openBalena 2024

i found a solution and was able to upgrade our open-balena server from 3.8.2 direct to the latest 4.1.x version.

this was my way. Maybe also yours.

open-balena upgrade path from 3.8.2 to latest 4.1.x

At first make a SNAPSHOT or at least a backup of your server!
Be sure you can restore your backup!
Create a server-clone, to be sure, the upgrade path is working at your system.

This is the path, which is working on our environment.

After the upgrade use the docker log --follow <container> funciton to detect error messages in the api, registry, haproxy or db container.

update server and install required packages

sudo apt-get update && sudo apt-get install -y make openssl git jq

switch to sudo balena user

sudo su balena
cd /home/balena

rename open-balena root folder, to correct prefix

Otherwise the command ‘make up’ will create new volumes, the prefix of the container volume is the name of the installation folder
The migration only works if the new system uses the old container!

mv open-balena openbalena 
cd openbalena

clean up your changes

git restore compose/version

now upgrade the open-balena server to latest version

git pull

define your Main-Url of the server

export DNS_TLD=<your-domain>

Prepare docker-compose file!

nano docker-compose.yml

change the volume names to old pattern

to this by the volume definition and for the s3 and db container
db-data => db
s3-data => s3

prevent crazy load in api container

sometimes the api tries to refresh the device list.
some devices are in private repos and open-balena have no premission to show the details.
a lot of error messages appears in api container and is not available for some minutes
happens mostly by generating a new device config.

To activate a devicetype filter add this to API-Container Environment Variable section:

CONTRACT_ALLOWLIST: arch.sw/armv7hf;arch.sw/aarch64;hw.device-manufacturer/asus;hw.device-family/tinkerboard;hw.device-type/asus-tinker-board-s;hw.device-type/asus-tinker-board;hw.device-type/raspberrypi3;hw.device-type/raspberrypi4-64;sw.os+hw.device-type/ubuntu@lunar+raspberrypi3;sw.os+hw.device-type/ubuntu@jammy+raspberrypi3;sw.os+hw.device-type/alpine+raspberrypi3;sw.os+hw.device-type/debian@sid+raspberrypi3;sw.os+hw.device-type/debian+raspberrypi3;sw.os+hw.device-type/ubuntu@focal+raspberrypi3;sw.os+hw.device-type/ubuntu@focal+raspberrypi4-64;sw.os+hw.device-type/debian@sid+raspberrypi4-64;sw.os+hw.device-type/alpine+raspberrypi4-64;sw.os+hw.device-type/debian+raspberrypi4-64;sw.os+hw.device-type/ubuntu@lunar+raspberrypi4-64;sw.os+hw.device-type/ubuntu@jammy+raspberrypi4-64;sw.os+hw.device-type/debian@bookworm+raspberrypi4-64

Disable registry cache and force region to us-east-1 for s3 container

COMMON_REGION: us-east-1
REGISTRY2_CACHE_ENABLED: 'false'

repair make file

there is a faulty jq parsing command

nano Makefile
go to wait: -section and repair jq query
jq -r '.Health' => jq -r '.[ ].Health'

now we can finaly start the container

make up

allow migration of database

the db container is able to migrate the postgres database from 14 to 16 automatically.
But the API Migration Script is faulty.
The script 0074-normalize-release-contract is crashing the startup.
You have to delete this file at every ‘make up’ command!

go into api container and delete migrations file 0074*

docker exec -it openbalena-api-1 /bin/bash
rm src/migrations/0074-normalize-release-contract.async.ts 
exit
docker restart openbalena-api-1

delete some wrong database entries

sometimes you see in the log (docker logs --follow openbalena-api-1) a strange output.
Error loading application config MigrationError: Failed to execute ‘balena’ model from ‘undefined’ due to: operator does not exist: boolean <> integer
To get ride of this message connect into the postgres database and delete some constraints entries from the release table.

docker stop openbalena-api-1
docker exec -it openbalena-db-1 /bin/bash
psql -U docker -d resin

show table details

\d+ release

delete wrong contraints check from release table => modify the relase$

ALTER TABLE release DROP CONSTRAINT "release$69zgYrVSJaN1avGiEeipPlJ9/lMKzOIt3iMPF6u/6WY=";
ALTER TABLE release DROP CONSTRAINT "release$RcddhgkY+99IgKXAUId7Q3iN4WylzgAxSFiF+JvyRiY=";

if you changed the domain url, tell the database where the images of your fleets are stored now.

UPDATE image SET  "is stored at-image location" = REPLACE("is stored at-image location",'registry.<old-url>','registry2.<new-url>');
UPDATE release SET "composition" = REPLACE(composition::Text,'registry.<old-url>','<new-url>')::jsonb;
 \q
 exit

restart api container

docker start openbalena-api-1

check for unhealthy container and restart them

 docker ps
 docker restart openbalena-vpn-1

finalise the upgrade

if you have used a selft signed cert, i have no solution.
we switched to cloudflare.
only so our old devices are able to reconnect again.
i found no way to use the old self-signed certificates (we changed the url…)

sudo su balena
cd /home/balena/openBalena

add cloudflare credentials

 nano .env
	ACME_EMAIL=<your-user>
	CLOUDFLARE_API_TOKEN=<your-token>

and/or

export ACME_EMAIL=<your-user>
export CLOUDFLARE_API_TOKEN=<your-token>

activate the cloud flare certificate mode

make auto-pki
make verify

api container resetet => delete faulty 0074* migration file again

docker exec -it openbalena-api-1 /bin/bash
rm src/migrations/0074-normalize-release-contract.async.ts 
exit
docker restart openbalena-api-1

go to your dev-laptop and start hacking with newest open balena server

balena login -t <your_balena_token>

2 Likes