Hi,
I am trying to run balenaOS with an intelNuc image on a container through the project https://github.com/balena-os/balenaos-in-container.
I think i am successfully able to run the docker container with the command:
./balenaos-in-container.sh --image resin/resinos:2.50.1_rev1.dev-intel-nuc --id 2 -c "./config.json" --detach
After that I log into the running container and get:
Event: Device bootstrap failed, retrying {"delay":30000,"error":{"message":""}}
What I might be doing wrong?
Thanks
Hi!
That error looks like you are not using a valid config file. Could you try to regenerate it for your NUC and try again? As a reminder, it can be downloaded from your balenaCloud dashboard. Once you have added an application click āAdd a new deviceā, click to expand the āAdvancedā section and check āDownload configuration file onlyā now click āDownload configuration fileā 
Hi!
I was thinking the same, but I donāt have a balenaCloud account, and so I wrote it.
Is there another way to generate correctly a config.json?
Hi, just jumping in there. Are you trying to run balenaOS without connecting to a backend or are you trying to connect it to an openBalena instance? Perhaps you could post the config.json you created here, omitting any sensitive data of course.
Hi there,
I am having a look into this myself using my own intel nuc. Can I ask you how you went about creating your config file? Did you follow the instructions in this guide: https://www.balena.io/open/docs/getting-started/
Lucy-Jane
Another thing i noticed is that the value you have for the apiEndpoint doesnāt look like a real domain (https://api.domain.org). Is that something you sanitised before posting to us for security? Or is that what is on your copy of the config.json file?
Hi
to generate the config file I did:
balena os configure image_nuc.img --app myAppforNuc
and went inside the image file to copy the config.json
Yes, i have a real domain, and so the api.domain.org is sanitised.
Hi there, what do you mean you went inside the image file to copy the config.json? You donāt need to manually copy the config.json, balena os configure does that for you. Can you try following https://www.balena.io/open/docs/getting-started step by step and see if the issue gets resolved? If you are still having issues, we can see why thatās happening.
I donāt think Iāve explained well my problem.
I am not trying to configure a local image of the intel-nuc, but one Iāve pull from the dockerHub, and use it through the balena-os-container project so, I think I just need a config.json file.
By following that tutorial I would get a local image of the intel-nuc with inside the config.json, isnāt it?
Yes, thatās true, I missed that point. Can you then try using https://www.balena.io/docs/reference/balena-cli/#config-generate to generate the config.json, and then use that when you are running ./balenaos-in-container.sh? Let me know if that works and I can look into it further if it doesnt.
this are my steps:
balena app create myApp
and choose intel-nuc
balena config generate --version 2.50.1_rev1.dev-intel-nuc --device-type intel-nuc --app myApp --output config.json
chooose ethernet and 10 minutes for updates
./balenaos-in-container.sh --image resin/resinos:2.50.1_rev1.dev-intel-nuc --id test -c "config.json" --detach
docker exec -ti <uuid> /bin/bash
balena ps
balena logs <uuid-supervisor>
and I get this, I think relevant logs:
[error] LogBackend: unexpected error: Error: self signed certificate in certificate chain
[error] at TLSSocket.onConnectSecure (_tls_wrap.js:1474:34)
[error] at TLSSocket.emit (events.js:310:20)
[error] at TLSSocket._finishInit (_tls_wrap.js:917:8)
[error] at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:687:12)
[info] New device detected. Provisioning...
[event] Event: Device bootstrap failed, retrying {"delay":30000,"error":{"message":""}}
what could be the problem then?
thanks again for the help
Hi @matteopeluso, taking a step back here. Could you please verify that openBalena works fine?
[error] LogBackend: unexpected error: Error: self signed certificate in certificate chain
[error] at TLSSocket.onConnectSecure (_tls_wrap.js:1474:34)
[error] at TLSSocket.emit (events.js:310:20)
[error] at TLSSocket._finishInit (_tls_wrap.js:917:8)
[error] at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:687:12)
This error you posted points to misconfigured certification. Could you check that you have completed the install self signed cert section?
Specifically making sure you have set export NODE_EXTRA_CA_CERTS='/path/to/ca.crt' correctly?
Perhaps recreating the certificate will address this issue already. If not, let us know so we could dive into further debugging.
Yes, I have completed the installation of the self signed cert, and Iāve been using Balena for some months already without any problem.
But I am not able to generate a new certificate because I am not the āownerā of this openBalena server.
Any idea on what else I could try? Maybe changing the device? Iāve just created another physical device, a raspberrypi3, and I didnāt have any problem with my certification in this case.
Thanks
Is this error relevant?
Failed to find module āautofs4ā
Failed to create symlink /sys/fs/cgroup/net_prio: File exists
Failed to create symlink /sys/fs/cgroup/net_cls: File exists
Failed to create symlink /sys/fs/cgroup/cpuacct: File exists
Failed to create symlink /sys/fs/cgroup/cpu: File exists
Interesting to note that the pi3 image did work, Iāll ask our OS colleagues what the difference in between the NUC and pi3 image is.
Because the self-signed certificate is failing, my advice would be to resolve that first. We have had users report various issues before that were related to certificates not working correctly.
Hi, we have found out that openBalena has incompatibilities with balenaOS. Could you try the NUC with a balenaOS version that is lower than 2.49.0? We are actively working on resolving these issues, so a fix should arrive soon. Until then letās confirm that this also resolves your issue.
I have tried this image resin/resinos:2.46.0_rev1.dev-intel-nuc
balena config generate --version v2.46.0+rev1.dev --device-type intel-nuc --app app --output config.json
./balenaos-in-container.sh --image resin/resinos:2.46.0_rev1.dev-intel-nuc --id test -c "path/config.json" --detach
without success, i have got the following log that I am attachingbalenaOsContainer.log (5.3 KB)
Hi,
Thanks for the logs, something jumped out at me:
[error] LogBackend: unexpected error: Error: self signed certificate in certificate chain
[error] at TLSSocket.onConnectSecure (_tls_wrap.js:1474:34)
[error] at TLSSocket.emit (events.js:310:20)
[error] at TLSSocket._finishInit (_tls_wrap.js:917:8)
[error] at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:687:12)
WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping
Warning: Ignoring extra certs from `/etc/ssl/certs/balenaRootCA.pem`, load failed: error:02001002:system library:fopen:No such file or directory
It looks like the root CA is not populated, and this would be coming from your config.json. Could you share the config.json youāre using and just obfuscate the URL and API keys?
Thanks.
I can see you have a valid base64 encoded PEM for the root CA so I am not sure why this isnāt being populated into /etc/ssl/certs/balenaRootCA.pem ā I wonder if this is something relevant to how it runs in a container but I havenāt tried this myself. I see that the domain in the cert is a .local domain so I presume you have openBalena running on your LAN somewhere?
Iām sorry, but I am not sure I got your question.
what are you referring to?