Good Day!
I’ve build a custom image with Buildroot for Radxa Zero. I don’t have systemd (systemv). I have no board integration so far, because I only want to test artifacts/update. I’m registerd on https://eu.hosted.mender.io as trail, enterprise plan.
I can setup mender client on my board and can add it manually via UI. Custom identity and inventory are working. mender-connect working.
However, when I want a preautherize a device I see still the same behaviour as it needs to be accepted manully.
The only step from the documentation I’ve omitted is Copy the private device key. I have manually copied the private.key previously generated to /var/lib/mender/mender-agent.pem (and any other location mentioned in the documentation).
As identity for preauthorization I’ve once selected mac and once serial, which is a unique serial number (string).
Started mender client mender daemon
ERRO[0003] Failed to authorize with "https://eu.hosted.mender.io": authentication request rejected server error message: dev auth: unauthorized
Device appears pending.
PS: Which values are accepted for --log-level?
Thanks in advance!
The preauthorized device and the pending request have the same public key.
Do I need somewhere tell mender that it has explicitly use a preauthorization routine?
ime="2023-03-22T11:42:44+01:00" level=info msg="Device unauthorized; attempting reauthorization"
time="2023-03-22T11:42:44+01:00" level=info msg="Output (stderr) from command \"/usr/share/mender/identity/mender-device-identity\": using interface /sys/class/net/wlan0"
time="2023-03-22T11:42:44+01:00" level=error msg="Failed to authorize with \"https://eu.hosted.mender.io\": authentication request rejected server error message: dev auth: unauthorized"
time="2023-03-22T11:42:44+01:00" level=warning msg="Reauthorization failed with error: transient error: authorization request failed"
time="2023-03-22T11:42:44+01:00" level=error msg="Failed to submit inventory data: transient error: authorization request failed"
time="2023-03-22T11:42:44+01:00" level=error msg="inventory submit failed: transient error: authorization request failed"
time="2023-03-22T11:42:44+01:00" level=warning msg="Failed to refresh inventory: failed to submit inventory data: inventory submit failed: transient error: authorization request failed"
time="2023-03-22T11:42:44+01:00" level=info msg="State transition: inventory-update [Sync] -> inventory-update-retry-wait [Sync]"
time="2023-03-22T11:42:44+01:00" level=info msg="Handle update inventory retry state try: 3"
time="2023-03-22T11:42:44+01:00" level=warning msg="Returning artifact name from /etc/mender/artifact_info file. This is a fallback, in case the information can not be retrieved from the database, and is only expected when an update has never been installed before."
mender.conf
{
"HttpsClient": {},
"Security": {},
"Connectivity": {},
"RootfsPartA": "/dev/mmcblk0p2",
"RootfsPartB": "/dev/mmcblk0p3",
"DeviceTypeFile": "/var/lib/mender/device_type",
"DBus": {
"Enabled": true
},
"UpdateControlMapExpirationTimeSeconds": 90,
"UpdateControlMapBootExpirationTimeSeconds": 45,
"UpdatePollIntervalSeconds": 5,
"InventoryPollIntervalSeconds": 5,
"RetryPollIntervalSeconds": 30,
"ServerCertificate": "/etc/mender/server.crt",
"TenantToken": "<MY_TOKEN_HERE>",
"Servers": [
{
"ServerURL": "https://eu.hosted.mender.io"
}
]
The auth_sets were not exactly the same. I got the incoming pending request for authorization because /usr/share/mender/identity/mender-device-identity returned a mac and serial. But when I made my preauthorization API call, I only passed in the serial number export DEVICE_IDENTITY_JSON_OBJECT_STRING='{"serial":"<SERIAL>"}'.
I double checked the auth_sets returned by curl -H "Authorization: Bearer $JWT" $MENDER_SERVER_URI/api/management/v2/devauth/devices | jq '.'
1 Like