Closed shaunco closed 10 months ago
For anyone else following along, esr-images
contains the "Extended Support Release" images as detailed here and is a very limited set of devices:
... so, esr-images
is not what I wanted, as it is missing the 3 device types I actually need 😅
As for the errors, there seem to be certain device types where everything has permissions set to not allow public access for reading files, but still allows listing files. For example, the error above is trying to read https://resin-production-img-cloudformation.s3.amazonaws.com/images/imx8mmebcrs08a1/2.100.3/device-type.json which gives access denied
(as does every other file in images/imx8mmebcrs08a1/*
), this causes contractSync
to be able to enumerate the files but not fetch the device-type.json
and thus the open-balena-api log gets flooded with these errors on first sync.
Seems like there are two possible fixes:
resin-production-img-cloudformation
permissions on these device types to either prohibit both LIST and GET, or permit GET.INCLUDE_IMAGES=iot-gate-imx8,generic-amd64,generic-aarch64
which could filter both the device type contracts
pulled from https://github.com/balena-io/contracts and the device type information
pulled from https://resin-production-img-cloudformation.s3.amazonaws.com/images/ ... as I would assume no open-balena instance actually needs every possible device type - and if they do, they can just not set INCLUDE_IMAGES
and it would fall back to the current behavior of grabbing everything.Closing in favor of https://github.com/balena-io/open-balena-api/issues/1433
Attempting to start an open-balena instance results in open-balena-api having hundreds of errors during startup that like:
As detailed in https://github.com/balena-io/balena-cli/issues/2322 and https://github.com/balena-io/open-balena/issues/129 by @pdcastro, open-balena points to balena-cloud's S3 bucket full of endpoint images.
At startup, open-belena-api grabs https://resin-production-img-cloudformation.s3.amazonaws.com/ to get a list of all available device types - this succeeds. open-balena-api then attempts to fetch
device-type.json
under each key. S3 returnsAccessDenied
for every one of those requests whenIMAGE_STORAGE_PREFIX
is set toimages
- which is the default at https://github.com/balena-io/open-balena/blob/ea07d43c5c7e98bb8b11c808b12428a46019c8d5/compose/services.yml#L34If I change
IMAGE_STORAGE_PREFIX
toesr-images
, then open-balena-api starts up without all the access denied errors ... but I'm not sure if that is giving me the right set of images or not.