Open source admin interface for openbalena, a platform to deploy and manage connected devices.
The goal of this project is to provide the following areas of functionality to openbalena via a web interface:
- Support for multiple organizations and users in open-balena
- Remote access to devices (ssh, vnc and http into host or containers)
- Fleet / device management (create fleets, add devices, manage variables / tags / labels)
- Support for creating and managing custom device types
- Device management dashboard
- Remote device diagnostics
Device Dashboard (Connect - SSH):
Device Dashboard (Connect - Web):
This project is compatible with open-balena-api
v0.139.0 or newer, all the way up to the current builds. See this project which has helm scripts to build a current version of open-balena
including open-balena-admin
and many other additional features.
Note: Skip steps 1 and 2 if you have a running instance of openbalena
- Download open-balena
git clone https://github.com/balena-io/open-balena.git
- Configure open-balena
open-balena/scripts/quickstart -U balena@openbalena.local -P balena
Note: When the script is complete, take note of the values of OPENBALENA_JWT_SECRET
OPENBALENA_S3_ACCESS_KEY
OPENBALENA_S3_SECRET_KEY
from config/activate
, and OPENBALENA_API_VERSION_TAG
from compose/versions
- Download open-balena-admin
git clone https://github.com/dcaputo-harmoni/open-balena-admin.git
- Configure open-blena-admin
open-balena-admin/scripts/quickstart -j [OPENBALENA_JWT_SECRET] -v [OPENBALENA_API_VERSION_TAG] -a [OPENBALENA_S3_ACCESS_KEY] -s [OPENBALENA_S3_SECRET_KEY]
Note: If you are running on a domain other than openbalena.local
, be sure to also add -d [DOMAIN]
to the quickstart script. For a full list of quickstart configuration options, run open-balena-admin/scripts/quickstart -h
.
If you are installing on the same host as open-balena, you can use these commands:
source open-balena/config/activate ; source open-balena/compose/versions
open-balena-admin/scripts/quickstart -j $OPENBALENA_JWT_SECRET \
-v $OPENBALENA_API_VERSION_TAG -d $OPENBALENA_HOST_NAME \
-a $OPENBALENA_S3_ACCESS_KEY -s $OPENBALENA_S3_SECRET_KEY
Note: If you did not complete steps 1 and 2 (i.e. you have a running instance of openbalena) you need to ssh into your running instance of open-balena-api, where you will find OPENBALENA_JWT_SECRET
via the environment variable JSON_WEB_TOKEN_SECRET
, and OPENBALENA_API_VERSION
as "version" within /usr/src/app/package.json
- Set up hostnames
If running locally, edit /etc/hosts
or C:\Windows\System32\Drivers\etc\hosts
to include:
127.0.0.1 openbalena.local
127.0.0.1 api.openbalena.local
127.0.0.1 registry.openbalena.local
127.0.0.1 vpn.openbalena.local
127.0.0.1 s3.openbalena.local
127.0.0.1 tunnel.openbalena.local
127.0.0.1 admin.openbalena.local
127.0.0.1 postgrest.openbalena.local
127.0.0.1 remote.openbalena.local
If hosted, set up your hostnames to point to the public IP addresses of your containers as follows:
- <yourdomain.com>: IP address / hostname of
open-balena-haproxy
- api.<yourdomain.com>: IP address / hostname of
open-balena-haproxy
- registry.<yourdomain.com>: IP address / hostname of
open-balena-haproxy
- vpn.<yourdomain.com>: IP address / hostname of
open-balena-haproxy
- s3.<yourdomain.com>: IP address / hostname of
open-balena-haproxy
- tunnel.<yourdomain.com>: IP address / hostname of
open-balena-haproxy
- admin.<yourdomain.com>: IP address / hostname of
open-balena-ui
, oropen-balena-admin-haproxy
if using K8S ingress - postgrest.<yourdomain.com>: IP address / hostname of
open-balena-postgrest
, oropen-balena-admin-haproxy
if using K8S ingress - remote.<yourdomain.com>: IP address / hostname of
open-balena-remote
, oropen-balena-admin-haproxy
if using K8S ingress
- Start open-balena
open-balena/scripts/compose up
- Start open-balena-admin
open-balena-admin/scripts/compose up
Once both open-balena and open-balena-admin are running, you can access the admin interface via http://admin.<openbalena domain>
(or http://admin.openbalena.local
if running locally). Log in using the credentials that were used in step 2 or when your openbalena instance was initially set up. Device dashboards can be accessed directly at http://admin.<openbalena domain>/devices/<UUID>/summary
.
The open-balena-admin package is a compilation of three separate but related projects: open-balena-ui, open-balena-remote and open-balena-postgrest. Take note of the instructions within each of these projects to ensure your openbalena projects are configured to utilize features of open-balena-admin (i.e. remote device access).
open-balena-admin
has been fully integrated into the open-balena-helm project.
- User authorization is not implemented at the resource level
- The ra-data-postgrest project was instrumental in establishing the link to the open-balena database