edgex foundry multicontainer app crashing balenaOS

jose_barrero · June 24, 2021, 4:19am

Im using balenaOS 2.8 development image on rpi4 and pushing a docker-compose project with 18 containers, it seems the device is entering on a reboot loop when i push the containers. It seems it is not a memory issue, i see this on the system log:

[  184.249013] br-75c8bef36586: port 10(veth48b89aa) entered disabled state
[  205.643953] kauditd_printk_skb: 1 callbacks suppressed
[  205.643959] audit: type=1325 audit(1624497115.739:650): table=nat family=2 entries=50
[  205.722888] audit: type=1325 audit(1624497115.819:651): table=filter family=2 entries=68
[  205.754800] audit: type=1325 audit(1624497115.851:652): table=nat family=2 entries=49
[  205.800742] audit: type=1325 audit(1624497115.899:653): table=nat family=2 entries=48
[  205.836562] audit: type=1325 audit(1624497115.935:654): table=filter family=2 entries=67
[  205.856307] br-75c8bef36586: port 19(vetha1316fb) entered disabled state
[  205.863410] veth07ab205: renamed from eth0
[  205.865168] audit: type=1325 audit(1624497115.963:655): table=nat family=2 entries=47
[  205.906114] audit: type=1325 audit(1624497116.003:656): table=nat family=2 entries=46
[  205.929537] br-75c8bef36586: port 18(vetha1934b3) entered disabled state
[  205.936561] audit: type=1325 audit(1624497116.031:657): table=filter family=2 entries=66
[  205.945259] veth9b4f1f0: renamed from eth0
[  205.958498] audit: type=1325 audit(1624497116.055:658): table=nat family=2 entries=45
[  205.993706] audit: type=1325 audit(1624497116.091:659): table=nat family=2 entries=44
[  206.016465] br-75c8bef36586: port 15(veth78099d6) entered disabled state
[  206.024264] veth08a8726: renamed from eth0
[  206.086011] br-75c8bef36586: port 19(vetha1316fb) entered disabled state
[  206.100903] device vetha1316fb left promiscuous mode
[  206.106320] br-75c8bef36586: port 19(vetha1316fb) entered disabled state
[  206.139778] br-75c8bef36586: port 17(vethdff046f) entered disabled state
[  206.147201] veth912bcfc: renamed from eth0
[  206.226537] br-75c8bef36586: port 20(vethd228824) entered disabled state
[  206.233657] veth181cab2: renamed from eth0
[  206.293698] br-75c8bef36586: port 18(vetha1934b3) entered disabled state
[  206.307657] device vetha1934b3 left promiscuous mode
[  206.312955] br-75c8bef36586: port 18(vetha1934b3) entered disabled state
[  206.358528] br-75c8bef36586: port 15(veth78099d6) entered disabled state
[  206.374229] device veth78099d6 left promiscuous mode
[  206.379768] br-75c8bef36586: port 15(veth78099d6) entered disabled state
[  206.408772] br-75c8bef36586: port 17(vethdff046f) entered disabled state
[  206.422794] device vethdff046f left promiscuous mode
[  206.429029] br-75c8bef36586: port 17(vethdff046f) entered disabled state
[  207.143650] br-75c8bef36586: port 20(vethd228824) entered disabled state
[  207.158606] device vethd228824 left promiscuous mode
[  207.164417] br-75c8bef36586: port 20(vethd228824) entered disabled state
[  209.885126] br-75c8bef36586: port 12(veth847a105) entered disabled state
[  209.892242] veth49af4f7: renamed from eth0
[  211.285679] br-75c8bef36586: port 1(veth6266f56) entered blocking state
[  211.292546] br-75c8bef36586: port 1(veth6266f56) entered disabled state
[  211.299808] device veth6266f56 entered promiscuous mode
[  211.305418] kauditd_printk_skb: 13 callbacks suppressed
[  211.305422] audit: type=1700 audit(1624497121.383:673): dev=veth6266f56 prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295
[  211.932183] br-75c8bef36586: port 12(veth847a105) entered disabled state
[  211.948380] device veth847a105 left promiscuous mode
[  211.954032] audit: type=1700 audit(1624497122.023:674): dev=veth847a105 prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 ses=4294967295
[  211.955667] br-75c8bef36586: port 12(veth847a105) entered disabled state
[  212.097678] br-75c8bef36586: port 3(veth4f6a3a4) entered blocking state
[  212.108216] br-75c8bef36586: port 3(veth4f6a3a4) entered disabled state
[  212.118232] device veth4f6a3a4 entered promiscuous mode
[  212.123726] audit: type=1700 audit(1624497122.195:675): dev=veth4f6a3a4 prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295
[  212.124414] br-75c8bef36586: port 3(veth4f6a3a4) entered blocking state
[  212.142736] br-75c8bef36586: port 3(veth4f6a3a4) entered forwarding state
[  212.181320] audit: type=1325 audit(1624497122.279:676): table=nat family=2 entries=38
[  212.204171] audit: type=1325 audit(1624497122.299:677): table=filter family=2 entries=62
[  212.224290] audit: type=1325 audit(1624497122.323:678): table=nat family=2 entries=39
[  212.288216] br-75c8bef36586: port 3(veth4f6a3a4) entered disabled state
[  212.830758] br-75c8bef36586: port 4(vethfe19ecd) entered blocking state
[  212.838592] br-75c8bef36586: port 4(vethfe19ecd) entered disabled state
[  212.848376] device vethfe19ecd entered promiscuous mode
[  212.853924] audit: type=1700 audit(1624497122.927:679): dev=vethfe19ecd prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295
[  212.855756] br-75c8bef36586: port 4(vethfe19ecd) entered blocking state
[  212.872959] br-75c8bef36586: port 4(vethfe19ecd) entered forwarding state
[  212.969557] audit: type=1325 audit(1624497123.067:680): table=nat family=2 entries=40
[  213.000896] audit: type=1325 audit(1624497123.099:681): table=filter family=2 entries=63
[  213.316294] br-75c8bef36586: port 4(vethfe19ecd) entered disabled state
[  213.351185] br-75c8bef36586: port 6(veth7873463) entered blocking state
[  213.359585] br-75c8bef36586: port 6(veth7873463) entered disabled state
[  213.367029] device veth7873463 entered promiscuous mode
[  213.372435] audit: type=1700 audit(1624497123.447:682): dev=veth7873463 prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295
[  213.377173] br-75c8bef36586: port 6(veth7873463) entered blocking state
[  213.391460] br-75c8bef36586: port 6(veth7873463) entered forwarding state
[  213.684629] br-75c8bef36586: port 8(veth7da356a) entered blocking state
[  213.696348] br-75c8bef36586: port 8(veth7da356a) entered disabled state
[  213.703548] device veth7da356a entered promiscuous mode
[  213.710187] br-75c8bef36586: port 8(veth7da356a) entered blocking state
[  213.716950] br-75c8bef36586: port 8(veth7da356a) entered forwarding state
[  213.967405] br-75c8bef36586: port 9(vethf12e9eb) entered blocking state
[  213.984102] br-75c8bef36586: port 9(vethf12e9eb) entered disabled state
[  213.991644] device vethf12e9eb entered promiscuous mode
[  213.998731] br-75c8bef36586: port 9(vethf12e9eb) entered blocking state
[  214.005494] br-75c8bef36586: port 9(vethf12e9eb) entered forwarding state
[  214.340161] br-75c8bef36586: port 6(veth7873463) entered disabled state
[  214.347179] br-75c8bef36586: port 8(veth7da356a) entered disabled state
[  214.358044] br-75c8bef36586: port 9(vethf12e9eb) entered disabled state
[  216.823783] kauditd_printk_skb: 14 callbacks suppressed
[  216.823789] audit: type=1325 audit(1624497126.919:697): table=nat family=2 entries=0
[  216.947308] audit: type=1325 audit(1624497127.043:698): table=nat family=2 entries=0
[  217.196832] audit: type=1325 audit(1624497127.295:699): table=filter family=2 entries=0
[  217.205209] audit: type=1325 audit(1624497127.295:700): table=filter family=2 entries=0
[  217.328002] audit: type=1325 audit(1624497127.423:701): table=nat family=2 entries=5
[  217.336147] audit: type=1325 audit(1624497127.427:702): table=nat family=2 entries=5
[  217.371432] audit: type=1325 audit(1624497127.467:703): table=nat family=2 entries=7
[  217.379493] audit: type=1325 audit(1624497127.471:704): table=nat family=2 entries=7
[  217.418457] audit: type=1325 audit(1624497127.515:705): table=nat family=2 entries=8
[  217.426684] audit: type=1325 audit(1624497127.523:706): table=nat family=2 entries=10
[  217.936639] eth0: renamed from veth92156af
[  217.964959] eth0: renamed from veth3e62416
[  218.011535] IPv6: ADDRCONF(NETDEV_CHANGE): veth4f6a3a4: link becomes ready
[  218.018738] br-75c8bef36586: port 3(veth4f6a3a4) entered blocking state
[  218.025490] br-75c8bef36586: port 3(veth4f6a3a4) entered forwarding state
[  218.032604] IPv6: ADDRCONF(NETDEV_CHANGE): veth6266f56: link becomes ready
[  218.040033] br-75c8bef36586: port 1(veth6266f56) entered blocking state
[  218.046773] br-75c8bef36586: port 1(veth6266f56) entered forwarding state

after the first push of the app the device starts crashing constantly

could it be related to networking issues? im having an issue trying to set up the default gateway for the ethernet interface, right now i have to do it manually everytime the device reboots.

mpous · June 24, 2021, 9:43am

Hello @jose_barrero is the repo for this project public? i would like to test and replicate! Thanks!

jose_barrero · June 24, 2021, 6:12pm

Hello @mpous, yes the project is public, here’s the original docker-compose file provided by edgex foundry, the file i used is modified, i will put it below the original.

original compose file

the modifications i made where based on the fact that balena does not allow bind mounts, also i changed the services names so the docker networking works fine, i placed some common env variables on a separate file and i have a bash script to parse every variable into the push command.

networks:
  edgex-network:
    driver: bridge
services:
  edgex-app-service-configurable-rules:
    depends_on:
    - edgex-core-consul
    - edgex-core-data
    environment:
      BINDING_PUBLISHTOPIC: events
      EDGEX_PROFILE: rules-engine
      EDGEX_SECURITY_SECRET_STORE: "false"
      MESSAGEBUS_SUBSCRIBEHOST_HOST: data
      SERVICE_HOST: edgex-app-service-configurable-rules
      SERVICE_PORT: 48100
    hostname: edgex-app-service-configurable-rules
    image: edgexfoundry/docker-app-service-configurable-arm64:1.3.1
    networks:
      - edgex-network
    ports:
    - 127.0.0.1:48100:48100/tcp
    read_only: true
  #app-service-export:
  #  depends_on:
  #  - consul
  #  - data
  #  environment: 
  #    BINDING_PUBLISHTOPIC: events
  #    EDGEX_PROFILE: http-export
  #    EDGEX_SECURITY_SECRET_STORE: "false"
  #    MESSAGEBUS_SUBSCRIBEHOST_HOST: edgex-core-data
  #    SERVICE_HOST: edgex-app-service-configurable-export
  #    SERVICE_PORT: 48101
  #    WRITABLE_PIPELINE_FUNCTIONS_HTTPPOSTJSON_PARAMETERS_URL: [Your URL]
  #    WRITABLE_PIPELINE_FUNCTIONS_HTTPPOSTJSON_PARAMETERS_PERSISTONERROR: ["true"/"false"]
  #    WRITABLE_PIPELINE_FUNCTIONS_FILTERBYDEVICENAME_PARAMETERS_DEVICENAMES: "[comma separated list]"
  #    WRITABLE_PIPELINE_FUNCTIONS_FILTERBYVALUEDESCRIPTOR_PARAMETERS_VALUEDESCRIPTORS: "[comma separated list]"
  #    WRITABLE_PIPELINE_FUNCTIONS_FILTERBYVALUEDESCRIPTOR_PARAMETERS_FILTEROUT: ["true"/"false"]
  #  hostname: edgex-app-service-configurable-export
  #  image: edgexfoundry/docker-app-service-configurable-arm64:1.3.1
  #  networks:
  #    - edgex-network
  #  ports:
  #  - 127.0.0.1:48101:48101/tcp
  #  read_only: true
  edgex-core-command:
    depends_on:
    - edgex-core-consul
    - edgex-redis
    - edgex-core-metadata
    - edgex-security-bootstrap-database
    - edgex-vault-worker
    environment:
      EDGEX_SECURITY_SECRET_STORE: "true"
      SECRETSTORE_TOKENFILE: /tmp/edgex/secrets/edgex-core-command/secrets-token.json
      SERVICE_HOST: edgex-core-command
    hostname: edgex-core-command
    image: edgexfoundry/docker-core-command-go-arm64:1.3.1
    networks:
      - edgex-network
    ports:
    - 127.0.0.1:48082:48082/tcp
    read_only: true
    volumes:
    - secrets:/tmp/edgex/secrets:ro,z
  edgex-core-consul:
    depends_on:
    - edgex-secrets-setup
    environment:
      EDGEX_DB: redis
      EDGEX_SECURE: "true"
      SECRETSTORE_SETUP_DONE_FLAG: /tmp/edgex/secrets/edgex-consul/.secretstore-setup-done
    hostname: edgex-core-consul
    image: edgexfoundry/docker-edgex-consul-arm64:1.3.0
    networks:
      - edgex-network
    ports:
    - 127.0.0.1:8500:8500/tcp
    read_only: true
    volumes:
    - consul-config:/consul/config:z
    - consul-data:/consul/data:z
    - consul-scripts:/consul/scripts:z
    - secrets:/tmp/edgex/secrets:ro,z
  edgex-core-data:
    depends_on:
    - edgex-core-consul
    - edgex-redis
    - edgex-core-metadata
    - edgex-security-bootstrap-database
    - edgex-vault-worker
    environment:
      EDGEX_SECURITY_SECRET_STORE: "true"
      SECRETSTORE_TOKENFILE: /tmp/edgex/secrets/edgex-core-data/secrets-token.json
      SERVICE_HOST: edgex-core-data
    hostname: edgex-core-data
    image: edgexfoundry/docker-core-data-go-arm64:1.3.1
    networks:
      - edgex-network
    ports:
    - 127.0.0.1:5563:5563/tcp
    - 127.0.0.1:48080:48080/tcp
    read_only: true
    volumes:
    - secrets:/tmp/edgex/secrets:ro,z
  edgex-redis:
    environment:
      EDGEX_SECURITY_SECRET_STORE: "false"
    hostname: edgex-redis
    image: redis:6.0.9-alpine
    networks:
      - edgex-network
    ports:
    - 127.0.0.1:6379:6379/tcp
    read_only: true
    volumes:
    - db-data:/data:z
  #device-rest:
  #  depends_on:
  #  - consul
  #  - data
  #  - metadata
  #  environment:
  #    EDGEX_SECURITY_SECRET_STORE: "false"
  #    SERVICE_HOST: edgex-device-rest
  #  hostname: edgex-device-rest
  #  image: edgexfoundry/docker-device-rest-go-arm64:1.2.1
  #  networks:
  #    - edgex-network
  #  ports:
  #  - 127.0.0.1:49986:49986/tcp
  #  read_only: true
  #device-virtual:
  #  depends_on:
  #  - consul
  #  - data
  #  - metadata
  #  environment: 
  #    EDGEX_SECURITY_SECRET_STORE: "false"
  #    SERVICE_HOST: edgex-device-virtual
  #  hostname: edgex-device-virtual
  #  image: edgexfoundry/docker-device-virtual-go-arm64:1.3.1
  #  networks:
  #    - edgex-network
  #  ports:
  #  - 127.0.0.1:49990:49990/tcp
  edgex-proxy:
    depends_on:
    - edgex-core-consul
    - kong
    - edgex-vault-worker
    entrypoint: '/bin/sh -c  "until /consul/scripts/consul-svc-healthy.sh kong; do
      sleep 1; done; until /consul/scripts/consul-svc-healthy.sh security-secretstore-setup;
      do sleep 1; done; /edgex/security-proxy-setup --init=true"
      '
    environment:
      EDGEX_SECURITY_SECRET_STORE: "true"
      KONGURL_SERVER: kong 
      SECRETSERVICE_SNIS: kong
      SECRETSERVICE_TOKENPATH: /tmp/edgex/secrets/edgex-security-proxy-setup/secrets-token.json
    hostname: edgex-proxy
    image: edgexfoundry/docker-security-proxy-setup-go-arm64:1.3.1
    networks:
      - edgex-network
    read_only: true
    volumes:
    - consul-scripts:/consul/scripts:ro,z
    - secrets:/tmp/edgex/secrets:ro,z
  kong:
    command: '/bin/sh -c  "until /consul/scripts/consul-svc-healthy.sh kong-migrations;
      do sleep 1; done; /docker-entrypoint.sh kong docker-start"
      '
    depends_on:
    - edgex-core-consul
    - kong-db
    - kong-migrations
    environment:
      KONG_ADMIN_ACCESS_LOG: /dev/stdout
      KONG_ADMIN_ERROR_LOG: /dev/stderr
      KONG_ADMIN_LISTEN: 0.0.0.0:8001, 0.0.0.0:8444 ssl
      KONG_DATABASE: postgres
      KONG_PG_HOST: kong-db
      KONG_PG_PASSWORD: kong
      KONG_PROXY_ACCESS_LOG: /dev/stdout
      KONG_PROXY_ERROR_LOG: /dev/stderr
    hostname: kong
    image: kong:2.0.5-ubuntu
    networks:
      - edgex-network
    ports:
    - 8000:8000/tcp
    - 127.0.0.1:8001:8001/tcp
    - 8443:8443/tcp
    - 127.0.0.1:8444:8444/tcp
    read_only: true
    restart: on-failure
    tmpfs:
    - /run
    - /tmp
    tty: true
    volumes:
    - consul-scripts:/consul/scripts:ro,z
    - kong:/usr/local/kong:rw
  kong-db:
    depends_on:
    - edgex-secrets-setup
    environment:
      POSTGRES_DB: kong
      POSTGRES_PASSWORD: kong
      POSTGRES_USER: kong
    hostname: kong-db
    image: postgres:12.3-alpine
    networks:
      - edgex-network
    ports:
    - 127.0.0.1:5432:5432/tcp
    read_only: true
    tmpfs:
    - /var/run
    - /tmp
    - /run
    volumes:
    - postgres-data:/var/lib/postgresql/data:z
  kong-migrations:
    command: "/bin/sh -cx  'until /consul/scripts/consul-svc-healthy.sh kong-db;\n\
      \   do sleep 1;\ndone && kong migrations bootstrap; kong migrations list; code=$$?;\
      \ if [ $$code -eq 5 ]; then\n  kong migrations up && kong migrations finish;\n\
      fi'\n"
    depends_on:
    - edgex-core-consul
    - kong-db
    environment:
      KONG_DATABASE: postgres
      KONG_PG_HOST: kong-db
      KONG_PG_PASSWORD: kong
    image: kong:2.0.5-ubuntu
    networks:
      - edgex-network
    read_only: true
    tmpfs:
    - /tmp
    volumes:
    - consul-scripts:/consul/scripts:ro,z
  edgex-core-metadata:
    depends_on:
    - edgex-core-consul
    - edgex-redis
    - edgex-support-notifications
    - edgex-security-bootstrap-database
    - edgex-vault-worker
    environment:
      EDGEX_SECURITY_SECRET_STORE: "true"
      NOTIFICATIONS_SENDER: edgex-core-metadata
      SECRETSTORE_TOKENFILE: /tmp/edgex/secrets/edgex-core-metadata/secrets-token.json
      SERVICE_HOST: edgex-core-metadata
    hostname: edgex-core-metadata
    image: edgexfoundry/docker-core-metadata-go-arm64:1.3.1
    networks:
      - edgex-network
    ports:
    - 127.0.0.1:48081:48081/tcp
    read_only: true
    volumes:
    - secrets:/tmp/edgex/secrets:ro,z
  edgex-support-notifications:
    depends_on:
    - edgex-core-consul
    - edgex-redis
    - edgex-security-bootstrap-database
    - edgex-vault-worker
    environment:
      EDGEX_SECURITY_SECRET_STORE: "true"
      SECRETSTORE_TOKENFILE: /tmp/edgex/secrets/edgex-support-notifications/secrets-token.json
      SERVICE_HOST: edgex-support-notifications
    hostname: edgex-support-notifications
    image: edgexfoundry/docker-support-notifications-go-arm64:1.3.1
    networks:
      - edgex-network
    ports:
    - 127.0.0.1:48060:48060/tcp
    read_only: true
    volumes:
    - secrets:/tmp/edgex/secrets:ro,z
  edgex-kuiper:
    depends_on:
    - edgex-app-service-configurable-rules
    environment:
      EDGEX__DEFAULT__PORT: 5566
      EDGEX__DEFAULT__PROTOCOL: tcp
      EDGEX__DEFAULT__SERVER: edgex-app-service-configurable-rules
      EDGEX__DEFAULT__SERVICESERVER: http://data:48080
      EDGEX__DEFAULT__TOPIC: events
      KUIPER__BASIC__CONSOLELOG: "true"
      KUIPER__BASIC__RESTPORT: 48075
    hostname: edgex-kuiper
    image: emqx/kuiper:1.1.1-alpine
    networks:
      - edgex-network
    ports:
    - 127.0.0.1:20498:20498/tcp
    - 127.0.0.1:48075:48075/tcp
  edgex-support-scheduler:
    depends_on:
    - edgex-core-consul
    - edgex-redis
    - edgex-security-bootstrap-database
    - edgex-vault-worker
    environment:
      EDGEX_SECURITY_SECRET_STORE: "true"
      INTERVALACTIONS_SCRUBAGED_HOST: data
      INTERVALACTIONS_SCRUBPUSHED_HOST: data
      SECRETSTORE_TOKENFILE: /tmp/edgex/secrets/edgex-support-scheduler/secrets-token.json
      SERVICE_HOST: edgex-support-scheduler
    hostname: edgex-support-scheduler
    image: edgexfoundry/docker-support-scheduler-go-arm64:1.3.1
    networks:
      - edgex-network
    ports:
    - 127.0.0.1:48085:48085/tcp
    read_only: true
    volumes:
    - secrets:/tmp/edgex/secrets:ro,z
  edgex-security-bootstrap-database:
    depends_on:
    - edgex-redis
    - edgex-vault-worker
    environment:
      EDGEX_SECURITY_SECRET_STORE: "true"
      SECRETSTORE_TOKENFILE: /tmp/edgex/secrets/edgex-security-bootstrap-redis/secrets-token.json
      SERVICE_HOST: edgex-security-bootstrap-database
    hostname: edgex-security-bootstrap-database
    image: edgexfoundry/docker-security-bootstrap-redis-go-arm64:1.3.1
    networks:
      - edgex-network
    read_only: true
    tmpfs:
    - /run
    - /vault
    volumes:
    - secrets:/tmp/edgex/secrets:ro,z
  edgex-secrets-setup:
    command: generate
    hostname: edgex-secrets-setup
    image: edgexfoundry/docker-security-secrets-setup-go-arm64:1.3.1
    read_only: true
    tmpfs:
    - /tmp
    - /run
    volumes:
    - secrets-setup-cache:/etc/edgex/pki:rw
    - secrets:/tmp/edgex/secrets:z
    - vault-init:/vault/init:z
  #system:
  #  depends_on:
  #  - command
  #  - consul
  #  - data
  #  - metadata
  #  - notifications
  #  - scheduler
  #  environment:
  #    EDGEX_SECURITY_SECRET_STORE: "false"
  #    EXECUTORPATH: /sys-mgmt-executor
  #    METRICSMECHANISM: executor
  #    SERVICE_HOST: edgex-sys-mgmt-agent
  #  hostname: edgex-sys-mgmt-agent
  #  image: edgexfoundry/docker-sys-mgmt-agent-go-arm64:1.3.1
  #  networks:
  #    - edgex-network
  #  ports:
  #  - 127.0.0.1:48090:48090/tcp
  #  read_only: true
  #  volumes:
  #  - /var/run/docker.sock:/var/run/docker.sock:z
  edgex-vault:
    cap_add:
    - IPC_LOCK
    depends_on:
    - edgex-core-consul
    - edgex-secrets-setup
    entrypoint:
    - /vault/init/start_vault.sh
    environment:
      VAULT_ADDR: https://edgex-vault:8200
      VAULT_CONFIG_DIR: /vault/config
      VAULT_UI: "true"
    hostname: edgex-vault
    image: vault:1.5.3
    networks:
      - edgex-network
    ports:
    - 127.0.0.1:8200:8200/tcp
    tmpfs:
    - /vault/config
    volumes:
    - secrets:/tmp/edgex/secrets:ro,z
    - vault-file:/vault/file:z
    - vault-init:/vault/init:ro,z
    - vault-logs:/vault/logs:z
  edgex-vault-worker:
    depends_on:
    - edgex-core-consul
    - edgex-secrets-setup
    - edgex-vault
    environment:
      SECRETSTORE_SETUP_DONE_FLAG: /tmp/edgex/secrets/edgex-consul/.secretstore-setup-done
    hostname: edgex-vault-worker
    image: edgexfoundry/docker-security-secretstore-setup-go-arm64:1.3.1
    networks:
      - edgex-network
    read_only: true
    tmpfs:
    - /run
    - /vault
    volumes:
    - consul-scripts:/consul/scripts:ro,z
    - secrets:/tmp/edgex/secrets:z
    - vault-config:/vault/config:z
  edgex-device-ping:
    build: 
      context: ./device-ping
    ports:
      - "49992:49992"
    hostname: edgex-device-ping
    privileged: true
    cap_add:
      - SYS_RAWIO
    networks:
      - edgex-network
    environment:
      APPLIANCE_ID: '18554'
    depends_on:
      - edgex-core-data
      - edgex-core-command
      - edgex-core-metadata
    labels:
      io.balena.features.kernel-modules: '1'
version: '2.1'
volumes:
  consul-config: {}
  consul-data: {}
  consul-scripts: {}
  db-data: {}
  kong: {}
  log-data: {}
  postgres-data: {}
  secrets-setup-cache: {}
  vault-config: {}
  vault-file: {}
  vault-init: {}
  vault-logs: {}
  secrets: {}

here’s the env file and the push script:

CLIENTS_COMMAND_HOST=edgex-core-command
CLIENTS_COREDATA_HOST=edgex-core-data
CLIENTS_DATA_HOST=edgex-core-data
CLIENTS_METADATA_HOST=edgex-core-metadata
CLIENTS_NOTIFICATIONS_HOST=edgex-support-notifications
CLIENTS_RULESENGINE_HOST=edgex-kuiper
CLIENTS_SCHEDULER_HOST=edgex-support-scheduler
DATABASES_PRIMARY_HOST=edgex-redis
REGISTRY_HOST=edgex-core-consul
SECRETSTORE_HOST=edgex-vault
SECRETSTORE_ROOTCACERTPATH="/tmp/edgex/secrets/ca/ca.pem"
SECRETSTORE_SERVERNAME=edgex-vault

#!/bin/bash

balena push $1 --env $(sed ':a;N;$!ba;s/\n/ --env /g' .env) --convert-eol --nolive -d --emulated --system --debug

thank you for your help

mpous · June 25, 2021, 9:41am

@jose_barrero i remember a balena user mentioning that he made it run with this docker-compose

github.com

OdysLam/edgex-nodered-device-service/blob/master/docker-compose.yml

# /*******************************************************************************
#  * Copyright 2018 Dell Inc.
#  *
#  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
#  * in compliance with the License. You may obtain a copy of the License at
#  *
#  * http://www.apache.org/licenses/LICENSE-2.0
#  *
#  * Unless required by applicable law or agreed to in writing, software distributed under the License
#  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
#  * or implied. See the License for the specific language governing permissions and limitations under
#  * the License.
#  *
#  * @author: Jim White, Dell
#  * EdgeX Foundry, Delhi, version 1.0.0
#  * added: Dec 10, 2018
#  *******************************************************************************/

version: '2.1'
volumes:

This file has been truncated. show original

maybe it’s good to compare it with yours?

toochevere · July 5, 2021, 8:55pm

@jose_barrero just checking to see if Marc’s answer helped? Did anything come of comparing that docker-compose with yours?