Network Requirements to build images

openBalena
1

Our corporate firewall is a beast that does some deep inspection ( like a man in the middle attack ) to be able to decrypt all secured traffic going throught , yaaaayyy
I have installed its custom root ca cert on my open balena machine, and have open some domains dl.min.io in the firewall but I still cannot make a build without disabling the firewall. The error I got is

[Debug] Parsing input…
FetchError: network timeout at: https://api.myworkdomain.com/device-types/v1
at Timeout._onTimeout (/home/my_user/.nvm/versions/node/v11.14.0/lib/node_modules/balena-cli/node_modules/node-fetch/index.js:126:13)
at listOnTimeout (internal/timers.js:535:17)
at processTimers (internal/timers.js:479:7)

So my guess is that https://api.myworkdomain.com/device-types/v1 is calling something outside that is bloqued by the firewall and I cannot find it.

Here is what we have whitelisted so far:

  • dl.min.io
  • *.balena-cloud.com
  • *.docker.com
  • *.docker.io
  • *.github.com

Thank you

2

You’ll need to whitelist our production S3 bucket where we store the device types: https://github.com/balena-io/open-balena/blob/master/compose/services.yml#L34-L36. I don’t remember right now if the API does requests using the “path” style, so you may have to try whitelisting both “s3.amazonaws.com” and “resin-production-img-cloudformation.s3.amazonaws.com” and see which one works.

BTW, you can get logs from the API server with ./scripts/compose exec -it api journalctl -fn500. That might show what exactly is wrong.

4

Adding this worked. Thanks again, a lot !