Failing to add device


#1

Hello,
I have restarted by openBalena journey with local openBalena installation in Vagrant provisioned VM
and with balenaOS 2.29 dev image.
Vagrantfile made new start super easy. Also happy to have updated device OS (2.29) from https://www.balena.io/os/.

I am trying to join platform via
NODE_EXTRA_CA_CERTS=~/w/ob1/ob.crt RESINRC_RESIN_URL=openbalena.local balena join
which offers my app1 and local device and it reports success.

However “balena devices” does not show my new device

a/ VPN reports auth failure
Jan 03 16:54:55 balena openvpn[3622]: Thu Jan 3 16:54:55 2019 Attempting to establish TCP connection with [AF_INET]172.27.234.101:443 [nonblock]
Jan 03 16:54:56 balena openvpn[3622]: Thu Jan 3 16:54:56 2019 TCP connection established with [AF_INET]172.27.234.101:443
Jan 03 16:54:56 balena openvpn[3622]: Thu Jan 3 16:54:56 2019 TCP_CLIENT link local: (not bound)
Jan 03 16:54:56 balena openvpn[3622]: Thu Jan 3 16:54:56 2019 TCP_CLIENT link remote: [AF_INET]172.27.234.101:443
Jan 03 16:54:56 balena openvpn[3622]: Thu Jan 3 16:54:56 2019 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Jan 03 16:54:56 balena openvpn[3622]: Thu Jan 3 16:54:56 2019 TLS: Initial packet from [AF_INET]172.27.234.101:443, sid=2f0b59d7 8d63a581
Jan 03 16:54:56 balena openvpn[3622]: Thu Jan 3 16:54:56 2019 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Jan 03 16:54:56 balena openvpn[3622]: Thu Jan 3 16:54:56 2019 VERIFY OK: depth=2, CN=ca.openbalena.local
Jan 03 16:54:56 balena openvpn[3622]: Thu Jan 3 16:54:56 2019 VERIFY OK: depth=1, CN=vpn-ca.openbalena.local
Jan 03 16:54:56 balena openvpn[3622]: Thu Jan 3 16:54:56 2019 VERIFY KU OK
Jan 03 16:54:56 balena openvpn[3622]: Thu Jan 3 16:54:56 2019 Validating certificate extended key usage
Jan 03 16:54:56 balena openvpn[3622]: Thu Jan 3 16:54:56 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Jan 03 16:54:56 balena openvpn[3622]: Thu Jan 3 16:54:56 2019 VERIFY EKU OK
Jan 03 16:54:56 balena openvpn[3622]: Thu Jan 3 16:54:56 2019 VERIFY OK: depth=0, CN=vpn.openbalena.local
Jan 03 16:54:56 balena openvpn[3622]: Thu Jan 3 16:54:56 2019 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Jan 03 16:54:56 balena openvpn[3622]: Thu Jan 3 16:54:56 2019 [vpn.openbalena.local] Peer Connection Initiated with [AF_INET]172.27.234.101:443
Jan 03 16:54:58 balena openvpn[3622]: Thu Jan 3 16:54:57 2019 SENT CONTROL [vpn.openbalena.local]: ‘PUSH_REQUEST’ (status=1)
Jan 03 16:54:58 balena openvpn[3622]: Thu Jan 3 16:54:58 2019 AUTH: Received control message: AUTH_FAILED
Jan 03 16:54:58 balena openvpn[3622]: Thu Jan 3 16:54:58 2019 SIGTERM[soft,auth-failure] received, process exiting
Jan 03 16:55:08 balena systemd[1]: openvpn.service: Service hold-off time over, scheduling restart.
Jan 03 16:55:08 balena systemd[1]: openvpn.service: Scheduled restart job, restart counter is at 68.
Jan 03 16:55:08 balena systemd[1]: Stopped OpenVPN.

b/ supervisor also fails
Jan 03 16:25:24 balena resin-supervisor[998]: [2019-01-03T16:25:24.209Z] New device detected. Provisioning…
Jan 03 16:25:24 balena resin-supervisor[998]: [2019-01-03T16:25:24.424Z] Event: Device bootstrap failed, retrying {“delay”:30000,“error”:{“message”:""}}
Jan 03 16:25:54 balena resin-supervisor[998]: [2019-01-03T16:25:54.448Z] Event: Device bootstrap {}
Jan 03 16:25:54 balena resin-supervisor[998]: [2019-01-03T16:25:54.497Z] New device detected. Provisioning…
Jan 03 16:25:54 balena resin-supervisor[998]: [2019-01-03T16:25:54.656Z] Event: Device bootstrap failed, retrying {“delay”:30000,“error”:{“message”:""}}
Jan 03 16:26:24 balena resin-supervisor[998]: [2019-01-03T16:26:24.673Z] Event: Device bootstrap {}
Jan 03 16:26:24 balena resin-supervisor[998]: [2019-01-03T16:26:24.738Z] New device detected. Provisioning…
Jan 03 16:26:24 balena resin-supervisor[998]: [2019-01-03T16:26:24.880Z] Event: Device bootstrap failed, retrying {“delay”:30000,“error”:{“message”:""}}

What is recommended way to provision device to openBalena platform?

What troubleshooting steps do you recommend?

Checklist:

  • device resolves all x.openbalena.local names to local IP
  • this IP is reachable with full IP connectivity
  • I was able to login with balena CLI, so I assume certificate is correct

Thank you
Martin


#4

@mko it looks like you have most things plumbed together OK, but the supervisor isn’t having much luck in registering itself with your app.

I would start by pulling the SD card and re-configuring it for the app and seeing if it will register then; maybe something went awry.

If that doesn’t work, then I would jump onto the Pi and get into the supervisor container to confirm that your api.openbalena.local is pingable, and you can curl -ik https://api.openbalena.local/ping and get OK