Closed ddunlap2005 closed 4 years ago
pattivacek
commented
4 years ago GET /director/2.root.json fails with 424 Failed Dependency (root_role_not_found)
I can't speak to the rest, but this particular line isn't an error; that just means there isn't a v2 of the Root metadata, which is expected if you haven't rotated your Root and it hasn't expired and gotten refreshed.
ddunlap2005
commented
4 years ago Thanks @patrickvacek for your response and thank you to your team for making this software available. I have customers interested in an on-premise solution for a TUF-compliant OTA update mechanism and have been trying to get a PoC ready to show them.
Is there a matrix (or some dependency graph of some type) on what versions of the server images work with each other and work with the various releases of Aktualizr?
Is there a plan to update the ota-community-edition code to something that will work with the latest Aktualizr?
For myself, I started with ota-community-edition master with it's 2 year old image versions; then moved to Andy Doan's Foundries.io version with it's 1 year old images. I am now trying to use the most recent "releases":
# images
mysql_docker_image: mariadb:10.3.14
app_docker_image: advancedtelematic/ota-plus-web:1.1.0-223-gabe7eab
campaigner_docker_image: advancedtelematic/campaigner:0.4.1-53-g92a95c9
campaigner_daemon_docker_image: advancedtelematic/campaigner:0.4.1-53-g92a95c9
device_registry_docker_image: advancedtelematic/device-registry:0.3.0-39-gfcd5185
treehub_docker_image: advancedtelematic/treehub:0.1.27-66-g51a318a
tuf_keyserver_daemon_docker_image: advancedtelematic/tuf-keyserver:0.7.0-108-g857ad2b
tuf_keyserver_docker_image: advancedtelematic/tuf-keyserver:0.7.0-108-g857ad2b
tuf_reposerver_docker_image: advancedtelematic/tuf-reposerver:0.7.0-108-g857ad2b
director_daemon_docker_image: advancedtelematic/director:0.8.0-80-gc7fbee9
director_docker_image: advancedtelematic/director:0.8.0-80-gc7fbee9
web_events_docker_image: advancedtelematic/web-events:0.0.24-20-g10a5799I now have a successful device registration but have not successfully updated the device yet due to being unable to create a campaign in the web GUI (it cannot find a suitable update). I only got to this point late last night and haven't had much of a chance to debug it yet.
I am seeing a situation that looks similar to https://github.com/advancedtelematic/aktualizr/issues/1646. The difference, I have just created my environment from scratch just a few hours ago. I am using a slightly updated version of Ota-community-edition with support for ota-tuf 0.4 build-in encryption (from Foundies.io). Specifically, the image versions I am using are:
The ota.ca server seems to come up without issue and I see the keyserver-daemon generating 8 keys. 4 for the director repo and 4 for the reposerver repo. The web GUI looks good and I can see my images list. When I run 'make new-client', I see a new device appear (fixed the change in deviceUuid to uuid name change on the PUT "${api}/device-registry/proxy/api/v1/devices" line).
I am building the 'thud' version of the qemu device using the instructions from the OTA Connect Developers Guide with the aktualizr systemd service disabled. I start the client (with the run-qemu-ota script). I upload the device credentials (I modified make 'new-client' to upload the root.crt and gateway.url as well as client.pem and key.pem and place them in /var/sota/import) and I run 'aktualizr once' to try to register.
I get a lot of logs. But the highlights are:
The keys are all generated from the start.sh script and the code matches the instructions in the OTA Connect Developer's Guide for device provisioning. The keys have an expiry date of 1 year; they cannot be expired after < 1 hour.
Any idea what I need to look at to debug this issue?
P.S. It takes me only a few minutes to replicate this environment from scratch. I can provide whatever logs might be needed.