Open issues/Queries with OpenBalena

Dear All,

I have finally finished the setup the openbalena as per Quick start Guide. However i have following issues/queries. Could you please help if possible.

  1. I have pushed sense-snake. But how can i verify it is running in RasPI? I have tried to execute docker commands. It seems command itself not available.

root@d04e137:~# docker version
-sh: docker: command not found
root@d04e137:~#
root@d04e137:~#
root@d04e137:~#

  1. Is there any way to activate or access dashboard (GUI)? I have already added CNAME for dashboard.mydomain.com as well. But no luck

balena@balena-cli1:~$ balena devices
ID UUID DEVICE NAME DEVICE TYPE APPLICATION NAME STATUS IS ONLINE SUPERVISOR VERSION OS VERSION DASHBOARD URL
2 d04e139 still-feather raspberrypi3 myApp Idle true 9.15.7 balenaOS 2.38.0+rev1 https://dashboard.mydomain.com/devices/d04e13791801448eb33b/summary

  1. I have also noticed multiple VPN contained can be enabled. How to run multiple VPN containers? If i run multiple vpn container, can it still use vpn.mydomain.com or it will be mutiple urls?

Looking forward your help.

Thank you.

Hi @dganesh81 ,

Thanks for getting in touch. Let’s go through your questions:

  1. balenaOS runs balenaEngine (https://www.balena.io/engine/) which is a fork of the Docker project. You can run it by using balena on the device, eg. balena ps will show the currently running containers.
  2. No GUI/Dashboard is shipped with OpenBalena. OpenBalena can only be accessed and operated via balena-cli. It looks like your device is correctly running given your call to balena devices, though!
  3. Unfortunately, I’m not quite sure what you mean by this. OpenBalena uses a VPN to allow the device to communicate with its backend services (including SSH/actions/etc.). Do you mean can you run your own VPN as well? Absolutely! You should be able to do this using host networking from within your own service images.

Hope this help, let us know if we can be of anymore help.

Best regards, Heds

Hi Hedss

Thanks for the prompt response. Based on my understanding VPN_INSTANCE_SUBNET_BITMASK is to have multiple VPN instance. Am i right? My idea is to run multiple vpn instance and have kind of load balancing between the vpn instance. For example lets say we have 10K RasPi and distribute 5K connection to one instance and another 5k to another in round robin manner. Do you think it is possible?

Hi again,

Thanks for the clarification, I see what you’re getting at now! Yes, in theory the use of VPN_INSTANCE_SUBNET_BITMASK should allow you to run multiple VPN instances in OpenBalena and then dictate the subnetting for the each instance from the base subnet. However, I don’t actually know if OpenBalena supports multiple VPN instances yet, so I’m going to get in touch with the engineer responsible and get back to you as soon as I have more information.

Best regards, Heds

Hi Hedss

Perfect. I will wait for your update then. Thank you.

Hi again @dganesh81! It looks like this isn’t currently possible in OpenBalena, but it should be pretty easy to enable. I’ll get a PR raised soon and ping you on this thread once it is ready.

Hi [wrboyce], Thank you. Please try to have a option to enable multiple vpn instance if possible. When we have large amount of devices, it would be good to have load sharing to avoid any bottleneck. It is just an idea :stuck_out_tongue:

hey, we’ve opened an issue for this on the OpenBalena repository, where you can subscribe to changes or comment for more details

Cheers!

Thank you imrehg

Hey @dganesh81, as of v8.17.0 of open-balena-vpn you can now specify VPN_INSTANCE_COUNT to dictate the number of openvpn processes that will be spawned inside each container.

I have upgraded the the version to v8.17.0 and mentioned VPN_INSTANCE_COUNT: 4. But it didnt create 4 containers. Am i missing something?

balena@balena:/home/balena/open-balena$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5f4e02b9e9df balena/open-balena-vpn:v8.17.0 “/usr/bin/entry.sh” 20 seconds ago Up 19 seconds 80/tcp, 443/tcp, 3128/tcp openbalena_vpn_1
bf731bdfa0a6 openbalena_haproxy “/docker-entrypoint.…” 4 weeks ago Up 2 days 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 222/tcp, 5432/tcp, 0.0.0.0:3128->3128/tcp, 6379/tcp openbalena_haproxy_1
2c242b91dbd7 balena/open-balena-registry:v2.7.0 “/usr/bin/entry.sh” 4 weeks ago Up 2 days 80/tcp openbalena_registry_1
f5a2b9eab2f1 balena/open-balena-api:v0.19.5 “/usr/bin/entry.sh” 4 weeks ago Up 2 days 80/tcp openbalena_api_1
771414aa1ea1 balena/open-balena-db:v2.0.3 “docker-entrypoint.s…” 4 weeks ago Up 2 days 5432/tcp openbalena_db_1
1a309d8931ea redis:alpine “docker-entrypoint.s…” 4 weeks ago Up 2 days 6379/tcp openbalena_redis_1
e02de65409cf balena/open-balena-s3:v2.6.2 “/usr/bin/entry.sh” 4 weeks ago Up 2 days 80/tcp openbalena_s3_1
2a2ccea443a3 openbalena_cert-provider “/entry.sh /usr/src/…” 4 weeks ago Up 2 days 80/tcp openbalena_cert-provider_1
balena@balena:/home/balena/open-balena$
balena@balena:/home/balena/open-balena$
balena@balena:/home/balena/open-balena$
balena@balena:/home/balena/open-balena$
balena@balena:/home/balena/open-balena$
balena@balena:/home/balena/open-balena$ cat /home/balena/open-balena/config/docker-compose.yml

Project-specific config.

All paths must be defined relative to compose/services.yml regardless of

the location of this file, i.e. refer to my-open-balena-checkout/somedir

as ../somedir. This is because of the way docker-compose handles paths

when specifying multiple configs and open-balena always specifying

compose/services.yml as the “base” config.

You may view the effective config with scripts/compose config.

version: ‘2.1’
services:
vpn:
environment:
VPN_INSTANCE_COUNT: 4
VPN_BASE_SUBNET: 172.17.15.0/24
VPN_INSTANCE_SUBNET_BITMASK: 26
balena@balena:/home/balena/open-balena$

Hey @dganesh81, as my colleague said VPN_INSTANCE_COUNT will dictate the number of openvpn processes that will be spawned inside each container, not number of containers. So It won’t create 4 containers in your case.

ahh…understood. it looks good then.

nobody 1083 1039 0 10:14 ? 00:00:00 /usr/sbin/openvpn --status /run/openvpn/server-1.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --verb 3 --dev tun1 --port 10001 --management 127.0.0.1 20001 --management-hold --ifconfig 172.17
nobody 1084 1045 0 10:14 ? 00:00:00 /usr/sbin/openvpn --status /run/openvpn/server-2.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --verb 3 --dev tun2 --port 10002 --management 127.0.0.1 20002 --management-hold --ifconfig 172.17
nobody 1085 1050 0 10:14 ? 00:00:00 /usr/sbin/openvpn --status /run/openvpn/server-4.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --verb 3 --dev tun4 --port 10004 --management 127.0.0.1 20004 --management-hold --ifconfig 172.17
nobody 1086 1046 0 10:14 ? 00:00:00 /usr/sbin/openvpn --status /run/openvpn/server-3.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf --verb 3 --dev tun3 --port 10003 --management 127.0.0.1 20003 --management-hold --ifconfig 172.17

Thank you.

You’re welcome. Please let us know if you need further support.

nghiant2710

is it possible to access the RasPi from Balena CLI? I am able to access the RasPI from VPN container using VPN client IP. But not from Balena CLI. Direct IP of the RasPI cant be accessed since it is behind the firewall. We have to use only VPN client IP address.

You can use the balena tunnel command to assist in connecting to your device remotely.

For more info, see the docs here.