User would like to use openBalena in an air-gapped (no internet) environment

[pdcastro]

As originally reported in:

• https://forums.balena.io/t/balena-create-app-fails-without-internet/342575
• [openBalena, balenaMachine] User would like to run balena fleet create in an air-gapped (no internet) environment balena-cli#2322

When users run the balena CLI command balena fleet create, regardless of whether or not they specify the device type with the --type flag, I understand that the CLI calls the balena SDK's models.application.create() method that retrieves the device manifest from S3 as coded in the following lines:

• https://github.com/balena-io/balena-sdk/blob/v15.48.3/lib/models/application.ts#L693-L713
• https://github.com/balena-io/balena-sdk/blob/v15.48.3/lib/models/device.ts#L1395
• https://github.com/balena-io/balena-sdk/blob/v15.48.3/lib/models/config.ts#L146-L151

			const deviceTypeIdPromise = deviceModel()
				.getManifestBySlug(deviceType)

			const deviceTypes = await configModel().getDeviceTypes();

			const { body: deviceTypes } = await request.send({
				method: 'GET',
				url: '/device-types/v1',
				baseUrl: apiUrl,
			});

In turn, the SDK queries the /device-types/v1 endpoint from openbalena-api:

• https://github.com/balena-io/open-balena-api/blob/v0.155.5/src/features/device-types/index.ts#L11
• https://github.com/balena-io/open-balena-api/blob/v0.155.5/src/features/device-types/device-types.ts#L84
• https://github.com/balena-io/open-balena-api/blob/v0.155.5/src/features/device-types/storage/s3.ts#L79
• https://github.com/balena-io/open-balena-api/blob/v0.155.5/src/features/device-types/storage/s3.ts#L7
• https://github.com/balena-io/open-balena-api/blob/v0.155.5/src/lib/config.ts#L172

Where the S3 bucket URL / hostname comes from environment variable IMAGE_STORAGE_BUCKET which, as I understand, open-balena hardcodes as s3.amazonaws.com:

• https://github.com/balena-io/open-balena/blob/v3.4.1/compose/services.yml#L36

      IMAGE_STORAGE_ENDPOINT: s3.amazonaws.com

Hence accessing the internet.

[pdcastro]

Connects-to: #70

[jellyfish-bot]

[pdcastro] This issue has attached support thread https://jel.ly.fish/ce70c1de-e821-4f10-8912-d55af99bbcab

[lacendarko]

Hello, any progress on this?

[compiaffe]

@pdcastro I'm also in need for an air-gapped deployment. In our case I have a fixed number of fleets that are effectively mirroring a hosted non-open balena fleet. I guess a workaround would be to either run the balena fleet create while the server is temporarily connected to the internet or to deploy a fully preconfigured openBalena installation including all DB,S3 etc docker volumes.

It looks as if it shouldn't be too hard to patch the API to load supported devices and version from a file. I guess one could use the SDK logic to generate that file from the official s3 bucket and deploy it with the openBalena deployment.

[jmalves5]

Just to share that this seems to be fixed.

balena fleet create only tries to make selectDeviceType() call if option.type is not passed as an argument as can be seen here:

https://github.com/balena-io/balena-cli/blob/535ffccbade89716539f10edb26cf9905c538dcc/lib/commands/fleet/create.ts#L95-L97

That means that in our air-gapped environment one can still create a fleet using:

balena fleet create myFleet --type raspberry-pi

[ab77]

Still relevant in 2024? Perhaps someone can pick up the new guide and see if it works in air-gapped environments (especially given Docker's improvements in this space recently)?

[dfunckt]

I think this is still relevant but is not a limitation of openBalena specifically, it also applies to balenaMachine. It’s due to the way device types (and images) are loaded into the instance.

[compiaffe]

We have a working air-gapped configuration which I would like to upstream. I'm not quite sure how to best integrate it. I'll make a DRAFT merge request and would appreciate feedback.

See here #241

I need to clean it up a little and move a couple of things out of our proprietary repo into there. CiCD was easier for me there (gitlab CICD).