mender -log-level info -rootfs https://<my IP address>:8000/release-3.6.2.mender
INFO[0000] Performing remote update from: [https://<my IP address>:8000/release-3.6.2.mender]. module=rootfsERRO[0130] Can not fetch update image: Get https://<my IP address>:8000/release-3.6.2.mender: dial tcp <my IP address>:8000: getsockopt: connection timed out module=client_updateERRO[0130] rootfs: error while updating image from command line: update fetch request failed: Get https://<my IP address>:8000/release-3.6.2.mender: dial tcp <my IP address>:8000: getsockopt: connection timed out module=main
mender -log-level info -rootfs https://<my IP address>:443/release-3.6.2.mender
INFO[0000] Performing remote update from: [https://<my IP address>:443/release-3.6.2.mender]. module=rootfsERRO[0000] Can not fetch update image: Get https:<my IP address>:443/release-3.6.2.mender: x509: certificate signed by unknown authority module=client_updateERRO[0000] rootfs: error while updating image from command line: update fetch request failed: Get https://<my IP address>:443/release-3.6.2.mender: x509: certificate signed by unknown authority module=main
That said, I'm not sure you can rely on that as a persistent way to access the artifacts. Since they are generated, with a timeout, the URLs will not always be valid. I suspect you will be better off using a separate file server for this.
Hi Drew,thanks for your reply. I tested port 9000 as you mentioned but still no hope and it does show the unauthorized certificate. The issue is that it is clearly mentioned in the Mender documentation page "version 1" ( "Deploy the new artifact to device" section) that it is possible to draw the artifacts from the client side. I know that Documentation 1 is quite old but I hoped that such feature are still supported even for the new versions.
That said, I'm not sure you can rely on that as a persistent way to access the artifacts. Since they are generated, with a timeout, the URLs will not always be valid. I suspect you will be better off using a separate file server for this.you mean it is not possible to access artifacts from outside the server and the only way is that I have to generate the artifact download link through the web GUI ?
--
You received this message because you are subscribed to the Google Groups "Mender List mender.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mender+un...@lists.mender.io.
To post to this group, send email to men...@lists.mender.io.
Visit this group at https://groups.google.com/a/lists.mender.io/group/mender/.
Thanks Mirza and Vladimir for your clarifications, then I will try to upload my artifacts to ftb server and use its URL to call using "mender -rootfs URL" and get back with results. Thanks all again for your help.
{"uri":"https://my-Mender-Server-URI:9000/mender-artifact-storage/d5ab385b-782f-4fc1-839b-44f875ca1e50?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=mender-deployments%2F20180903%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20180903T100449Z\u0026X-Amz-Expires=900\u0026X-Amz-SignedHeaders=host\u0026response-content-type=application%2Fvnd.mender-artifact\u0026X-Amz-Signature=e43087c56d9efd8dcbbbd23d0143ccb8426a57a55032bb144cee78f84702c40c","expire":"2018-09-03T10:19:49.82647177Z"}
mender -log-level info -rootfs https://my-Mender-Server-URI:9000/mender-artifact-storage/d5ab385b-782f-4fc1-839b-44f875ca1e50?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=mender-deployments%2F20180903%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20180903T100449Z\u0026X-Amz-Expires=900\u0026X-Amz-SignedHeaders=host\u0026response-content-type=application%2Fvnd.mender-artifact\u0026X-Amz-Signature=e43087c56d9efd8dcbbbd23d0143ccb8426a57a55032bb144cee78f84702c40c
INFO[0000] Performing remote update from: [https://my-Mender-Server-URI:9000/mender-artifact-storage/d5ab385b-782f-4fc1-839b-44f875ca1e50?X-Amz-Algorithm=AWS4-HMAC-SHA256u0026X-Amz-Credential=mender-deployments%2F20180903%2Fus-east-1%2Fs3%2Faws4_requestu0026X-Amz-Date=20180903T095842Zu0026X-Amz-Expires=900u0026X-Amz-SignedHeaders=hostu0026response-content-type=application%2Fvnd.mender-artifactu0026X-Amz-Signature=59a2022b30a6f38eb5b9672faf128de3e6db99b411710361924526a3ba0baa37]. module=rootfsERRO[0000] Can not fetch update image: Get https://my-Mender-Server-URI:9000/mender-artifact-storage/d5ab385b-782f-4fc1-839b-44f875ca1e50?X-Amz-Algorithm=AWS4-HMAC-SHA256u0026X-Amz-Credential=mender-deployments%2F20180903%2Fus-east-1%2Fs3%2Faws4_requestu0026X-Amz-Date=20180903T095842Zu0026X-Amz-Expires=900u0026X-Amz-SignedHeaders=hostu0026response-content-type=application%2Fvnd.mender-artifactu0026X-Amz-Signature=59a2022b30a6f38eb5b9672faf128de3e6db99b411710361924526a3ba0baa37: x509: certificate signed by unknown authority module=client_updateERRO[0000] rootfs: error while updating image from command line: update fetch request failed: Get https://my-Mender-Server-URI:9000/mender-artifact-storage/d5ab385b-782f-4fc1-839b-44f875ca1e50?X-Amz-Algorithm=AWS4-HMAC-SHA256u0026X-Amz-Credential=mender-deployments%2F20180903%2Fus-east-1%2Fs3%2Faws4_requestu0026X-Amz-Date=20180903T095842Zu0026X-Amz-Expires=900u0026X-Amz-SignedHeaders=hostu0026response-content-type=application%2Fvnd.mender-artifactu0026X-Amz-Signature=59a2022b30a6f38eb5b9672faf128de3e6db99b411710361924526a3ba0baa37: x509: certificate signed by unknown authority module=main
Thank you very much Mirza. I actually just discovered that very few hours ago and I was testing this way either. It is more a professional way and better than using FTP/http file servers to upload the mender artifacts and download them on the RPI. I have just very small issue.I used the API's, logged to the Mender server and I obtained the JWT. Now I used it to obtain the dynamic link for downloading the artifact and I obtained something like this from the Mender server:
{"uri":"https://my-Mender-Server-URI:9000/mender-artifact-storage/d5ab385b-782f-4fc1-839b-44f875ca1e50?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=mender-deployments%2F20180903%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20180903T100449Z\u0026X-Amz-Expires=900\u0026X-Amz-SignedHeaders=host\u0026response-content-type=application%2Fvnd.mender-artifact\u0026X-Amz-Signature=e43087c56d9efd8dcbbbd23d0143ccb8426a57a55032bb144cee78f84702c40c","expire":"2018-09-03T10:19:49.82647177Z"}
I stopped the mender.service on the RPI and performed the mender command with the supplied URI from the Mender server:
mender -log-level info -rootfs https://my-Mender-Server-URI:9000/mender-artifact-storage/d5ab385b-782f-4fc1-839b-44f875ca1e50?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=mender-deployments%2F20180903%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20180903T100449Z\u0026X-Amz-Expires=900\u0026X-Amz-SignedHeaders=host\u0026response-content-type=application%2Fvnd.mender-artifact\u0026X-Amz-Signature=e43087c56d9efd8dcbbbd23d0143ccb8426a57a55032bb144cee78f84702c40c
However I still get the certifcate problem: This is exaclty the response -->
INFO[0000] Performing remote update from: [https://my-Mender-Server-URI:9000/mender-artifact-storage/d5ab385b-782f-4fc1-839b-44f875ca1e50?X-Amz-Algorithm=AWS4-HMAC-SHA256u0026X-Amz-Credential=mender-deployments%2F20180903%2Fus-east-1%2Fs3%2Faws4_requestu0026X-Amz-Date=20180903T095842Zu0026X-Amz-Expires=900u0026X-Amz-SignedHeaders=hostu0026response-content-type=application%2Fvnd.mender-artifactu0026X-Amz-Signature=59a2022b30a6f38eb5b9672faf128de3e6db99b411710361924526a3ba0baa37]. module=rootfsERRO[0000] Can not fetch update image: Get https://my-Mender-Server-URI:9000/mender-artifact-storage/d5ab385b-782f-4fc1-839b-44f875ca1e50?X-Amz-Algorithm=AWS4-HMAC-SHA256u0026X-Amz-Credential=mender-deployments%2F20180903%2Fus-east-1%2Fs3%2Faws4_requestu0026X-Amz-Date=20180903T095842Zu0026X-Amz-Expires=900u0026X-Amz-SignedHeaders=hostu0026response-content-type=application%2Fvnd.mender-artifactu0026X-Amz-Signature=59a2022b30a6f38eb5b9672faf128de3e6db99b411710361924526a3ba0baa37: x509: certificate signed by unknown authority module=client_updateERRO[0000] rootfs: error while updating image from command line: update fetch request failed: Get https://my-Mender-Server-URI:9000/mender-artifact-storage/d5ab385b-782f-4fc1-839b-44f875ca1e50?X-Amz-Algorithm=AWS4-HMAC-SHA256u0026X-Amz-Credential=mender-deployments%2F20180903%2Fus-east-1%2Fs3%2Faws4_requestu0026X-Amz-Date=20180903T095842Zu0026X-Amz-Expires=900u0026X-Amz-SignedHeaders=hostu0026response-content-type=application%2Fvnd.mender-artifactu0026X-Amz-Signature=59a2022b30a6f38eb5b9672faf128de3e6db99b411710361924526a3ba0baa37: x509: certificate signed by unknown authority module=mainHave you any ideas please what is the reason?
mender -log-level info -rootfs https://<my-mender-server>:9000/mender-artifact-storage/481b8457-01ae-4496-87a0-3585be56e3db?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=mender-deployments%2F20180903%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20180903T135503Z\u0026X-Amz-Expires=900\u0026X-Amz-SignedHeaders=host\u0026response-content-type=application%2Fvnd.mender-artifact\u0026X-Amz-Signature=9b0d63bddfdb4db8ba6a4a2e84bd371a308b0aa1ecbaa48175ae0b7cd61fee75
INFO[0000] Performing remote update from: [https://<my-mender-server>:9000/mender-artifact-storage/481b8457-01ae-4496-87a0-3585be56e3db?X-Amz-Algorithm=AWS4-HMAC-SHA256u0026X-Amz-Credential=mender-deployments%2F20180903%2Fus-east-1%2Fs3%2Faws4_requestu0026X-Amz-Date=20180903T135503Zu0026X-Amz-Expires=900u0026X-Amz-SignedHeaders=hostu0026response-content-type=application%2Fvnd.mender-artifactu0026X-Amz-Signature=9b0d63bddfdb4db8ba6a4a2e84bd371a308b0aa1ecbaa48175ae0b7cd61fee75]. module=rootfsERRO[0000] Error fetching shcheduled update info: code (403) module=client_updateERRO[0000] rootfs: error while updating image from command line: Error receiving scheduled update information. module=main
Hmm interesting.I am assuming that you are using self-signed certificates and this might be what is causing this problem as it does not seem that the "/etc/mender/server.crt" is loaded when running "mender -rootfs" but it is when running "mender -daemon". Will need to look in to this a bit more.You could try appending the "server.crt" content to "/etc/ssl/certs/ca-certificates.crt" to see if that "fixes" your problem.
mender -data="/data/mender/" -debug -config="/etc/mender/mender.conf" -trusted-certs="/etc/mender/server.crt" -rootfs https://<my mender URL>.com:9000/mender-artifact-storage/481b8457-01ae-4496-87a0-3585be56e3db?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=mender-deployments%2F20180903%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20180903T144003Z\u0026X-Amz-Expires=900\u0026X-Amz-SignedHeaders=host\u0026response-content-type=application%2Fvnd.mender-artifact\u0026X-Amz-Signature=e8978077e74e2075dd3ed35f2608ece54766151e6778eb33189cc9e916949ce7
DEBU[0000] Reading Mender configuration from file /etc/mender/mender.conf module=configDEBU[0000] Read data from device manifest file: device_type=raspberrypi3 module=menderDEBU[0000] Found needed line: device_type=raspberrypi3 module=menderDEBU[0000] Current manifest data: raspberrypi3 module=menderDEBU[0000] Starting device update. module=rootfsINFO[0000] Performing remote update from: [https://<my mender URL>:9000/mender-artifact-storage/481b8457-01ae-4496-87a0-3585be56e3db?X-Amz-Algorithm=AWS4-HMAC-SHA256u0026X-Amz-Credential=mender-deployments%2F20180903%2Fus-east-1%2Fs3%2Faws4_requestu0026X-Amz-Date=20180903T144003Zu0026X-Amz-Expires=900u0026X-Amz-SignedHeaders=hostu0026response-content-type=application%2Fvnd.mender-artifactu0026X-Amz-Signature=e8978077e74e2075dd3ed35f2608ece54766151e6778eb33189cc9e916949ce7]. module=rootfsINFO[0000] API Gateway certificate (in PEM format):-----BEGIN CERTIFICATE-----MIIBtDCCAVugAwIBAgIJALPPh4OBT2sDMAoGCCqGSM49BAMCMDcxNTAzBgNVBAMMLGJkdXBkYXRlc2VydmVyLndlc3RldXJvcGUuY2xvdWRhcHAuYXp1cmUuY29tMB4XDTE4MDIwODA5NTYxOVoXDTI4MDIwNjA5NTYxOVowNzE1MDMGA1UEAwwsYmR1cGRhdGVzZXJ2ZXIud2VzdGV1cm9wZS5jbG91ZGFwcC5henVyZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASpQ6Dim3xJbWEsSobN2ikPZBfdJqFesgLcyFQ/UwimNpJRD0na7FocnDaeft8VTJqB+JR2k9/Y9ThYwIIABq16o1AwTjAdBgNVHQ4EFgQUhb0YvKvQu4uP2EiFSk4WhasWY/AwHwYDVR0jBBgwFoAUhb0YvKvQu4uP2EiFSk4WhasWY/AwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiAGk8BndimdeH6Uq2DNu8L6I6Lz3WN5F0YAldDWY04gNQIgYXPctXXn3cOqA80L7OtboQhsCsGajwKFBvaMQ2asYp0=-----END CERTIFICATE----------BEGIN CERTIFICATE-----MIIBtjCCAVugAwIBAgIJAJJi0SGV0B7AMAoGCCqGSM49BAMCMDcxNTAzBgNVBAMMLGJkdXBkYXRlc2VydmVyLndlc3RldXJvcGUuY2xvdWRhcHAuYXp1cmUuY29tMB4XDTE4MDIwODA5NTYxOVoXDTI4MDIwNjA5NTYxOVowNzE1MDMGA1UEAwwsYmR1cGRhdGVzZXJ2ZXIud2VzdGV1cm9wZS5jbG91ZGFwcC5henVyZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQl25RowX49fKIFaOrqvTmDTvX20+ZjGgkPYF9rRwxeIF+eG+DE/u3fSZ4j24T6sMC5gL1pCwHMoy5BOfL6pr8Bo1AwTjAdBgNVHQ4EFgQUHvrwhz2A7JLr2bMJ9PrUPRFCj2EwHwYDVR0jBBgwFoAUHvrwhz2A7JLr2bMJ9PrUPRFCj2EwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEA1peBiC+EpxfCpfck1AZ10AT54pno26lfPsehDJvO08gCIQC2kFqf0z9BsEz5oQa6igklCKuS7shxr00D3U+YKzV2xQ==-----END CERTIFICATE----- module=clientINFO[0000] Issuer: [], Valid from: 2018-02-08 09:56:19 +0000 UTC, Valid to: 2028-02-06 09:56:19 +0000 UTC module=clientDEBU[0000] Client initialized. Start downloading image. module=rootfsDEBU[0000] Received fetch update response &{403 Forbidden 403 HTTP/1.1 1 1 map[Vary:[Origin] X-Amz-Request-Id:[IVYJFA42HYZ3HIVG] Server:[openresty/1.11.2.2] Content-Type:[text/xml; charset=utf-8] Connection:[keep-alive] Date:[Mon, 03 Sep 2018 14:40:31 GMT] Accept-Ranges:[bytes]] 0x12530b00 -1 [chunked] false false map[] 0x12370300 0x126a3440}+ module=client_update
ERRO[0000] Error fetching shcheduled update info: code (403) module=client_update
DEBU[0000] Image downloaded: -1 [<nil>] [Error receiving scheduled update information.] module=rootfs
ERRO[0000] rootfs: error while updating image from command line: Error receiving scheduled update information. module=main