Required firewall settings for Mender

The UP squared device (with mender client running) is connected at customer network. It does show the IP address (network that belongs to customer) in Device inventory in Mender management software running on AWS . But Mender management software can not perform deployment. The status remains Pending. The deployment works well if the device is connected to our network. Is there (customer side) any firewall settings that does not allow communication with device from outside? Even, I can not ssh into the device.

The mender client connects to the Mender server running on port 443 with TLS. As long as that connection succeeds you should be able to add the device.

Additionally there is another connection to download the artifact. In our hosted plans that is a dynamically generated S3 URL over port 443 as well. If you are using a self-hosted Mender server, then the artifact URL will be by default on port 9000.

Drew

We are using self-hosted Mender Server. . The device is added already. The ip address is populated at ipv4_enp2s0.

How can I deploy the mender update on device via USB stick (.mender file is copied on the usb stick)?

Like this :slight_smile:

Thank you. When I searched for mender -help , it does not show me flag install . But it shows the flag rootfs. Can I use command mender -rootfs <URI> instead? The version is 1.7.1

yes, it got renamed at some point. I have successfull used the -rootfs and -install options to do exactly what you are after :slight_smile:

Yup, just look up 1.7 in the doc :wink:
https://docs.mender.io/1.7/architecture/standalone-deployments#deploy-an-artifact-to-a-device

I was able to deploy the update using command mender -f -rootfs ( After this error: Installation failed: installer: failed to read and install update: will not install artifact with state-scripts when installing from cmd-line. Use -f to override module=rootfs) . But it stopped all running docker applications, services running on the device (already provisioned device). How can I achieve standalone deployment without affecting affecting/ modifying existing device configuration? When I ran managed deployment with same .mender file, it worked successfully though.

You will need to arrange for the docker containers and settings to be stored in the /data partition and referenced from there by docker. When you do a full rootfs update you are completely replacing the root filesystem so any state that is stored in the rootfs will be replaced.
Drew