hawkBit swupdate Suricatta: HTTP/1.1 401 Unauthorized

Question

I want to set up hawkBit (running on server) and swupdate (running on multiple clients - Linux OS) to perform OS/Software update in Suricatta mode.

1/ Follow up my post on hawkBit community, I've succeeded to run hawkBit in my server as below:

• Exported to external link: http://:
• Enabled MariaDB
• Enabled Gateway Token Authentication (in hawkBit system configuration)
• Created a software module
• Uploaded an artifact
• Created a distribution set
• Assigned the software module to the distribution set
• Create Targets (in Deployment Mangement UI) with Targets ID is "dev01"
• Created a Rollout
• Created a Target Filter

2/ I've succeeded to build/execute swupdate as SWupdate guideline

• Enabled Suricatta daemon mode
• Run swupdate: /usr/bin/swupdate -v -k /etc/public.pem -u '-t DEFAULT -u http://<domain>:<port> -i dev01'
• I'm pretty sure this command isn't correct, output log as below:

*   Trying <ip address>...
* TCP_NODELAY set
* Connected to <domain> (<ip address>) port <port> (#0)
> GET /DEFAULT/controller/v1/10 HTTP/1.1
Host: <domain>:<port>
User-Agent: libcurl-agent/1.0
Content-Type: application/json
Accept: application/json
charsets: utf-8

< HTTP/1.1 401 Unauthorized
< Date: Sun, 16 May 2021 02:43:40 GMT
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Content-Length: 0
< 
* Connection #0 to host <domain> left intact
[TRACE] : SWUPDATE running :  [channel_log_effective_url] : Channel's effective URL resolved to http://<domain>:<port>/DEFAULT/controller/v1/dev01
[ERROR] : SWUPDATE failed [0] ERROR corelib/channel_curl.c : channel_get : 1109 : Channel operation returned HTTP error code 401.
[DEBUG] : SWUPDATE running :  [suricatta_wait] : Sleeping for 45 seconds.

• As per a suggestion from @laverman on Gitter:

You can use Gateway token in the Auth header of the request, e.g. “Authorization : GatewayToken a56cacb7290a8d8a96a2f149ab2f23d1”

but I don't know how the client sends this request (it should be sent by swupdate, right?)

3/ Follow up these instructions from Tutorial @ EclipseCon Europe 2019, it guides me to send the request to provision multiple clients from hawkBit Device Simulator. And the problem is how to apply this to real devices.

Another confusion is: when creating new Software Module, Distribution on hawkBit UI, I can't find the ID of these, but creating by send request as Tutorial, I can see the IDs in the response.

So my questions are:

1/ Are my hawkBit setup steps correct?

2/ How can I configure/run swupdate (on clients) to perform the update: poll for new software, download, update, report status, ...

If my description isn't clear enough, please tell me.

Thanks

Answer 1

happy to see that you're trying out Hawkbit for your solution!

I have a few remarks:

• The suricatta parameter for GatewayToken is -g, and -k for TargetToken respectively.
• The -g <GATEWAY_TOKEN> needs to be set inside of the quotation marks see SwUpdate Documentation Example: /usr/bin/swupdate -v -u '-t DEFAULT -u http://<domain>:<port> -i dev01 -g 76430e1830c56f2ea656c9bbc88834a3'
• For the GatewayToken Authentication, you need to provide the generated token in System Config view, it is a generated hashcode that looks similar to this example here
• You can also authenticate each device/client separately using their own TargetToken. You can find more information in the Hawkbit documentation