balena-io / open-balena Goto Github PK

It looks like the Linux instructions for adding the self-signed cert in the quickstart is Debian specific. Here's what I would add for RHEL users like me. I'm definitely not an expert in certs, so please someone check my work - this is just what I figured out after a few minutes of googling.

RHEL

npm config set cafile "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" -g
sudo cp path/to/self/signed/cert/ca.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust extract

(Here's the documentation on resetting your certs in case something goes wrong)

We're using realpath in a few places in the scripts that manage the openBalena instance and that requires installation of coreutils on macOS. Ideally we'd skip this dependency.

One snippet I've been using for years (and has proven robust enough in macOS, where I've only ever tested it) to get the absolute path of a script to itself -- i.e. the equivalent of C's __FILE__ or Node's __filename -- is the following:

abspath() {
  (
    local foldername=$(dirname "$1")
    local filename=$(basename "$1")
    pushd "$foldername" >/dev/null
    echo "$PWD/$filename"
    popd >/dev/null
  )
}

# typically invoked like this from inside a script
MYVAR=$(abspath "$0")

I'm not sure off the top of my head what extra guarantees the actual realpath gives, but I don't think we really need anything more than an absolute path to use as an anchor for finding project-relative paths, so we could use this snippet as a basis.

The platform looks up available device types in the production S3 bucket of balenaCloud. We're currently pointing instances directly to the bucket, but we should instead use files.balena-cloud.com which proxies that bucket. The two obvious benefits are that users would then be able to deploy openbalena in strict networks (where all outbound connections must be explicitly allowed by a firewall and whitelisting s3.amazonaws.com is too broad) and also allows balenaCloud to change the actual storage location.

Tested using the latest API code, when the device downloads updates to the application stack the fields status and download_progress remain unchanged.

There's no support for creating a production image for the supported boards. According to the BalenaOS Documentation, the differences between a production image and a development image are the following (in short):

• Passwordless SSH via port 22222
• Docker socket exposed to port 2377
• Getty console attached to tty1 and serial
• Capable of entering local mode

And probably more. Obviously these are cool and handy things when developing your application. However, in production these functions are a huge security risk.

This issue is resulting from the openBalena Topic I've created. I know it's in development, but, as suggested, I've created an issue for this function.

Using what seems to be the latest version available of open-balena (2.0.0) and Balena CLI (11.19.1) I cannot push the image to the registry. The following error is displayed:

Retrying "registry.mydomain.com/v2/XXXXXXXXXXXXXXXXXXXXXXX:latest" after 2.00s (1 of 3) due to: Error: received unexpected HTTP status: 500 Internal Server Error
Retrying "registry.mydomain.com/v2/XXXXXXXXXXXXXXXXXXXXXXX:latest" after 2.80s (2 of 3) due to: Error: received unexpected HTTP status: 500 Internal Server Error
Retrying "registry.mydomain.com/v2/XXXXXXXXXXXXXXXXXXXXXXX:latest" after 3.92s (3 of 3) due to: Error: received unexpected HTTP status: 500 Internal Server Error

Does anyone have an idea what could be the problem? Could it be linked with to the following issue?
distribution/distribution-library-image#89

We should document how a user can update their openbalena instance from one release to the next.

Using balena-cli : "balena app restart appName" / "balena app restart uuid"
or node-sdk :
balena.models.device.restartApplication(uuid)

I get this error :

> BalenaRequestError: Request error: 
> <!DOCTYPE html>
> <html lang="en">
> <head>
> <meta charset="utf-8">
> <title>Error</title>
> </head>
> <body>
> <pre>Cannot POST /application/9/restart</pre>
> </body>
> </html>
> 
>     at /usr/local/lib/node_modules/balena-cli/node_modules/balena-request/build/request.js:197:17
>     at tryCatcher (/usr/local/lib/node_modules/balena-cli/node_modules/bluebird/js/release/util.js:16:23)
>     at Promise._settlePromiseFromHandler (/usr/local/lib/node_modules/balena-cli/node_modules/bluebird/js/release/promise.js:517:31)
>     at Promise._settlePromise (/usr/local/lib/node_modules/balena-cli/node_modules/bluebird/js/release/promise.js:574:18)
>     at Promise._settlePromise0 (/usr/local/lib/node_modules/balena-cli/node_modules/bluebird/js/release/promise.js:619:10)
>     at Promise._settlePromises (/usr/local/lib/node_modules/balena-cli/node_modules/bluebird/js/release/promise.js:699:18)
>     at _drainQueueStep (/usr/local/lib/node_modules/balena-cli/node_modules/bluebird/js/release/async.js:138:12)
>     at _drainQueue (/usr/local/lib/node_modules/balena-cli/node_modules/bluebird/js/release/async.js:131:9)
>     at Async._drainQueues (/usr/local/lib/node_modules/balena-cli/node_modules/bluebird/js/release/async.js:147:5)
>     at Immediate.Async.drainQueues (/usr/local/lib/node_modules/balena-cli/node_modules/bluebird/js/release/async.js:17:14)
>     at runCallback (timers.js:794:20)
>     at tryOnImmediate (timers.js:752:5)
>     at processImmediate [as _immediateCallback] (timers.js:729:5)

The last supported version of balena-cli for openbalena is 12.2.2. Very helpful if this would be a part of the readme.

See this issue:

balena-io/balena-cli#1970

As reported here in the forums: https://forums.balena.io/t/31950

Touch on questions like "how does a user use a production unmanaged OS with open-balena?", "what is the workflow?"

Hi Community Members,

Is there any way to add a dashboard to openbalena. Balena dashboard or any custom dashboard?

When I try to balena ssh somedevice, I get the following error:

Please login as the user "obadmin" rather than the user "root".

where obadmin is the server user under which balena is running.

Does OpenBalena need to be run as root? Or, is there a way of overriding the user?

See support ticket attached. Customers are attempting to run OB but services do not start up correctly.

Hi, when I activate the "Enable / Disable VPN" setting, set it to "disabled", and restart my RasPi 3, then, during startup, the following log items show up and the device suddenly becomes "offline":

29.03.20 00:39:48 (+0100) Applying configuration change {"SUPERVISOR_VPN_CONTROL":"false"}
29.03.20 00:39:48 (+0100) Applied configuration change {"SUPERVISOR_VPN_CONTROL":"false"}

actually, it is not offline since I see the device running in front of me, and also, balena can still retrieve logs from the device.

User would like to use multiple VPN instances with OpenBalena to help connect many devices.

Pushing against nonexistent name (behaviour the same for an existing app):

balena push wibblewobble -s .
? 2 applications found with that name, please select the application you would l
ike to push to (Use arrow keys)
❯ undefined/wibblewobble
undefined/wibblewobble

If I remove one of the 2 applications that I have then repeat the command

balena push wibblewobble -s .
\ Uploading source package to balena cloudnull

I don't know your roadmap but supporting more deployment options would bring more people to the community. And the kubernetes community is one of the largest. Plus it would help integrate open-balena in the current kube stacks.

In the getting started, we should explicitly mention that one needs to have docker installed on their laptop so they can successfully use balena deploy

[shaunmulligan] - Note that openBalena doesn't have the full multi user system.

• doesn't have delta updates
• doesn't (currently) have hostOS updates

A user had issues deploying OpenBalena when using OpenVZ and Virtuozzo based VPS's, however it worked right away when he attempted a KVM based virtual server on attempt number three. Forum post is located here: https://forums.balena.io/t/180828

It might be helpful if we added a small note that we recommend a KVM based server to the Getting Started Guide: https://www.balena.io/open/docs/getting-started

Running balena devices with openBalena, my devices are always labeled as offline. Similar. to #17, but in this case I'm not sure if it's a compatibility problem or something wrong with my installation.

Will feature support between balena-cli and openBalena be mitigated over time? For a few commands, there's no openBalena equivalent at all... maybe a fork of balena-cli tailored for openBalena?

Hey guys,

I am running latest open-balena, balena cli version 12.9.1 and trying to provision balena-cloud-fincm3-2.51.1+rev1-v11.4.10.img on a BalenFin v1.1.

The supervisor on that box keeps spitting the following and it's failing to register the device,

[event] Event: Device bootstrap failed, retrying {"delay":30000,"error":{"message":"User ID must be a valid integer","stack":"Error: User ID must be a valid integer\n at /usr/src/app/dist/app.js:2:2630094\n at PassThroughHandlerContext.finallyHandler (/usr/src/app/dist/app.js:2:1748917)\n at PassThroughHandlerContext.tryCatcher (/usr/src/app/dist/app.js:2:220284)\n at Promise._settlePromiseFromHandler (/usr/src/app/dist/app.js:2:1708447)\n at Promise._settlePromise (/usr/src/app/dist/app.js:2:1709730)\n at Promise._settlePromise0 (/usr/src/app/dist/app.js:2:1710770)\n at Promise._settlePromises (/usr/src/app/dist/app.js:2:1712478)\n at _drainQueueStep (/usr/src/app/dist/app.js:2:1715412)\n at _drainQueue (/usr/src/app/dist/app.js:2:1715308)\n at Async._drainQueues (/usr/src/app/dist/app.js:2:1716625)\n at Immediate.Async.drainQueues [as _onImmediate] (/usr/src/app/dist/app.js:2:1715217)\n at processImmediate (internal/timers.js:456:21)"}}

this is how i am configuring the image

balena os configure ~/Downloads/balena-cloud-fincm3-2.51.1+rev1-dev-v11.4.10.img --app foo

any idea?
Thanks

Hi,

I am trying to login into provided docker registry but token authorization is not working since the realm returned in the header is not populated with the domain name.

www-authenticate →Bearer realm="https://api./auth/v1/token",service="registry2."

I have changed and hardcoded environment variables in both docker-compose.yml and directly in services.yml, but nothing has changed. (next parameter: BALENA_TOKEN_AUTH_REALM).

Does somebody have any idea what I am doing wrong?

Thank you in advance.

Urban

The CLI has a bunch of commands that still assume balenaCloud as the target and won't work with open-balena, for example balena push.

We should document the exact set of commands that are supported and guarantee they work when targeting open-balena going forward.

cc @shaunmulligan @pimterry

1. Deploy a docker-compose.yml release with a service that contains an environment variable with that holds a -.
2. Release seems to be going ok, it says succeeded
3. Devices do not update to release

The user is not notified that this configuration is invalid.

I do have a self-signed cert that we require for Deep Packet Inspection through our firewall. export NODE_EXTRA_CA_CERTS= does not work for this error.

I was able to get around this for the login by adding
process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0;
to
/usr/lib/node_modules/balena-cli/node_modules/node-fetch/index.js

balena-cli version: 9.14.5

[Error]   Deploy failed
Error: SSL Error: SELF_SIGNED_CERT_IN_CHAIN
    at Request.onRequestResponse (/usr/lib/node_modules/balena-cli/node_modules/request/request.js:954:24)
    at ClientRequest.emit (events.js:202:15)
    at ClientRequest.EventEmitter.emit (domain.js:446:20)
    at HTTPParser.parserOnIncomingClient [as onIncoming] (_http_client.js:560:21)
    at HTTPParser.parserOnHeadersComplete (_http_common.js:113:17)
    at TLSSocket.socketOnData (_http_client.js:447:20)
    at TLSSocket.emit (events.js:197:13)
    at TLSSocket.EventEmitter.emit (domain.js:446:20)
    at addChunk (_stream_readable.js:288:12)
    at readableAddChunk (_stream_readable.js:269:11)
    at TLSSocket.Readable.push (_stream_readable.js:224:10)
    at TLSWrap.onStreamRead [as onread] (internal/stream_base_commons.js:145:17)

If you need help, don't hesitate in contacting us at:

  Forums: https://forums.balena.io
  GitHub: https://github.com/balena-io/balena-cli/issues/new

We should support tags like we have on balenaCloud

After 1-2 the server shuts down unexpected

Running on:

AWS Ubuntu Server 18.04 LTS (HVM), SSD Volume Type - t2.micro

Logs:
redis_1_8f8d336723d1 | 1:C 05 Feb 2019 08:04:42.628 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo redis_1_8f8d336723d1 | 1:C 05 Feb 2019 08:04:42.628 # Redis version=5.0.3, bits=64, commit=00000000, modified=0, pid=1, just started redis_1_8f8d336723d1 | 1:C 05 Feb 2019 08:04:42.628 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf redis_1_8f8d336723d1 | 1:M 05 Feb 2019 08:04:42.631 * Running mode=standalone, port=6379. redis_1_8f8d336723d1 | 1:M 05 Feb 2019 08:04:42.631 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128. redis_1_8f8d336723d1 | 1:M 05 Feb 2019 08:04:42.631 # Server initialized redis_1_8f8d336723d1 | 1:M 05 Feb 2019 08:04:42.631 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. redis_1_8f8d336723d1 | 1:M 05 Feb 2019 08:04:42.631 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled. redis_1_8f8d336723d1 | 1:M 05 Feb 2019 08:04:42.631 * DB loaded from disk: 0.001 seconds redis_1_8f8d336723d1 | 1:M 05 Feb 2019 08:04:42.631 * Ready to accept connections redis_1_8f8d336723d1 | 1:M 05 Feb 2019 10:16:49.511 * 1 changes in 3600 seconds. Saving... redis_1_8f8d336723d1 | 1:M 05 Feb 2019 10:16:49.513 * Background saving started by pid 12 redis_1_8f8d336723d1 | 12:C 05 Feb 2019 10:16:49.518 * DB saved on disk redis_1_8f8d336723d1 | 12:C 05 Feb 2019 10:16:49.518 * RDB: 0 MB of memory used by copy-on-write redis_1_8f8d336723d1 | 1:M 05 Feb 2019 10:16:49.613 * Background saving terminated with success redis_1_8f8d336723d1 | 1:M 05 Feb 2019 11:16:50.076 * 1 changes in 3600 seconds. Saving... redis_1_8f8d336723d1 | 1:M 05 Feb 2019 11:16:50.076 * Background saving started by pid 13 redis_1_8f8d336723d1 | 13:C 05 Feb 2019 11:16:50.080 * DB saved on disk redis_1_8f8d336723d1 | 13:C 05 Feb 2019 11:16:50.081 * RDB: 0 MB of memory used by copy-on-write redis_1_8f8d336723d1 | 1:M 05 Feb 2019 11:16:50.176 * Background saving terminated with success redis_1_8f8d336723d1 | 1:M 05 Feb 2019 14:23:22.623 * 1 changes in 3600 seconds. Saving... redis_1_8f8d336723d1 | 1:M 05 Feb 2019 14:23:22.624 * Background saving started by pid 14 redis_1_8f8d336723d1 | 14:C 05 Feb 2019 14:23:22.631 * DB saved on disk redis_1_8f8d336723d1 | 14:C 05 Feb 2019 14:23:22.631 * RDB: 0 MB of memory used by copy-on-write redis_1_8f8d336723d1 | 1:M 05 Feb 2019 14:23:22.725 * Background saving terminated with success redis_1_8f8d336723d1 | 1:M 05 Feb 2019 15:23:23.014 * 1 changes in 3600 seconds. Saving... redis_1_8f8d336723d1 | 1:M 05 Feb 2019 15:23:23.014 * Background saving started by pid 15 redis_1_8f8d336723d1 | 15:C 05 Feb 2019 15:23:23.019 * DB saved on disk redis_1_8f8d336723d1 | 15:C 05 Feb 2019 15:23:23.019 * RDB: 0 MB of memory used by copy-on-write redis_1_8f8d336723d1 | 1:M 05 Feb 2019 15:23:23.115 * Background saving terminated with success redis_1_8f8d336723d1 | 1:M 05 Feb 2019 16:23:24.054 * 1 changes in 3600 seconds. Saving... redis_1_8f8d336723d1 | 1:M 05 Feb 2019 16:23:24.059 * Background saving started by pid 16 redis_1_8f8d336723d1 | 16:C 05 Feb 2019 16:23:24.082 * DB saved on disk redis_1_8f8d336723d1 | 16:C 05 Feb 2019 16:23:24.082 * RDB: 0 MB of memory used by copy-on-write redis_1_8f8d336723d1 | 1:M 05 Feb 2019 16:23:24.159 * Background saving terminated with success redis_1_8f8d336723d1 | 1:M 05 Feb 2019 16:44:47.613 * 100 changes in 300 seconds. Saving... redis_1_8f8d336723d1 | 1:M 05 Feb 2019 16:44:47.616 * Background saving started by pid 17 redis_1_8f8d336723d1 | 17:C 05 Feb 2019 16:44:47.660 * DB saved on disk redis_1_8f8d336723d1 | 17:C 05 Feb 2019 16:44:47.661 * RDB: 0 MB of memory used by copy-on-write redis_1_8f8d336723d1 | 1:M 05 Feb 2019 16:44:47.716 * Background saving terminated with success redis_1_8f8d336723d1 | 1:M 05 Feb 2019 16:49:48.019 * 100 changes in 300 seconds. Saving... redis_1_8f8d336723d1 | 1:M 05 Feb 2019 16:49:48.023 * Background saving started by pid 18 redis_1_8f8d336723d1 | 18:C 05 Feb 2019 16:49:48.048 * DB saved on disk redis_1_8f8d336723d1 | 18:C 05 Feb 2019 16:49:48.048 * RDB: 0 MB of memory used by copy-on-write redis_1_8f8d336723d1 | 1:M 05 Feb 2019 16:49:48.123 * Background saving terminated with success redis_1_8f8d336723d1 | 1:M 05 Feb 2019 16:54:49.075 * 100 changes in 300 seconds. Saving... redis_1_8f8d336723d1 | 1:M 05 Feb 2019 16:54:49.075 * Background saving started by pid 19 redis_1_8f8d336723d1 | 19:C 05 Feb 2019 16:54:49.110 * DB saved on disk redis_1_8f8d336723d1 | 19:C 05 Feb 2019 16:54:49.110 * RDB: 0 MB of memory used by copy-on-write redis_1_8f8d336723d1 | 1:M 05 Feb 2019 16:54:49.175 * Background saving terminated with success redis_1_8f8d336723d1 | 1:M 05 Feb 2019 16:59:50.098 * 100 changes in 300 seconds. Saving... redis_1_8f8d336723d1 | 1:M 05 Feb 2019 16:59:50.099 * Background saving started by pid 20 redis_1_8f8d336723d1 | 20:C 05 Feb 2019 16:59:50.114 * DB saved on disk redis_1_8f8d336723d1 | 20:C 05 Feb 2019 16:59:50.114 * RDB: 0 MB of memory used by copy-on-write redis_1_8f8d336723d1 | 1:M 05 Feb 2019 16:59:50.199 * Background saving terminated with success redis_1_8f8d336723d1 | 1:M 05 Feb 2019 17:04:51.026 * 100 changes in 300 seconds. Saving... redis_1_8f8d336723d1 | 1:M 05 Feb 2019 17:04:51.026 * Background saving started by pid 21 redis_1_8f8d336723d1 | 21:C 05 Feb 2019 17:04:51.057 * DB saved on disk redis_1_8f8d336723d1 | 21:C 05 Feb 2019 17:04:51.057 * RDB: 0 MB of memory used by copy-on-write redis_1_8f8d336723d1 | 1:M 05 Feb 2019 17:04:51.126 * Background saving terminated with success redis_1_8f8d336723d1 | 1:M 05 Feb 2019 17:09:52.057 * 100 changes in 300 seconds. Saving... redis_1_8f8d336723d1 | 1:M 05 Feb 2019 17:09:52.071 * Background saving started by pid 22 redis_1_8f8d336723d1 | 22:C 05 Feb 2019 17:09:52.499 * DB saved on disk redis_1_8f8d336723d1 | 22:C 05 Feb 2019 17:09:52.500 * RDB: 0 MB of memory used by copy-on-write redis_1_8f8d336723d1 | 1:M 05 Feb 2019 17:09:52.613 * Background saving terminated with success s3_1_19521a2a2d0e | Systemd init system enabled. db_1_7ad66e59518a | 2019-02-05 08:04:43.797 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432 db_1_7ad66e59518a | 2019-02-05 08:04:43.797 UTC [1] LOG: listening on IPv6 address "::", port 5432 db_1_7ad66e59518a | 2019-02-05 08:04:43.826 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432" db_1_7ad66e59518a | 2019-02-05 08:04:43.893 UTC [21] LOG: database system was shut down at 2019-02-05 08:04:00 UTC db_1_7ad66e59518a | 2019-02-05 08:04:43.948 UTC [1] LOG: database system is ready to accept connections db_1_7ad66e59518a | 2019-02-05 08:04:53.631 UTC [28] ERROR: relation "uniq_model_model_type_vocab" already exists db_1_7ad66e59518a | 2019-02-05 08:04:53.631 UTC [28] STATEMENT: CREATE UNIQUE INDEX "uniq_model_model_type_vocab" ON "model" ("is of-vocabulary", "model type"); db_1_7ad66e59518a | 2019-02-05 10:03:51.465 UTC [29] ERROR: duplicate key value violates unique constraint "service_application_service name_key" db_1_7ad66e59518a | 2019-02-05 10:03:51.465 UTC [29] DETAIL: Key (application, "service name")=(3, main) already exists. db_1_7ad66e59518a | 2019-02-05 10:03:51.465 UTC [29] STATEMENT: INSERT INTO "service" ("application", "service name") db_1_7ad66e59518a | VALUES ($1, $2) RETURNING "id"; db_1_7ad66e59518a | 2019-02-05 10:19:40.570 UTC [153] ERROR: duplicate key value violates unique constraint "service_application_service name_key" db_1_7ad66e59518a | 2019-02-05 10:19:40.570 UTC [153] DETAIL: Key (application, "service name")=(3, main) already exists. db_1_7ad66e59518a | 2019-02-05 10:19:40.570 UTC [153] STATEMENT: INSERT INTO "service" ("application", "service name") db_1_7ad66e59518a | VALUES ($1, $2) RETURNING "id"; db_1_7ad66e59518a | 2019-02-05 14:21:43.482 UTC [170] ERROR: duplicate key value violates unique constraint "service_application_service name_key" db_1_7ad66e59518a | 2019-02-05 14:21:43.482 UTC [170] DETAIL: Key (application, "service name")=(3, main) already exists. db_1_7ad66e59518a | 2019-02-05 14:21:43.482 UTC [170] STATEMENT: INSERT INTO "service" ("application", "service name") db_1_7ad66e59518a | VALUES ($1, $2) RETURNING "id"; db_1_7ad66e59518a | 2019-02-05 15:41:34.369 UTC [418] ERROR: duplicate key value violates unique constraint "service_application_service name_key" db_1_7ad66e59518a | 2019-02-05 15:41:34.369 UTC [418] DETAIL: Key (application, "service name")=(3, main) already exists. db_1_7ad66e59518a | 2019-02-05 15:41:34.369 UTC [418] STATEMENT: INSERT INTO "service" ("application", "service name") db_1_7ad66e59518a | VALUES ($1, $2) RETURNING "id"; db_1_7ad66e59518a | 2019-02-05 17:14:31.193 UTC [611] FATAL: canceling authentication due to timeout db_1_7ad66e59518a | 2019-02-05 17:15:19.282 UTC [616] LOG: could not receive data from client: Connection reset by peer db_1_7ad66e59518a | 2019-02-05 17:15:20.803 UTC [616] LOG: incomplete startup packet db_1_7ad66e59518a | 2019-02-05 17:16:19.170 UTC [617] LOG: could not receive data from client: Connection reset by peer db_1_7ad66e59518a | 2019-02-05 17:17:55.275 UTC [619] LOG: could not receive data from client: Connection reset by peer db_1_7ad66e59518a | 2019-02-05 17:17:57.207 UTC [619] LOG: incomplete startup packet db_1_7ad66e59518a | 2019-02-05 17:18:01.695 UTC [581] LOG: unexpected EOF on client connection with an open transaction db_1_7ad66e59518a | 2019-02-05 17:18:02.799 UTC [607] LOG: unexpected EOF on client connection with an open transaction db_1_7ad66e59518a | 2019-02-05 17:18:02.799 UTC [606] LOG: unexpected EOF on client connection with an open transaction db_1_7ad66e59518a | 2019-02-05 17:18:02.799 UTC [608] LOG: unexpected EOF on client connection with an open transaction db_1_7ad66e59518a | 2019-02-05 17:18:02.799 UTC [605] LOG: unexpected EOF on client connection with an open transaction db_1_7ad66e59518a | 2019-02-05 17:18:05.497 UTC [620] LOG: could not receive data from client: Connection reset by peer db_1_7ad66e59518a | 2019-02-05 17:18:05.497 UTC [625] LOG: could not receive data from client: Connection reset by peer db_1_7ad66e59518a | 2019-02-05 17:18:05.497 UTC [626] LOG: could not receive data from client: Connection reset by peer db_1_7ad66e59518a | 2019-02-05 17:18:05.497 UTC [624] LOG: could not receive data from client: Connection reset by peer db_1_7ad66e59518a | 2019-02-05 17:18:05.497 UTC [621] LOG: could not receive data from client: Connection reset by peer db_1_7ad66e59518a | 2019-02-05 17:18:05.497 UTC [623] LOG: could not receive data from client: Connection reset by peer db_1_7ad66e59518a | 2019-02-05 17:18:05.497 UTC [622] LOG: could not receive data from client: Connection reset by peer api_1_ee9297901b5c | Systemd init system enabled. registry_1_6c2b77e018bb | Systemd init system enabled. vpn_1_4c6019e78747 | Systemd init system enabled. haproxy_1_3e1d962649bf | [WARNING] 035/080447 (1) : Server backend_api/resin_api_1 is DOWN, reason: Layer4 connection problem, info: "Connection refused", check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue. haproxy_1_3e1d962649bf | [ALERT] 035/080447 (1) : backend 'backend_api' has no server available! haproxy_1_3e1d962649bf | [WARNING] 035/080449 (1) : Server vpn-tunnel/balena_vpn is DOWN, reason: Layer4 connection problem, info: "Connection refused", check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue. haproxy_1_3e1d962649bf | [ALERT] 035/080449 (1) : proxy 'vpn-tunnel' has no server available! haproxy_1_3e1d962649bf | [WARNING] 035/080453 (1) : Server vpn-tunnel/balena_vpn is UP, reason: Layer4 check passed, check duration: 0ms. 1 active and 0 backup servers online. 0 sessions requeued, 0 total in queue. haproxy_1_3e1d962649bf | [WARNING] 035/080501 (1) : Server backend_api/resin_api_1 is UP, reason: Layer4 check passed, check duration: 0ms. 1 active and 0 backup servers online. 0 sessions requeued, 0 total in queue. haproxy_1_3e1d962649bf | [WARNING] 035/171809 (1) : Server backend_api/resin_api_1 is DOWN, reason: Layer4 connection problem, info: "Connection refused", check duration: 0ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue. haproxy_1_3e1d962649bf | [ALERT] 035/171809 (1) : backend 'backend_api' has no server available!

This is the error message.
time="2019-07-02T08:31:58.545306456Z" level=warning msg="failed to retrieve balena-engine-init version: exec: "balena-engine-init": executable file not found in $PATH"

Repository
https://github.com/balena-io-projects/simple-server-node

Command I use to deploy
balena deploy [AppName] --source --logs . --emulated
balena deploy [AppName]

Versions
balena-engine version 17.12.0-dev, build dceb2fc48071b78a8a828e0468a15a479515385f
UP board | BalenaOS 2.29.2+rev1 --- Development
Docker version 18.09.5, build e8ff056

The resin_supervisor container is running. But everytime I deploy the simple node server, it keeps on restarting. I also tried to deploy a simple Dockerfile. It still restarts

simple Dockerfile
FROM balenalib/up-board-debian

Logfiles

I don't know if the UP Board image is still buggy or the device that I use is defective. Could someone help me on this?

As of right now, deleting environment variables is not possible due to a BalenaRequestError: Request error: Database error. This happens on device and application variables.

$ balena -v
11.7.3

$ balena env add BALENA_SUPERVISOR_LOCAL_MODE 1 --device 0a160ca


$ balena envs --device 0a160ca --config
ID NAME                         VALUE
1  BALENA_SUPERVISOR_LOCAL_MODE 1

$ balena env rm BALENA_SUPERVISOR_LOCAL_MODE --device 0a160ca
? Are you sure you want to delete the environment variable? Yes
BalenaRequestError: Request error: Database error
    at C:\ProgramData\nvm\v12.7.0\node_modules\balena-cli\node_modules\balena-request\build\request.js:197:17
    at tryCatcher (C:\ProgramData\nvm\v12.7.0\node_modules\balena-cli\node_modules\bluebird\js\release\util.js:16:23)
    at Promise._settlePromiseFromHandler (C:\ProgramData\nvm\v12.7.0\node_modules\balena-cli\node_modules\bluebird\js\release\promise.js:517:31)
    at Promise._settlePromise (C:\ProgramData\nvm\v12.7.0\node_modules\balena-cli\node_modules\bluebird\js\release\promise.js:574:18)
    at Promise._settlePromise0 (C:\ProgramData\nvm\v12.7.0\node_modules\balena-cli\node_modules\bluebird\js\release\promise.js:619:10)
    at Promise._settlePromises (C:\ProgramData\nvm\v12.7.0\node_modules\balena-cli\node_modules\bluebird\js\release\promise.js:699:18)
    at _drainQueueStep (C:\ProgramData\nvm\v12.7.0\node_modules\balena-cli\node_modules\bluebird\js\release\async.js:138:12)
    at _drainQueue (C:\ProgramData\nvm\v12.7.0\node_modules\balena-cli\node_modules\bluebird\js\release\async.js:131:9)
    at Async._drainQueues (C:\ProgramData\nvm\v12.7.0\node_modules\balena-cli\node_modules\bluebird\js\release\async.js:147:5)
    at Immediate.Async.drainQueues [as _onImmediate] (C:\ProgramData\nvm\v12.7.0\node_modules\balena-cli\node_modules\bluebird\js\release\async.js:17:14)
    at processImmediate (internal/timers.js:439:21)
    at process.topLevelDomainCallback (domain.js:126:23)

If you need help, don't hesitate in contacting our support forums at
https://forums.balena.io

For bug reports or feature requests, have a look at the GitHub issues or
create a new one at: https://github.com/balena-io/balena-cli/issues/

(node:17136) [DEP0066] DeprecationWarning: OutgoingMessage.prototype._headers is deprecated

super minor documentation issue, but scripts/quickstart currently contains the following line:

echo " - Use the following certificate with Balena CLI: ${CONFIG_DIR}/root/ca.crt"

This produces the following output on my machine: /home/balena/open-balena/config/root/ca.crt , but the cert is actually in /home/balena/open-balena/config/certs/root/ca.crt

It's an easy fix; the script should instead read:

echo " - Use the following certificate with Balena CLI: ${CONFIG_DIR}/certs/root/ca.crt"

The documentation is correct - it's just the console spew at the end of the quickstart script that's wrong...

Hello,

I'm trying to setup OpenBalena. I would like to evaluate OpenBalena on my personal laptop running on Ubuntu 18.04 .
From the getting started: https://www.balena.io/open/docs/getting-started, I need to setup CNAME.
Which tool are you using to setup CNAME entries? Do you have any example file for openbalena configuration?
From my side, I tried the tool bind9 without success. I'm probably missing competencies in this domaine.

If you have already installed OpenBalena, please share your configuration !

Thanks.

Py.

Summary: the redis container of openBalena is exposed to the Internet by default with no security enabled, and likely shouldn't be.

Ideally, the compose configurations for the server should only expose 443 out of box, as per this forum thread. That way, openBalena is secure by default and only allows access to other ports via the docker compose-created local network unless explicitly enabled for debugging.

But at a minimum, even if that can't be done, the quickstart guide needs to be updated with guidance for securing a new install ASAP to explicitly instruct users to block the other ports (looks like 80, 222, 3128, 5432, and 6379?) using a firewall. It might be worth thinking about other server configuration best practices that the Balena team uses in production that would be applicable to openBalena admins as well.

Full issue: While experimenting with open-balena installed on an Internet-accessible server, I noticed strange behavior where after 6-24 hours of uptime, 'balena logs' would stop working with a "BalenaRequestError: Request error: Internal Server Error" error. Stopping and restarting all the containers resolved the issue each time, so I got in the habit of temporarily restarting it each day before working with my server.

That eventually caused me to investigate the logs for all the various composed docker containers for the server to root cause what was going on, and I noticed strange logging from redis starting a few hours after the last restart:

balena@servername:~/open-balena/compose$ docker logs 26cac86e889a | more
1:C 07 Jan 2019 07:45:39.899 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
1:C 07 Jan 2019 07:45:39.899 # Redis version=5.0.3, bits=64, commit=00000000, modified=0, pid=1, just started
1:M 07 Jan 2019 07:45:39.900 * Running mode=standalone, port=6379.
1:M 07 Jan 2019 07:45:39.900 # Server initialized
1:M 07 Jan 2019 07:45:39.900 * DB loaded from disk: 0.000 seconds
1:M 07 Jan 2019 07:45:39.900 * Ready to accept connections
1:M 07 Jan 2019 07:50:40.090 * 100 changes in 300 seconds. Saving...
1:M 07 Jan 2019 07:50:40.091 * Background saving started by pid 12
12:C 07 Jan 2019 07:50:40.116 * DB saved on disk
12:C 07 Jan 2019 07:50:40.117 * RDB: 0 MB of memory used by copy-on-write
1:M 07 Jan 2019 07:50:40.192 * Background saving terminated with success
1:M 07 Jan 2019 07:55:41.026 * 100 changes in 300 seconds. Saving...
1:M 07 Jan 2019 07:55:41.027 * Background saving started by pid 13
13:C 07 Jan 2019 07:55:41.054 * DB saved on disk
13:C 07 Jan 2019 07:55:41.056 * RDB: 0 MB of memory used by copy-on-write
1:M 07 Jan 2019 07:55:41.129 * Background saving terminated with success
1:M 07 Jan 2019 08:17:51.870 * DB saved on disk
1:M 07 Jan 2019 08:17:51.872 # Failed opening the RDB file root (in server root dir /var/spool/cron) for saving: Permission denied
1:M 07 Jan 2019 08:17:51.873 # Failed opening the RDB file root (in server root dir /etc/crontabs) for saving: Permission denied
1:M 07 Jan 2019 09:17:52.046 * 1 changes in 3600 seconds. Saving...
1:M 07 Jan 2019 09:17:52.047 * Background saving started by pid 14
14:C 07 Jan 2019 09:17:52.049 # Failed opening the RDB file root (in server root dir /etc/crontabs) for saving: Permission denied
1:M 07 Jan 2019 09:17:52.149 # Background saving error
1:M 07 Jan 2019 09:17:58.085 * 1 changes in 3600 seconds. Saving...
1:M 07 Jan 2019 09:17:58.086 * Background saving started by pid 15
15:C 07 Jan 2019 09:17:58.087 # Failed opening the RDB file root (in server root dir /etc/crontabs) for saving: Permission denied
1:M 07 Jan 2019 09:17:58.187 # Background saving error

(repeats ~10,000 more times over six days)

This is suspicious - I wouldn't expect redis to be trying to write out to /var/spool/cron or /etc/crontabs! And, as it turns out, this is a common symptoms of attackers trying to install cryptominers or other malware through redis as a vector: https://blog.huntingmalware.com/notes/LLMalware#attack

Fortunately, in this case because the redis container is so minimal, it only got as far as changing the password on my database instance. So it was effectively just a DoS attack - and not a particularly effective one at that. But my machine gets consistently "reinfected" every time I restart the server after a few hours, and I suspect this will be common in the wild once more people start experimenting with openBalena (particularly in development environments where you might be more lax about setting up a firewall/etc.)

Since balena is managed through docker compose, and it appears these ports are being explicitly exposed through haproxy, my suggestion would be to use that to block access to redis and other services that don't need to be public by default; developers are always free to expose those ports for debugging/development if necessary, but IMHO at the end of the quickstart you should be left with the minimal surface area necessary for the app to work.

It would be great to add support to use AWS S3 for the registry storage using an IAM Role with rotating credentials instead of having to hardcode IAM User credentials into the environment file.

Installing the CLI Client says ...

Point balena-cli to your server by setting resinUrl in ~/.resinrc.yml to your server domain name, eg:

... and it's followed by the JSON example ...

{
  "resinUrl": "mydomain.com"
}

... which should be YAML to avoid confusion or copy & paste errors.

Hello Balena team!

First off, thank you for putting balena out as an open source project!

I have followed the docs exactly to get Balena up and running on DigitalOcean, but I am always hitting a wall getting stuck at logging in.

In particular, I was most unsure about CNAME records. My CNAME records are set up, and I think they are set up correctly. Base domain is mydomain.org (I am masking the actual domain in this post), and I have CNAME records for api, s3, vpn, and registry on Google Domains, with api pointing to api.mydomain.org etc. SSL is enabled for mydomain.org, which forwards directly to my DigitalOcean box's IP address.

However, even with all of this set up, I still get the following error logging in.

ENOTFOUND: request to https://api.mydomain.org/login_ failed, reason: getaddrinfo ENOTFOUND api.mydomain.org api.wors
hip-manager.org:443

I understand that the issue may need some digging before I can get past this blocker to using open-balena. What would be the best starting points for debugging? To be clear, I'm not expecting to resolve this quickly, but would like to take this chance to learn more about the right process of debugging the installation process. I might then take the chance to contribute some docs back.

Hi i would like to make a little feature request here - add the restart:always to the docker-compose specification

Today i restarted my server, and after that i forgot to start openbalena again

Little thing but will make a life easier

The README.md does show a very quick way to getting things setup, but it does leave out some important things like installation of nodejs / npm and the libssl-dev, which are probably needed for the CLI client. It could help new users if you link from the README.md to https://www.balena.io/open/docs/getting-started which explains in more detail how to setup open-balena 👍

On openBalena I can balena tunnel to any port on the device, but the permissions should currently restrict this to port 22222.

Before making it possible to tunnel any port we should determine why the current permission is being ignored.

OpenBalena's using an old version of docker-compose which, amongst other issues, has trouble recreating containers where existing volume mounts are specified in the Dockerfile.

What's the best way to backup the data in an OpenBalena instance? Just backup the docker data?

The OpenBalena docs refer to a default openbalena.local domain, however there is no default ability to publish the hostnames as a .local domain.

We should include a publisher and default service setup so that this works 'out of the box'.

• Node is required, which the readme doesn't mention (though https://www.balena.io/open/docs/getting-started does)
• It needs to be in your path as nodejs (I only had node)

If you don't have node, quickstart will silently fail at Generating token auth cert..., and compose will refuse to run.

I'm trying to deploy openBalena using the Vagrant VM, but the quickstart-script fails at the gen-root-cert script with the following error:

++ /tmp/easyrsa.C4sihKq6/easyrsa --pki-dir=/home/vagrant/openbalena/config/certs/root --days=730 '--subject-alt-name=DNS:*.mydomain.com' build-server-full '*.mydomain.com' nopass
mktemp: failed to create file via template ‘/home/vagrant/openbalena/config/certs/root/private/*.mydomain.com.key.XXXXXXXXXX’: Protocol error
mktemp: failed to create file via template ‘/home/vagrant/openbalena/config/certs/root/reqs/*.mydomain.com.req.XXXXXXXXXX’: Protocol error
Generating a 4096 bit RSA private key
......................................................................................................................................................................................................................................................................................................................++
....................++
writing new private key to ''
req: Can't open "" for writing, No such file or directory

Easy-RSA error:

Failed to generate request

I'm trying to do the following:

git clone https://github.com/balena-io/open-balena
cd open-balena
vagrant up
vagrant ssh
./scripts/quickstart -U [email protected] -P password -d mydomain.com -x

For more verbose logs I made the following changes to the scripts:

diff --git a/scripts/gen-root-cert b/scripts/gen-root-cert
index 7f09aae..082c5e8 100755
--- a/scripts/gen-root-cert
+++ b/scripts/gen-root-cert
@@ -28,7 +28,7 @@ ROOT_KEY="${ROOT_PKI}"'/private/*.'"${CN}"'.key'
 if [ ! -f $ROOT_CRT ] || [ ! -f $ROOT_KEY ]; then
   rm -f $ROOT_CRT $ROOT_KEY
   # generate default CSR and sign (root + wildcard)
-  "$easyrsa_bin" --pki-dir="${ROOT_PKI}" --days="${CRT_EXPIRY_DAYS}" --subject-alt-name="DNS:*.${CN}" build-server-full "*.${CN}" nopass 2>/dev/null
+  "$easyrsa_bin" --pki-dir="${ROOT_PKI}" --days="${CRT_EXPIRY_DAYS}" --subject-alt-name="DNS:*.${CN}" build-server-full "*.${CN}" nopass

   # update indexes and generate CRLs
   "$easyrsa_bin" --pki-dir="${ROOT_PKI}" update-db 2>/dev/null
diff --git a/scripts/ssl-common.sh b/scripts/ssl-common.sh
index 2196666..47026ba 100644
--- a/scripts/ssl-common.sh
+++ b/scripts/ssl-common.sh
@@ -11,7 +11,8 @@ if [ -z "${easyrsa_bin-}" ] || [ ! -x "${easyrsa_bin}" ]; then
         (cd "${easyrsa_dir}"; curl -sL "${easyrsa_url}" | tar xz --strip-components=1)
         easyrsa_bin="${easyrsa_dir}/easyrsa"
         # shellcheck disable=SC2064
-        trap "rm -rf \"${easyrsa_dir}\"" EXIT
+        #trap "rm -rf \"${easyrsa_dir}\"" EXIT
+        trap "echo \"${easyrsa_dir}\"" EXIT
     fi
     export EASYRSA_BATCH=1
     export EASYRSA_KEY_SIZE=4096

These are the logs:

vagrant@openbalena-vagrant:~/openbalena$ ./scripts/quickstart -U [email protected] -P password -d mydomain.com -x
+ getopts :hpxd:U:P: opt
+ shift 7
+ '[' -z [email protected] ']'
+ '[' -z password ']'
+ '[' false = true ']'
+ echo_bold '==> Creating new configuration at: /home/vagrant/openbalena/config'
+ printf '\033[1m%s\033[0m\n' '==> Creating new configuration at: /home/vagrant/openbalena/config'
==> Creating new configuration at: /home/vagrant/openbalena/config
+ mkdir -p /home/vagrant/openbalena/config /home/vagrant/openbalena/config/certs
+ echo_bold '==> Bootstrapping easy-rsa...'
+ printf '\033[1m%s\033[0m\n' '==> Bootstrapping easy-rsa...'
==> Bootstrapping easy-rsa...
+ source /home/vagrant/openbalena/scripts/ssl-common.sh
++ '[' -z '' ']'
+++ command -v easyrsa
+++ true
++ easyrsa_bin=
++ '[' -z '' ']'
+++ mktemp -dt easyrsa.XXXXXXXX
++ easyrsa_dir=/tmp/easyrsa.C4sihKq6
++ easyrsa_url=https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.5/EasyRSA-nix-3.0.5.tgz
++ echo '  - Downloading easy-rsa...'
  - Downloading easy-rsa...
++ cd /tmp/easyrsa.C4sihKq6
++ tar xz --strip-components=1
++ curl -sL https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.5/EasyRSA-nix-3.0.5.tgz
++ easyrsa_bin=/tmp/easyrsa.C4sihKq6/easyrsa
++ trap 'rm -rf "/tmp/easyrsa.C4sihKq6"' EXIT
++ export EASYRSA_BATCH=1
++ EASYRSA_BATCH=1
++ export EASYRSA_KEY_SIZE=4096
++ EASYRSA_KEY_SIZE=4096
+++ realpath /root
++++ command realpath /root
++++ realpath /root
+++ echo /root
++ ROOT_PKI=/root
++ CA_EXPIRY_DAYS=3650
++ CRT_EXPIRY_DAYS=730
+ echo_bold '==> Generating root CA cert...'
+ printf '\033[1m%s\033[0m\n' '==> Generating root CA cert...'
==> Generating root CA cert...
+ source /home/vagrant/openbalena/scripts/gen-root-ca mydomain.com /home/vagrant/openbalena/config/certs
++ '[' -z mydomain.com ']'
+++ realpath ./scripts/quickstart
++++ command realpath ./scripts/quickstart
++++ realpath ./scripts/quickstart
+++ echo /home/vagrant/openbalena/scripts/quickstart
++ CMD=/home/vagrant/openbalena/scripts/quickstart
+++ dirname /home/vagrant/openbalena/scripts/quickstart
++ DIR=/home/vagrant/openbalena/scripts
++ CN=mydomain.com
+++ realpath /home/vagrant/openbalena/config/certs
++++ command realpath /home/vagrant/openbalena/config/certs
++++ realpath /home/vagrant/openbalena/config/certs
+++ echo /home/vagrant/openbalena/config/certs
++ OUT=/home/vagrant/openbalena/config/certs
++ source /home/vagrant/openbalena/scripts/ssl-common.sh
+++ '[' -z /tmp/easyrsa.C4sihKq6/easyrsa ']'
+++ '[' '!' -x /tmp/easyrsa.C4sihKq6/easyrsa ']'
++++ realpath /home/vagrant/openbalena/config/certs/root
+++++ command realpath /home/vagrant/openbalena/config/certs/root
+++++ realpath /home/vagrant/openbalena/config/certs/root
++++ echo /home/vagrant/openbalena/config/certs/root
+++ ROOT_PKI=/home/vagrant/openbalena/config/certs/root
+++ CA_EXPIRY_DAYS=3650
+++ CRT_EXPIRY_DAYS=730
++ ROOT_CA=/home/vagrant/openbalena/config/certs/root/ca.crt
++ '[' '!' -f /home/vagrant/openbalena/config/certs/root/ca.crt ']'
++ /tmp/easyrsa.C4sihKq6/easyrsa --pki-dir=/home/vagrant/openbalena/config/certs/root init-pki
++ /tmp/easyrsa.C4sihKq6/easyrsa --pki-dir=/home/vagrant/openbalena/config/certs/root --days=3650 --req-cn=ca.mydomain.com build-ca nopass
++ /tmp/easyrsa.C4sihKq6/easyrsa --pki-dir=/home/vagrant/openbalena/config/certs/root update-db
++ /tmp/easyrsa.C4sihKq6/easyrsa --pki-dir=/home/vagrant/openbalena/config/certs/root gen-crl
+ echo_bold '==> Generating root cert chain for haproxy...'
+ printf '\033[1m%s\033[0m\n' '==> Generating root cert chain for haproxy...'
==> Generating root cert chain for haproxy...
+ source /home/vagrant/openbalena/scripts/gen-root-cert mydomain.com /home/vagrant/openbalena/config/certs
++ '[' -z mydomain.com ']'
+++ realpath ./scripts/quickstart
++++ command realpath ./scripts/quickstart
++++ realpath ./scripts/quickstart
+++ echo /home/vagrant/openbalena/scripts/quickstart
++ CMD=/home/vagrant/openbalena/scripts/quickstart
+++ dirname /home/vagrant/openbalena/scripts/quickstart
++ DIR=/home/vagrant/openbalena/scripts
++ CN=mydomain.com
+++ realpath /home/vagrant/openbalena/config/certs
++++ command realpath /home/vagrant/openbalena/config/certs
++++ realpath /home/vagrant/openbalena/config/certs
+++ echo /home/vagrant/openbalena/config/certs
++ OUT=/home/vagrant/openbalena/config/certs
++ source /home/vagrant/openbalena/scripts/ssl-common.sh
+++ '[' -z /tmp/easyrsa.C4sihKq6/easyrsa ']'
+++ '[' '!' -x /tmp/easyrsa.C4sihKq6/easyrsa ']'
++++ realpath /home/vagrant/openbalena/config/certs/root
+++++ command realpath /home/vagrant/openbalena/config/certs/root
+++++ realpath /home/vagrant/openbalena/config/certs/root
++++ echo /home/vagrant/openbalena/config/certs/root
+++ ROOT_PKI=/home/vagrant/openbalena/config/certs/root
+++ CA_EXPIRY_DAYS=3650
+++ CRT_EXPIRY_DAYS=730
++ ROOT_CRT='/home/vagrant/openbalena/config/certs/root/issued/*.mydomain.com.crt'
++ ROOT_KEY='/home/vagrant/openbalena/config/certs/root/private/*.mydomain.com.key'
++ '[' '!' -f '/home/vagrant/openbalena/config/certs/root/issued/*.mydomain.com.crt' ']'
++ rm -f '/home/vagrant/openbalena/config/certs/root/issued/*.mydomain.com.crt' '/home/vagrant/openbalena/config/certs/root/private/*.mydomain.com.key'
++ /tmp/easyrsa.C4sihKq6/easyrsa --pki-dir=/home/vagrant/openbalena/config/certs/root --days=730 '--subject-alt-name=DNS:*.mydomain.com' build-server-full '*.mydomain.com' nopass
mktemp: failed to create file via template ‘/home/vagrant/openbalena/config/certs/root/private/*.mydomain.com.key.XXXXXXXXXX’: Protocol error
mktemp: failed to create file via template ‘/home/vagrant/openbalena/config/certs/root/reqs/*.mydomain.com.req.XXXXXXXXXX’: Protocol error
Generating a 4096 bit RSA private key
......................................................................................................................................................................................................................................................................................................................++
....................++
writing new private key to ''
req: Can't open "" for writing, No such file or directory

Easy-RSA error:

Failed to generate request
+ echo /tmp/easyrsa.a7SoVCiB
/tmp/easyrsa.a7SoVCiB

It would be a good idea to check if quickstart is run as root and stop execution if not, otherwise it will fail at the ==> Generating token auth cert... step without a comment.

I have tried open-balena with both wifi and ethernet connectivity for jetson nano , it is stuck at below screen. No response for balena devices command
Master server is setup properly