Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Feb 21 12:07
    sebastian-firsching synchronize #935
  • Feb 21 11:42
    Nkyn ready_for_review #938
  • Feb 21 10:28
    Nkyn synchronize #938
  • Feb 21 07:47
    hawkbit-bot commented #938
  • Feb 21 07:43
    Nkyn edited #938
  • Feb 21 07:42
    Nkyn opened #938
  • Feb 20 12:44

    schabdo on master

    Read tenant configuration value… (compare)

  • Feb 20 12:44
    schabdo closed #937
  • Feb 20 10:09

    schabdo on master

    Add x-content-type-options head… (compare)

  • Feb 20 10:09
    schabdo closed #934
  • Feb 20 09:12
    schabdo commented #937
  • Feb 20 09:12
    schabdo edited #937
  • Feb 20 09:09
    hawkbit-bot commented #937
  • Feb 20 08:59
    schabdo commented #937
  • Feb 20 08:58
    schabdo milestoned #937
  • Feb 20 08:47
    hawkbit-bot commented #937
  • Feb 20 08:37
    herdt-michael opened #937
  • Feb 19 21:01
    Antiarchitect synchronize #932
  • Feb 19 20:30
    Antiarchitect commented #932
  • Feb 19 20:29
    Antiarchitect synchronize #932
Dominic Schabel
@schabdo
@mhaseeb31 the json looks good. I tested against hawkBit and it worked. The call looked like this:
curl --request PUT 'https://hawkbit.eclipse.org/DEFAULT/controller/v1/bubu/configData' \
--header 'Authorization: TargetToken 4ffda502ffe8ff07979f488ae1ea869a' \
--header 'Content-Type: application/json' \
--data-raw '{
  "data": {
    "Location": “ss"
  },
  "status": {
    "execution": "closed",
    "result": {
      "finished": "success"
    }
  }
}'
Julian
@JulianFeinauer
@schabdo always welcome :)
Today I learned about meander.io. From what I learned it seems to be somewhat similar to hawkbit. Does anybody know mender and can help me with the differentiation or comparison?
esunea
@esunea
Hello !
I need to take the datas stored in a H2 DB inside a running docker container. and transfer it into a MySQL DB.
I desperately look for the spring.datasource.url that is used in the default docker image, but i can't find it
Is my data saved in a file that i can find somewhere or is it save in memory ?
How would you do ?
Dominic Schabel
@schabdo
I think the easiest way for exporting data is to use H2 console. However this will require restart of container since console is not enabled by default. Setting spring.h2.console.enabled=trueshould do the trick
esunea
@esunea
thanks, i gonna try this and tell you if it worked
philb32
@philb32
Can anyone give me a rough estimate of how much disk space would be required per thousand devices for the database when using the Hawkbit+DB+RabbitMQ standard docker images? Just trying to guage the requirements of an EC2 instance on AWS. I'm assuming that the actual firmware artifacts are stored separately from the database itself - in fact would it be possible to put those on S3 storage without having to modify the Hawkbit code?
Dominic Schabel
@schabdo

At least I can help out on your second question:

in fact would it be possible to put those on S3 storage without having to modify the Hawkbit code

Indeed, hawkBit is well prepared for storing artifacts on S3. Have a look here for the S3 extension.

mangexl
@mangexl
Do anyone know if you can disable the plug-and-play feature (targets are created first time they connect if they do not exists)?
Diego Rondini
@diegorondini
@mangexl well, it depends on the authentication you are using. E.g.: if you enable Target tokens only, then there's is no way to "Plug and play" if you haven't created the Target beforehand
mangexl
@mangexl
@diegorondini we are using gateway token. But we are using the DDI interface from a backend service to get information about current status for a controller. So it is not the actual device making the call. There might be some endpoint in the MGMT api that we could use instead..
Dominic Schabel
@schabdo
Exactly, DDI API is designed for devices. Better go for Mgmt-API there you’ll find all informations about device as well
sachingupta141
@sachingupta141
Hello, I am trying to enable artifact upload of more than 1024 MB. I have added spring.servlet.multipart.maxFileSize=2048MB to enable that. But In UI I have noticed that after 1024 MB it starts failing the upload. Please suggest what needs to be done here.
Dominic Schabel
@schabdo
Try to set the property hawkbit.server.security.dos.maxArtifactSize=2147483648 as well
Rajesh Reddy Kasala
@RajeshReddyKa_twitter
Hi, Is there a way to filter targets with non exist metadata key property? i would like to filter based on if a key of metadata exist ? for example something like this: metadata.exampleKey != null
Sebastian Firsching
@sebastian-firsching
@RajeshReddyKa_twitter currently a check for null does not exist. If you want to find all targets where a key of metadata exists, you could do: metadata.exampleKey==*
Rajesh Reddy Kasala
@RajeshReddyKa_twitter
ok.. I was looking for something not exist or null.. But Thanks for the confirmation.
sINFdaried
@sINFdaried
hey i am a new member here. I am trying to deploy hawkbit from a docker file into a kubernetes cluster. but i want it to save its data in a postgres database. The hawkbit is running and the database is running. Does anyone know how to do it? I am searching especially for the env Variables for my deployment.yaml file
Alexander Dobler
@dobleralex
Hey @sINFdaried PostgresSQL is not yet supported by Hawkbit, someone opened a PR recently to add support for it though (see eclipse/hawkbit#932). You can find an overview of the supported databases in the hawkbit readme.
mangexl
@mangexl
@schabdo, when using org.springframework.integration.jdbc.lock.DefaultLockRepository I got "Lock wait timeout exceeded" for statement INSERT INTO sp_action. This is trigger by scheduled job executing org.eclipse.hawkbit.repository.jpa.JpaRolloutManagement.handleRollouts(). In the DB-logs is see: index fk_action_rollout of table hawkbit.sp_action related to the lock. If I remove the isolation level Isolation.SERIALIZABLE in the @Transational annotation in org.springframework.integration.jdbc.lock.DefaultLockRepository.acquire(lock) it all works without any errors. So its connected to the isolation level. But I can not figure out how/why -> each rollout is handled in its own transaction. Running hawkbit 0.3.0M2.
Luis Alfredo da Silva
@xyklex

Hi @schabdo I'm trying to upgrade to the new version 0.3.0M6, my current setup (0.3.0M5) was compiled with hawkbit-extension-artifact-reporitory-s3 and mysql support, but now trying to compile the new version I'm getting some issues only on tests, when it is trying to use the s3 plugin and it does not have a region and keys defined.

I don't remember if I defined it previously, meanwhile I was able to get it compiled adding -Dmaven.test.skip=true to maven command.

This was the error message

[ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 18.013 s <<< FAILURE! - in org.eclipse.hawkbit.app.CorsTest
[ERROR] validateCorsRequest(org.eclipse.hawkbit.app.CorsTest)  Time elapsed: 0.001 s  <<< ERROR!
java.lang.IllegalStateException: Failed to load ApplicationContext
Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'mgmtSystemManagementResource' defined in URL [jar:file:/Users/metis/.m2/repository/org/eclipse/hawkbit/hawkbit-mgmt-resource/0.3.0
-SNAPSHOT/hawkbit-mgmt-resource-0.3.0-SNAPSHOT.jar!/org/eclipse/hawkbit/mgmt/rest/resource/MgmtSystemManagementResource.class]: Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.bean
s.factory.UnsatisfiedDependencyException: Error creating bean with name 'systemManagement': Unsatisfied dependency expressed through field 'artifactRepository'; nested exception is org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'artifactRepository' defined in class path resource [org/eclipse/hawkbit/artifact/repository/S3RepositoryAutoConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springf
ramework.beans.BeanInstantiationException: Failed to instantiate [org.eclipse.hawkbit.artifact.repository.ArtifactRepository]: Factory method 'artifactRepository' threw exception; nested exception is org.springframework.beans.factory.Bean
CreationException: Error creating bean with name 'amazonS3' defined in class path resource [org/eclipse/hawkbit/artifact/repository/S3RepositoryAutoConfiguration.class]: Bean instantiation via factory method failed; nested exception is or
g.springframework.beans.BeanInstantiationException: Failed to instantiate [com.amazonaws.services.s3.AmazonS3]: Factory method 'amazonS3' threw exception; nested exception is com.amazonaws.SdkClientException: Unable to find a region via t
he region provider chain. Must provide an explicit region in the builder or setup environment to supply a region.
Luis Alfredo da Silva
@xyklex

@schabdo I got a bit of help from @thmai11 on this one. I am also now trying to use the OpenID feature with AWS Cognito, have you tried before?

This is what I have right now, I updated application.properties with docs from eclipse/hawkbit@1bcced9

I just add this line spring.security.oauth2.client.registration.oidc.scope=openid email profile to set scopes.
I am redirected to correct authentication UI, it recognize the user, but when the code is returned and checking the browser console network requests, something fails and now I am redirected to /login?error with this message

Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.

Tue Feb 18 22:13:20 GMT 2020
There was an unexpected error (type=Not Found, status=404).
Not Found
Dominic Schabel
@schabdo
@xyklex cool that you solved the issue. Is there anything to improve in the test setup? Maybe others are facing same issue here

I am also now trying to use the OpenID feature with AWS Cognito, have you tried before

Awesome! Unfortunately not, just tested with Keycloak. However I think it will work with Cognito as well

Dominic Schabel
@schabdo

I updated application.properties with docs from eclipse/hawkbit@1bcced9

I just noticed that the docs on https://www.eclipse.org/hawkbit are not reflecting this changes. Thought that @stefbehl updated the homepage already. Sorry for that, will fix it immediately

Dominic Schabel
@schabdo

something fails and now I am redirected to /login?error with this message

It’s hard to tell what’s going wrong without log/exception

Dominic Schabel
@schabdo
@mangexl I see you've changed lock implementation. Sounds more like you don’t get the lock from your repo
Luis Alfredo da Silva
@xyklex
Screen Shot 2020-02-19 at 10.51.25 AM.png

@schabdo thanks, after enabling logging to be more verbose with logging.level.org.springframework.web: DEBUG I was able to get some errors on the application (don't know if there is any other var flag I can use) because yesterday when this error happened there is not error on console.

This is the error I am getting

2020-02-19 15:45:56.400 DEBUG 1 --- [tp1500379239-17] o.s.web.servlet.DispatcherServlet        : GET "/", parameters={}
2020-02-19 15:45:56.401 DEBUG 1 --- [tp1500379239-17] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to public org.springframework.web.servlet.ModelAndView org.eclipse.hawkbit.autoconfigure.mgmt.ui.RedirectController.home()
2020-02-19 15:45:56.402 DEBUG 1 --- [tp1500379239-17] o.s.web.servlet.view.RedirectView        : View name 'redirect:', model {}
2020-02-19 15:45:56.403 DEBUG 1 --- [tp1500379239-17] o.s.web.servlet.DispatcherServlet        : Completed 302 FOUND
2020-02-19 15:46:03.697 DEBUG 1 --- [tp1500379239-20] o.s.web.client.RestTemplate              : HTTP POST https://test-auth-stack.auth.us-east-1.amazoncognito.com/oauth2/token
2020-02-19 15:46:03.697 DEBUG 1 --- [tp1500379239-20] o.s.web.client.RestTemplate              : Accept=[application/json, application/*+json]
2020-02-19 15:46:03.698 DEBUG 1 --- [tp1500379239-20] o.s.web.client.RestTemplate              : Writing [{grant_type=[authorization_code], code=[e543a92d-b7c5-43ed-aff4-bc53af729520], redirect_uri=[http://localhost:8080/login/oauth2/code/oidc]}] as "application/x-www-form-urlencoded;charset=UTF-8"
2020-02-19 15:46:04.136 DEBUG 1 --- [tp1500379239-20] o.s.web.client.RestTemplate              : Response 400 BAD_REQUEST
2020-02-19 15:46:04.143 DEBUG 1 --- [tp1500379239-22] o.s.web.servlet.DispatcherServlet        : GET "/login?error", parameters={masked}
2020-02-19 15:46:04.152 DEBUG 1 --- [tp1500379239-22] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped to ResourceHttpRequestHandler ["classpath:/META-INF/resources/", "classpath:/resources/", "classpath:/static/", "classpath:/public/", "/"]
2020-02-19 15:46:04.154 DEBUG 1 --- [tp1500379239-22] o.s.w.s.r.ResourceHttpRequestHandler     : Resource not found
2020-02-19 15:46:04.154 DEBUG 1 --- [tp1500379239-22] o.s.web.servlet.DispatcherServlet        : "ERROR" dispatch for GET "/error?error", parameters={masked}
2020-02-19 15:46:04.155 DEBUG 1 --- [tp1500379239-22] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
2020-02-19 15:46:04.156 DEBUG 1 --- [tp1500379239-22] o.s.w.s.v.ContentNegotiatingViewResolver : Selected 'text/html' given [text/html, text/html;q=0.8]
2020-02-19 15:46:04.156 DEBUG 1 --- [tp1500379239-22] o.s.web.servlet.DispatcherServlet        : Exiting from "ERROR" dispatch, status 404
2020-02-19 15:46:04.157 DEBUG 1 --- [tp1500379239-22] o.s.web.servlet.DispatcherServlet        : Completed 404 NOT_FOUND

For more context, look into my previous message the browser redirect call stack when I first access my local hawkbit setup, this gets me into the login screen

after that I got this two new redirects that leads me into the error page
Screen Shot 2020-02-19 at 10.54.05 AM.png
Dominic Schabel
@schabdo
Ok, looks like this is causing the problem => Response 400 BAD_REQUEST
Seems like there is an invalide request send to Cognito?
Luis Alfredo da Silva
@xyklex
The thing is, that request I think is this one http://localhost:8080/login/oauth2/code/oidc?code=4706b183-1283-1aea-892e-3c035eb185bf&state=wMKVE61DgQ0sE8GcJxdV7J6xbfc1ixm6Zsz1lIPnKxw= which is returned by the OpenID/Oauth2 server
Dominic Schabel
@schabdo
exactly. Are you allowed to set the callback url to localhost?
Luis Alfredo da Silva
@xyklex
Yes for developing purposes
Dominic Schabel
@schabdo
Most oauth2 providers don't
Luis Alfredo da Silva
@xyklex
is the only accepted http domain I can add
ok, the only thing here I am setting (or not setting) is the client_secret property, because I do not allow on my oauth provider other authentication flow different that Authentication Code Flow
Dominic Schabel
@schabdo
Not sure if this is enough
Dominic Schabel
@schabdo
… but sounds more like an config issue with Cognito
Luis Alfredo da Silva
@xyklex
Thanks, I will give another look on this today, what about the permissions a user should have, I have not set up any of them
Dominic Schabel
@schabdo
Maybe you first start with a local setup and see what you exactly need to get it working.
=> https://github.com/nbarbettini/oidc-debugger could also be helpful
Luis Alfredo da Silva
@xyklex

@schabdo thanks for that resource, it does not helps me with this because it says everything is good, but I do pass through the roadblock I was having, I just needed to enable read permissions on profile attributes, this solved the error redirect.

Now I found this new error trace

java.lang.ClassCastException: org.springframework.security.oauth2.core.user.DefaultOAuth2User cannot be cast to org.springframework.security.oauth2.core.oidc.user.OidcUser                                                         [71/19920]
        at org.eclipse.hawkbit.ui.common.UserDetailsFormatter.getCurrentUser(UserDetailsFormatter.java:196)
        at org.eclipse.hawkbit.ui.common.UserDetailsFormatter.formatCurrentTenant(UserDetailsFormatter.java:152)
        at org.eclipse.hawkbit.ui.menu.DashboardMenu.buildUserMenu(DashboardMenu.java:201)
        at org.eclipse.hawkbit.ui.menu.DashboardMenu.buildContent(DashboardMenu.java:115)
        at org.eclipse.hawkbit.ui.menu.DashboardMenu.init(DashboardMenu.java:108)
        at org.eclipse.hawkbit.ui.AbstractHawkbitUI.init(AbstractHawkbitUI.java:127)
        at com.vaadin.ui.UI.doInit(UI.java:693)
        at com.vaadin.server.communication.UIInitHandler.getBrowserDetailsUI(UIInitHandler.java:222)
        at com.vaadin.server.communication.UIInitHandler.synchronizedHandleRequest(UIInitHandler.java:74)
        at com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:41)
        at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1435)
        at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:380)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:873)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1623)
        at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:214)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
Luis Alfredo da Silva
@xyklex
after setting a client_secret value I'm now getting this
2020-02-19 22:31:36.440 DEBUG 1 --- [qtp876823802-21] o.s.web.servlet.DispatcherServlet        : GET "/", parameters={}
2020-02-19 22:31:36.447 DEBUG 1 --- [qtp876823802-21] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to public org.springframework.web.servlet.ModelAndView org.eclipse.hawkbit.autoconfigure.mgmt.ui.RedirectController.home()
2020-02-19 22:31:36.485 DEBUG 1 --- [qtp876823802-21] o.s.web.servlet.view.RedirectView        : View name 'redirect:', model {}
2020-02-19 22:31:36.502 DEBUG 1 --- [qtp876823802-21] o.s.web.servlet.DispatcherServlet        : Completed 302 FOUND
2020-02-19 22:31:48.837 DEBUG 1 --- [qtp876823802-16] o.s.web.client.RestTemplate              : HTTP POST https://oauth-test-server.auth.us-east-1.amazoncognito.com/oauth2/token
2020-02-19 22:31:48.837 DEBUG 1 --- [qtp876823802-16] o.s.web.client.RestTemplate              : Accept=[application/json, application/*+json]
2020-02-19 22:31:48.840 DEBUG 1 --- [qtp876823802-16] o.s.web.client.RestTemplate              : Writing [{grant_type=[authorization_code], code=[740d9a1a-7d05-455a-9f4b-ac62ac1d1154], redirect_uri=[http://localhost:8080/login/oauth2/code
/oidc]}] as "application/x-www-form-urlencoded;charset=UTF-8"
2020-02-19 22:31:49.519 DEBUG 1 --- [qtp876823802-16] o.s.web.client.RestTemplate              : Response 200 OK
2020-02-19 22:31:49.520 DEBUG 1 --- [qtp876823802-16] o.s.web.client.RestTemplate              : Reading to [org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse] as "application/json;charset=UTF-8"
2020-02-19 22:31:49.626 DEBUG 1 --- [qtp876823802-16] o.s.web.client.RestTemplate              : HTTP GET https://cognito-idp.us-east-1.amazonaws.com/us-east-1_JGxOSUxA9/.well-known/jwks.json
2020-02-19 22:31:49.627 DEBUG 1 --- [qtp876823802-16] o.s.web.client.RestTemplate              : Accept=[text/plain, application/json, application/cbor, application/*+json, */*]
2020-02-19 22:31:49.912 DEBUG 1 --- [qtp876823802-16] o.s.web.client.RestTemplate              : Response 200 OK
2020-02-19 22:31:49.913 DEBUG 1 --- [qtp876823802-16] o.s.web.client.RestTemplate              : Reading to [java.lang.String] as "application/json"
2020-02-19 22:31:49.951 DEBUG 1 --- [qtp876823802-16] o.s.web.client.RestTemplate              : HTTP GET https://oauth-test-server.auth.us-east-1.amazoncognito.com/oauth2/userInfo
2020-02-19 22:31:49.953 DEBUG 1 --- [qtp876823802-16] o.s.web.client.RestTemplate              : Accept=[application/json, application/cbor, application/*+json]
2020-02-19 22:31:50.350 DEBUG 1 --- [qtp876823802-16] o.s.web.client.RestTemplate              : Response 200 OK
2020-02-19 22:31:50.351 DEBUG 1 --- [qtp876823802-16] o.s.web.client.RestTemplate              : Reading to [java.util.Map<java.lang.String, java.lang.Object>]
2020-02-19 22:31:50.400 DEBUG 1 --- [qtp876823802-16] o.s.web.client.RestTemplate              : HTTP GET https://cognito-idp.us-east-1.amazonaws.com/us-east-1_JGxOSUxA9/.well-known/jwks.json
2020-02-19 22:31:50.400 DEBUG 1 --- [qtp876823802-16] o.s.web.client.RestTemplate              : Accept=[text/plain, application/json, application/cbor, application/*+json, */*]
2020-02-19 22:31:50.496 DEBUG 1 --- [qtp876823802-16] o.s.web.client.RestTemplate              : Response 200 OK
2020-02-19 22:31:50.497 DEBUG 1 --- [qtp876823802-16] o.s.web.client.RestTemplate              : Reading to [java.lang.String] as "application/json"
2020-02-19 22:31:50.506  WARN 1 --- [qtp876823802-16] org.eclipse.jetty.server.HttpChannel     : /login/oauth2/code/oidc

java.lang.NullPointerException: null
        at org.eclipse.hawkbit.autoconfigure.security.JwtAuthoritiesExtractor.extract(OidcUserManagementAutoConfiguration.java:253)
        at org.eclipse.hawkbit.autoconfigure.security.JwtAuthoritiesExtractor.extract(OidcUserManagementAutoConfiguration.java:242)
        at org.eclipse.hawkbit.autoconfigure.security.JwtAuthoritiesOidcUserService.loadUser(OidcUserManagementAutoConfiguration.
Luis Alfredo da Silva
@xyklex
now I think all this error is because the claims, that the server should return
Dominic Schabel
@schabdo

I think all this error is because the claims, that the server should return

Exactly. Seems like the claims don’t contain a “resource_access” section

Luis Alfredo da Silva
@xyklex
@schabdo yes I found what the issue is, I added the resource_access claim, but it is looking for it on Access Token claims, and Cognito does not allows me to change access token claims, but only on ID Token (which is were I added it while I tested it)
Luis Alfredo da Silva
@xyklex
I don't know too much about Oauth2/OpenID Connect protocols, do you know why the claim is took from this key and not from ID Token
Luis Alfredo da Silva
@xyklex

I tried to just replace on code the line hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/OidcUserManagementAutoConfiguration.java:149 with

        final Set<GrantedAuthority> authorities = authoritiesExtractor.extract(clientRegistration,
                userRequest.getIdToken().getTokenValue());

using the ID token instead, but I keep getting redirected to the error fallback page, but now without a error stack trace, and with Completed 200 OK as last line in console.