Mutual TLS with mender

Hmm, I see. This looks like a bug in mender-artifact, since this is not a mender-partitioned sdimg, the command will not work.

@oleorhagen

What can be done?

just to establish a baseline:

Where did you obtain the image?

And what is your goal? To install Mender and test it out?

@oleorhagen

I obtained image once after integrating mender with yocto for i.MX8QM board.
We wanted to test mutual tls mender security feature in our security suite.

I see, with meta-mender?

The reason I’m wondering is that you’re image only has three partitions, and we usually require 4 for Mender rootfs updates to work.

@oleorhagen

Yes, with meta-mender.

Mender rootfs update is working with these three partition.

Interesting, I will then consider this a bug in mender-artifact.

Thank you! I will look into it.

In the meantime, it is possible to loopback mount the partitions, and copy the files manually :slight_smile:

Ticket can be found here If you are curious :slight_smile:

@oleorhagen

How to copy the files manually?

This should do the trick:

@oleorhagen

Thanks will go through that.

1 Like

@tranchitella

I am getting same above mentioned issue while starting mtls edge proxy with newly created user credentials in Hosted mender.
Is there any deadline for that?
What is this error? How to overcome it?

@chaithanya can you reach hosted.mender.io from that machine? The context deadline means the operation times out. Can you try to run “curl https://hosted.mender.io” and see if you get response?

@tranchitella

I am able to login through web browser using those credentials.
But I get error if I run “curl https://hosted.mender.io

@oleorhagen

After mounting disk image, found that ‘data’ folder in the image is empty.
Why it is so?

Is there any chance you could share the necessary steps required to reproduce your meta-mender build?

It looks like something is very off in your networking. What does host hosted.mender.io return?

Your fdisk output shows a 10MB data partition which is awfully small. I suspect something is incorrect in your configuration. You may need to update the Yocto variables specifying the partition sizes.

Drew

$ host hosted.mender.io

hosted.mender.io has address 3.225.60.34
hosted.mender.io has address 34.231.149.185
hosted.mender.io mail is handled by 10 aspmx3.googlemail.com.
hosted.mender.io mail is handled by 5 alt1.aspmx.l.google.com.
hosted.mender.io mail is handled by 5 alt2.aspmx.l.google.com.
hosted.mender.io mail is handled by 1 aspmx.l.google.com.
hosted.mender.io mail is handled by 10 aspmx2.googlemail.com.

Okay. I will increase the data partition size and let you know.

@oleorhagen

Mainly downloaded meta-mender from github and few changes are done in machine configuration file and uboot as per the mender document.

@chaithanya this is not an error, it is expected to see a redirection to the UI.
What you report is very strange: you can access hosted.mender.io, but when you start the mTLS ambassador it times out trying to log in to Hosted Mender. Does the networking of your Docker setup work fine? If you start an alpine container, can you curl Hosted Mender?