Balena Preload points to wrong registry?

Hello,

when I try to preload an Image I get following Error:

[debug] new argv=[/home/holger/balena-cli/balena,/snapshot/versioned-    source/bin/balena,preload,balena-cloud-raspberrypi4-64-2.69.1+rev1-v12.3.5.img,--app,eis-rpi4,--    commit,current,--splash-image,../eis-balena/image/splash.png] length=10
Building Docker preloader image. [===                     ] 12%
Step 1/7 : FROM docker:17.12.0-ce-dind
Building Docker preloader image. [======                  ] 25%
Step 2/7 : RUN apk update && apk add --no-cache python3 parted btrfs-progs util-linux sfdisk file     coreutils sgdisk
 ---> Using cache
Building Docker preloader image. [=========               ] 37%
Step 3/7 : COPY ./requirements.txt /tmp/
 ---> Using cache
Building Docker preloader image. [============            ] 50%
Step 4/7 : RUN pip3 install -r /tmp/requirements.txt
 ---> Using cache
Building Docker preloader image. [===============         ] 62%
Step 5/7 : COPY ./src /usr/src/app
 ---> Using cache
Building Docker preloader image. [==================      ] 75%
Step 6/7 : WORKDIR /usr/src/app
 ---> Using cache
Building Docker preloader image. [=====================   ] 87%
Step 7/7 : CMD ["python3", "/usr/src/app/preload.py"]
 ---> Using cache
 ---> cce425548fb6
Successfully built cce425548fb6
Building Docker preloader image. [========================] 100%
| Checking that the image is a writable file
| Finding a free tcp port and getting balena settings
| Checking if the image is an edison zip archive
| Creating preloader container
/ Starting preloader container
- Fetching application admin/eis-rpi4
| Reading image informationWaiting for Docker to start...
\ Reading image informationDocker started
- Reading image information
/ Fetching application 1
/ Estimating required additional space
| Cleaning up temporary files
Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames:     Host: registry2.xxx.de. is not in the cert's altnames: DNS:api.xxx.de, DNS:registry.xxx.de,     DNS:s3.xxx.de, DNS:vpn.xxx.de

RequestError: Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match     certificate's altnames: Host: registry2.xxx.de. is not in the cert's altnames: DNS:api.xxx.de,     DNS:registry.eis-cloud.einsatzverwaltung.de, DNS:s3.xxx.de, DNS:vpn.xxx.de
    at new RequestError (/snapshot/versioned-source/node_modules/request-promise-    core/lib/errors.js:14:15)
    at Request.<anonymous> (/snapshot/versioned-source/node_modules/request-promise-    core/lib/plumbing.js:87:29)
    at Request.RP$callback [as _callback] (/snapshot/versioned-source/node_modules/request-    promise-core/lib/plumbing.js:46:31)
    at /snapshot/versioned-source/node_modules/request/request.js:185:22
    at Request.emit (events.js:315:20)
    at Request.EventEmitter.emit (domain.js:482:12)
    at Request.onRequestError (/snapshot/versioned-source/node_modules/request/request.js:877:8)
    at ClientRequest.emit (events.js:327:22)
    at ClientRequest.EventEmitter.emit (domain.js:482:12)
    at TLSSocket.socketErrorListener (_http_client.js:426:9)
    at TLSSocket.emit (events.js:315:20)
    at TLSSocket.EventEmitter.emit (domain.js:482:12)
    at emitErrorNT (internal/streams/destroy.js:92:8)
    at emitErrorAndCloseNT (internal/streams/destroy.js:60:3)
    at processTicksAndRejections (internal/process/task_queues.js:84:21)
From previous event:
    at Request.<anonymous> (/snapshot/versioned-source/node_modules/request-promise-    core/lib/plumbing.js:36:28)
    at Request.RP$initInterceptor [as init] (/snapshot/versioned-source/node_modules/request-    promise-core/configure/request2.js:41:27)
    at new Request (/snapshot/versioned-source/node_modules/request/request.js:127:8)
    at request (/snapshot/versioned-source/node_modules/request/index.js:53:10)
    at Preloader.registry (/snapshot/versioned-source/node_modules/balena-    preload/build/preload.js:406:22)
    at /snapshot/versioned-source/node_modules/balena-preload/build/preload.js:446:51
    at processImmediate (internal/timers.js:456:21)
    at process.topLevelDomainCallback (domain.js:137:15)

Why does it try to download the image from DNS Subdomain registry2 instead of registry?
It’s version 12.40.0 of balena-cli with current openBalena Server.

Regards,
Holger

Just experienced a similar issue. The Get Started guide still specifies to point registry. not registry2. Should we be updating? I imagine this is more likely a bug?

After searching the issues, it looks like Balena cloud points to registry2, but OpenBalena has always been registry.

Tried with both 12.40.0 and 12.40.2 (the latest):

Error: getaddrinfo ENOTFOUND registry2.xx registry2.xx:443

RequestError: Error: getaddrinfo ENOTFOUND registry2.xx registry2.xx:443
    at new RequestError (/usr/local/lib/balena-cli/node_modules/request-promise-core/lib/errors.js:14:15)
    at Request.plumbing.callback (/usr/local/lib/balena-cli/node_modules/request-promise-core/lib/plumbing.js:87:29)
    at Request.RP$callback [as _callback] (/usr/local/lib/balena-cli/node_modules/request-promise-core/lib/plumbing.js:46:31)
    at self.callback (/usr/local/lib/balena-cli/node_modules/request/request.js:185:22)
    at Request.emit (events.js:198:13)
    at Request.EventEmitter.emit (domain.js:448:20)
    at Request.onRequestError (/usr/local/lib/balena-cli/node_modules/request/request.js:877:8)
    at ClientRequest.emit (events.js:203:15)
    at ClientRequest.EventEmitter.emit (domain.js:448:20)
    at TLSSocket.socketErrorListener (_http_client.js:401:9)
    at TLSSocket.emit (events.js:198:13)
    at TLSSocket.EventEmitter.emit (domain.js:448:20)
    at emitErrorNT (internal/streams/destroy.js:91:8)
    at emitErrorAndCloseNT (internal/streams/destroy.js:59:3)
    at process._tickCallback (internal/process/next_tick.js:63:19)
From previous event:
    at Request.plumbing.init (/usr/local/lib/balena-cli/node_modules/request-promise-core/lib/plumbing.js:36:28)
    at Request.RP$initInterceptor [as init] (/usr/local/lib/balena-cli/node_modules/request-promise-core/configure/request2.js:41:27)
    at new Request (/usr/local/lib/balena-cli/node_modules/request/request.js:127:8)
    at request (/usr/local/lib/balena-cli/node_modules/request/index.js:53:10)
    at Preloader.registry (/usr/local/lib/balena-cli/node_modules/balena-preload/build/preload.js:406:22)
    at Bluebird.map (/usr/local/lib/balena-cli/node_modules/balena-preload/build/preload.js:446:51)
    at runCallback (timers.js:705:18)
    at tryOnImmediate (timers.js:676:5)
    at processImmediate (timers.js:658:5)
    at process.topLevelDomainCallback (domain.js:126:23)

Thank you for reporting! Let me check with the Open balena team!

This is a bug in the CLI and/or balena-preload.

@maggie0002 do you experience the issue with preloading too? Or just regular deplot?

If you have a way to inspect the database, it’d be useful to see the name the images of the release you’re trying to preload get stored with. The database table is image, the column is stored at-image location.

Also preloading

I will try and get to that, but can’t make any promises.

I have noticed however, an error in the logs that may or may not be related. Not noticed it before:

db_1             | 2021-02-26 00:18:50.580 UTC [1] LOG:  database system is ready to accept connections
db_1             | 2021-02-26 00:19:11.526 UTC [30] ERROR:  relation "uniq_model_model_type_vocab" already exists
db_1             | 2021-02-26 00:19:11.526 UTC [30] STATEMENT:  CREATE UNIQUE INDEX "uniq_model_model_type_vocab" ON "model" ("is of-vocabulary", "model type");

Hmm, and I might be having some other issues, related or not I’m not sure. This is the last entry from haproxy, seems the backend may never have come up.

haproxy_1        | [WARNING] 056/203449 (11) : Server backend_api/balena_api_1 is DOWN, reason: Layer4 connection problem, info: "Connection refused", check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
haproxy_1        | [ALERT] 056/203449 (11) : backend 'backend_api' has no server available!

*Correction on the above. It does come up, but then seems to fall over again the following day.

Hi there, if you check the compose file that created your openBalena instance, it probably only mentions registry.. You could try to modify DOMAINS and add registry2. along side of registry., so that both are accepted (as well as add appropriate DNS entry).

I would try setting this to registry2… as well as adding the DNS entry and the additional domain here and see if that gets around the preload issue.

Compose file reads:

  REGISTRY2_HOST: registry.sub.domain.org
  REGISTRY_HOST: registry.sub.domain.org

And there isn’t a registry2 entry in the cert-providers domain field in my compose file, it reads like this one: open-balena/services.yml at master · balena-io/open-balena · GitHub.

My compose file was made with the flatten and reproduced after the last update: ./scripts/compose config > docker-compose.yml

Are we saying registry2 is now a valid domain, that needs updating in the docs and compose file?

Had a look at trying to inspect the database today, but a bit beyond me I’m afraid. /var/lib/postgresql/data seems to be the mount point for it in the db container? Would need some pointers on best way to go about it if it’s going to be necessary for debugging, my apologies.

Went down again today, still doing so every few days. I’m hoping I am not conflating issues here, this may or may not be related to the registry issue. Will keep them together here for now until we can identify if it is or not.

This time, I managed to locate the following error in the journalctl logs of balena/open-balena-api:v0.119.5. The container is still running, as is every other container, but it is non-responsive on mydomain.com/ping where I usually monitor the server status. It had just been idling, no action taken to trigger the error:

Mar 12 18:21:19 41d36e52e116 api[982]: )) [ 2021-03-12T18:21:19.126Z, 68 ]
Mar 12 18:21:19 41d36e52e116 api[982]: 2021-03-12T18:21:19.135Z 172.20.0.8 s/vpn PATCH /resin/service_instance(68) 200 34.843ms -
Mar 12 18:21:28 41d36e52e116 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=96:00:00:7a:73:5b:d2:74:7f:6e:37:e3:08:00 SRC=103.89.88.99 DST=my-ip LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=22434 PROTO=TCP SPT=51346 DPT=3741 WINDOW=1024 RES=0x00 SYN URGP=0 
Mar 12 18:21:29 41d36e52e116 api[982]: Parsing GET /Auth/permission?$select=name&$filter=(is_of__api_key/any(khp:khp/api_key/any(k:k/key eq @apiKey))) or (is_of__role/any(rhp:rhp/role/any(r:r/is_of__api_key/any(khr:khr/api_key/any(k:k/key eq @apiKey)))))&$orderby=name asc&@apiKey='hidden-the-key'
Mar 12 18:21:29 41d36e52e116 api[982]: Running GET /Auth/permission?$select=name&$filter=(is_of__api_key/any(khp:khp/api_key/any(k:k/key eq @apiKey))) or (is_of__role/any(rhp:rhp/role/any(r:r/is_of__api_key/any(khr:khr/api_key/any(k:k/key eq @apiKey)))))&$orderby=name asc&@apiKey='hidden-the-key'
Mar 12 18:21:29 41d36e52e116 api[982]: SELECT "permission"."name"
Mar 12 18:21:29 41d36e52e116 api[982]: FROM "permission"
Mar 12 18:21:29 41d36e52e116 api[982]: WHERE (EXISTS (
Mar 12 18:21:29 41d36e52e116 api[982]:         SELECT 1
Mar 12 18:21:29 41d36e52e116 api[982]:         FROM "api key-has-permission" AS "permission.api key-has-permission"
Mar 12 18:21:29 41d36e52e116 api[982]:         WHERE "permission"."id" = "permission.api key-has-permission"."permission"
Mar 12 18:21:29 41d36e52e116 api[982]:         AND EXISTS (
Mar 12 18:21:29 41d36e52e116 api[982]:                 SELECT 1
Mar 12 18:21:29 41d36e52e116 api[982]:                 FROM "api key" AS "permission.api key-has-permission.api key"
Mar 12 18:21:29 41d36e52e116 api[982]:                 WHERE "permission.api key-has-permission"."api key" = "permission.api key-has-permission.api key"."id"
Mar 12 18:21:29 41d36e52e116 api[982]:                 AND ("permission.api key-has-permission.api key"."key") IS NOT NULL AND ("permission.api key-has-permission.api key"."key") = ($1)
Mar 12 18:21:29 41d36e52e116 api[982]:         )
Mar 12 18:21:29 41d36e52e116 api[982]: )
Mar 12 18:21:29 41d36e52e116 api[982]: OR EXISTS (
Mar 12 18:21:29 41d36e52e116 api[982]:         SELECT 1
Mar 12 18:21:29 41d36e52e116 api[982]:         FROM "role-has-permission" AS "permission.role-has-permission"
Mar 12 18:21:29 41d36e52e116 api[982]:         WHERE "permission"."id" = "permission.role-has-permission"."permission"
Mar 12 18:21:29 41d36e52e116 api[982]:         AND EXISTS (
Mar 12 18:21:29 41d36e52e116 api[982]:                 SELECT 1
Mar 12 18:21:29 41d36e52e116 api[982]:                 FROM "role" AS "permission.role-has-permission.role"
Mar 12 18:21:29 41d36e52e116 api[982]:                 WHERE "permission.role-has-permission"."role" = "permission.role-has-permission.role"."id"
Mar 12 18:21:29 41d36e52e116 api[982]:                 AND EXISTS (
Mar 12 18:21:29 41d36e52e116 api[982]:                         SELECT 1
Mar 12 18:21:29 41d36e52e116 api[982]:                         FROM "api key-has-role" AS "permission.role-has-permission.role.api key-has-role"
Mar 12 18:21:29 41d36e52e116 api[982]:                         WHERE "permission.role-has-permission.role"."id" = "permission.role-has-permission.role.api key-has-role"."role"
Mar 12 18:21:29 41d36e52e116 api[982]:                         AND EXISTS (
Mar 12 18:21:29 41d36e52e116 api[982]:                                 SELECT 1
Mar 12 18:21:29 41d36e52e116 api[982]:                                 FROM "api key" AS "permission.role-has-permission.role.api key-has-role.api key"
Mar 12 18:21:29 41d36e52e116 api[982]:                                 WHERE "permission.role-has-permission.role.api key-has-role"."api key" = "permission.role-has-permission.role.api key-has-role.api key"."id"
Mar 12 18:21:29 41d36e52e116 api[982]:                                 AND ("permission.role-has-permission.role.api key-has-role.api key"."key") IS NOT NULL AND ("permission.role-has-permission.role.api key-has-role.api key"."key") = ($1)
Mar 12 18:21:29 41d36e52e116 api[982]:                         )
Mar 12 18:21:29 41d36e52e116 api[982]:                 )
Mar 12 18:21:29 41d36e52e116 api[982]:         )
Mar 12 18:21:29 41d36e52e116 api[982]: ))
Mar 12 18:21:29 41d36e52e116 api[982]: ORDER BY "permission"."name" ASC [ 'hidden-the-key' ]
Mar 12 18:21:29 41d36e52e116 api[982]: Parsing GET /Auth/api_key(key=@apiKey)?$select=is_of__actor&@apiKey='hidden-the-key'
Mar 12 18:21:29 41d36e52e116 api[982]: Running GET /Auth/api_key(key=@apiKey)?$select=is_of__actor&@apiKey='hidden-the-key'
Mar 12 18:21:29 41d36e52e116 api[982]: SELECT "api key"."is of-actor" AS "is_of__actor"
Mar 12 18:21:29 41d36e52e116 api[982]: FROM "api key"
Mar 12 18:21:29 41d36e52e116 api[982]: WHERE ("api key"."key") IS NOT NULL AND ("api key"."key") = ($1) [ 'hidden-the-key' ]
Mar 12 18:21:29 41d36e52e116 api[982]: Parsing PATCH /resin/service_instance(68)
Mar 12 18:21:29 41d36e52e116 api[982]: Parsing GET /Auth/permission?$select=name&$filter=(is_of__api_key/any(khp:khp/api_key/any(k:k/key eq @apiKey))) or (is_of__role/any(rhp:rhp/role/any(r:r/is_of__api_key/any(khr:khr/api_key/any(k:k/key eq @apiKey)))))&$orderby=name asc&@apiKey='hidden-the-key'
Mar 12 18:21:29 41d36e52e116 api[982]: Running GET /Auth/permission?$select=name&$filter=(is_of__api_key/any(khp:khp/api_key/any(k:k/key eq @apiKey))) or (is_of__role/any(rhp:rhp/role/any(r:r/is_of__api_key/any(khr:khr/api_key/any(k:k/key eq @apiKey)))))&$orderby=name asc&@apiKey='hidden-the-key'
Mar 12 18:21:29 41d36e52e116 api[982]: SELECT "permission"."name"
Mar 12 18:21:29 41d36e52e116 api[982]: FROM "permission"
Mar 12 18:21:29 41d36e52e116 api[982]: WHERE (EXISTS (
Mar 12 18:21:29 41d36e52e116 api[982]:         SELECT 1
Mar 12 18:21:29 41d36e52e116 api[982]:         FROM "api key-has-permission" AS "permission.api key-has-permission"
Mar 12 18:21:29 41d36e52e116 api[982]:         WHERE "permission"."id" = "permission.api key-has-permission"."permission"
Mar 12 18:21:29 41d36e52e116 api[982]:         AND EXISTS (
Mar 12 18:21:29 41d36e52e116 api[982]:                 SELECT 1
Mar 12 18:21:29 41d36e52e116 api[982]:                 FROM "api key" AS "permission.api key-has-permission.api key"
Mar 12 18:21:29 41d36e52e116 api[982]:                 WHERE "permission.api key-has-permission"."api key" = "permission.api key-has-permission.api key"."id"
Mar 12 18:21:29 41d36e52e116 api[982]:                 AND ("permission.api key-has-permission.api key"."key") IS NOT NULL AND ("permission.api key-has-permission.api key"."key") = ($1)
Mar 12 18:21:29 41d36e52e116 api[982]:         )
Mar 12 18:21:29 41d36e52e116 api[982]: )
Mar 12 18:21:29 41d36e52e116 api[982]: OR EXISTS (
Mar 12 18:21:29 41d36e52e116 api[982]:         SELECT 1
Mar 12 18:21:29 41d36e52e116 api[982]:         FROM "role-has-permission" AS "permission.role-has-permission"
Mar 12 18:21:29 41d36e52e116 api[982]:         WHERE "permission"."id" = "permission.role-has-permission"."permission"
Mar 12 18:21:29 41d36e52e116 api[982]:         AND EXISTS (
Mar 12 18:21:29 41d36e52e116 api[982]:                 SELECT 1
Mar 12 18:21:29 41d36e52e116 api[982]:                 FROM "role" AS "permission.role-has-permission.role"
Mar 12 18:21:29 41d36e52e116 api[982]:                 WHERE "permission.role-has-permission"."role" = "permission.role-has-permission.role"."id"
Mar 12 18:21:29 41d36e52e116 api[982]:                 AND EXISTS (
Mar 12 18:21:29 41d36e52e116 api[982]:                         SELECT 1
Mar 12 18:21:29 41d36e52e116 api[982]:                         FROM "api key-has-role" AS "permission.role-has-permission.role.api key-has-role"
Mar 12 18:21:29 41d36e52e116 api[982]:                         WHERE "permission.role-has-permission.role"."id" = "permission.role-has-permission.role.api key-has-role"."role"
Mar 12 18:21:29 41d36e52e116 api[982]:                         AND EXISTS (
Mar 12 18:21:29 41d36e52e116 api[982]:                                 SELECT 1
Mar 12 18:21:29 41d36e52e116 api[982]:                                 FROM "api key" AS "permission.role-has-permission.role.api key-has-role.api key"
Mar 12 18:21:29 41d36e52e116 api[982]:                                 WHERE "permission.role-has-permission.role.api key-has-role"."api key" = "permission.role-has-permission.role.api key-has-role.api key"."id"
Mar 12 18:21:29 41d36e52e116 api[982]:                                 AND ("permission.role-has-permission.role.api key-has-role.api key"."key") IS NOT NULL AND ("permission.role-has-permission.role.api key-has-role.api key"."key") = ($1)
Mar 12 18:21:29 41d36e52e116 api[982]:                         )
Mar 12 18:21:29 41d36e52e116 api[982]:                 )
Mar 12 18:21:29 41d36e52e116 api[982]:         )
Mar 12 18:21:29 41d36e52e116 api[982]: ))
Mar 12 18:21:29 41d36e52e116 api[982]: ORDER BY "permission"."name" ASC [ 'hidden-the-key' ]
Mar 12 18:21:29 41d36e52e116 api[982]: Parsing GET /Auth/api_key(key=@apiKey)?$select=is_of__actor&@apiKey='hidden-the-key'
Mar 12 18:21:29 41d36e52e116 api[982]: Running GET /Auth/api_key(key=@apiKey)?$select=is_of__actor&@apiKey='hidden-the-key'
Mar 12 18:21:29 41d36e52e116 api[982]: SELECT "api key"."is of-actor" AS "is_of__actor"
Mar 12 18:21:29 41d36e52e116 api[982]: FROM "api key"
Mar 12 18:21:29 41d36e52e116 api[982]: WHERE ("api key"."key") IS NOT NULL AND ("api key"."key") = ($1) [ 'hidden-the-key' ]
Mar 12 18:21:29 41d36e52e116 api[982]: Running PATCH /resin/service_instance(68)
Mar 12 18:21:29 41d36e52e116 api[982]: UPDATE "service instance"
Mar 12 18:21:29 41d36e52e116 api[982]: SET "last heartbeat" = $1
Mar 12 18:21:29 41d36e52e116 api[982]: WHERE ("service instance"."id") IS NOT NULL AND ("service instance"."id") = ($2)
Mar 12 18:21:29 41d36e52e116 api[982]: AND "service instance"."id" IN ((
Mar 12 18:21:29 41d36e52e116 api[982]:         SELECT "service instance"."id"
Mar 12 18:21:29 41d36e52e116 api[982]:         FROM (
Mar 12 18:21:29 41d36e52e116 api[982]:                 SELECT "service instance"."created at", "service instance"."modified at", "service instance"."id", "service instance"."service type", "service instance"."ip address", "service instance"."last heartbeat"
Mar 12 18:21:29 41d36e52e116 api[982]:                 FROM "service instance"
Mar 12 18:21:29 41d36e52e116 api[982]:         ) AS "service instance"
Mar 12 18:21:29 41d36e52e116 api[982]: )) [ 2021-03-12T18:21:29.177Z, 68 ]
Mar 12 18:21:29 41d36e52e116 api[982]: 2021-03-12T18:21:29.183Z 172.20.0.8 s/vpn PATCH /resin/service_instance(68) 200 27.666ms -
Mar 12 18:21:30 41d36e52e116 api[982]: /usr/src/app/src/features/contracts/contracts-directory.ts:123
Mar 12 18:21:30 41d36e52e116 api[982]:                 new Error(
Mar 12 18:21:30 41d36e52e116 api[982]:   ^
Mar 12 18:21:30 41d36e52e116 api[982]: Error: Invalid response while fetching contracts: Internal Server Error
Mar 12 18:21:30 41d36e52e116 api[982]:     at Request.handleResponse [as _callback] (/usr/src/app/src/features/contracts/contracts-directory.ts:123:3)
Mar 12 18:21:30 41d36e52e116 api[982]:     at Request.self.callback (/usr/src/app/node_modules/request/request.js:185:22)
Mar 12 18:21:30 41d36e52e116 api[982]:     at Request.emit (events.js:327:22)
Mar 12 18:21:30 41d36e52e116 api[982]:     at Request.EventEmitter.emit (domain.js:467:12)
Mar 12 18:21:30 41d36e52e116 api[982]:     at Request.<anonymous> (/usr/src/app/node_modules/request/request.js:1154:10)
Mar 12 18:21:30 41d36e52e116 api[982]:     at Request.emit (events.js:327:22)
Mar 12 18:21:30 41d36e52e116 api[982]:     at Request.EventEmitter.emit (domain.js:467:12)
Mar 12 18:21:30 41d36e52e116 api[982]:     at IncomingMessage.<anonymous> (/usr/src/app/node_modules/request/request.js:1076:12)
Mar 12 18:21:30 41d36e52e116 api[982]:     at Object.onceWrapper (events.js:421:28)
Mar 12 18:21:30 41d36e52e116 api[982]:     at IncomingMessage.emit (events.js:327:22)
Mar 12 18:21:30 41d36e52e116 api[982]:     at IncomingMessage.EventEmitter.emit (domain.js:467:12)
Mar 12 18:21:30 41d36e52e116 api[982]:     at endReadableNT (internal/streams/readable.js:1327:12)
Mar 12 18:21:30 41d36e52e116 api[982]:     at processTicksAndRejections (internal/process/task_queues.js:80:21)
Mar 12 18:21:30 41d36e52e116 api[982]: Program node index.js exited with code 1

Is there any pointers on where to go next with this? Should I put together a GitHub issue? Is it reproducible, or something off with my setup? I have been down for some time now, any pointers would be greatly appreciated.

Can you please try adding registry2.${OPENBALENA_HOST_NAME} to your compose manifest and recreate the cert-provider service. This will add another SAN to the certificate, which should hopefully workaround this issue while we work out how to restructure our code bases properly around this. FWIW, there hasn’t really been a registry. for some time, everything now runs on registry2..

@maggie0002, can you please try running:

$ export BALENARC_REGISTRY2_URL=registry.<your-domain>
$ balena settings
...

and give preload another go?

@ab77 thanks for the pointer. My main concern was whether this was an issue I was experiencing, or whether it could be recreated. The former meaning it wouldn’t necessarily be resolvable without something more drastic.

@dfunckt I tried what you suggested on my local system running the CLI and the preload has now gone through. Thanks for the workaround.

Not sure how many of the other issues I mentioned above are related to this, will see if they reoccur and open another issue in its own thread if they do.

Is there any update on this? I see a few releases of Balena CLI and Open Balena since the issue was identified. Has the fix now been implemented?

@maggie0002, @holg, this issue should be fixed in CLI release v12.44.16 or later (just released), thanks to the work of @klutchell in Avoid hardcoded registry2 URL by klutchell · Pull Request #244 · balena-io-modules/balena-preload · GitHub.
Let us know if it now works for you. Thanks for reporting it and helping us with the investigation.