Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 17:13

    bogdan-bondar on master

    DDI API: /controller/v1/{contro… (compare)

  • 17:13
    bogdan-bondar closed #1220
  • Jan 21 09:07
    Nkyn synchronize #1220
  • Jan 20 08:44
    Nkyn synchronize #1220
  • Jan 19 11:58
    Nkyn synchronize #1220
  • Jan 19 10:31
    Nkyn synchronize #1220
  • Jan 19 07:21
    Nkyn synchronize #1220
  • Jan 18 14:00
    lreinecke closed #1222
  • Jan 18 13:17
    hawkbit-bot commented #1223
  • Jan 18 13:16
    lreinecke opened #1223
  • Jan 18 12:52
    lreinecke commented #1222
  • Jan 18 12:23
    lreinecke opened #1222
  • Jan 18 10:46

    bogdan-bondar on master

    add license header for Bosch.IO… (compare)

  • Jan 18 10:46
    bogdan-bondar closed #1221
  • Jan 18 07:37
    hawkbit-bot commented #1221
  • Jan 18 07:29
    Nkyn opened #1221
  • Jan 17 16:37
    hawkbit-bot commented #1220
  • Jan 17 16:29
    Nkyn opened #1220
  • Jan 13 09:21

    bogdan-bondar on master

    fix distribution set tag api do… (compare)

  • Jan 13 09:21
    bogdan-bondar closed #1219
Akaarir Mohamed
@Akanichi
@gunnarpn:matrix.org thank you for the help!
Abu
@AbuTahir_11_twitter
@floruschbaschan Can you give an idea on how can we customize the s3 artifact plugin. Basically I would like add some side effects upon successful upload. is it possible to do so?
1 reply
Thomas Karl Pietrowski
@thopiekar
Hey! I'm running Hawkbit in AKS and every time I restart my pod with hawkbit in there, I get an HTTP 500 internal error on every rollout. However, as long as hawkbit is running and I create a new distribution and roll that one out, everything is fine. Looks like restarting the service kills something.
I tweaked the log level, but I see no error message relating to the 500 internal error. Is there a way I can get more info out?
Thomas Karl Pietrowski
@thopiekar
To be more precise, I did the log level tweaking by setting the environment variable LOGGING_LEVEL_ROOT="DEBUG" . Do I need to set other levels of other modules, too? I remember something like this from openHAB, but I don't have the orientation to know whether we have the same where.
KOTTIRAMSAI
@KOTTIRAMSAI
I have integrated the keycloak with hawkbit after successful validation it redirect to hawkbit but it is not showing distrubution in deployment page I have created the distrubution in distrubution page.And I have assigned all client level roles to the user
Thomas Karl Pietrowski
@thopiekar
I found the error when setting the debug level to trace. At least I could find it better then.
The problem is basically that the Dockerfile is misleading. It defines a volume that doesn't seem to be used (anymore?).
So in /opt/hawkbit there shall be a data directory for persistent data, however, the relevant directory is artifactory instead. That's basically the reason why I lost the artifacts when recreating the container in k8s.
I only found a Dockerfile in the .dev-container directory in the projects repo. Is there a different place where the one from docker hub is maintained?
Thanks!
Krishna Subramanian
@krishna-devolo

Hello hawkBit community,

We are using hawkBit over reverse proxy TLS. We recently merged changes from 0.3.0M7 into our fork, and found that we get HTTP response instead of HTTPS. Setting hawkbit.server.security.require-ssl to true (a previous recommendation on Gitter) did not help. The migration guide does not include anything relevant for this - could this be caused by the Spring Boot 2.3.7 upgrade? Or any other upgraded dependencies?

Thanks!

Thomas Karl Pietrowski
@thopiekar
@krishna-devolo Moin! When does it happen? When your devices connect to hawkbit?
Krishna Subramanian
@krishna-devolo
@thopiekar Moin! Yes, when devices connect to hawkBit.
Thomas Karl Pietrowski
@thopiekar
Screenshot_20211109_075854.png
Last time I went into this, I found these properties.
It will influence the generated urls sent by Hawkbit to your device.
Krishna Subramanian
@krishna-devolo
Thanks! Those lines are in our application.properties file. When I switch to 0.3.0M6, I am able to receive HTTPS response with an unchanged application.properties file, but as soon as I switch to 0.3.0M7 it switches back to HTTP.
Thomas Karl Pietrowski
@thopiekar
Pew, might have happened to our instance, too, but we didn't notice. Maybe make a diff between both tags in GitHub and hunt the commit that changes the behaviour?
Don't have time at the moment, but would start there to find the change :)
Krishna Subramanian
@krishna-devolo
Thanks @thopiekar, shall do that! :)
KOTTIRAMSAI
@KOTTIRAMSAI

Hi all! I have integrated the keycloak with hawkbit after successful validation it redirect to hawkbit I am not able to assign distrubution to target.But through target filter it is assigning to ds.And I have assigned all client level roles to the user
I have given all client roles to the user like

APPROVE_ROLLOUT
CREATE_ROLLOUT
DELETE_ROLLOUT
UPDATE_ROLLOUT
READ_ROLLOUT
HANDLE_ROLLOUT
ROLLOUT_MANAGEMENT

CREATE_TARGET
DELETE_TARGET
READ_TARGET
UPDATE_TARGET

CREATE_REPOSITORY
DELETE_REPOSITORY
READ_REPOSITORY
UPDATE_REPOSITORY

TENANT_CONFIGURATION

DOWNLOAD_REPOSITORY_ARTIFACT

READ_TARGET_SECURITY_TOKEN

I am getting error like this in terminal
image
image
image

I have decoded Access token it is getting client roles also Whatever I have assigned
image

image

Thomas Karl Pietrowski
@thopiekar
At this moment I'm working an API connector to remote control some processes. I want to list all targettags and I would expect READ_TARGET to be the needed permission for this job. However, I need to give my user ALL to make it working.
Looks like a bug to me..
@KOTTIRAMSAI Sounds like an interesting project! Don't know how good the permissions are handled generally.
@krishna-devolo How is it going? :)
1 reply
Thomas Karl Pietrowski
@thopiekar
Does someone know a place in the sources where the permissions are listed? I expect ALL to be a union of all permissions and I can imagine that the current documentation misses a few. Any hints?
KOTTIRAMSAI
@KOTTIRAMSAI
Hi @thopiekar Thanks for giving reply ! I have created permission "ALL" in keycloak and I have assigned to the user but it is not taking(when i login it showing emply screen) and I have find the roles list from this link https://www.eclipse.org/hawkbit/concepts/authorization/#:~:text=Authorization%20is%20handled%20separately%20for,is%20based%20on%20Spring%20security%20.
L'hôpital Kévin
@kevlhop
Hello hawkBit community,
we are using rollout to deploy updates on multiple targets.
We want to have the possibility to cancel all running updates launched by a rollout without clicking on each target.
Is there a way to stop the rollout that will cancel all concerned running updates ?
Thanks!
Florian Ruschbaschan
@floruschbaschan

Hey @kevlhop

yes this is possible with the new invalidation of distribution sets feature. Extract from the documentation:

Invalidating a distribution set removes all auto-assignments that reference this distribution set. Optionally, all rollouts that reference the distribution set can be stopped and existing update actions are removed, either by a soft-cancel or a forced-cancel.
Invalidated distribution sets cannot be valid again, but remain invalid. They cannot be assigned to targets, neither through a rollout, auto-assignment nor a single assignment.

InvalidationOfDistributionSets.png
L'hôpital Kévin
@kevlhop
Thank you very much, @floruschbaschan, for your answer. This is an interesting new option, that I didn't know. The only negative point is that we couldn't relaunch an update with this distribution. But it will certainly be useful. Thanks for your time
Mamta singh
@mamtasingh2304
Hi.. I want to know that is there any other option instead of -c to update the pending status on server. actually I am running sw update via enabling suricatta daemon. I am able to succesfully update and install. but I found the status on server is still pending and after that I reboot the device and sent -c 2 confirmation on server then server status become finished so , I want to check is there any other or better way to do that. Please help me find out.
2 replies
Mamta singh
@mamtasingh2304

Hi,

I am facing issue in swupdate after enable SSL/TLS security option in hawkbit server.
To enable SSL, these steps I have done inside hawkbit server source
Generate the self-signed x509 certificate suitable to use on web server.

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Generate pem file from generated server.key and server.crt

cat server.key > server.pem
cat server.crt >> server.pem
Generate .pkcs12 file

openssl pkcs12 -export -in server.pem -out keystore.pkcs12
Following command imports a .p12 into pkcs12 Java keystore

keytool -importkeystore -srckeystore keystore.pkcs12 -srcstoretype pkcs12 \
-destkeystore hb-pass.jks -deststoretype pkcs12 \
-alias 1 -deststorepass <password_of_p12>
Edit the hawkbit application.properties file

vi application.properties
Change authentication security from false to true.

hawkbit.server.ddi.security.authentication.anonymous.enabled=true
Enter the https details at last

server.hostname=localhost
server.port=8443
hawkbit.artifact.url.protocols.download-http.protocol=https
hawkbit.artifact.url.protocols.download-http.port=8443

security.require-ssl=true
server.use-forward-headers=true

server.ssl.key-store= <hb-pass.jks file location>
server.ssl.key-store-type=JKS
server.ssl.key-password= <password_of_key>
server.ssl.key-store-password= <password_of_key_store>

server.ssl.protocol=TLS
server.ssl.enabled-protocols=TLSv1.2
server.ssl.ciphers=TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA

after that I copied server.pem on target
and add the path in swupdate.cfg
suricatta :
{

    tenant          = "default";
    id              = "orion";
    confirm         = 0;
    url             = "https://swupdateurl:8443";
    polldelay       = 360;
    nocheckcert     = false;
    retry           = 4;
    retrywait       = 200;
    loglevel        = 10;
    userid          = 0;
    groupid         = 0;
    max_artifacts   = 1;
    cafile          = "/home/root/server.pem";

/
cafile = "/etc/ssl/cafile";
sslkey = "/etc/ssl/sslkey";
sslcert = "/etc/ssl/sslcert";
/
};
and the error logs :
Connected to 192.168.0.10 (192.168.0.10) port 8443 (#1)

  • found 1 certificates in /home/root/server.pem
  • ALPN, offering http/1.1
  • SSL connection using TLS1.2 / RSA_AES_256_CBC_SHA1
  • server certificate verification failed. CAfile: /home/root/server.pem CRLfile: none
  • Closing connection 1
    [ERROR] : SWUPDATE failed [0] ERROR /home/hmecd001520/orion-yocto-bsp/build/tmp/work/orion-poky-linux/swupdate/2021.04-r0/git/corelib/channel_curl.c : channel_get : '
    [DEBUG] : SWUPDATE running : [start_suricatta] : No pending action to process.
    [DEBUG] : SWUPDATE running : [suricatta_wait] : Sleeping for 360 seconds.
Mamta singh
@mamtasingh2304
@sahaya_cyril:matrix.org Hi.. I have seen your post regarding that ssl enable I am facing issue in same. can you please help me. this is my query ...

I am facing issue in swupdate after enable SSL/TLS security option in hawkbit server.
To enable SSL, these steps I have done inside hawkbit server source
Generate the self-signed x509 certificate suitable to use on web server.

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Generate pem file from generated server.key and server.crt

cat server.key > server.pem
cat server.crt >> server.pem
Generate .pkcs12 file

openssl pkcs12 -export -in server.pem -out keystore.pkcs12
Following command imports a .p12 into pkcs12 Java keystore

keytool -importkeystore -srckeystore keystore.pkcs12 -srcstoretype pkcs12 \
-destkeystore hb-pass.jks -deststoretype pkcs12 \
-alias 1 -deststorepass <password_of_p12>
Edit the hawkbit application.properties file

vi application.properties
Change authentication security from false to true.

hawkbit.server.ddi.security.authentication.anonymous.enabled=true
Enter the https details at last

server.hostname=localhost
server.port=8443
hawkbit.artifact.url.protocols.download-http.protocol=https
hawkbit.artifact.url.protocols.download-http.port=8443

security.require-ssl=true
server.use-forward-headers=true

server.ssl.key-store= <hb-pass.jks file location>
server.ssl.key-store-type=JKS
server.ssl.key-password= <password_of_key>
server.ssl.key-store-password= <password_of_key_store>

server.ssl.protocol=TLS
server.ssl.enabled-protocols=TLSv1.2
server.ssl.ciphers=TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA

after that I copied server.pem on target
and add the path in swupdate.cfg
suricatta :
{

tenant          = "default";
id              = "orion";
confirm         = 0;
url             = "https://swupdateurl:8443";
polldelay       = 360;
nocheckcert     = false;
retry           = 4;
retrywait       = 200;
loglevel        = 10;
userid          = 0;
groupid         = 0;
max_artifacts   = 1;
cafile          = "/home/root/server.pem";

/
cafile = "/etc/ssl/cafile";
sslkey = "/etc/ssl/sslkey";
sslcert = "/etc/ssl/sslcert"; /
};
and the error logs :
Connected to 192.168.0.10 (192.168.0.10) port 8443 (#1)

found 1 certificates in /home/root/server.pem
ALPN, offering http/1.1
SSL connection using TLS1.2 / RSA_AES_256_CBC_SHA1
server certificate verification failed. CAfile: /home/root/server.pem CRLfile: none
Closing connection 1
[ERROR] : SWUPDATE failed [0] ERROR /home/hmecd001520/orion-yocto-bsp/build/tmp/work/orion-poky-linux/swupdate/2021.04-r0/git/corelib/channel_curl.c : channel_get : '
[DEBUG] : SWUPDATE running : [start_suricatta] : No pending action to process.
[DEBUG] : SWUPDATE running : [suricattawait] : Sleeping for 360 seconds.

L'hôpital Kévin
@kevlhop
Hello again, hawkbit community,
I am wondering if hawkbit have the possibility to easily relaunch all failed updates launched by a rollout ?
Thanks!
Kévin
2 replies
XING Yun
@BigFatDog
hello, when starting a rollout via management api(using the rest api), is there a way to start group executions in parallel?
Bondar Bogdan
@bogdan-bondar
@BigFatDog no, because it defeats the purpose of cascading Rollouts based on Trigger/Error threshold (see https://www.eclipse.org/hawkbit/concepts/rollout-management/)
XING Yun
@BigFatDog
Got it, thank you
Spymasters
@Spymasters
Exception on forEachTenant execution for tenant DEFAULT with error message [null; bad SQL grammar []; nested exception is java.sql.SQLSyntaxErrorException: (conn=32111850) Table 'edge_hue.tl_sp_action' doesn't exist]. Continue with next tenant.
Has anyone encountered this problem before and how to solve it?
Spymasters
@Spymasters
Igor Jakobencsuk
@dezony-ij_gitlab
Good evening people, I'm just wondering is hawkbit-parent or hawkbit Management UI v.0.3.0M7 affected by CVE-2021-44228?
4 replies
Molkenbur
@Molkenbur
If all rollout groups are triggered and all targets got their deployment assigned, what is the difference between keeping the rollout running or pausing it? I just noticed, that running rollouts consume a lot of CPU cycles on the database server. I am not sure, if the rollout statistics are not updated any more, if I pause the rollout. If pausing will not make a difference, then it might be a good idea to finish it automatically once all target groups are assigned.
Bondar Bogdan
@bogdan-bondar
Hi @Molkenbur! If you set up your Rollout so that all rollout groups are triggered at once then you better use Autoassignment. The purpose/benefit of a Rollout is that it triggers next group only after the previous one reached certain threshold. In that case there is a substantial difference between running and paused Rollout as the latest will not start any further group. The DB load caused by running Rollout is due to Rollout scheduler that checks each groups’ conditions/thesholds to trigger/cancel next group.
Krishna Subramanian
@krishna-devolo

Hello everyone! I want to expose some hawkBit statistics via a custom InfoContributor (https://docs.spring.io/spring-boot/docs/1.5.2.RELEASE/reference/html/production-ready-endpoints.html#production-ready-application-info-custom). This endpoint is exposed on /info. So far, I can successfully access the endpoint and even contribute some test data to this endpoint.

I am facing an issue when contributing data from TargetManagement. When I inject TargetManagement via my custom InfoContributor endpoint's constructor and invoke a method, e.g., targetManagement.count(), the source code builds but throws an internal server error when I access the /info endpoint. The error logs shows org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext.
I tried removing the @PreAuthorize annotation for the count() method, but this does not change things. Any ideas what I might be doing wrong?

Bondar Bogdan
@bogdan-bondar
Hi @krishna-devolo Hawkbit is configured to use the Global Method Security (see SecurityManagedConfiguration) that is required for @PreAuthorize to be used. The error that you get means exactly what it mentions: while accessing the /info endpoint you don’t authenticate yourself, thus there is nothing available to check against in the security context.
1 reply
Sourabh
@Sourabh1107

Hi All,

I am trying to integrate SWUpdate to Hawkbit with Yocto as build system.

Can someone please let me know how to include some kind of script to set the necessary arguments needed, using the machine ID to uniquely identifiy a client, and passing the "-c" option to indicate the current update state based on the value of the "ustate" boot variable, so that after an update and reboot, a success or failure message would be sent to the hawkBit server.

Any example or reference link to accomplish this would be really helpful.

P.S: This is my first time involving with SWUpdate and hawkBit. And I am using STM32MP based Avenger96 board with u-boot bootloader.

Thanks in advance.

Krishna Subramanian
@krishna-devolo

Hello all, I want to add a new column last_update to sp_target. This column records the timestamp of the last instance of an attribute update. I managed to change the schema and add this column. I also had to change the migration schema (e.g., V1_11_0__init__MYSQL.sql) to include this column (otherwise, I get an error when loading the Management UI that this column name is not found). I can get hawkBit to work with an empty database.

When I run this hawkBit instance with an existing MySQL database, I get a org.flywaydb.core.api.FlywayException: Validate failed: Migration checksum mismatch for migration version 1.0.1. Reading up on Flyway, I understand that this is because the tables in schema_version database of my MySQL schema have different checksums than what I currently have in the hawkBit instance. Existing solutions on the web, e.g., dropping schema_version does not seem right. How do I proceed? I also get the sense that there is no way to use an existing database with a modified database schema—is this true? Thanks!

2 replies
Sourabh
@Sourabh1107
Hi All,

I am trying to launch hawkbit from the "Sources" instead from the docker container. I have followed the steps as given in Getting Started guide.

Whenever I do "java -jar hawkbit-runtime/hawkbit-update-server/target/hawkbit-update-server-*-SNAPSHOT.jar", I get the below errors:

2022-01-10 16:19:12.041 INFO 10428 --- [tContainer#0-16] o.s.a.r.c.CachingConnectionFactory : Attempting to connect to: [localhost:5672]
2022-01-10 16:19:12.239 WARN 10428 --- [tContainer#1-15] o.s.a.r.l.SimpleMessageListenerContainer : Consumer raised exception, processing can restart if the connection factory supports it. Exception summary: org.springframework.amqp.AmqpConnectException: java.net.ConnectException: Connection refused (Connection refused)
2022-01-10 16:19:12.240 INFO 10428 --- [tContainer#1-15] o.s.a.r.l.SimpleMessageListenerContainer : Restarting Consumer@754a1278: tags=[[]], channel=null, acknowledgeMode=AUTO local queue size=0
2022-01-10 16:19:12.242 INFO 10428 --- [tContainer#1-16] o.s.a.r.c.CachingConnectionFactory : Attempting to connect to: [localhost:5672]
2022-01-10 16:19:12.242 ERROR 10428 --- [tContainer#1-16] o.s.a.r.l.SimpleMessageListenerContainer : Failed to check/redeclare auto-delete queue(s).
org.springframework.amqp.AmqpConnectException: java.net.ConnectException: Connection refused (Connection refused)
at org.springframework.amqp.rabbit.support.RabbitExceptionTranslator.convertRabbitAccessException(RabbitExceptionTranslator.java:61)
at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.createBareConnection(AbstractConnectionFactory.java:524)
at org.springframework.amqp.rabbit.connection.CachingConnectionFactory.createConnection(CachingConnectionFactory.java:751)
at org.springframework.amqp.rabbit.connection.ConnectionFactoryUtils.createConnection(ConnectionFactoryUtils.java:214)
at org.springframework.amqp.rabbit.core.RabbitTemplate.doExecute(RabbitTemplate.java:2089)
at org.springframework.amqp.rabbit.core.RabbitTemplate.execute(RabbitTemplate.java:2062)
at org.springframework.amqp.rabbit.core.RabbitTemplate.execute(RabbitTemplate.java:2042)
at org.springframework.amqp.rabbit.core.RabbitAdmin.getQueueInfo(RabbitAdmin.java:407)
at org.springframework.amqp.rabbit.core.RabbitAdmin.getQueueProperties(RabbitAdmin.java:391)
at org.springframework.amqp.rabbit.listener.AbstractMessageListenerContainer.attemptDeclarations(AbstractMessageListenerContainer.java:1859)
at org.springframework.amqp.rabbit.listener.AbstractMessageListenerContainer.redeclareElementsIfNecessary(AbstractMessageListenerContainer.java:1840)
at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer$AsyncMessageProcessingConsumer.initialize(SimpleMessageListenerContainer.java:1354)
at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer$AsyncMessageProcessingConsumer.run(SimpleMessageListenerContainer.java:1200)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.base/java.net.Socket.connect(Socket.java:609)
at com.rabbitmq.client.impl.SocketFrameHandlerFactory.create(SocketFrameHandlerFactory.java:60)
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:1137)
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:1087)
at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.connectAddresses(AbstractConnectionFactory.java:560)
at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.connect(AbstractConnectionFactory.java:533)
at org.springframework.amqp.rabbit.connection.Abstra
5 replies
Enrique Ramirez
@esramirez
Hello hawkbit! I have hawkbit deployed on aws and behind a load balancer. I also have installed the s3 extension so i can save the artifacts there. Everyting is working fine; i can login, create a distribition, connect my client and push updates. The problem comes when the client tries to download the artifact and it fails. It says that file is not found.
Im using seupdate on the client side. Any idea why it can download the artifact with the link provided by hawkbit? Thanks for ur help in advance
Bondar Bogdan
@bogdan-bondar
Hi @esramirez try to download the artifact by using curl following the link you get from DDI API. I could suggest it has something to do with the permissions of your S3 bucket
Enrique Ramirez
@esramirez
@bogdan-bondar thanks for the reply. i was able to download the artifact using the curl provided to swupdate by hawkbit. I even was able to downloaded via my chrome browser. The url looked like as follow: https://mylb-dev-131320358.ap-south-2.elb.amazonaws.com:8443/DEFAULT/controller/v1/1/softwaremodules/5/artifacts/update-image.swu