v2.0.4

docs: note that balenaCLI is incompatible >12.2.2

.versionbot/CHANGELOG.yml

@@ -1,3 +1,73 @@
+- commits:
+    - subject: 'docs: note that balenaCLI is incompatible >12.2.2'
+      hash: 71a692b28b9c49e47dd8f490a0900b384b43b677
+      body: ''
+      footer:
+        Connects-to: '#85'
+        connects-to: '#85'
+        Change-type: patch
+        change-type: patch
+        Signed-off-by: Matthew McGinn <matthew@balena.io>
+        signed-off-by: Matthew McGinn <matthew@balena.io>
+      author: Matthew McGinn
+      nested: []
+  version: 2.0.4
+  date: 2020-10-08T19:37:59.881Z
+- commits:
+    - subject: 'docs: Add PSA about balenaOS version breakage'
+      hash: d33560755f5e121b1ee6524615b995d14982d35d
+      body: |
+        Due to a change in the balena-supervisor codebase, only balenaOS
+        versions <= 2.49.0 are working with open-balena.
+
+        This documentation change is a band-aid while we resolve the issue.
+      footer:
+        Change-type: patch
+        change-type: patch
+        Signed-off-by: Rich Bayliss <rich@balena.io>
+        signed-off-by: Rich Bayliss <rich@balena.io>
+      author: Rich Bayliss
+  version: 2.0.3
+  date: 2020-06-01T09:37:09.224Z
+- commits:
+    - subject: Added units to haproxy.cfg default timeouts
+      hash: de0293563f32961ff756df63d096af0fb2203d12
+      body: >
+        I added unit 's' (second) to the default timeouts in order to make them
+        more readable.
+      footer:
+        Change-type: patch
+        change-type: patch
+      author: Frederic Tausch
+  version: 2.0.2
+  date: 2020-04-03T13:47:29.358Z
+- commits:
+    - subject: 'cert-provider: Update to support ACMEv2 on staging provider'
+      hash: d67e29223ff314b40fd745ce78301e550c2c9148
+      body: >
+        Acquiring a staging certificiate from LetsEncrypt was failing, so
+        acme.sh was
+
+        updated to version 2.8.5, which includes support for using ACMEv2 on the
+
+        LetsEncrypt servers.
+
+
+        Changes to the state flow to make access retries infinite as it became
+        apparent
+
+        that in some scenarios the certificate acquisition could fail to occur
+        due to
+
+        containers taking longer to become accessible.
+      footer:
+        Change-type: patch
+        change-type: patch
+        Signed-off-by: Rich Bayliss <rich@balena.io>
+        signed-off-by: Rich Bayliss <rich@balena.io>
+      author: Rich Bayliss
+  version: 2.0.1
+  date: 2020-01-17T10:27:22.097Z
 - commits:
     - subject: 'feature: Use S3 bucket for Registry service backend'
       hash: 2a7d0687a22f6b4b3bedc88e18bee165ef03c932

CHANGELOG.md

@@ -4,6 +4,26 @@ All notable changes to this project will be documented in this file
 automatically by Versionist. DO NOT EDIT THIS FILE MANUALLY!
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+# v2.0.4
+## (2020-10-08)
+
+* docs: note that balenaCLI is incompatible >12.2.2 [Matthew McGinn]
+
+# v2.0.3
+## (2020-06-01)
+
+* docs: Add PSA about balenaOS version breakage [Rich Bayliss]
+
+# v2.0.2
+## (2020-04-03)
+
+* Added units to haproxy.cfg default timeouts [Frederic Tausch]
+
+# v2.0.1
+## (2020-01-17)
+
+* cert-provider: Update to support ACMEv2 on staging provider [Rich Bayliss]
+
 # v2.0.0
 ## (2019-09-02)
 

README.md

@@ -60,6 +60,8 @@ Our [Getting Started][getting-started] guide is the most direct path to getting
 an openBalena installation up and running and successfully deploying your
 application to your device(s).
 
+> **IMPORTANT:** Due to changes in [balenaOS][balena-os], only versions up to and including `2.49.0` are currently supported. Additionally, only [balenaCLI](balena-cli) versions `<v12.2.2` are fully supported at the moment.
+
 
 ## Documentation
 

VERSION

@@ -1 +1 @@
-2.0.0
+2.0.4

src/cert-provider/Dockerfile

@@ -6,9 +6,11 @@ VOLUME [ "/usr/src/app/certs" ]
 
 RUN apk add --update bash curl git openssl ncurses socat
 
+# from https://github.com/Neilpang/acme.sh/releases/tag/2.8.5
 RUN git clone https://github.com/Neilpang/acme.sh.git && \
     cd acme.sh && \
-    git checkout 08357e3cb0d80c84bdaf3e42ce0e439665387f57 . && \
+    git fetch && git fetch --tags && \
+    git checkout 2.8.5 . && \
     ./acme.sh --install  \
     --cert-home /usr/src/app/certs
 

src/cert-provider/cert-provider.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # the acme.sh client script, installed via Git in the Dockerfile...
 ACME_BIN="$(realpath ~/.acme.sh/acme.sh)"
@@ -45,14 +45,20 @@ retryWithDelay() {
     DELAY=${3:-5}
 
     local ATTEMPT=0
-    while [ $RETRIES -gt $ATTEMPT ]; do
-        let "ATTEMPT++"
+    while [ "$RETRIES" -gt "$ATTEMPT" ]; do
+        (( ATTEMPT++ ))
+        logInfo "($ATTEMPT/$RETRIES) Connecting..."
         if $1; then
+            logInfo "($ATTEMPT/$RETRIES) Success!"
             return $?
         fi
 
-        echo "($ATTEMPT/$RETRIES) Retrying in ${DELAY} seconds..."
-        sleep $DELAY
+        if [ "$RETRIES" -gt "$ATTEMPT" ]; then
+            logInfo "($ATTEMPT/$RETRIES) Failed. Retrying in ${DELAY} seconds..."
+            sleep "$DELAY"
+        else
+            logInfo "($ATTEMPT/$RETRIES) Failed!"
+        fi
     done
 
     return 1
@@ -62,7 +68,7 @@ waitForOnline() {
     ADDRESS="${1,,}"
 
     logInfo "Waiting for ${ADDRESS} to be available via HTTP..."
-    retryWithDelay "curl --output /dev/null --silent --head --fail http://${ADDRESS}" 6 5
+    retryWithDelay "curl --output /dev/null --silent --head --fail --max-time 5 http://${ADDRESS}"
 }
 
 isUsingStagingCert() {
@@ -167,7 +173,10 @@ acquireCertificate() {
 
 pre-flight || logErrorAndStop "Unable to continue due to misconfiguration. See errors above."
 
-waitForOnline "${ACME_DOMAINS[0]}" || logErrorAndStop "Unable to access ${ACME_DOMAINS[0]} on port 80. This is needed for certificate validation."
+while ! waitForOnline "${ACME_DOMAINS[0]}"; do
+    logInfo "Unable to access ${ACME_DOMAINS[0]} on port 80. This is needed for certificate validation. Retrying in 30 seconds..."
+    sleep 30
+done
 
 if ! lastAcquiredCertFor "production"; then
     acquireCertificate "staging" || logErrorAndStop "Unable to acquire a staging certificate."

src/haproxy/haproxy.cfg

@@ -2,9 +2,9 @@ global
   tune.ssl.default-dh-param 1024
 
 defaults
-  timeout connect 5000
-  timeout client 50000
-  timeout server 50000
+  timeout connect 5s
+  timeout client 50s
+  timeout server 50s
 
 frontend http-in
   mode http