilbsoUt/DdH\nVJvcepl0A5+xzGQ50cq1VE/Dyyy8Zp0jzRXCnnu9nu395mAFSZGotZVr+sWEpO3c\nyC3VmXdBZmXmQdZqbdD/GuixJOYfqta2ytbIUPRXFN7/I7sgzxnXWBYXYmObYvdP\nokP0mQanY+WKxp7Q16pt1RoqoAd0kmV39g13rFl35muSHbSBoAW3GBF3gO+mF5Ty\n1ddp/XcgLOsmvNNjY+2HOD5F/RX0fs07mWnbD7x+xz7KEKjF+H7ZpkqCwmwCXaf0\niyYyh1852rti3Afw4mDxuVSD7sd9ggvYMc0QHIpQNkD4YWOhNiE1AB0zH57VbUYG\nUwIDAQAB\n-----END PUBLIC KEY-----\n" }' -X POST https://my-test-host-here/api/management/v2/devauth/devices -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'Authorization: Bearer my-jwt-here'

and that is on of my real public keys
could you try with curl?

peter

tranchitella · January 4, 2021, 9:15am

@conker00 are you still experiencing issues in preauthorizing your devices? Can you please share with us the full request you are sending using curl?

conker00 · January 19, 2021, 2:36pm

Hi, I would like to let you know that I am no longer having anymore issues preauthorizing devices.
The the issue was with the request body I was sending.
I was sending within the request body identity_data an application/json just as seen in this part of the documentation for 2.0
https://docs.mender.io/2.0/apis/management-apis/device-authentication

{
  "identity_data" : {
    "application/json" : {
      "mac" : "00:01:02:03:04:05",
      "sku" : "My Device 1",
      "sn" : "SN1234567890"
    }
  },
  "pubkey" : "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzogVU7RGDilbsoUt/DdH
VJvcepl0A5+xzGQ50cq1VE/Dyyy8Zp0jzRXCnnu9nu395mAFSZGotZVr+sWEpO3c
yC3VmXdBZmXmQdZqbdD/GuixJOYfqta2ytbIUPRXFN7/I7sgzxnXWBYXYmObYvdP
okP0mQanY+WKxp7Q16pt1RoqoAd0kmV39g13rFl35muSHbSBoAW3GBF3gO+mF5Ty
1ddp/XcgLOsmvNNjY+2HOD5F/RX0fs07mWnbD7x+xz7KEKjF+H7ZpkqCwmwCXaf0
iyYyh1852rti3Afw4mDxuVSD7sd9ggvYMc0QHIpQNkD4YWOhNiE1AB0zH57VbUYG
UwIDAQAB
-----END PUBLIC KEY-----
"
}

Instead of a identity_data which looks like the one peter tried without a application/json and found here in the documentation for 2.5
https://docs.mender.io/api/2.5/#preauthorize-parameters

{
  "identity_data": {
    "mac": "00:01:02:03:04:05",
    "sku": "My Device 1",
    "sn": "SN1234567890"
  },
  "pubkey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzogVU7RGDilbsoUt/DdH\nVJvcepl0A5+xzGQ50cq1VE/Dyyy8Zp0jzRXCnnu9nu395mAFSZGotZVr+sWEpO3c\nyC3VmXdBZmXmQdZqbdD/GuixJOYfqta2ytbIUPRXFN7/I7sgzxnXWBYXYmObYvdP\nokP0mQanY+WKxp7Q16pt1RoqoAd0kmV39g13rFl35muSHbSBoAW3GBF3gO+mF5Ty\n1ddp/XcgLOsmvNNjY+2HOD5F/RX0fs07mWnbD7x+xz7KEKjF+H7ZpkqCwmwCXaf0\niyYyh1852rti3Afw4mDxuVSD7sd9ggvYMc0QHIpQNkD4YWOhNiE1AB0zH57VbUYG\nUwIDAQAB\n-----END PUBLIC KEY-----\n"
}

Additionally, although the error was not present in 2.4.1 the preauthorisation did not work.

Thanks for the help.

Topic		Replies	Views
Authorization failed General Discussions	1	509	June 25, 2020
Mender server deviceauth propagate issue General Discussions	23	1154	August 22, 2023
Mender client unable to sync with server after device has been preauthorised General Discussions	1	101	June 7, 2024
Preauthorization no longer working after upgrading to v2.6 General Discussions upgrade , preauthorization	2	425	March 18, 2021
Missing scope identity in inventory General Discussions inventory	10	550	April 13, 2023

Internal error: Failed to propagate device identity to inventory service on mender server 2.5.0

Related topics