I have an issue with balenaos-in-container connecting the to the s3 registry on out openBalena server.
I have perfomed the following stesp:
cloned the balenaos-in-container repo down onto a Ubuntu 20.04 EC2 instance
created a config.json file for my app using the balena cli
used docker-compose -p up -d to create the devices.
This pulls down the 2.68.1_rev1.dev-intel-nuc image from resinos dockerhub and builds a new local image for the virtual device…this all works as expected.
When the device starts for the 1st time there are errors in the balena-supervisor logs where it can’t download the containers required for the application. It is showing an x509: certificate signed by unknown authority error.
I have checked in the main container and also in the supervisor container and the balenaRootCA.crt is there and and all env variables are set.
If I restart the device by doing a docker-compose down and then docker-compose -p up -d again the device boots and the downloads the containers without issue…every time.
I can’t find the reason why it wont do it the 1st time. I originally though it might be something to do with docker on the host so I added the ca cert for openbalena there as well but it hasn’t helped.
See attached logs for balena supervisor on 1st boot and 2nd boots and also the docker-compose file.
Has anyone seen this before or can give me any points why it can;t download from the registry on the 1st boot. We have physical devices using the same config.json and they don’t have any issues.