I’m experiencing an issue where, after device authentication, the device settings for Mender Configure are not reported during the initial inventory submission.
In the script located at /usr/share/mender/inventory/mender-inventory-mender-configure, I encounter the error:
“An authentication token could not be obtained over DBus.”
This indicates that the token is not being passed via DBus. Subsequently, re-authentication occurs, and the settings are sent in the next inventory submission.
Expected Behavior
After device authentication, the device settings for Mender Configure should be reported in the initial inventory submission.
Has anyone else faced this issue or can provide insights on how to resolve it?
Hey @nomtor0204, this appears to be a bug in mender-configure. I have created a ticket for it, MEN-7732. Since this is a rather low-impact bug, I can’t say when this will be picked up though. It should be a relatively easy bug to fix for someone with a little shell-script and DBus experience, if anyone wants to submit a contribution.
I applied the patch below and attempted to retrieve the token again, but no matter how many times I retried, I was unable to obtain a new token.
I believe this may be due to how state is managed by mender-client 3. Since the logs show that a reconnection to the Mender server occurs after the inventory retrieval is completed, it’s possible that the token cannot be re-acquired while the inventory script is running.
---
src/mender-inventory-mender-configure | 55 +++++++++++++++++++++------
1 file changed, 44 insertions(+), 11 deletions(-)
diff --git a/src/mender-inventory-mender-configure b/src/mender-inventory-mender-configure
index f531824..e8c5ab7 100755
--- a/src/mender-inventory-mender-configure
+++ b/src/mender-inventory-mender-configure
@@ -29,8 +29,9 @@ if ! [ -f "$CONFIG" ]; then
exit 0
fi
-# Fetch Authentication token and server from Mender Auth Manager.
-DBUS_REPLY="$(dbus-send \
+# Get Authentication token and server from Mender Auth Manager.
+get_jwt_token() {
+ DBUS_REPLY="$(dbus-send \
--system \
--print-reply \
--dest=io.mender.AuthenticationManager \
@@ -38,16 +39,48 @@ DBUS_REPLY="$(dbus-send \
io.mender.Authentication1.GetJwtToken \
| sed -ne '/^ *string ".*" *$/ {s/^ *string "\(.*\)" *$/\1/; p}')"
-AUTH_TOKEN="$(echo "$DBUS_REPLY" | sed -ne '1p')"
-SERVER="$(echo "$DBUS_REPLY" | sed -ne '2p')"
+ AUTH_TOKEN="$(echo "$DBUS_REPLY" | sed -ne '1p')"
+ SERVER="$(echo "$DBUS_REPLY" | sed -ne '2p')"
+}
-if [ -z "$AUTH_TOKEN" ]; then
- echo "An authentication token could not be obtained over DBus."
- exit 1
-fi
-if [ -z "$SERVER" ]; then
- echo "A server address could not be obtained over DBus."
- exit 1
+# Fetch Authentication token and server from Mender Auth Manager.
+retry_fetch_jwt_token() {
+ # Start dbus-monitor to listen for JwtTokenStateChange signal and redirect output to a temporary file
+ DBUS_MONITOR_OUTPUT_FILE=$(mktemp)
+ dbus-monitor --system "type='signal',interface='io.mender.Authentication1',member='JwtTokenStateChange'" > "$DBUS_MONITOR_OUTPUT_FILE" &
+ MONITOR_PID=$!
+
+ dbus-send --system --dest=io.mender.AuthenticationManager \
+ /io/mender/AuthenticationManager \
+ io.mender.Authentication1.FetchJwtToken
+
+ # Wait for JwtTokenStateChange signal or timeout
+ TIMEOUT=30
+ while [ $TIMEOUT -gt 0 ]; do
+ if grep -q "member=JwtTokenStateChange" "$DBUS_MONITOR_OUTPUT_FILE"; then
+ get_jwt_token
+ if [ -n "$AUTH_TOKEN" ] && [ -n "$SERVER" ]; then
+ kill "$MONITOR_PID" 2>/dev/null || true
+ rm -f "$DBUS_MONITOR_OUTPUT_FILE"
+ return 0
+ fi
+ fi
+ sleep 0.1
+ TIMEOUT=$((TIMEOUT - 1))
+ done
+
+ kill "$MONITOR_PID" 2>/dev/null || true
+ rm -f "$DBUS_MONITOR_OUTPUT_FILE"
+ return 1
+}
+
+get_jwt_token
+
+if [ -z "$AUTH_TOKEN" ] || [ -z "$SERVER" ]; then
+ if ! retry_fetch_jwt_token; then
+ echo "An authentication token or server address could not be obtained over DBus."
+ exit 1
+ fi
fi
# Update configuration at the time of inventory update
--
2.34.1