v3.3.0

Merge pull request #115 from bartversluijs/patch-registry
Update registry service to v2.16.0
2025-06-24 18:25:16 +00:00 · 2021-05-05 16:22:49 +03:00 · 2021-05-05 13:21:13 +00:00 · 2021-05-05 15:13:27 +02:00 · 2021-04-29 14:36:50 +03:00 · 2021-04-29 11:35:14 +00:00
10 changed files with 3468 additions and 11 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -1,2 +1,2 @@
 # Main repo owners:
-*       @dfunckt @richbayliss
+*       @dfunckt @xginn8 @pdcastro
--- a/.versionbot/CHANGELOG.yml
+++ b/.versionbot/CHANGELOG.yml
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/README.md
+++ b/README.md
@ -37,7 +37,7 @@ application to your device(s).
 The current release of openBalena has the following minimum version requirements:

 - balenaOS v2.58.3
- balena CLI v12.23.4
+- balena CLI v12.38.5

 If you are updating from previous openBalena versions, ensure you update the balena
 CLI and reprovision any devices to at least the minimum required versions in order
@ -115,6 +115,7 @@ improvements and new functionality is planned:
 | Management via `balena-cli` only                    | Cloud-based device management dashboard                                                                                                                                                                   |
 | Download images from [balena.io][balena-os-website] | Download preconfigured images directly from the dashboard                                                                                                                                                 |
 | No supported remote diagnostics                     | Remote device diagnostics                                                                                                                                                                                 |
+| Supported devices: Raspberry Pi family, the Intel NUC, the NVIDIA Jetson TX2, and the balenaFin | All the devices listed in balena's [reference documentation](https://www.balena.io/docs/reference/hardware/devices/)   |

 Additionally, refer back to the [roadmap](#roadmap) above for planned but not yet implemented features.

--- a/2
+++ b/2
@ -1 +1 @@
-3.0.1
+3.3.0
--- a/compose/mdns.yml
+++ b/compose/mdns.yml
@ -22,7 +22,7 @@ services:
        # the resin backend (eg. that for BALENA_ROOT_CA if present).
        MDNS_TLD: ${OPENBALENA_HOST_NAME}
        # List of subdomains to advertise. This must include all required hosts.
-        MDNS_SUBDOMAINS: '["api", "db", "registry", "s3", "vpn"]'
+        MDNS_SUBDOMAINS: '["api", "db", "registry", "s3", "tunnel", "vpn"]'
        # The expectation is the DBus socket to use is always at the following location.
        DBUS_SESSION_BUS_ADDRESS: "unix:path=/host/run/dbus/system_bus_socket"
        # Selects the interface used for incoming connections from the wider subnet.
--- a/compose/services.yml
+++ b/compose/services.yml
@ -32,7 +32,7 @@ services:
      HOST: api.${OPENBALENA_HOST_NAME}
      IMAGE_MAKER_URL: img.${OPENBALENA_HOST_NAME}
      IMAGE_STORAGE_BUCKET: resin-production-img-cloudformation
-      IMAGE_STORAGE_PREFIX: resinos
+      IMAGE_STORAGE_PREFIX: images
      IMAGE_STORAGE_ENDPOINT: s3.amazonaws.com
      JSON_WEB_TOKEN_EXPIRY_MINUTES: 10080
      JSON_WEB_TOKEN_SECRET: ${OPENBALENA_JWT_SECRET}
@ -85,6 +85,7 @@ services:
      REGISTRY2_S3_SECRET: ${OPENBALENA_S3_SECRET_KEY}
      REGISTRY2_SECRETKEY: ${OPENBALENA_REGISTRY_SECRET_KEY}
      REGISTRY2_STORAGEPATH: /data
+      REGISTRY2_DISABLE_REDIRECT: "false"

  vpn:
    extends:
@ -154,9 +155,9 @@ services:
    ports:
      - "80:80"
      - "443:443"
-      - "3128:3128"
    expose:
      - "222"
+      - "3128"
      - "5432"
      - "6379"
    networks:
@ -168,6 +169,7 @@ services:
          - db.${OPENBALENA_HOST_NAME}
          - s3.${OPENBALENA_HOST_NAME}
          - redis.${OPENBALENA_HOST_NAME}
+          - tunnel.${OPENBALENA_HOST_NAME}
    environment:
      BALENA_HAPROXY_CRT: ${OPENBALENA_ROOT_CRT}
      BALENA_HAPROXY_KEY: ${OPENBALENA_ROOT_KEY}
@ -183,5 +185,5 @@ services:
      - cert-provider:/usr/src/app/certs
    environment:
      ACTIVE: ${OPENBALENA_ACME_CERT_ENABLED}
-      DOMAINS: "api.${OPENBALENA_HOST_NAME},registry.${OPENBALENA_HOST_NAME},s3.${OPENBALENA_HOST_NAME},vpn.${OPENBALENA_HOST_NAME}"
+      DOMAINS: "api.${OPENBALENA_HOST_NAME},registry.${OPENBALENA_HOST_NAME},s3.${OPENBALENA_HOST_NAME},vpn.${OPENBALENA_HOST_NAME},tunnel.${OPENBALENA_HOST_NAME}"
      OUTPUT_PEM: /certs/open-balena.pem
--- a/compose/versions
+++ b/compose/versions
@ -1,6 +1,6 @@
-export OPENBALENA_API_VERSION_TAG=v0.107.0
+export OPENBALENA_API_VERSION_TAG=v0.119.5
 export OPENBALENA_DB_VERSION_TAG=v4.1.0
-export OPENBALENA_MDNS_PUBLISHER_VERSION_TAG=v1.7.9
-export OPENBALENA_REGISTRY_VERSION_TAG=v2.13.11
+export OPENBALENA_MDNS_PUBLISHER_VERSION_TAG=v1.9.2
+export OPENBALENA_REGISTRY_VERSION_TAG=v2.16.0
 export OPENBALENA_S3_VERSION_TAG=v2.9.9
-export OPENBALENA_VPN_VERSION_TAG=v9.16.1
+export OPENBALENA_VPN_VERSION_TAG=v9.17.4
--- a/scripts/compose
+++ b/scripts/compose
@ -11,6 +11,10 @@ echo_bold() {
  printf "\\033[1m%s\\033[0m\\n" "$@"
 }

+echo_bold_stderr() {
+  printf "\\033[1m%s\\033[0m\\n" "$@" 1>&2
+}
+
 VERSIONS_FILE="${BASE_DIR}/compose/versions"
 if [ ! -f "$VERSIONS_FILE" ]; then
  echo_bold "No service versions defined in ${VERSIONS_FILE}"
@ -31,6 +35,9 @@ if [ ${OPENBALENA_HOST_NAME: -6} == ".local" ]; then
  INCLUDE_MDNS="-f ${BASE_DIR}/compose/mdns.yml"
 fi

+# show a warning to update your balena CLI tool...
+echo_bold_stderr "IMPORTANT: Please update your Balena CLI installation to version v12.38.5"
+
 # shellcheck source=/dev/null
 source "${VERSIONS_FILE}"; docker-compose \
  --project-name 'openbalena' \
--- a/src/haproxy/haproxy.cfg
+++ b/src/haproxy/haproxy.cfg
@ -34,6 +34,10 @@ frontend ssl-in
  tcp-request content accept if { req.ssl_hello_type 1 }

  acl is_ssl req.ssl_ver 2:3.4
+
+  acl host_tunnel req_ssl_sni -i "tunnel.${HAPROXY_HOSTNAME}"
+  use_backend redirect-to-tunnel-in if host_tunnel
+
  use_backend redirect-to-https-in if is_ssl
  use_backend vpn-devices if !is_ssl

@ -42,6 +46,11 @@ backend redirect-to-https-in
  balance roundrobin
  server localhost 127.0.0.1:444 send-proxy-v2

+backend redirect-to-tunnel-in
+  mode tcp
+  balance roundrobin
+  server localhost 127.0.0.1:3129
+
 frontend https-in
  mode http
  option forwardfor
@ -118,3 +127,8 @@ listen vpn-tunnel
  mode tcp
  bind *:3128
  server balena_vpn vpn:3128 check port 3128
+
+listen vpn-tunnel-tls
+  mode tcp
+  bind *:3129 ssl crt /etc/ssl/private/open-balena.pem
+  server balena_vpn vpn:3128 check port 3128
Author	SHA1	Message	Date
Balena CI	071b5850a9	v3.3.0	2021-05-05 16:22:49 +03:00
bulldozer-balena[bot]	91bc92dbb5	Merge pull request #115 from bartversluijs/patch-registry Update registry service to v2.16.0	2021-05-05 13:21:13 +00:00
Bart Versluijs	49831a6a60	Update registry service Change-type: minor	2021-05-05 15:13:27 +02:00
Balena CI	549de52c73	v3.2.2	2021-04-29 14:36:50 +03:00
bulldozer-balena[bot]	826b61f08b	Merge pull request #112 from balena-io/rmorillo24-patch-OBsupporteddevices patch: Adding supported devices to OB	2021-04-29 11:35:14 +00:00
rmorillo24	0cdf0ef558	patch: Adding supported devices to OB Added a line in the OB vs balenaCloud which includes a mention to the devices supported by each. This list is mentioned in the FAQ section of the pricing page.	2021-04-28 17:14:52 +02:00
Balena CI	bea552de6a	v3.2.1	2021-02-07 01:15:14 +02:00
bulldozer-balena[bot]	419f3cddc4	Merge pull request #106 from balena-io/update-codeowners Add Matt and Paulo to CODEOWNERS	2021-02-06 23:13:38 +00:00
Balena CI	b92a3c8092	v3.2.0	2021-01-29 17:55:27 +02:00
dfunckt	746be65846	Add Matt and Paulo to CODEOWNERS Change-type: patch	2021-01-29 15:54:49 +00:00
bulldozer-balena[bot]	6250c85551	Merge pull request #105 from balena-io/update-services Update services	2021-01-29 15:53:14 +00:00
Akis Kesoglou	3898342a5b	Update services Update open-balena-api from 0.109.2 to 0.119.5 Update balena-mdns-publisher from 1.7.9 to 1.9.2 Update open-balena-registry from 2.13.11 to 2.14.4 Update open-balena-vpn from 9.16.1 to 9.17.4 Change-type: minor	2021-01-29 17:34:31 +02:00
Balena CI	ab0b7467fd	v3.1.4	2021-01-29 17:18:53 +02:00
bulldozer-balena[bot]	7cdce1a1c7	Merge pull request #104 from balena-io/close-port-3128 SECURITY: Close port 3128	2021-01-29 15:16:55 +00:00
Akis Kesoglou	da4c1678ec	SECURITY: Close tunneling port (3128) Port 3128, which was used for tunneling into devices, was plain TCP and has now been closed. Tunnelling is now via `tunnel.mydomain.com:443` (see #101). balena-cli versions before v12.38.5 are now incompatible and using the tunnel command will throw an error. Refs: #101 Change-type: patch	2021-01-29 17:13:19 +02:00
Balena CI	6fdc700806	v3.1.3	2021-01-26 14:14:42 +02:00
bulldozer-balena[bot]	e6d0be1c74	Merge pull request #103 from balena-io/edit-codeowners Remove Rich from CODEOWNERS	2021-01-26 12:12:15 +00:00
Akis Kesoglou	a0ef371621	Remove Rich from CODEOWNERS Change-type: patch	2021-01-26 13:30:04 +02:00
Balena CI	cd98a0df3f	v3.1.2	2021-01-22 16:10:08 +02:00
bulldozer-balena[bot]	296a746e96	Merge pull request #101 from balena-io/switch-tunnel-to-tls tunnel: Expose tunnel service via TLS	2021-01-22 14:08:00 +00:00
Rich Bayliss	b3d184c13c	tunnel: Expose tunnel service via TLS In order to support the new CLI and balenaCloud deployment schemes for the tunnel service, the service is now exposed via the TLS port 443 on the `tunnel.{domain}` server name. Change-type: patch Signed-off-by: Rich Bayliss <rich@balena.io>	2021-01-22 11:55:33 +00:00
Balena CI	3b9433e9cc	v3.1.1	2020-11-10 17:59:55 +02:00
bulldozer-balena[bot]	763da0eb45	Merge pull request #97 from balena-io/update-versions Update open-balena-api	2020-11-10 15:57:48 +00:00
Akis Kesoglou	bfce474ff0	Update open-balena-api Fixes a bug with a migration that would keep obsolete DB columns around and prevent creation of applications and devices. See https://github.com/balena-io/open-balena-api/pull/507 Fixes #94 #95 Change-type: patch	2020-11-10 17:54:33 +02:00
Balena CI	308322f774	v3.1.0	2020-11-03 18:22:26 +02:00
bulldozer-balena[bot]	c2077e5037	Merge pull request #96 from balena-io/set-default-bucket-prefix-images Change S3 OS images folder from resinos to images	2020-11-03 16:20:37 +00:00
Stevche Radevski	7790290d0e	Change S3 OS images folder from resinos to images Change-type: minor Signed-off-by: Stevche Radevski <stevche@balena.io>	2020-11-03 17:15:14 +01:00
 @ -1 +1 @@
 .0.1
 .3.0