Mender client testing on solidrun with Mender demo server

#1

Hi,
Mender client throwing following errors on my device…

root@solidrun-imx6:~# cat /var/log/kern.log | grep mender
Apr 26 09:32:26 solidrun-imx6 mender[454]: level=info msg="Configuration file does not exist: /var/lib/mender/mender.conf" module=config  
Apr 26 09:32:26 solidrun-imx6 mender[454]: level=info msg="Loaded configuration file: /etc/mender/mender.conf" module=config  
Apr 26 09:32:26 solidrun-imx6 mender[454]: level=info msg="Mender running on partition: /dev/mmcblk0p2" module=main  
Apr 26 09:32:27 solidrun-imx6 mender[454]: level=info msg="API Gateway certificate (in PEM format): \n-----BEGIN CERTIFICATE-----\nMIIFwjCCA6qgAwIBAgIJAM12YhUgT0yJMA0GCSqGSIb3DQEBCwUAMHYxCzAJBgNV\nBAYTAklOMQswCQYDVQQIDAJUUzEMMAoGA1UEBwwDSFlEMQ0wCwYDVQQKDARESUdJ\nMQwwCgYDVQQLDANJT1QxEzARBgNVBAMMCmxlc2hhbi5jb20xGjAYBgkqhkiG9w0B\nCQEWC3JhbUB0Y3MuY29tMB4XDTE5MDIyMjA2MTY1N1oXDTIwMDIyMjA2MTY1N1ow\ndjELMAkGA1UEBhMCSU4xCzAJBgNVBAgMAlRTMQwwCgYDVQQHDANIWUQxDTALBgNV\nBAoMBERJR0kxDDAKBgNVBAsMA0lPVDETMBEGA1UEAwwKbGVzaGFuLmNvbTEaMBgG\nCSqGSIb3DQEJARYLcmFtQHRjcy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\nggIKAoICAQDbX01+Y+7e0SdZVlXAAQQ1ChBhe0XUcB6Kht4nqWMtx9pwJ98gRbRP\n0uieyEnA96DlTYp5ntnBWGb9Zcp/0IuKK7TGXhXZtoaedLaSEhxiq7F5QbW3WJuf\nkuo7yDXpxhw4zmjm1RlDW7BLlSGhDR+fFeRGE/diu0h8vc/eFDkL38PspVKvxLiS\n7VyVuikdQ1WSDEbOFhN92BOQ4dnSuhVBQLEtp8p74S5MS3QVpjKQOyFSB+ktlBXU\nIk6QKEGWiXPJ3LeRoXJqUSNpMDag+nrid5VtBgliAtTYBWrtmxXsZbZ341c9Dr47\nvKVkHZ9zNpQLJ6CeymOuL/dDFLVrF6Ny3R3YgWDO9d+rmRq5718SiyobRvBsnWT8\nM9kUPtDG3BvztvUyPmKa/1gELkISrpi2O3eZXpMmPYLP
Apr 26 09:32:27 solidrun-imx6 mender[454]: level=info msg="Issuer: [DIGI], Valid from: 2019-02-22 06:16:57 +0000 UTC, Valid to: 2020-02-22 06:16:57 +0000 UTC" module=client  
Apr 26 09:32:27 solidrun-imx6 mender[454]: level=info msg="State transition: init [none] -> init [none]" module=mender  
Apr 26 09:32:27 solidrun-imx6 mender[454]: level=info msg="State transition: init [none] -> idle [Idle]" module=mender  
Apr 26 09:32:27 solidrun-imx6 mender[454]: level=info msg="State transition: idle [Idle] -> authorize [Sync]" module=mender  
Apr 26 09:34:12 solidrun-imx6 mender[454]: level=error msg="Failure occured while executing authorization request: &url.Error{Op:\"Post\", URL:\"https://leshan.com/api/devices/v1/authentication/auth_requests\", Err:x509.HostnameError{Certificate:(*x509.Certificate)(0x1908000), Host:\"leshan.com\"}}" module="client_auth"  
Apr 26 09:34:12 solidrun-imx6 mender[454]: level=error msg="authorization request error: x509: certificate is valid for docker.mender.io, not leshan.com" module="client_auth"  
Apr 26 09:34:12 solidrun-imx6 mender[454]: level=error msg="authorize failed: transient error: authorization request failed: generic error occured while executing authorization request: Post https://leshan.com/api/devices/v1/authentication/auth_requests: **x509: certificate is valid for docker.mender.io, not leshan.com" module=state**  
Apr 26 09:34:12 solidrun-imx6 mender[454]: level=info msg="State transition: authorize [Sync] -> authorize-wait [Idle]" module=mender  

Following are changes i have done in yocto mender build…
local.conf

MENDER_DEMO_HOST_IP_ADDRESS = "10.42.0.223"
MENDER_SERVER_URL = "https://leshan.com"
FILESEXTRAPATHS_prepend_pn-mender := "/etc/apache2/ssl:"
SRC_URI_append_pn-mender = " file://leshan.crt"

mender.conf in receips-mender/mender/files**/mender.conf**

{
    "InventoryPollIntervalSeconds": 30,
    "RetryPollIntervalSeconds": 30,
    "RootfsPartA": "/dev/mmcblk0p2",
    "RootfsPartB": "/dev/mmcblk0p3",
    "ServerCertificate": "/etc/mender/leshan.crt",
    "ServerURL": "https://leshan.com",
    "TenantToken": "",
    "UpdatePollIntervalSeconds": 30
}

Following are my changes on device side while device up and running
cat /etc/mender/mender.conf

{
    "InventoryPollIntervalSeconds": 1800,
    "RetryPollIntervalSeconds": 300,
    "RootfsPartA": "/dev/mmcblk0p2",
    "RootfsPartB": "/dev/mmcblk0p3",
    "ServerCertificate": "/etc/mender/leshan.crt",
    "ServerURL": "https://leshan.com",
    "TenantToken": "dummy",
    "UpdatePollIntervalSeconds": 1800
}
root@solidrun-imx6:~# ls -lrt /etc/mender/
total 16
-rw-r--r-- 1 root root   24 Mar 18 10:11 artifact_info
-rw-r--r-- 1 root root  312 Apr 26 06:41 mender.conf
drwxr-xr-x 2 root root 4096 Apr 26 06:47 scripts
-rw-r--r-- 1 root root 2057 Apr 26 09:29 leshan.crt
cat /etc/hosts 
127.0.0.1	localhost.localdomain		localhost
10.42.0.1       leshan.com

Edit: @mirzak: Prettified logs

#2

Hi @ramu,

You seem to be mixing “demo environment” settings and with "production environment.

To better understand what you are trying to do, can please confirm which server instance are you using,

  1. https://docs.mender.io/1.7/getting-started/create-a-test-environment

or

  1. https://docs.mender.io/1.7/administration/production-installation
#3

I used mender server from https://docs.mender.io/1.7/getting-started/create-a-test-environment and tested mender client on raspbery board using readily available images from mender site…

Then now, I am using the same above demo server which is running on my laptop ( Created certificate with CN=leshan.com ) for mender client running on my solidrun board. I have made the above said changes like server name, certificate, ip address etc for in my yocto build for my device…

#4

Above is all you need for the demo environment in your Yocto configuration.

You can remove this,

MENDER_SERVER_URL = "https://leshan.com"
FILESEXTRAPATHS_prepend_pn-mender := "/etc/apache2/ssl:"
SRC_URI_append_pn-mender = " file://leshan.crt"

We already provide “demo certificates” for usage with demo environment and you can not use custom keys/certificates in this case.

1 Like
#5

If i want to use demo server then what are the values i need to use for below attributes in mender.conf and etc/hosts??
I think i can delete below lines or mender.conf in recipes-more/

“ServerCertificate”: “/etc/mender/leshan.crt”,
“ServerURL”: “https://leshan.com”,

cat /etc/hosts 
127.0.0.1	localhost.localdomain		localhost
10.42.0.1       leshan.com       **Here**( mender.io ??)
#6

It should be:

10.42.0.1       docker.mender.io

But if you use the MENDER_DEMO_HOST_IP_ADDRESS variable in Yocto, it will set this up correctly

#7

Demo server will be same in any case except the IP address configuration on the client to access the server. The demo server certificate and other configurations will be ready when you add the /meta-mender/meta-mender-demo to your soldrun board. No extra settings are required apart from what @mirzak suggested.

If you plan to go for production with your own server and certificate, then you need to remove this meta-mender-demo layer and configure it as per your settings. Taking the demo server and making it as production server will not work!

I hope this helps :slight_smile:

#8

It is for demo purpose only… I have not added meta-mender-demo layer… I will add and try

#9

Thanks Ajith and Mirzak… Now device able to connect to demo server… But facing below issue…
Inventory update failed

There was a problem updating the device auth status: cannot PUT /api/management/v2/devauth/devices/5cc68daddb7acc0001a4a4e8/auth/5cc68daddb7acc0001a4a4e9/status (500)… [Request ID: 001abd89]

#10

Which version of the demo server are you running?

#11

Demo server version is 1.7.0 … Below are the intervals i have changed from default vaules
“InventoryPollIntervalSeconds”: 5,
“RetryPollIntervalSeconds”: 30,

"UpdatePollIntervalSeconds": 5
#12

Check if any of these are helpful,

https://docs.mender.io/1.7/troubleshooting/mender-server

#13

Thank you… Now able to fetch the inventory data… I decommissioned some old device with same certificate…

#14

To make sure that the server is clean and solid, can you please do the below steps to make it default?
https://docs.mender.io/1.7/getting-started/maintain-the-test-environment#clean-up-the-environment

This will reset the mender server to it’s original state so that, your device then consider as a new one and fetch the inventory data (if decommission made issue).

#15

Thanks Ajith and Mirzak… I am able to update my device with new releases using production server and client… As of now I am updating the /etc/hosts and systemd/network/eth.entwork using mender-artifact tool… I Specified below changes as well, still /etc/hosts not reflecting these changes…
MENDER_DEMO_HOST_IP_ADDRESS = “10.42.0.1”
MENDER_SERVER_URL = “https://mender.solid.com

I need to generate keys for signing the artifacts…
info: no public key was provided for authenticating the artifact

#16

You do not need this if you have production server, nor do you need to update the /etc/hosts" file.

MENDER_SERVER_URL = “https://mender.solid.com

Above is all you need + your custom server.crt if you generated as such.

I need to generate keys for signing the artifacts…
info: no public key was provided for authenticating the artifact

https://docs.mender.io/1.7/artifacts/signing-and-verification

#17

I am facing below error with signing mender images …
~/workspace/mender/mender-artifact modify solidrun-rel2.mender -k artifact-keys/private.key
Error selecting images for modification: error validating signature

#18

Please use the sign command instead of modify, e.g

 mender-artifact sign artifact.mender -k private.key -o artifact-signed.mender

We are aware of some problems with modify and that is what you are seeing here.

#19

I am able to sign the artifact and upgrade to new releases…

I need to use the mender-artifact to write the ip address and server name in to /etc/hosts file for mender client to access the server… I created the certificate for Gateway_API as well for my production server…
So MENDER_SERVER_URL = “https://mender.solid.com” in local.conf not working for me… Usually mender client trying access “https://mender.solid.com” on localhost only

#20

Hi @ramu, I’m not sure what the issue is here. Are you still having trouble?