balena create app fails without internet

Hi,

I deployed openbalena in an air gapped environment and when I try to create an app it fails because it cannot access resin-production-img-cloudformation.s3.amazonaws.com .

[gyeah:root@openbalena ~] (openbalena) # balena app create blink --debug
[debug] new argv=[/usr/local/bin/balena,/snapshot/versioned-source/bin/balena,app:create,blink] length=4
BalenaRequestError: Request error: Inaccessible host: `resin-production-img-cloudformation.s3.amazonaws.com'. This service may not be available in the `us-east-1' region.

BalenaRequestError: Request error: Inaccessible host: `resin-production-img-cloudformation.s3.amazonaws.com'. This service may not be available in the `us-east-1' region.
    at Object.<anonymous> (/snapshot/versioned-source/node_modules/balena-request/build/request.js:190:27)
    at Generator.next (<anonymous>)
    at fulfilled (/snapshot/versioned-source/node_modules/tslib/tslib.js:0:0)
    at process._tickCallback (internal/process/next_tick.js:68:7)

This request is essential for openbalena to be able to create my application or I can disable it somehow ?

Hi @gyeah11, you shouldn’t need to reach our servers if you are running your own openBalena instance. My guess is that your CLI is still pointing to balenaCloud and not your openBalena server. Have you gone through the steps outlined here for the CLI? openBalena - Home

i read the documentation and i set in balenarc the variable balenaUrl .

[gyeah:root@test ~] (openbalena) # cat ~/.balenarc.yml
balenaUrl: 'openbalena.office.test.com'

[gyeah:root@test ~] (openbalena) # balena login
Logging in to openbalena.office.test.com

Hi @gyeah11, to clarify, did setting the balenaUrl field in balenarc.yml resolve your issue?

No it did not solved my problem , my configuration was good from start.

I cloned the s3 repo that holds the device types from resin-production-img-cloudformation.s3.amazonaws.com locally and that’s how i solved the problem.

If you know how i can make it work without s3 repo for device types (resin-production-img-cloudformation.s3.amazonaws.com) please let me know.

hey @gyeah11

I believe the issue is the cli tried to contact our servers if you do not provide the --type option when running the command. The cli retrieves a list of supported device types to present an interactive menu.
FYI, apps subcommand have been renamed to fleets.
I would recommend updating the cli to the latest version. and try running the command with balena fleet create blink --type <fleet device type> e.g balena fleet create blink --type raspberry-pi. Can you please try it and let us know?

Thanks

Thanks @rahul-thakoor
I will update to latest balena-cli and i will try it .
With my version i tried --type upboard ( the type of board that i use ) and it still connects to the s3 bucket to get the device types.

I gather that the balena fleet create command uses the balena SDK’s models.application.create() method, and that SDK method retrieves the device manifest from AWS S3 (regardless of the --type flag being used on the command line) as coded in the following lines:

• https://github.com/balena-io/balena-sdk/blob/v15.48.3/lib/models/application.ts#L693-L713
• https://github.com/balena-io/balena-sdk/blob/v15.48.3/lib/models/device.ts#L1395
• https://github.com/balena-io/balena-sdk/blob/v15.48.3/lib/models/config.ts#L146-L151

			const deviceTypeIdPromise = deviceModel()
				.getManifestBySlug(deviceType)

			const deviceTypes = await configModel().getDeviceTypes();

			const { body: deviceTypes } = await request.send({
				method: 'GET',
				url: '/device-types/v1',
				baseUrl: apiUrl,
			});

I understand that the SDK retrieves the device type manifest with 2 purposes:

• To disambiguate device type aliases, e.g. “nuc” being an alias for “intel-nuc”, or “raspberrypi” being an alias for “raspberry-pi”.
• To determine whether the device type status has changed to “DISCONTINUED”, in which case an error is thrown.

In turn, the SDK queries the /device-types/v1 endpoint from openbalena-api:

• https://github.com/balena-io/open-balena-api/blob/v0.155.5/src/features/device-types/index.ts#L11
• https://github.com/balena-io/open-balena-api/blob/v0.155.5/src/features/device-types/device-types.ts#L84
• https://github.com/balena-io/open-balena-api/blob/v0.155.5/src/features/device-types/storage/s3.ts#L79
• https://github.com/balena-io/open-balena-api/blob/v0.155.5/src/features/device-types/storage/s3.ts#L7
• https://github.com/balena-io/open-balena-api/blob/v0.155.5/src/lib/config.ts#L172

Where the S3 bucket URL / hostname comes from environment variable IMAGE_STORAGE_BUCKET which, as I understand, open-balena hardcodes as s3.amazonaws.com:

• https://github.com/balena-io/open-balena/blob/v3.4.1/compose/services.yml#L36

      IMAGE_STORAGE_ENDPOINT: "s3.amazonaws.com"

Hence accessing the internet. So, if I got it right, ultimately the issue is that openBalena shares the s3.amazonaws.com resource with balenaCloud for the device types endpoint. I have created the following GitHub issues:

• https://github.com/balena-io/balena-cli/issues/2322
• https://github.com/balena-io/open-balena/issues/129

And I have also recorded the feature request in balena’s support system (JF pattern) for discussion in the product improvement loop.