[openBalena, balenaMachine] User would like to run `balena fleet create` in an air-gapped (no internet) environment

[jellyfish-bot]

[rahul-thakoor] There may be cases where users have an openBalena instance or balena on prem instance in an air-gapped network. There are commands that error in such cases since they require contacting services external to the instance. One example is balena fleet create command which calls our s3 repo to get a list of supported devices if the --type option is not specified.

[jellyfish-bot]

[rahul-thakoor] This issue has attached support thread https://jel.ly.fish/fd47d0d2-9a53-43c8-9453-e906d7791e46

[jellyfish-bot]

[pdcastro] This issue has attached support thread https://jel.ly.fish/ce70c1de-e821-4f10-8912-d55af99bbcab

[pdcastro]

Re balena fleet create, I gather that the balena CLI uses the balena SDK's models.application.create() method, and that SDK method retrieves the device manifest from S3 (regardless of the --type flag being used) as coded in the following lines:

• https://github.com/balena-io/balena-sdk/blob/v15.48.3/lib/models/application.ts#L693-L713
• https://github.com/balena-io/balena-sdk/blob/v15.48.3/lib/models/device.ts#L1395
• https://github.com/balena-io/balena-sdk/blob/v15.48.3/lib/models/config.ts#L146-L151

          const deviceTypeIdPromise = deviceModel()
              .getManifestBySlug(deviceType)

          const deviceTypes = await configModel().getDeviceTypes();

          const { body: deviceTypes } = await request.send({
              method: 'GET',
              url: '/device-types/v1',
              baseUrl: apiUrl,
          });

I understand that the SDK retrieves the device type manifest with 2 purposes:

• To disambiguate device type aliases, e.g. "nuc" being an alias for "intel-nuc", or "raspberrypi" being an alias for "raspberry-pi".
• To determine whether the device type status has changed to "DISCONTINUED", in which case an error is thrown.

In turn, the SDK queries the /device-types/v1 endpoint from openbalena-api:

• https://github.com/balena-io/open-balena-api/blob/v0.155.5/src/features/device-types/index.ts#L11
• https://github.com/balena-io/open-balena-api/blob/v0.155.5/src/features/device-types/device-types.ts#L84
• https://github.com/balena-io/open-balena-api/blob/v0.155.5/src/features/device-types/storage/s3.ts#L79
• https://github.com/balena-io/open-balena-api/blob/v0.155.5/src/features/device-types/storage/s3.ts#L7
• https://github.com/balena-io/open-balena-api/blob/v0.155.5/src/lib/config.ts#L172

Where the S3 bucket URL / hostname comes from environment variable IMAGE_STORAGE_BUCKET, which open-balena hardcodes as s3.amazonaws.com:

• https://github.com/balena-io/open-balena/blob/v3.4.1/compose/services.yml#L36

    IMAGE_STORAGE_ENDPOINT: s3.amazonaws.com

Hence accessing the internet.

I don't think it is a case of documenting how to run balena fleet create (the balena CLI) in an air-gapped environment, as I understand open-balena relies on the AWS S3 endpoint (s3.amazonaws.com) as per configuration above. Rather, it is a case of recording that this scenario is required by some users and not currently offered by balena. Accordingly, I am changing this issue's title, I have created open-balena issue balena-io/open-balena/issues/129 and will also record the feature request in balena's support system (JF pattern) for discussion in the product improvement loop.