Failing registering device with balenaos-in-container

Hi,

I am trying to run balenaOS with an intelNuc image on a container through the project https://github.com/balena-os/balenaos-in-container.

I think i am successfully able to run the docker container with the command:

./balenaos-in-container.sh --image resin/resinos:2.50.1_rev1.dev-intel-nuc --id 2 -c "./config.json" --detach

After that I log into the running container and get:

Event: Device bootstrap failed, retrying {"delay":30000,"error":{"message":""}}

What I might be doing wrong?

Thanks

Hi!

That error looks like you are not using a valid config file. Could you try to regenerate it for your NUC and try again? As a reminder, it can be downloaded from your balenaCloud dashboard. Once you have added an application click “Add a new device”, click to expand the “Advanced” section and check “Download configuration file only” now click “Download configuration file” :slight_smile:

Hi!

I was thinking the same, but I don’t have a balenaCloud account, and so I wrote it.
Is there another way to generate correctly a config.json?

Hi, just jumping in there. Are you trying to run balenaOS without connecting to a backend or are you trying to connect it to an openBalena instance? Perhaps you could post the config.json you created here, omitting any sensitive data of course.

Hi there,

I am having a look into this myself using my own intel nuc. Can I ask you how you went about creating your config file? Did you follow the instructions in this guide: https://www.balena.io/open/docs/getting-started/

Lucy-Jane

Another thing i noticed is that the value you have for the apiEndpoint doesn’t look like a real domain (https://api.domain.org). Is that something you sanitised before posting to us for security? Or is that what is on your copy of the config.json file?

Hi
to generate the config file I did:

balena os configure image_nuc.img --app myAppforNuc

and went inside the image file to copy the config.json

Yes, i have a real domain, and so the api.domain.org is sanitised.

Hi there, what do you mean you went inside the image file to copy the config.json? You don’t need to manually copy the config.json, balena os configure does that for you. Can you try following https://www.balena.io/open/docs/getting-started step by step and see if the issue gets resolved? If you are still having issues, we can see why that’s happening.

I don’t think I’ve explained well my problem.

I am not trying to configure a local image of the intel-nuc, but one I’ve pull from the dockerHub, and use it through the balena-os-container project so, I think I just need a config.json file.

By following that tutorial I would get a local image of the intel-nuc with inside the config.json, isn’t it?

Yes, that’s true, I missed that point. Can you then try using https://www.balena.io/docs/reference/balena-cli/#config-generate to generate the config.json, and then use that when you are running ./balenaos-in-container.sh? Let me know if that works and I can look into it further if it doesnt.

this are my steps:

balena app create myApp

and choose intel-nuc

balena config generate --version 2.50.1_rev1.dev-intel-nuc  --device-type intel-nuc --app myApp --output config.json

chooose ethernet and 10 minutes for updates

./balenaos-in-container.sh --image resin/resinos:2.50.1_rev1.dev-intel-nuc --id test -c "config.json" --detach

docker exec -ti <uuid> /bin/bash

balena ps

balena logs <uuid-supervisor>

and I get this, I think relevant logs:

[error]   LogBackend: unexpected error: Error: self signed certificate in certificate chain
[error]         at TLSSocket.onConnectSecure (_tls_wrap.js:1474:34)
[error]       at TLSSocket.emit (events.js:310:20)
[error]       at TLSSocket._finishInit (_tls_wrap.js:917:8)
[error]       at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:687:12)

[info]    New device detected. Provisioning...
[event]   Event: Device bootstrap failed, retrying {"delay":30000,"error":{"message":""}}

what could be the problem then?

thanks again for the help

Hi @matteopeluso, taking a step back here. Could you please verify that openBalena works fine?

[error]   LogBackend: unexpected error: Error: self signed certificate in certificate chain
[error]         at TLSSocket.onConnectSecure (_tls_wrap.js:1474:34)
[error]       at TLSSocket.emit (events.js:310:20)
[error]       at TLSSocket._finishInit (_tls_wrap.js:917:8)
[error]       at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:687:12)

This error you posted points to misconfigured certification. Could you check that you have completed the install self signed cert section?

Specifically making sure you have set export NODE_EXTRA_CA_CERTS='/path/to/ca.crt' correctly?

Perhaps recreating the certificate will address this issue already. If not, let us know so we could dive into further debugging.

Yes, I have completed the installation of the self signed cert, and I’ve been using Balena for some months already without any problem.

But I am not able to generate a new certificate because I am not the “owner” of this openBalena server.

Any idea on what else I could try? Maybe changing the device? I’ve just created another physical device, a raspberrypi3, and I didn’t have any problem with my certification in this case.

Thanks

Is this error relevant?

Failed to find module 'autofs4’

Failed to create symlink /sys/fs/cgroup/net_prio: File exists

Failed to create symlink /sys/fs/cgroup/net_cls: File exists

Failed to create symlink /sys/fs/cgroup/cpuacct: File exists

Failed to create symlink /sys/fs/cgroup/cpu: File exists

Interesting to note that the pi3 image did work, I’ll ask our OS colleagues what the difference in between the NUC and pi3 image is.

Because the self-signed certificate is failing, my advice would be to resolve that first. We have had users report various issues before that were related to certificates not working correctly.

Hi, we have found out that openBalena has incompatibilities with balenaOS. Could you try the NUC with a balenaOS version that is lower than 2.49.0? We are actively working on resolving these issues, so a fix should arrive soon. Until then let’s confirm that this also resolves your issue.

I have tried this image resin/resinos:2.46.0_rev1.dev-intel-nuc

balena config generate --version v2.46.0+rev1.dev --device-type intel-nuc --app app --output config.json
./balenaos-in-container.sh --image resin/resinos:2.46.0_rev1.dev-intel-nuc --id test -c "path/config.json" --detach

without success, i have got the following log that I am attachingbalenaOsContainer.log (5.3 KB)

Hi,

Thanks for the logs, something jumped out at me:

[error]   LogBackend: unexpected error: Error: self signed certificate in certificate chain
[error]         at TLSSocket.onConnectSecure (_tls_wrap.js:1474:34)
[error]       at TLSSocket.emit (events.js:310:20)
[error]       at TLSSocket._finishInit (_tls_wrap.js:917:8)
[error]       at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:687:12)
WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping
Warning: Ignoring extra certs from `/etc/ssl/certs/balenaRootCA.pem`, load failed: error:02001002:system library:fopen:No such file or directory

It looks like the root CA is not populated, and this would be coming from your config.json. Could you share the config.json you’re using and just obfuscate the URL and API keys?

Thanks.

I can see you have a valid base64 encoded PEM for the root CA so I am not sure why this isn’t being populated into /etc/ssl/certs/balenaRootCA.pem – I wonder if this is something relevant to how it runs in a container but I haven’t tried this myself. I see that the domain in the cert is a .local domain so I presume you have openBalena running on your LAN somewhere?

I’m sorry, but I am not sure I got your question.

what are you referring to?