hawkBit swupdate Suricatta: HTTP/1.1 401 Unauthorized

Question

I want to set up hawkBit (running on server) and swupdate (running on multiple clients - Linux OS) to perform OS/Software update in Suricatta mode.

1/ Follow up my post on hawkBit community , I've succeeded to run hawkBit in my server as below:

• Exported to external link: http://:
• Enabled MariaDB
• Enabled Gateway Token Authentication (in hawkBit system configuration)
• Created a software module
• Uploaded an artifact
• Created a distribution set
• Assigned the software module to the distribution set
• Create Targets (in Deployment Mangement UI) with Targets ID is "dev01"
• Created a Rollout
• Created a Target Filter

2/ I've succeeded to build/execute swupdate as SWupdate guideline

• Enabled Suricatta daemon mode
• Run swupdate: /usr/bin/swupdate -v -k /etc/public.pem -u '-t DEFAULT -u http://<domain>:<port> -i dev01'
• I'm pretty sure this command isn't correct, output log as below:

*   Trying <ip address>...
* TCP_NODELAY set
* Connected to <domain> (<ip address>) port <port> (#0)
> GET /DEFAULT/controller/v1/10 HTTP/1.1
Host: <domain>:<port>
User-Agent: libcurl-agent/1.0
Content-Type: application/json
Accept: application/json
charsets: utf-8

< HTTP/1.1 401 Unauthorized
< Date: Sun, 16 May 2021 02:43:40 GMT
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Content-Length: 0
< 
* Connection #0 to host <domain> left intact
[TRACE] : SWUPDATE running :  [channel_log_effective_url] : Channel's effective URL resolved to http://<domain>:<port>/DEFAULT/controller/v1/dev01
[ERROR] : SWUPDATE failed [0] ERROR corelib/channel_curl.c : channel_get : 1109 : Channel operation returned HTTP error code 401.
[DEBUG] : SWUPDATE running :  [suricatta_wait] : Sleeping for 45 seconds.

• As per a suggestion from @laverman on Gitter :

You can use Gateway token in the Auth header of the request, e.g. “Authorization : GatewayToken a56cacb7290a8d8a96a2f149ab2f23d1”

but I don't know how the client sends this request (it should be sent by swupdate, right?)

3/ Follow up these instructions from Tutorial @ EclipseCon Europe 2019 , it guides me to send the request to provision multiple clients from hawkBit Device Simulator. And the problem is how to apply this to real devices.

Another confusion is: when creating new Software Module, Distribution on hawkBit UI, I can't find the ID of these, but creating by send request as Tutorial, I can see the IDs in the response.

So my questions are:

1/ Are my hawkBit setup steps correct?

2/ How can I configure/run swupdate (on clients) to perform the update: poll for new software, download, update, report status, ...

If my description isn't clear enough, please tell me.

Thanks

Answer 1

happy to see that you're trying out Hawkbit for your solution!

I have a few remarks:

• The suricatta parameter for GatewayToken is -g , and -k for TargetToken respectively.
• The -g <GATEWAY_TOKEN> needs to be set inside of the quotation marks see SwUpdate Documentation Example: /usr/bin/swupdate -v -u '-t DEFAULT -u http://<domain>:<port> -i dev01 -g 76430e1830c56f2ea656c9bbc88834a3'
• For the GatewayToken Authentication, you need to provide the generated token in System Config view, it is a generated hashcode that looks similar to this example here
• You can also authenticate each device/client separately using their own TargetToken. You can find more information in the Hawkbit documentation