Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
  • Jul 01 11:47

    bogdan-bondar on master

    Improve target management (#126… (compare)

  • Jul 01 11:47
    bogdan-bondar closed #1260
  • Jul 01 05:59
    TopperBG edited #1264
  • Jul 01 05:58
    TopperBG commented #1264
  • Jul 01 05:24
    TopperBG opened #1264
  • Jun 30 13:34
    herdt-michael synchronize #1260
  • Jun 29 16:57
    bogdan-bondar opened #1263
  • Jun 29 13:12
    herdt-michael opened #1262
  • Jun 28 04:23
    Sherry112 commented #1257
  • Jun 22 10:15
    herdt-michael synchronize #1260
  • Jun 16 07:14
    VladimirSvoboda synchronize #1261
  • Jun 15 12:17
    hawkbit-bot commented #1261
  • Jun 15 12:08
    VladimirSvoboda opened #1261
  • Jun 14 12:14
    ampabsa commented #1254
  • Jun 14 07:37
    hawkbit-bot commented #1260
  • Jun 14 07:29
    herdt-michael opened #1260
  • Jun 14 03:57
    martinetd commented #1259
  • Jun 14 02:58
    martinetd commented #1259
  • Jun 14 02:54
    martinetd synchronize #1259
  • Jun 14 02:23
    martinetd commented #1259
Mamta singh

I am facing issue in swupdate after enable SSL/TLS security option in hawkbit server.
To enable SSL, these steps I have done inside hawkbit server source
Generate the self-signed x509 certificate suitable to use on web server.

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Generate pem file from generated server.key and server.crt

cat server.key > server.pem
cat server.crt >> server.pem
Generate .pkcs12 file

openssl pkcs12 -export -in server.pem -out keystore.pkcs12
Following command imports a .p12 into pkcs12 Java keystore

keytool -importkeystore -srckeystore keystore.pkcs12 -srcstoretype pkcs12 \
-destkeystore hb-pass.jks -deststoretype pkcs12 \
-alias 1 -deststorepass <password_of_p12>
Edit the hawkbit application.properties file

vi application.properties
Change authentication security from false to true.

Enter the https details at last



server.ssl.key-store= <hb-pass.jks file location>
server.ssl.key-password= <password_of_key>
server.ssl.key-store-password= <password_of_key_store>


after that I copied server.pem on target
and add the path in swupdate.cfg
suricatta :

tenant          = "default";
id              = "orion";
confirm         = 0;
url             = "https://swupdateurl:8443";
polldelay       = 360;
nocheckcert     = false;
retry           = 4;
retrywait       = 200;
loglevel        = 10;
userid          = 0;
groupid         = 0;
max_artifacts   = 1;
cafile          = "/home/root/server.pem";

cafile = "/etc/ssl/cafile";
sslkey = "/etc/ssl/sslkey";
sslcert = "/etc/ssl/sslcert"; /
and the error logs :
Connected to ( port 8443 (#1)

found 1 certificates in /home/root/server.pem
ALPN, offering http/1.1
SSL connection using TLS1.2 / RSA_AES_256_CBC_SHA1
server certificate verification failed. CAfile: /home/root/server.pem CRLfile: none
Closing connection 1
[ERROR] : SWUPDATE failed [0] ERROR /home/hmecd001520/orion-yocto-bsp/build/tmp/work/orion-poky-linux/swupdate/2021.04-r0/git/corelib/channel_curl.c : channel_get : '
[DEBUG] : SWUPDATE running : [start_suricatta] : No pending action to process.
[DEBUG] : SWUPDATE running : [suricattawait] : Sleeping for 360 seconds.

L'hôpital Kévin
Hello again, hawkbit community,
I am wondering if hawkbit have the possibility to easily relaunch all failed updates launched by a rollout ?
2 replies
hello, when starting a rollout via management api(using the rest api), is there a way to start group executions in parallel?
Bondar Bogdan
@BigFatDog no, because it defeats the purpose of cascading Rollouts based on Trigger/Error threshold (see https://www.eclipse.org/hawkbit/concepts/rollout-management/)
Got it, thank you
Exception on forEachTenant execution for tenant DEFAULT with error message [null; bad SQL grammar []; nested exception is java.sql.SQLSyntaxErrorException: (conn=32111850) Table 'edge_hue.tl_sp_action' doesn't exist]. Continue with next tenant.
Has anyone encountered this problem before and how to solve it?
Igor Jakobencsuk
Good evening people, I'm just wondering is hawkbit-parent or hawkbit Management UI v.0.3.0M7 affected by CVE-2021-44228?
4 replies
If all rollout groups are triggered and all targets got their deployment assigned, what is the difference between keeping the rollout running or pausing it? I just noticed, that running rollouts consume a lot of CPU cycles on the database server. I am not sure, if the rollout statistics are not updated any more, if I pause the rollout. If pausing will not make a difference, then it might be a good idea to finish it automatically once all target groups are assigned.
Bondar Bogdan
Hi @Molkenbur! If you set up your Rollout so that all rollout groups are triggered at once then you better use Autoassignment. The purpose/benefit of a Rollout is that it triggers next group only after the previous one reached certain threshold. In that case there is a substantial difference between running and paused Rollout as the latest will not start any further group. The DB load caused by running Rollout is due to Rollout scheduler that checks each groups’ conditions/thesholds to trigger/cancel next group.
Krishna Subramanian

Hello everyone! I want to expose some hawkBit statistics via a custom InfoContributor (https://docs.spring.io/spring-boot/docs/1.5.2.RELEASE/reference/html/production-ready-endpoints.html#production-ready-application-info-custom). This endpoint is exposed on /info. So far, I can successfully access the endpoint and even contribute some test data to this endpoint.

I am facing an issue when contributing data from TargetManagement. When I inject TargetManagement via my custom InfoContributor endpoint's constructor and invoke a method, e.g., targetManagement.count(), the source code builds but throws an internal server error when I access the /info endpoint. The error logs shows org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext.
I tried removing the @PreAuthorize annotation for the count() method, but this does not change things. Any ideas what I might be doing wrong?

Bondar Bogdan
Hi @krishna-devolo Hawkbit is configured to use the Global Method Security (see SecurityManagedConfiguration) that is required for @PreAuthorize to be used. The error that you get means exactly what it mentions: while accessing the /info endpoint you don’t authenticate yourself, thus there is nothing available to check against in the security context.
1 reply

Hi All,

I am trying to integrate SWUpdate to Hawkbit with Yocto as build system.

Can someone please let me know how to include some kind of script to set the necessary arguments needed, using the machine ID to uniquely identifiy a client, and passing the "-c" option to indicate the current update state based on the value of the "ustate" boot variable, so that after an update and reboot, a success or failure message would be sent to the hawkBit server.

Any example or reference link to accomplish this would be really helpful.

P.S: This is my first time involving with SWUpdate and hawkBit. And I am using STM32MP based Avenger96 board with u-boot bootloader.

Thanks in advance.

Krishna Subramanian

Hello all, I want to add a new column last_update to sp_target. This column records the timestamp of the last instance of an attribute update. I managed to change the schema and add this column. I also had to change the migration schema (e.g., V1_11_0__init__MYSQL.sql) to include this column (otherwise, I get an error when loading the Management UI that this column name is not found). I can get hawkBit to work with an empty database.

When I run this hawkBit instance with an existing MySQL database, I get a org.flywaydb.core.api.FlywayException: Validate failed: Migration checksum mismatch for migration version 1.0.1. Reading up on Flyway, I understand that this is because the tables in schema_version database of my MySQL schema have different checksums than what I currently have in the hawkBit instance. Existing solutions on the web, e.g., dropping schema_version does not seem right. How do I proceed? I also get the sense that there is no way to use an existing database with a modified database schema—is this true? Thanks!

2 replies
Hi All,

I am trying to launch hawkbit from the "Sources" instead from the docker container. I have followed the steps as given in Getting Started guide.

Whenever I do "java -jar hawkbit-runtime/hawkbit-update-server/target/hawkbit-update-server-*-SNAPSHOT.jar", I get the below errors:

2022-01-10 16:19:12.041 INFO 10428 --- [tContainer#0-16] o.s.a.r.c.CachingConnectionFactory : Attempting to connect to: [localhost:5672]
2022-01-10 16:19:12.239 WARN 10428 --- [tContainer#1-15] o.s.a.r.l.SimpleMessageListenerContainer : Consumer raised exception, processing can restart if the connection factory supports it. Exception summary: org.springframework.amqp.AmqpConnectException: java.net.ConnectException: Connection refused (Connection refused)
2022-01-10 16:19:12.240 INFO 10428 --- [tContainer#1-15] o.s.a.r.l.SimpleMessageListenerContainer : Restarting Consumer@754a1278: tags=[[]], channel=null, acknowledgeMode=AUTO local queue size=0
2022-01-10 16:19:12.242 INFO 10428 --- [tContainer#1-16] o.s.a.r.c.CachingConnectionFactory : Attempting to connect to: [localhost:5672]
2022-01-10 16:19:12.242 ERROR 10428 --- [tContainer#1-16] o.s.a.r.l.SimpleMessageListenerContainer : Failed to check/redeclare auto-delete queue(s).
org.springframework.amqp.AmqpConnectException: java.net.ConnectException: Connection refused (Connection refused)
at org.springframework.amqp.rabbit.support.RabbitExceptionTranslator.convertRabbitAccessException(RabbitExceptionTranslator.java:61)
at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.createBareConnection(AbstractConnectionFactory.java:524)
at org.springframework.amqp.rabbit.connection.CachingConnectionFactory.createConnection(CachingConnectionFactory.java:751)
at org.springframework.amqp.rabbit.connection.ConnectionFactoryUtils.createConnection(ConnectionFactoryUtils.java:214)
at org.springframework.amqp.rabbit.core.RabbitTemplate.doExecute(RabbitTemplate.java:2089)
at org.springframework.amqp.rabbit.core.RabbitTemplate.execute(RabbitTemplate.java:2062)
at org.springframework.amqp.rabbit.core.RabbitTemplate.execute(RabbitTemplate.java:2042)
at org.springframework.amqp.rabbit.core.RabbitAdmin.getQueueInfo(RabbitAdmin.java:407)
at org.springframework.amqp.rabbit.core.RabbitAdmin.getQueueProperties(RabbitAdmin.java:391)
at org.springframework.amqp.rabbit.listener.AbstractMessageListenerContainer.attemptDeclarations(AbstractMessageListenerContainer.java:1859)
at org.springframework.amqp.rabbit.listener.AbstractMessageListenerContainer.redeclareElementsIfNecessary(AbstractMessageListenerContainer.java:1840)
at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer$AsyncMessageProcessingConsumer.initialize(SimpleMessageListenerContainer.java:1354)
at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer$AsyncMessageProcessingConsumer.run(SimpleMessageListenerContainer.java:1200)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.base/java.net.Socket.connect(Socket.java:609)
at com.rabbitmq.client.impl.SocketFrameHandlerFactory.create(SocketFrameHandlerFactory.java:60)
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:1137)
at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:1087)
at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.connectAddresses(AbstractConnectionFactory.java:560)
at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.connect(AbstractConnectionFactory.java:533)
at org.springframework.amqp.rabbit.connection.Abstra
5 replies
Enrique Ramirez
Hello hawkbit! I have hawkbit deployed on aws and behind a load balancer. I also have installed the s3 extension so i can save the artifacts there. Everyting is working fine; i can login, create a distribition, connect my client and push updates. The problem comes when the client tries to download the artifact and it fails. It says that file is not found.
Im using seupdate on the client side. Any idea why it can download the artifact with the link provided by hawkbit? Thanks for ur help in advance
Bondar Bogdan
Hi @esramirez try to download the artifact by using curl following the link you get from DDI API. I could suggest it has something to do with the permissions of your S3 bucket
Enrique Ramirez
@bogdan-bondar thanks for the reply. i was able to download the artifact using the curl provided to swupdate by hawkbit. I even was able to downloaded via my chrome browser. The url looked like as follow: https://mylb-dev-131320358.ap-south-2.elb.amazonaws.com:8443/DEFAULT/controller/v1/1/softwaremodules/5/artifacts/update-image.swu

@bogdan-bondar and here it is my property file for reference: org.eclipse.hawkbit.repository.s3.bucketName=hawkbit-dev-storage






User Security


Http Encoding


DDI authentication configuration


Optional events







Configuration for DMF/RabbitMQ integration


Hawkbit back-end


Bondar Bogdan
@esramirez if DDI API generates the correct link and you are able to download the artifact the problems lies not within the Hawkbit server, but rather on the client, please consult swupdate project. In case you narrow down the problem/have more logs/insights of what is happening on the client we can continue the discussion
Hi Julian,
I am quickly trying to verify if Hawkbit is useful for my project and since I am a beginner, can you kindly give me a quick python script which you used in your youtube video to download and save an artifact which would greatly help me in knowing thins in more detail...
I saw you were using DDI APIs and a "hawkbit_quickstart.py" script which could possibly help in verifying just connect to hawkbit and download an image...
Thanks very much,
R.M Kumar
Hey @rmk544 you can find the code here https://github.com/JulianFeinauer/webinar-hawkbit
Hi Julian,
Thanks so much for your help.
Best Regards,
Hi Julian,
as specified on your github, I have created a distribution of app only and then uploaded the Jar file. but whatever I am trying assign the software module to the distribution, I get "Action not allowed" I have been trying hard but no success so-far..
The message is so cryptic it doesn't say what is the reason...
However your demo video, you did it with ease and wondering what I am missing..
Pls help
Best Regards,
@rmk544 hm... I have no idea... Perhaps the hawkbit version changed since then? I can try to look into it later today but it should work pretty straight forward. Perhaps you missed to mark the distribution as "application" and not OS?
Sorry to bother, I did mark as application, tried an image "recovery.img" as OS, OS with apps... all I tried. But no way it works.
I am wondering how others also reporting these issues, though it is a proven in IOT space.
anytime you are free or have some hint, pls share it.
Best Regards,
Diego Rondini
@bogdan-bondar link from the docs to sandbox is dead (https://hawkbit.eclipse.org/) while sandbox itself is fine (https://hawkbit.eclipseprojects.io/UI/)
Bondar Bogdan
@diegorondini thanks for pointing this out, will fix it soon
1 reply
I have the Hawkbit running on my Ubuntu server and am able to successfully run it and use it. I simulated a load of 10,000 devices successfully without any issue. However, what I see is that even after the test load run is finished , there are certain DB queries that are still running and the CPU consumption does not drop to pre load test levels. Any pointers would be helpful. I see the below type of queries running in DB.

db: hawkbit

Command: Query

Time: 0

State: executing

Info: SELECT DISTINCT t1.id AS a1, t1.tenant AS a2, t1.address AS a3, t1.controller_id AS a4, t1.created_at AS a5, t1.created_by AS a6, t1.description AS a7, t1.install_date AS a8, t1.last_modified_at AS a9, t1.last_modified_by AS a10, t1.last_target_query AS a11, t1.name AS a12, t1.optlock_revision AS a13, t1.request_controller_attributes AS a14, t1.sec_token AS a15, t1.update_status AS a16, t1.assigned_distribution_set AS a17, t1.installed_distribution_set AS a18, t1.target_type AS a19 FROM sp_target t1 LEFT OUTER JOIN sp_action t0 ON ((t0.target = t1.id) AND (t0.distribution_set = 44)) WHERE (((UPPER(t1.controller_id) LIKE 'BN-%' ESCAPE '\' AND (t1.created_at > 1642395600000)) AND (t0.id IS NULL)) AND (t1.tenant = 'DEFAULT')) LIMIT 0, 999

Akaarir Mohamed
Hi everyone, i have a problem with limite of storage so i get the error message from the web application of hawkbit when i upload a new file, here is the error message : Storage quota exceeded, 119 MB left
So when i removed a bundle's file i don't get this message anymore, and when i wanted to upload a new file, i get the same error message,
what's the way to change the storage quota?
Thank you!
1 reply
Hi All,
Need some help,
If I have thousands of device clients for updating, then what is the best way to name them?
Can all of them have same ControllerID or TargetName?
If not what is the best scheme to name?
Diego Rondini
Hi. This message is for the Bosch SI team working on the Bosch IoT Rollouts implementation of hawkBit. We'd like to make sure the hara-ddiclient works just fine with IoT Rollouts. We see that in your implementation you use CDN for download of artifacts and we have a questions about that: how do you manage the generation of the CDN URL? Is the client redirected to a CDN URL generated "on-the-fly" when the it starts downloading the file from deployment.chunks[].artifacts[]._links.download?
5 replies
I'm trying to start hawkbit in docker, following https://www.eclipse.org/hawkbit/gettingstarted/
on startup the container keeps looping on connection refused org.springframework.amqp.AmqpConnectException: java.net.ConnectException: Connection refused (Connection refused)
am I missing some sort of configuration step?
Diego Rondini
@zyga:fosdem.org which way are you trying to start up the container? A, B or C? Does A work?
@diegorondini: hey!
I think A, namely docker run -p 8080:8080 hawkbit/hawkbit-update-server:latest
perhaps there is some confusion, the app keeps logging connection errors but the web ui starts up
Diego Rondini
yep, the container is actually up 'n' running, it's just looking for an AMQP service which is (of course) not there, but it's not fatal. I think there's an option to silence that (tell hawkBit to disable AMQP support)
do you know how to do that? I'm a complite novice on hawkbit
having the logs spam constantly is hard to follow any useful diagnostics