Fwd: Mender client authentication failed

[Javier Talens]

Forwarded conversation
Subject: Mender client authentication failed
------------------------

From: <ahmedabde...@gmail.com>
Date: Thu, Jun 15, 2017 at 3:12 PM
To: mender <men...@lists.mender.io>

Hi everyone,

I followed the mender tutorial to "setup a test environment" https://docs.mender.io/1.1/getting-started/create-a-test-environment . I used an Ubuntu virtual machine with virtual box. I managed to have the Mender UI web interface up and running and till here, it is fine. 

I bitbaked an image for RPI3 with "meta-mender-raspberrypi". The image has no issues at all and it boots very well, even I used it to deploy updates on the device by an USB (Step: Standalone deployments) 

 

My problem is at step: "Deploy to Physical devices", which is the remote updating part. I followed every thing in the tutorial, but still my RPI can not be shown in the web UI. Could be the problem that I am using Virtual machine ?

Some Info:

1- Inside my virtual machine (Workstation), when I do "ifconfig" I get alot of interfaces, but the first one is

 

br-238d865a77eb Link encap:Ethernet  HWaddr 02:42:05:66:23:97  

          inet addr:172.18.0.1  Bcast:0.0.0.0  Mask:255.255.0.0

on my Pi, when I ping its address, it works. This means the pi can see this virtual machine. 

2- When I install the certificates on the mender server. I modify the "docker-compose.demo.yml" file inside the directory "integration-1.0.1", e.g I add those parts mentioned at Certificates and keys which corresponds to API Gateway,Storage Proxy,User Administration and Device Authentication sections. 

3- on the PI, the systemctl status mender.service shows the following error: the time is correct on my device!

Jun 15 14:36:21 RPI mender[502]: time="2017-06-15T14:36:21+02:00" level=info msg="Mender state: bootstrapped -> authorize-wait" module=mender
Jun 15 14:36:21 RPI mender[502]: level=info msg="Mender state: bootstrapped -> authorize-wait" module=mender
Jun 15 14:41:21 RPI mender[502]: level=info msg="Mender state: authorize-wait -> bootstrapped" module=mender
Jun 15 14:41:21 RPI mender[502]: time="2017-06-15T14:41:21+02:00" level=info msg="Mender state: authorize-wait -> bootstrapped" module=mender
Jun 15 14:43:31 RPI mender[502]: level=error msg="authorize failed: transient error: authorization request failed: failed to execute authorization request: Post https://docker.mender.io/api/devices/v1/authentication/auth_req
Jun 15 14:43:31 RPI mender[502]: level=info msg="Mender state: bootstrapped -> authorize-wait" module=mender
Jun 15 14:43:31 RPI mender[502]: time="2017-06-15T14:43:31+02:00" level=error msg="authorize failed: transient error: authorization request failed: failed to execute authorization request: Post https://docker.mender.io/api/d
Jun 15 14:43:31 RPI mender[502]: time="2017-06-15T14:43:31+02:00" level=info msg="Mender state: bootstrapped -> authorize-wait" module=mender
Jun 15 14:48:31 RPI mender[502]: level=info msg="Mender state: authorize-wait -> bootstrapped" module=mender
Jun 15 14:48:31 RPI mender[502]: time="2017-06-15T14:48:31+02:00" level=info msg="Mender state: authorize-wait -> bootstrapped" module=mender

I am stuck at this point, please help, if any one configured mender server for RPI!

Thanks in advance,

Ahmed

 

--
You received this message because you are subscribed to the Google Groups "mender" group.
To post to this group, send email to men...@lists.mender.io.
Visit this group at https://groups.google.com/a/lists.mender.io/group/mender/.
To view this discussion on the web visit https://groups.google.com/a/lists.mender.io/d/msgid/mender/555445b3-6648-45e9-8339-51b4f6cfa79b%40lists.mender.io.

----------
From: 'Greg' via mender <men...@lists.mender.io>
Date: Thu, Jun 15, 2017 at 3:55 PM
To: mender <men...@lists.mender.io>
Cc: ahmedabde...@gmail.com

Hi,

"https://docker.mender.io/api/devices/v1/authentication/auth_req" appears in the logs.

Have you modified your /etc/hosts file to point to the IP of your virtual machine?

Thanks,

Greg

To view this discussion on the web visit https://groups.google.com/a/lists.mender.io/d/msgid/mender/9ca51c2b-adad-4b0f-8d83-b4766e0c50c9%40lists.mender.io.

----------
From: <ahmedabde...@gmail.com>
Date: Thu, Jun 15, 2017 at 4:17 PM
To: mender <men...@lists.mender.io>
Cc: ahmedabde...@gmail.com, gregorio....@northern.tech

Hi Greg,

yes it appears. Sorry I forgot to post the complete error from the mender client service. When I took the copy the first time, it didn't catch the whole screen.

level=error msg="authorize failed: transient error: authorization request failed: failed to execute authorization request: Post https://docker.mender.io/api/devices/v1/authentication/auth_r : dial tcp 10.104.3.65:443: getsockopt: connection timed out" module=state

what could does this mean "connection time out" , however when I "ping 10.104.3.65" , it works but "telnet 10.104.3.65 443" does not respond. 

Have you modified your /etc/hosts file to point to the IP of your virtual machine?

yes I did. I followed the tutorial more than time.  

Could it be the modifications inside "docker-compose.demo.yml" ? I added the corresponding lines from Certificates and keys of the sections API Gateway,Storage Proxy,User Administration and Device Authentication to that file "docker-compose.demo.yml" and run "sudo ./up" !!

Thanks,

Ahmed

To view this discussion on the web visit https://groups.google.com/a/lists.mender.io/d/msgid/mender/2ab45070-459d-4181-9505-40f7aae43998%40lists.mender.io.

----------
From: 'Greg' via mender <men...@lists.mender.io>
Date: Thu, Jun 15, 2017 at 4:46 PM
To: mender <men...@lists.mender.io>
Cc: ahmedabde...@gmail.com

Is 10.104.3.65 your virtual machine IP address? 

Run `docker ps` on this machine, can you see if port 443 is exposed? It should be. 

To view this discussion on the web visit https://groups.google.com/a/lists.mender.io/d/msgid/mender/586eef04-cf1b-4e39-ad67-4662fd881709%40lists.mender.io.

----------
From: <ahmedabde...@gmail.com>
Date: Thu, Jun 15, 2017 at 4:55 PM
To: mender <men...@lists.mender.io>
Cc: ahmedabde...@gmail.com, gregorio....@northern.tech

Is 10.104.3.65 your virtual machine IP address?  

Yes this is the VM address. It pings from the PI, but telnet 10.104.3.65 does not respond !! 

Run `docker ps` on this machine, can you see if port 443 is exposed? It should be.  

Yes it is there: 

CONTAINER ID        IMAGE                                               COMMAND                  CREATED             STATUS                  PORTS                    NAMES

8cc3cf44d7c6        mendersoftware/openresty:1.11.2.2-alpine            "/usr/local/openre..."   2 hours ago         Up 6 seconds            0.0.0.0:9000->9000/tcp   integration101_storage-proxy_1

2921a122bfac        mendersoftware/minio:RELEASE.2016-12-13T17-19-42Z   "minio server /export"   2 hours ago         Up 8 seconds            9000/tcp                 integration101_minio_1

388e703dade6        mendersoftware/api-gateway:1.0.0                    "/entrypoint.sh"         3 hours ago         Up 3 seconds            0.0.0.0:443->443/tcp     integration101_mender-api-gateway_1

 

To view this discussion on the web visit https://groups.google.com/a/lists.mender.io/d/msgid/mender/fa5fbaca-6d28-48c2-a55d-f1f4c1b471fa%40lists.mender.io.

----------
From: <ahmedabde...@gmail.com>
Date: Thu, Jun 15, 2017 at 8:49 PM
To: mender <men...@lists.mender.io>
Cc: ahmedabde...@gmail.com

Hi Drew, 

Thanks for your reply. I am standing inside an internal network in my working lab, this could be the reason, but I will run the same procedures again at my home where there are no restrictions.

I will let you all know. 

Many thanks again for your responds,

regards,

Ahmed

On Thursday, June 15, 2017 at 7:39:41 PM UTC+2, Drew Moseley wrote:

I wouldn’t expect a direct telnet to respond unless you happen to be running a telnet daemon on your VM.

From your Pi, can you do the following?

$ ping docker.mender.io

$ nc docker.mender.io 443

In your Virtualbox setup, what kind of networking adapter are you using?

Drew

To post to this group, send email to men...@lists.mender.io.
Visit this group at https://groups.google.com/a/lists.mender.io/group/mender/.
To view this discussion on the web visit https://groups.google.com/a/lists.mender.io/d/msgid/mender/fa5fbaca-6d28-48c2-a55d-f1f4c1b471fa%40lists.mender.io.

--
You received this message because you are subscribed to the Google Groups "mender" group.
To post to this group, send email to men...@lists.mender.io.
Visit this group at https://groups.google.com/a/lists.mender.io/group/mender/.
To view this discussion on the web visit https://groups.google.com/a/lists.mender.io/d/msgid/mender/c1f99e1e-2b27-4fb9-b6e4-a1eac7b116c8%40lists.mender.io.

----------
From: <ahmedabde...@gmail.com>
Date: Sun, Jun 18, 2017 at 12:49 PM
To: mender <men...@lists.mender.io>
Cc: ahmedabde...@gmail.com

Thank you so much for all your help and responds. Now after changing the network, I am able to see the RPI3 into the Mender UI.

Many thanks.

To view this discussion on the web visit https://groups.google.com/a/lists.mender.io/d/msgid/mender/a9597ae8-c874-48a0-b8d8-60263c349f8f%40lists.mender.io.

[Cevat Bostancıoğlu]

Hello can you tell little bit more about how to solved your problem i am in the same position too right now.

Cc: ahmedabde...@gmail.com, gregorio.di.stefano@northern.tech

Hi Greg,

yes it appears. Sorry I forgot to post the complete error from the mender client service. When I took the copy the first time, it didn't catch the whole screen.

level=error msg="authorize failed: transient error: authorization request failed: failed to execute authorization request: Post https://docker.mender.io/api/devices/v1/authentication/auth_r : dial tcp 10.104.3.65:443: getsockopt: connection timed out" module=state

what could does this mean "connection time out" , however when I "ping 10.104.3.65" , it works but "telnet 10.104.3.65 443" does not respond. 

Have you modified your /etc/hosts file to point to the IP of your virtual machine?

yes I did. I followed the tutorial more than time.  

Could it be the modifications inside "docker-compose.demo.yml" ? I added the corresponding lines from Certificates and keys of the sections API Gateway,Storage Proxy,User Administration and Device Authentication to that file "docker-compose.demo.yml" and run "sudo ./up" !!

Thanks,

Ahmed

To view this discussion on the web visit https://groups.google.com/a/lists.mender.io/d/msgid/mender/2ab45070-459d-4181-9505-40f7aae43998%40lists.mender.io.

----------
From: 'Greg' via mender <men...@lists.mender.io>
Date: Thu, Jun 15, 2017 at 4:46 PM
To: mender <men...@lists.mender.io>
Cc: ahmedabde...@gmail.com

Is 10.104.3.65 your virtual machine IP address? 

Run `docker ps` on this machine, can you see if port 443 is exposed? It should be. 

To view this discussion on the web visit https://groups.google.com/a/lists.mender.io/d/msgid/mender/586eef04-cf1b-4e39-ad67-4662fd881709%40lists.mender.io.

----------

From: <ahmedabde...@gmail.com>
Date: Thu, Jun 15, 2017 at 4:55 PM
To: mender <men...@lists.mender.io>

Cc: ahmedabde...@gmail.com, gregorio.di.stefano@northern.tech

[Ahmed abdelhalim]

Hi,

my problem that time was in the network which I was connected to it. The network has firewalls and it was behind proxy that is why it was not accepting the certificates. When I changed the internet connection (for example, my home DSL router) and performed the test again. It worked normally. you have to authorize the device in the WebUI as well.