Due to a change in the balena-supervisor codebase, only balenaOS
versions <= 2.49.0 are working with open-balena.
This documentation change is a band-aid while we resolve the issue.
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
Acquiring a staging certificiate from LetsEncrypt was failing, so acme.sh was
updated to version 2.8.5, which includes support for using ACMEv2 on the
LetsEncrypt servers.
Changes to the state flow to make access retries infinite as it became apparent
that in some scenarios the certificate acquisition could fail to occur due to
containers taking longer to become accessible.
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
Update open-balena-s3 to 2.8.3
This makes new installations of openBalena use the S3 container as a
storage backend for the Registry service by default. Existing installs
should not be affected.
Change-type: major
Signed-off-by: Rich Bayliss <rich@balena.io>
Update open-balena-registry to 2.11.1
This allows the registry to use an S3 bucket for storing images.
Change-type: minor
Signed-off-by: Rich Bayliss <rich@balena.io>
- remove some `.gitignore` entries as this is also honoured by `balena push`
- added a step to `scripts/quickstart` to produce a single, flat `docker-compose.yml` after running
- set the compose file versions to `2.0` to ensure only supported terms are used in the `docker-compose.yml` file output
- quoted empty env values as these need to be passed in as blank, and not ommitted
- include the MDNS publisher service IF the domain being used is a .local one
- corrected spelling of macOS in script messages
- move sidecar container source into ./src as per convention
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
Update open-balena-registry to 2.7.0
This allows registry to be configured to use its internal Redis instance for caching. It is still disabled by default though.
Change-type: minor
Update open-balena-api from 0.11.8 to 0.19.5
This brings in the latest bugfixes and changes.
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
Credentials for S3 can now be specified using the
following docker-compose based envvars:
* S3_MINIO_ACCESS_KEY
* S3_MINIO_SECRET_KEY
Connects-to: #48
Change-type: minor
Signed-off-by: Heds Simons <heds@balena.io>
For convenience, also add instructions what to install.
Tha change also addresses invalid usage of 'local' outside of a function.
Change-type: patch
Signed-off-by: Roman Mazur <mazur.roman@gmail.com>
The VPN CA shouldn't need to be signed by the same CA that the HAproxy service
certificate is signed by. By removing this chain we are able to use a
different CA for the HTTPS services without impacting on the VPN service.
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
In order to have concrete releases of openBalena we should pin each
service to a given version. This PR is the start of this and marks
the first version of openBalena with known service tags.
Change-type: major
Signed-off-by: Rich Bayliss <rich@balena.io>
Add a service which will acquire certificates from an ACME cert
provider, such as LetsEncrypt (), to allow an openBalena instance
to use a publicly trusted certificate instead of the self-signed
one it wil generate on setup.
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
We are currently exposing the DB and Redis ports to the host, making the services externally accessible, which is very useful for a development environment.
`docker-compose` is however the only deployment method we currently support, and our Getting Started guide uses the very same configuration to guide users through the process of deploying open-balena on a public server (mostly because it’s easier with regards to DNS). This means we’re effectively guiding users to deploy open-balena in a very insecure way.
This commit removes host port bindings for the database and Redis services, effectively making them externally inaccessible.
Fixes#34
Change-type: minor
