Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
  • 16:53
    vigier synchronize #1226
  • 14:05
    vigier commented #1226
  • 13:07
    vigier synchronize #1226
  • 12:16
    vigier synchronize #1226
  • 11:07
    hawkbit-bot commented #1227
  • 11:06
    singrob opened #1227
  • 10:52
    vigier synchronize #1226
  • 10:42
    vigier synchronize #1226
  • 10:27
    vigier synchronize #1226
  • 10:21
    vigier synchronize #1226
  • 09:39
    vigier ready_for_review #1226
  • 09:36
    vigier synchronize #1226
  • Jan 27 17:27
    vigier synchronize #1226
  • Jan 26 14:58
    vigier synchronize #1226
  • Jan 26 14:56
    vigier synchronize #1226
  • Jan 26 12:09
    a-sayyed synchronize #1125
  • Jan 26 11:34
    vigier synchronize #1226
  • Jan 26 11:26
    vigier synchronize #1226
  • Jan 26 11:19
    vigier synchronize #1226
  • Jan 26 00:57
    hawkbit-bot unlabeled #1216
Screenshot from 2021-08-26 16-00-07.png
as you guys can see here even though the update was successful hawkbit says otherwise. Why is this happening
Why cant i see that the update is finished on hawkbit
Stefano Babic
@Aswin-png this is NOT related to Hawkbit, you have to set up SWUpdate to send the feedback message to Hawkbit, and this is generally done after rebooting the device (see suricatta command line parameters), or using the sendtohawkbit utility. The topic was raised several times on SWUpdate's ML, just use the archives.
Hello guys,
Has anyone experience with Docker images from this tutorial?
It seemed to me as the easiest way to try out a hawkBit environment. Unfortunately I start the docker swarm and see nothing on port 8080.
It also seems as there is no replica of a mySQL database.
Thank you for sharing!
Alexander Dobler

@DominikDSSchneider Hi, the referenced stack in the tutorial (similar to the stacks in the official hawkbit repo) suffer from recent changes to both the official mysql and rabbitmq containers. They discourage usage of certain environment variables and as a consequence fail to start. As hawkbit then cannot connect to the database it fails to start fully too.

See Hawkbit PR for stack changes for RabbitMQ and MySQL

To shorten it, you have to delete the following lines in the environment entry of the mysql respectively the rabbitmq service in the stack file:

- MYSQL_USER: "root"

Thank you very much @dobleralex , works now :-)
Hi all,
ran into issue after upgrading successfully running M6 Hawkbit to M7, after initial login into Hawkbit UI with all proper information (devices, distribution sets, etc) initially displayed, there are multiple errors "An Authentication object was not found in the SecurityContext". I created an issue #1171 in GitHub eclipse/hawkbit#1171 for this.
Anyone else seeing this after the upgrade?
Diego Rondini
@mdymov-hayward are you using a custom theme?
sounds somehow similar to:
@diegorondini We do use some customization but its limited; however, the Transport.WEBSOCKET difference looks spot on as we have it set to Transport.WEBSOCKET instead of Transport.WEBSOCKET_XHR. We have Hawkbit running before the eclipse/hawkbit-examples#56 and I wanted to minimize the changes when moving from M6 to M7.
I am rebuilding docker image right now with Transport.WEBSOCKET_XHR.
That was it - changing from Transport.WEBSOCKET to Transport.WEBSOCKET_XHR resolved the issue! I can now access all devices/distribution sets/rollouts as usual. This is running in local docker container, next step will be to push the change to Google Cloud Run and see if this works in GCP K8 cluster too. Thank you guys!
1 reply
Hey guys, I just wanted to share with you on how I changed the GUI of hawkbit, the recommended way on this site also worked for me https://www.eclipse.org/hawkbit/guides/customtheme/
But i did it like this i cloned hawkbit seperately(Not the usual place i run hawkbit from but an extra) to a folder and then I went to hawkbit-ui /src/main/resources/VAADIN/themes/hawkbit/customstyles and then opened "hawkbitvariables.scss" and then made the changes i wanted and then went to my original hawkbit folder deleted the hawkbit-ui folder and replaced it with the new one(alwayshave a backup of the original hawkbit-ui folder). Finally i compiled everything together and run hawkbit. Worked like a charm. I do not know if this is reccommended but if it not please do tell me
Thank you very much
Cameron Miller
Hey everyone, I had a quick question about configuring API ports. Ideally I'd like to only publicly expose the DDI endpoint and limit access to the Management API/UI to clients within our VPC, so I was wondering if it's possible to separate which ports the Management API/UI and DDI API run on
Hello, I'm upgrading to hawkbit 0.3.0M7 and configuring to use oauth2. But I have problems with oauth2. I am fetching a token using autorization_code, and I see that I get a valid token back. But it seems that the org.springframework.security.web.authentication.AnonymousAuthenticationFilter is triggered in the filterChain, setting the authentication to Anonymous. And this results in that the token-response is not processed (at least it looks like). Do you know if there is any running example of hawkbit running oauth2 which I can look at an compare? Or have you seen any problem like this before? Most probably I miss some config..


In case anyone downgrades from 0.3.0M7 to 0.3.0M6 with MySQL as data backend... However rare that may be.

The upgrade to M7 alters 2 tables in database definition used by M6. This is fine for upgrade path M6->M7 but when reverted/downgraded back to M6 the new data table definitions prevent any Distribution Set to be assigned to any target. Effectively the OTA service is not functional at that point even though UI is accessible and shows all previously assigned Distribution Sets info correctly.

There is no error produced by UI when new Distribution Set fails to be assigned via UI. Clue to root cause was found in Hawkbit container logs where JDBC SQL exception was logged for "Field 'initiated_by' doesn't have a default value;".

In order to restore ability to assign new Distribution Sets to targets you'll need to DROP COLUMNS in MySQL database used by Hawkbit as follows:

  • drop column 'initiated_by' from table 'sp_action';
  • drop column 'auto_assign_initiated_by' from table 'sp_target_filter_query'.

This can be done on live database. Of course create copies of both tables just in case or backup the database before altering anything in database.

Hope this helps.


I've implemented an hawkbit amqp client, which receives correctly the download instruction, download the files to local storage, and verify the hashes. However, in the dmf documentation, there's only modules id, never a name : https://www.eclipse.org/hawkbit/apis/dmf_api/

Which is not exactly usefull to give meaning to the modules directory. Can we retrieve the modules name directly from a target ?

Hi everyone,
currently i try to implement a Open Id Connect authentication via Azure AD. I followed the description on the subject Open Id Connect in the documentary. Unfortunately i got the following error :
2021-09-24 10:17:05.654 DEBUG 1 --- [qtp634638280-26] o.s.web.servlet.DispatcherServlet        : GET "/", parameters={},
2021-09-24 10:17:06.346 DEBUG 1 --- [qtp634638280-26] o.s.web.servlet.DispatcherServlet        : Exiting from "ERROR" dispatch, status 404,
2021-09-24 10:17:05.655 DEBUG 1 --- [qtp634638280-26] o.s.web.servlet.view.RedirectView        : View name 'redirect:', model {},
2021-09-24 10:17:05.654 DEBUG 1 --- [qtp634638280-26] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.eclipse.hawkbit.autoconfigure.mgmt.ui.RedirectController#home(),
2021-09-24 10:17:05.655 DEBUG 1 --- [qtp634638280-26] o.s.web.servlet.DispatcherServlet        : Completed 302 FOUND,
2021-09-24 10:17:05.857 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate              : HTTP POST https://login.microsoftonline.com/06846365-0bcb-4951-b004-9ace50ff7b85/oauth2/v2.0/token,
2021-09-24 10:17:05.858 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate              : Accept=[application/json, application/*+json],
2021-09-24 10:17:05.858 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate              : Writing [{grant_type=[authorization_code], code=[0.AS8AZWOEBssLUUmwBJrOUP97hXO6B[.....]HXUw9S7xL5q2Kd4sTbbJJsh_OC1PgDJp8T-G70yJikguICqkgQ5MyAA], redirect_uri=[http://localhost:8080/login/oauth2/code/oidc]}] as "application/x-www-form-urlencoded;charset=UTF-8",
2021-09-24 10:17:06.076 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate              : Reading to [org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse] as "application/json;charset=utf-8",
2021-09-24 10:17:06.075 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate              : Response 200 OK,
2021-09-24 10:17:06.084 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate              : HTTP GET https://graph.microsoft.com/oidc/userinfo,
2021-09-24 10:17:06.084 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate              : Accept=[application/json, application/cbor, application/*+json],
2021-09-24 10:17:06.252 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate              : Response 200 OK,
2021-09-24 10:17:06.253 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate              : Reading to [java.util.Map<java.lang.String, java.lang.Object>],
2021-09-24 10:17:06.265 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate              : HTTP GET https://login.microsoftonline.com/06846365-0bcb-4951-b004-9ace50ff7b85/discovery/v2.0/keys,
2021-09-24 10:17:06.266 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate              : Accept=[text/plain, application/json, application/cbor, application/*+json, */*],
2021-09-24 10:17:06.336 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate              : Response 200 OK,
2021-09-24 10:17:06.336 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate              : Reading to [java.lang.String] as "application/json;charset=utf-8",
2021-09-24 10:17:06.342 DEBUG 1 --- [qtp634638280-26] o.s.web.servlet.DispatcherServlet        : GET "/login?error", parameters={masked},
2021-09-24 10:17:06.343 DEBUG 1 --- [qtp634638280-26] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped to ResourceHttpRequestHandler ["classpath:/META-INF/resources/", "classpath:/resources/", "classpath:/static/", "classpath:/public/", "/"],
2021-09-24 10:17:06.344 DEBUG 1 --- [qtp634638280-26] o.s.w.s.r.ResourceHttpRequestHandler     : Resource not found,
2021-09-24 10:17:06.344 DEBUG 1 --- [qtp634638280-26] o.s.web.servlet.DispatcherServlet        : Completed 404 NOT_FOUND,
2021-09-24 10:17:06.345 DEBUG 1 --- [qtp634638280-26] o.s.web.servlet.DispatcherServlet        : "ERROR" dispatch for GET "/error?error", parameters={masked},
is anyone fimilar with this topic and can help me ?
Sahaya cyril

Hello Everyone,
I'm trying to set up a reverse proxy to allow certificate authentication.
For testing purpose I'm using self signed certificate. Client and Server are kept at same local network.

I'm using swupdate from client side, when trying to connect the hawkbit server, I get the following error.

Client logs:

ERROR: Channel operation returned HTTP error code 401.
- Connected to ( port 8443 (#2)
- found 1 certificates in /root/caroot.cer
- found 592 certificates in /etc/ssl/certs
- ALPN, offering http/1.1
- SSL re-using session ID
- SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
- server certificate verification OK
- server certificate status verification SKIPPED
- common name: (matched)
- server certificate expiration date OK
- server certificate activation date OK
- certificate public key: RSA
- certificate version: #1
- subject: C=IN,ST=MH,L=MU,O=Test,OU=Development,CN=,EMAIL=test@gmail.com
- start date: Mon, 27 Sep 2021 09:51:04 GMT
- expire date: Tue, 27 Sep 2022 09:51:04 GMT
- issuer: C=IN,ST=MH,L=MU,O=Test,OU=Development,CN=,EMAIL=test@gmail.com
- compression: NULL
- ALPN, server did not agree to a protocol
> GET /DEFAULT/controller/v1/scv HTTP/1.1

Hawkbit server logs:

2021-09-27 18:47:00.907  INFO 52737 --- [           main] o.e.jetty.server.AbstractConnector       : Started SslValidatingServerConnector@2e34384c{SSL, (ssl, alpn, h2, http/1.1)}{}
2021-09-27 18:47:00.909  INFO 52737 --- [           main] o.s.b.web.embedded.jetty.JettyWebServer  : Jetty started on port(s) 8443 (ssl, alpn, h2, http/1.1) with context path '/'

Can anyone please confirm this is failing just because of ALPN offering http/1.1, If yes please guide me.

Is there any documentation available for allowing targets to authenticate via a certificate authenticated by a reverse proxy?


Hello guys, I have a question regarding hawkbit and SWupdate.

Our embedded systems do not have an IP address, we thus need the systems to create any connections.

Is this something that HawkBit and SWupdate allows?

Thank you :)

Mamta singh
Hi, I am new to this hawkbit swupdate. I am using hawkbit server as docker image. I want to change the login username and password of management UI. Can anyone please help me with correct steps. Thanks....
Sahaya cyril

Hi @mamtasingh2304_gitlab ,
Sorry for late response.

You have to add below given code to your hawkbit application.properties

Define own users instead of default "admin" user:


You can also add multiple users by incrementing the array count.
eg. hawkbit.server.im.users[1].username=2nduser

Reference: https://github.com/eclipse/hawkbit/blob/master/hawkbit-runtime/hawkbit-update-server/src/main/resources/application.properties

Hope this helps!

Sahaya Cyril

Hi, I am running oidc login and want to set tenant on login. But it looks like its hard-coded to DEFAULT in org.eclipse.hawkbit.autoconfigure.securit.OidcAuthenticationSuccessHandler. Do you know if there is another way to supply tentat in oidc flow? I can not override the OidcAuthenticationSuccessHandler bean.
Hi All,
Need help using Hawkbit with SWUpdate integration purpose.
I know we can use DDI on the client side to download software release from Hawkbit.
Since SWUpdate has pre-install scripting support, Need to write a script here and just download the image without updating the Device.
Please note : I am not interested to update the device, since I have my own update service..
Kindly help.
13 replies
Akaarir Mohamed
Hi everyone,
I'm using hawkbit/hawkbit-update-server container 6 months now, and i came to the problem that my server is full, how can i migrate just the data to another one?
3 replies
Akaarir Mohamed
any link that help would be apreciable.
Thank you,
Cant you use docker volumes?
Akaarir Mohamed
thank you @gunnarpn:matrix.org , I never used docker volumes so i will look how it works.
How do i set up hawkbit in intelij ?
Akaarir Mohamed
Hi, i find the solution of migrating my data of docker from a partition to another using the method on this website and it works! https://www.digitalocean.com/community/questions/how-to-move-the-default-var-lib-docker-to-another-directory-for-docker-on-linux
@gunnarpn:matrix.org thank you for the help!
@floruschbaschan Can you give an idea on how can we customize the s3 artifact plugin. Basically I would like add some side effects upon successful upload. is it possible to do so?
1 reply
Thomas Karl Pietrowski
Hey! I'm running Hawkbit in AKS and every time I restart my pod with hawkbit in there, I get an HTTP 500 internal error on every rollout. However, as long as hawkbit is running and I create a new distribution and roll that one out, everything is fine. Looks like restarting the service kills something.
I tweaked the log level, but I see no error message relating to the 500 internal error. Is there a way I can get more info out?
Thomas Karl Pietrowski
To be more precise, I did the log level tweaking by setting the environment variable LOGGING_LEVEL_ROOT="DEBUG" . Do I need to set other levels of other modules, too? I remember something like this from openHAB, but I don't have the orientation to know whether we have the same where.
I have integrated the keycloak with hawkbit after successful validation it redirect to hawkbit but it is not showing distrubution in deployment page I have created the distrubution in distrubution page.And I have assigned all client level roles to the user
Thomas Karl Pietrowski
I found the error when setting the debug level to trace. At least I could find it better then.
The problem is basically that the Dockerfile is misleading. It defines a volume that doesn't seem to be used (anymore?).
So in /opt/hawkbit there shall be a data directory for persistent data, however, the relevant directory is artifactory instead. That's basically the reason why I lost the artifacts when recreating the container in k8s.
I only found a Dockerfile in the .dev-container directory in the projects repo. Is there a different place where the one from docker hub is maintained?
Krishna Subramanian

Hello hawkBit community,

We are using hawkBit over reverse proxy TLS. We recently merged changes from 0.3.0M7 into our fork, and found that we get HTTP response instead of HTTPS. Setting hawkbit.server.security.require-ssl to true (a previous recommendation on Gitter) did not help. The migration guide does not include anything relevant for this - could this be caused by the Spring Boot 2.3.7 upgrade? Or any other upgraded dependencies?


Thomas Karl Pietrowski
@krishna-devolo Moin! When does it happen? When your devices connect to hawkbit?
Krishna Subramanian
@thopiekar Moin! Yes, when devices connect to hawkBit.
Thomas Karl Pietrowski
Last time I went into this, I found these properties.
It will influence the generated urls sent by Hawkbit to your device.