I tried to test and contribute to Project-flotta using the documentation on their page. The device worker cannot start because I get unauthorized response from the Flotta Edge API, see the logs below:
2023-06-22T19:15:22.072Z INFO httpapi/main.go:165 cannot verify request {"authType": 0, "method": "GET", "url": "/api/flotta-management/v1/data/b069bb0ae2c649c5a99b195db96bebd2/in", "err": "cannot use register certificate on this resource"}
and on the client part, I run the command below in the RedHatInsights/yggdrasil Repo as specified in the docs
sudo ./yggd --log-level trace --protocol http --path-prefix api/flotta-management/v1 --client-id $(cat /etc/machine-id)\ --cert-file /tmp/cert.pem --key-file /tmp/key.pem --ca-root /tmp/ca.pem --socket-addr @yggd --server 127.0.0.1:8043
the error on the client:
[yggd] 2023/06/22 19:15:47 /home/daringmouse/go/src/github.com/project-flotta/yggdrasil/internal/http/client.go:44: request: &{GET https://127.0.0.1:8043/api/flotta-management/v1/data/b069bb0ae2c649c5a99b195db96bebd2/in HTTP/1.1 1 1 map[User-Agent:[yggdrasil/0.2.98]] <nil> <nil> 0 [] false 127.0.0.1:8043 map[] map[] <nil> map[] <nil> <nil> <nil> 0xc0000280c0}
[yggd] 2023/06/22 19:15:47 /home/daringmouse/go/src/github.com/project-flotta/yggdrasil/internal/http/client.go:56: received HTTP 401 Unauthorized:
[yggd] 2023/06/22 19:15:47 /home/daringmouse/go/src/github.com/project-flotta/yggdrasil/internal/http/client.go:56: received HTTP 401 Unauthorized:
[yggd] 2023/06/22 19:15:47 /home/daringmouse/go/src/github.com/project-flotta/yggdrasil/internal/transport/http.go:70: cannot get HTTP request: unexpected response: 401 - Unauthorized
[yggd] 2023/06/22 19:15:47 /home/daringmouse/go/src/github.com/project-flotta/yggdrasil/internal/transport/http.go:54: cannot get HTTP request: unexpected response: 401 - Unauthorized
All my certificates and placed in /tmp/ folder as stated in the docs and my yggdrasil config file located in /etc/yggdrasil/config.toml is like this:
log-level = "info"
cert-file = "/etc/pki/consumer/cert.pem"
key-file = "/etc/pki/consumer/key.pem"
ca-root = "/etc/pki/consumer/ca.pem"
path-prefix = "api/flotta-management/v1"
protocol = "http"
server = "127.0.0.1:8043"
I expected the scripts to work, the flotta api should be able to accept and register the the device with 208 ok response with the generated certs as defined in the docs. Anyone to help me or give me insights about where i missed with the configuration will be welcome.
In case someone will also face the issue above here is how I solved the problem. When you run the yggdrasil script which dispatches the packets to the API server with the @ygg socket flag, it will indeed get the 401 response. But that's completely normal. You have to proceed and run the device worker code on another tab. It will then register itself to yggdrasil. There after, you will get a 200 response. Just a tip, I had many problems because I was not running the whole code on Fedora36. To avoid unnecessary headaches, you should run on Fedora36 and go1.17