Transport.WEBSOCKET to Transport.WEBSOCKET_XHR resolved the issue! I can now access all devices/distribution sets/rollouts as usual. This is running in local docker container, next step will be to push the change to Google Cloud Run and see if this works in GCP K8 cluster too. Thank you guys!
1 reply
But i did it like this i cloned hawkbit seperately(Not the usual place i run hawkbit from but an extra) to a folder and then I went to hawkbit-ui /src/main/resources/VAADIN/themes/hawkbit/customstyles and then opened "hawkbitvariables.scss" and then made the changes i wanted and then went to my original hawkbit folder deleted the hawkbit-ui folder and replaced it with the new one(alwayshave a backup of the original hawkbit-ui folder). Finally i compiled everything together and run hawkbit. Worked like a charm. I do not know if this is reccommended but if it not please do tell me
Thank you very much
@All,
In case anyone downgrades from 0.3.0M7 to 0.3.0M6 with MySQL as data backend... However rare that may be.
The upgrade to M7 alters 2 tables in database definition used by M6. This is fine for upgrade path M6->M7 but when reverted/downgraded back to M6 the new data table definitions prevent any Distribution Set to be assigned to any target. Effectively the OTA service is not functional at that point even though UI is accessible and shows all previously assigned Distribution Sets info correctly.
There is no error produced by UI when new Distribution Set fails to be assigned via UI. Clue to root cause was found in Hawkbit container logs where JDBC SQL exception was logged for "Field 'initiated_by' doesn't have a default value;".
In order to restore ability to assign new Distribution Sets to targets you'll need to DROP COLUMNS in MySQL database used by Hawkbit as follows:
- drop column 'initiated_by' from table 'sp_action';
- drop column 'auto_assign_initiated_by' from table 'sp_target_filter_query'.
This can be done on live database. Of course create copies of both tables just in case or backup the database before altering anything in database.
Hope this helps.
Hello,
I've implemented an hawkbit amqp client, which receives correctly the download instruction, download the files to local storage, and verify the hashes. However, in the dmf documentation, there's only modules id, never a name : https://www.eclipse.org/hawkbit/apis/dmf_api/
Which is not exactly usefull to give meaning to the modules directory. Can we retrieve the modules name directly from a target ?
currently i try to implement a Open Id Connect authentication via Azure AD. I followed the description on the subject Open Id Connect in the documentary. Unfortunately i got the following error :
2021-09-24 10:17:05.654 DEBUG 1 --- [qtp634638280-26] o.s.web.servlet.DispatcherServlet : GET "/", parameters={},
2021-09-24 10:17:06.346 DEBUG 1 --- [qtp634638280-26] o.s.web.servlet.DispatcherServlet : Exiting from "ERROR" dispatch, status 404,
2021-09-24 10:17:05.655 DEBUG 1 --- [qtp634638280-26] o.s.web.servlet.view.RedirectView : View name 'redirect:', model {},
2021-09-24 10:17:05.654 DEBUG 1 --- [qtp634638280-26] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.eclipse.hawkbit.autoconfigure.mgmt.ui.RedirectController#home(),
2021-09-24 10:17:05.655 DEBUG 1 --- [qtp634638280-26] o.s.web.servlet.DispatcherServlet : Completed 302 FOUND,
2021-09-24 10:17:05.857 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate : HTTP POST https://login.microsoftonline.com/06846365-0bcb-4951-b004-9ace50ff7b85/oauth2/v2.0/token,
2021-09-24 10:17:05.858 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate : Accept=[application/json, application/*+json],
2021-09-24 10:17:05.858 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate : Writing [{grant_type=[authorization_code], code=[0.AS8AZWOEBssLUUmwBJrOUP97hXO6B[.....]HXUw9S7xL5q2Kd4sTbbJJsh_OC1PgDJp8T-G70yJikguICqkgQ5MyAA], redirect_uri=[http://localhost:8080/login/oauth2/code/oidc]}] as "application/x-www-form-urlencoded;charset=UTF-8",
2021-09-24 10:17:06.076 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate : Reading to [org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse] as "application/json;charset=utf-8",
2021-09-24 10:17:06.075 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate : Response 200 OK,
2021-09-24 10:17:06.084 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate : HTTP GET https://graph.microsoft.com/oidc/userinfo,
2021-09-24 10:17:06.084 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate : Accept=[application/json, application/cbor, application/*+json],
2021-09-24 10:17:06.252 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate : Response 200 OK,
2021-09-24 10:17:06.253 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate : Reading to [java.util.Map<java.lang.String, java.lang.Object>],
2021-09-24 10:17:06.265 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate : HTTP GET https://login.microsoftonline.com/06846365-0bcb-4951-b004-9ace50ff7b85/discovery/v2.0/keys,
2021-09-24 10:17:06.266 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate : Accept=[text/plain, application/json, application/cbor, application/*+json, */*],
2021-09-24 10:17:06.336 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate : Response 200 OK,
2021-09-24 10:17:06.336 DEBUG 1 --- [qtp634638280-25] o.s.web.client.RestTemplate : Reading to [java.lang.String] as "application/json;charset=utf-8",
2021-09-24 10:17:06.342 DEBUG 1 --- [qtp634638280-26] o.s.web.servlet.DispatcherServlet : GET "/login?error", parameters={masked},
2021-09-24 10:17:06.343 DEBUG 1 --- [qtp634638280-26] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler ["classpath:/META-INF/resources/", "classpath:/resources/", "classpath:/static/", "classpath:/public/", "/"],
2021-09-24 10:17:06.344 DEBUG 1 --- [qtp634638280-26] o.s.w.s.r.ResourceHttpRequestHandler : Resource not found,
2021-09-24 10:17:06.344 DEBUG 1 --- [qtp634638280-26] o.s.web.servlet.DispatcherServlet : Completed 404 NOT_FOUND,
2021-09-24 10:17:06.345 DEBUG 1 --- [qtp634638280-26] o.s.web.servlet.DispatcherServlet : "ERROR" dispatch for GET "/error?error", parameters={masked},Hello Everyone,
I'm trying to set up a reverse proxy to allow certificate authentication.
For testing purpose I'm using self signed certificate. Client and Server are kept at same local network.
I'm using swupdate from client side, when trying to connect the hawkbit server, I get the following error.
Client logs:
ERROR: Channel operation returned HTTP error code 401.
- Connected to 192.168.1.121 (192.168.1.121) port 8443 (#2)
- found 1 certificates in /root/caroot.cer
- found 592 certificates in /etc/ssl/certs
- ALPN, offering http/1.1
- SSL re-using session ID
- SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
- server certificate verification OK
- server certificate status verification SKIPPED
- common name: 192.168.1.121 (matched)
- server certificate expiration date OK
- server certificate activation date OK
- certificate public key: RSA
- certificate version: #1
- subject: C=IN,ST=MH,L=MU,O=Test,OU=Development,CN=192.168.1.121,EMAIL=test@gmail.com
- start date: Mon, 27 Sep 2021 09:51:04 GMT
- expire date: Tue, 27 Sep 2022 09:51:04 GMT
- issuer: C=IN,ST=MH,L=MU,O=Test,OU=Development,CN=192.168.1.121,EMAIL=test@gmail.com
- compression: NULL
- ALPN, server did not agree to a protocol
> GET /DEFAULT/controller/v1/scv HTTP/1.1Hawkbit server logs:
2021-09-27 18:47:00.907 INFO 52737 --- [ main] o.e.jetty.server.AbstractConnector : Started SslValidatingServerConnector@2e34384c{SSL, (ssl, alpn, h2, http/1.1)}{0.0.0.0:8443}
2021-09-27 18:47:00.909 INFO 52737 --- [ main] o.s.b.web.embedded.jetty.JettyWebServer : Jetty started on port(s) 8443 (ssl, alpn, h2, http/1.1) with context path '/'Can anyone please confirm this is failing just because of ALPN offering http/1.1, If yes please guide me.
Is there any documentation available for allowing targets to authenticate via a certificate authenticated by a reverse proxy?
Hello guys, I have a question regarding hawkbit and SWupdate.
Our embedded systems do not have an IP address, we thus need the systems to create any connections.
Is this something that HawkBit and SWupdate allows?
Thank you :)
Hi @mamtasingh2304_gitlab ,
Sorry for late response.
You have to add below given code to your hawkbit application.properties
Define own users instead of default "admin" user:
hawkbit.server.im.users[0].username=hawkbit
hawkbit.server.im.users[0].password={noop}isAwesome!
hawkbit.server.im.users[0].firstname=Eclipse
hawkbit.server.im.users[0].lastname=HawkBit
hawkbit.server.im.users[0].permissions=ALL
You can also add multiple users by incrementing the array count.
eg. hawkbit.server.im.users[1].username=2nduser
Hope this helps!
Regards,
Sahaya Cyril
Need help using Hawkbit with SWUpdate integration purpose.
I know we can use DDI on the client side to download software release from Hawkbit.
Since SWUpdate has pre-install scripting support, Need to write a script here and just download the image without updating the Device.
Please note : I am not interested to update the device, since I have my own update service..
Kindly help.
Regards,
Mohan
13 replies
3 replies
The problem is basically that the Dockerfile is misleading. It defines a volume that doesn't seem to be used (anymore?).
So in /opt/hawkbit there shall be a data directory for persistent data, however, the relevant directory is artifactory instead. That's basically the reason why I lost the artifacts when recreating the container in k8s.
I only found a Dockerfile in the .dev-container directory in the projects repo. Is there a different place where the one from docker hub is maintained?
Thanks!
Hello hawkBit community,
We are using hawkBit over reverse proxy TLS. We recently merged changes from 0.3.0M7 into our fork, and found that we get HTTP response instead of HTTPS. Setting hawkbit.server.security.require-ssl to true (a previous recommendation on Gitter) did not help. The migration guide does not include anything relevant for this - could this be caused by the Spring Boot 2.3.7 upgrade? Or any other upgraded dependencies?
Thanks!
Hi all! I have integrated the keycloak with hawkbit after successful validation it redirect to hawkbit I am not able to assign distrubution to target.But through target filter it is assigning to ds.And I have assigned all client level roles to the user
I have given all client roles to the user like
APPROVE_ROLLOUT
CREATE_ROLLOUT
DELETE_ROLLOUT
UPDATE_ROLLOUT
READ_ROLLOUT
HANDLE_ROLLOUT
ROLLOUT_MANAGEMENT
CREATE_TARGET
DELETE_TARGET
READ_TARGET
UPDATE_TARGET
CREATE_REPOSITORY
DELETE_REPOSITORY
READ_REPOSITORY
UPDATE_REPOSITORY
TENANT_CONFIGURATION
DOWNLOAD_REPOSITORY_ARTIFACT
READ_TARGET_SECURITY_TOKEN
I am getting error like this in terminal
I have decoded Access token it is getting client roles also Whatever I have assigned
1 reply
we are using rollout to deploy updates on multiple targets.
We want to have the possibility to cancel all running updates launched by a rollout without clicking on each target.
Is there a way to stop the rollout that will cancel all concerned running updates ?
Thanks!
Hey @kevlhop
yes this is possible with the new invalidation of distribution sets feature. Extract from the documentation:
Invalidating a distribution set removes all auto-assignments that reference this distribution set. Optionally, all rollouts that reference the distribution set can be stopped and existing update actions are removed, either by a soft-cancel or a forced-cancel.
Invalidated distribution sets cannot be valid again, but remain invalid. They cannot be assigned to targets, neither through a rollout, auto-assignment nor a single assignment.
