Server.crt location in local.conf

I have been following the instructions for open source mender server given here - Mender Server | Mender documentation with a self-signed certificate. I am able to now see the mender login page when I go to https://mender.example.com on my machine hosting the k3s mender server. It looks as though the pod/mender-deployments and pod/mender-workflows-worker pods are crashing, so still looking into that, but here is my kubectl get all output below:

NAME                                                   READY   STATUS             RESTARTS         AGE
pod/mender-api-gateway-5f45645774-2hjbj                1/1     Running            1 (36m ago)      3d17h
pod/mender-create-artifact-worker-5b4695bc9d-r7xc2     1/1     Running            4 (34m ago)      3d17h
pod/mender-deployments-664767849c-vtvg5                0/1     CrashLoopBackOff   38 (3m44s ago)   3d17h
pod/mender-deployments-storage-daemon-28966515-xh4jm   0/1     Completed          0                34m
pod/mender-device-auth-775b4bcfbb-hr7dq                1/1     Running            4 (34m ago)      3d17h
pod/mender-deviceconfig-689f8d9b66-lcphm               1/1     Running            2 (34m ago)      3d17h
pod/mender-deviceconnect-76bfbbc5c9-drsc5              1/1     Running            3 (34m ago)      3d17h
pod/mender-gui-7fb54c8b86-q2jb6                        1/1     Running            1 (36m ago)      3d17h
pod/mender-inventory-c6f45c7f4-lnx28                   1/1     Running            3 (34m ago)      3d17h
pod/mender-iot-manager-748b96555d-n5trn                1/1     Running            3 (34m ago)      3d17h
pod/mender-redis-master-0                              1/1     Running            1 (36m ago)      3d18h
pod/mender-redis-replicas-0                            1/1     Running            1 (36m ago)      3d18h
pod/mender-redis-replicas-1                            1/1     Running            1 (36m ago)      3d18h
pod/mender-redis-replicas-2                            1/1     Running            1 (36m ago)      3d18h
pod/mender-useradm-6f9d4657bd-j9rkm                    1/1     Running            4 (34m ago)      3d17h
pod/mender-workflows-server-694c86d76-69xx7            1/1     Running            4 (34m ago)      3d17h
pod/mender-workflows-worker-5f698657b8-r8gpr           0/1     CrashLoopBackOff   11 (2m34s ago)   3d17h
pod/mongodb-0                                          1/1     Running            1 (36m ago)      3d17h
pod/mongodb-arbiter-0                                  1/1     Running            1 (36m ago)      3d17h
pod/nats-0                                             3/3     Running            3 (36m ago)      3d18h
pod/nats-1                                             3/3     Running            3 (36m ago)      3d18h
pod/nats-box-5fb7f4979f-x9g5x                          1/1     Running            1 (36m ago)      3d18h
pod/seaweedfs-filer-0                                  1/1     Running            1 (36m ago)      3d18h
pod/seaweedfs-master-0                                 1/1     Running            1 (36m ago)      3d18h
pod/seaweedfs-s3-57ffbb7694-qvg94                      1/1     Running            1 (36m ago)      3d18h
pod/seaweedfs-volume-0                                 1/1     Running            1 (36m ago)      3d18h

NAME                               TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                                                 AGE
service/kubernetes                 ClusterIP   10.43.0.1       <none>        443/TCP                                                 3d18h
service/mender-api-gateway         ClusterIP   10.43.4.119     <none>        80/TCP                                                  3d17h
service/mender-deployments         ClusterIP   10.43.134.169   <none>        8080/TCP                                                3d17h
service/mender-device-auth         ClusterIP   10.43.172.79    <none>        8080/TCP                                                3d17h
service/mender-deviceconfig        ClusterIP   10.43.19.70     <none>        8080/TCP                                                3d17h
service/mender-deviceconnect       ClusterIP   10.43.99.131    <none>        8080/TCP                                                3d17h
service/mender-gui                 ClusterIP   10.43.108.227   <none>        80/TCP,8080/TCP                                         3d17h
service/mender-inventory           ClusterIP   10.43.204.85    <none>        8080/TCP                                                3d17h
service/mender-iot-manager         ClusterIP   10.43.1.236     <none>        8080/TCP                                                3d17h
service/mender-redis-headless      ClusterIP   None            <none>        6379/TCP                                                3d18h
service/mender-redis-master        ClusterIP   10.43.40.232    <none>        6379/TCP                                                3d18h
service/mender-redis-replicas      ClusterIP   10.43.161.179   <none>        6379/TCP                                                3d18h
service/mender-useradm             ClusterIP   10.43.68.106    <none>        8080/TCP                                                3d17h
service/mender-workflows-server    ClusterIP   10.43.51.51     <none>        8080/TCP                                                3d17h
service/mongodb-arbiter-headless   ClusterIP   None            <none>        27017/TCP                                               3d17h
service/mongodb-headless           ClusterIP   None            <none>        27017/TCP                                               3d17h
service/nats                       ClusterIP   None            <none>        4222/TCP,6222/TCP,8222/TCP,7777/TCP,7422/TCP,7522/TCP   3d18h
service/seaweedfs-filer            ClusterIP   None            <none>        8888/TCP,18888/TCP,8333/TCP,9327/TCP                    3d18h
service/seaweedfs-filer-client     ClusterIP   None            <none>        8888/TCP,18888/TCP,9327/TCP                             3d18h
service/seaweedfs-master           ClusterIP   None            <none>        9333/TCP,19333/TCP,9327/TCP                             3d18h
service/seaweedfs-s3               ClusterIP   10.43.254.193   <none>        8333/TCP,9327/TCP                                       3d18h
service/seaweedfs-volume           ClusterIP   None            <none>        8080/TCP,18080/TCP,9327/TCP                             3d18h

NAME                                            READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/mender-api-gateway              1/1     1            1           3d17h
deployment.apps/mender-create-artifact-worker   1/1     1            1           3d17h
deployment.apps/mender-deployments              0/1     1            0           3d17h
deployment.apps/mender-device-auth              1/1     1            1           3d17h
deployment.apps/mender-deviceconfig             1/1     1            1           3d17h
deployment.apps/mender-deviceconnect            1/1     1            1           3d17h
deployment.apps/mender-gui                      1/1     1            1           3d17h
deployment.apps/mender-inventory                1/1     1            1           3d17h
deployment.apps/mender-iot-manager              1/1     1            1           3d17h
deployment.apps/mender-useradm                  1/1     1            1           3d17h
deployment.apps/mender-workflows-server         1/1     1            1           3d17h
deployment.apps/mender-workflows-worker         0/1     1            0           3d17h
deployment.apps/nats-box                        1/1     1            1           3d18h
deployment.apps/seaweedfs-s3                    1/1     1            1           3d18h

NAME                                                       DESIRED   CURRENT   READY   AGE
replicaset.apps/mender-api-gateway-5f45645774              1         1         1       3d17h
replicaset.apps/mender-create-artifact-worker-5b4695bc9d   1         1         1       3d17h
replicaset.apps/mender-deployments-664767849c              1         1         0       3d17h
replicaset.apps/mender-device-auth-775b4bcfbb              1         1         1       3d17h
replicaset.apps/mender-deviceconfig-689f8d9b66             1         1         1       3d17h
replicaset.apps/mender-deviceconnect-76bfbbc5c9            1         1         1       3d17h
replicaset.apps/mender-gui-7fb54c8b86                      1         1         1       3d17h
replicaset.apps/mender-inventory-c6f45c7f4                 1         1         1       3d17h
replicaset.apps/mender-iot-manager-748b96555d              1         1         1       3d17h
replicaset.apps/mender-useradm-6f9d4657bd                  1         1         1       3d17h
replicaset.apps/mender-workflows-server-694c86d76          1         1         1       3d17h
replicaset.apps/mender-workflows-worker-5f698657b8         1         1         0       3d17h
replicaset.apps/nats-box-5fb7f4979f                        1         1         1       3d18h
replicaset.apps/seaweedfs-s3-57ffbb7694                    1         1         1       3d18h

NAME                                     READY   AGE
statefulset.apps/mender-redis-master     1/1     3d18h
statefulset.apps/mender-redis-replicas   3/3     3d18h
statefulset.apps/mongodb                 1/1     3d17h
statefulset.apps/mongodb-arbiter         1/1     3d17h
statefulset.apps/nats                    2/2     3d18h
statefulset.apps/seaweedfs-filer         1/1     3d18h
statefulset.apps/seaweedfs-master        1/1     3d18h
statefulset.apps/seaweedfs-volume        1/1     3d18h

NAME                                              SCHEDULE     TIMEZONE   SUSPEND   ACTIVE   LAST SCHEDULE   AGE
cronjob.batch/mender-deployments-storage-daemon   15 * * * *   <none>     False     0        34m             3d17h

NAME                                                   STATUS     COMPLETIONS   DURATION   AGE
job.batch/mender-deployments-storage-daemon-28966515   Complete   1/1           10s        34m

I am now looking into how to connect a device. I was looking at these documents here - Building for demo | Mender documentation but I am a bit confused about where to put server.crt file in the yocto project. I have created a self-signed certificate for my local machine running the k3s mender server cluster (192.168.68.70), which points to https://mender.example.com. I have the crt file from that, but I don’t understand what this should be <DIRECTORY-CONTAINING-server.crt>: in my local.conf. I also don’t understand if SRC_URI:append:pn-mender-server-certificate should still just be " file://server.crt".

# Build for Mender production setup (on-prem)
#
# https://docs.mender.io/administration/production-installation
#
# Uncomment below and update the URL to match your configured domain
# name and provide the path to the generated server.crt file.
#
# Note that a custom server.crt file is only necessary if you are using
# self-signed certificates.
#
# NOTE! It is recommend that you provide below information in your custom
# Yocto layer and this is only for demo purposes. See linked documentation
# for additional information.
MENDER_SERVER_URL = "https://mender.example.com"
FILESEXTRAPATHS:prepend:pn-mender-server-certificate := "<DIRECTORY-CONTAINING-server.crt>:"
SRC_URI:append:pn-mender-server-certificate = " file://server.crt"
IMAGE_INSTALL:append = " mender-server-certificate"

Any help on how exactly to set up the yocto build for these self-signed cert files to be able to get a client to connect would be great! Also, any additional insight into my CrashLoopBackOff errors would also be helpful. Thanks!

Hi mld

regarding where to put server.crt , i suggest you can to put it in your custom layer, adding the file with a bbappend file to the mender-client recipe like explained in the docs

so your yocto project tree should look like

/build/
/layers/
       /poky/
       /meta-mender/
       /meta-xyz/
       /my-custom-layer/
                       /recipes-mender/mender-server-certificate/
                                                                /mender-server-certificate.bbappend
                                                                /files/server.crt

is basically just an append to a normal recipe

if you still want to use the local.conf file you need to put the file in a place that the build system can reach, for example in one of the layer you have already in use, but this is not a good practice, creating a custom layer is what you usually want to do, is not very sifficoult and help keeping things clean

hope it helps