Is possible to move from Balena Cloud to Open Balena ?
Thanks in advance for the response.
Hi, yes, we designed the newer OS versions to be capable to transition between cloud instances. Under the hood this is done by the os-config tool (https://github.com/balena-os/os-config).
Our CLI exposes an interface towards this: https://github.com/balena-io/balena-cli/blob/master/lib/actions/join.ts
I will ping our team for documentation update, since I do not see the join command listed in our autogenerated CLI docs.
Edit: the command is now listed in our docs properly: https://www.balena.io/docs/reference/cli/#join-deviceip-
1 Like
I know this is an old thread but are there any plans to enable leave and join to work on remote instances? This would be very useful for devices in the field, as obviously we don’t have access to them directly at that point.
1 Like
@WillFG so it is possible today, but could you define your parameters in a bit more detail; which device OS versions are you using? Do you have local SSH access to them? Are they already connected to balenaCloud?
Also, what is your use-case here, since openBalena is still not to be considered production-ready?
Currently they are running at least 2.29 and are connected to balenacloud.
The use case is that we potentially scale up to hundreds of devices but cannot necessarily sustain the cost in the long term so would like the option to move them to open balena at some point in the future.
These devices will be with customers, not on a local network, although they have not gone out yet.
@WillFG OK so the issue you will have is that we had to make some modifications to the OS release, around the Supervisor service control scripts, to allow the container to be re-created in the event of a new CA value for the target balena instance; otherwise the join operation could fail if the cert on the balena service was untrusted. This happened in v2.30 of the OS.
If you instance is using a publicly trusted certificate, say from LetsEncrypt etc, then it might not be an issue for you and you could try doing the move to prove it is possible. If you were to do this then please do post back here with your findings, as I think that you should find it works.
@richbayliss Thanks for the info, I will look into setting up proper certs first and then give it a go. Looking at the CLI documentation, I do not fully understand how this would be done if not on the local network though, assuming it is the leave and join commands that should be used. Would I still need some sort of direct access to the devices or ssh into them? The majority access the internet via NAT.
Will, the leave and join commands do require SSH access. You can tunnel the SSH port 22222 to your localhost from a device using the CLI command balena tunnel but production images (default) will be unable to authenticate your request unless you add your SSH key to the config.json on the running device. At this point though it is all getting quite complicated, and you are at risk of leaving a device in an un-contactable state. The process of moving from cloud to open isn’t yet fully defined, and is something I am working on making as streamlined as possible.
3 Likes
Thanks Rich, that being the case I think I will leave well alone for the moment then, beyond sorting out my cert.
We are still working on improving the mechanism, but if you have local access to SSH into the device, then you can move them just fine today.
Accessing the remote device via ssh, how do I migrate from balena cloud to openbalena currently in 2023, which command should I use.
Thanks.