From 223813346d6956ac969bff243f2c10936b086b6a Mon Sep 17 00:00:00 2001 From: eriknordmark Date: Mon, 22 Nov 2021 23:21:59 -0800 Subject: [PATCH 1/6] installer saves inventory for first boot Signed-off-by: eriknordmark --- pkg/mkimage-raw-efi/install | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pkg/mkimage-raw-efi/install b/pkg/mkimage-raw-efi/install index 4a15b0dc44..671354e210 100755 --- a/pkg/mkimage-raw-efi/install +++ b/pkg/mkimage-raw-efi/install @@ -511,6 +511,15 @@ if [ -f $DEVICE_CERT_NAME ] && [ -n "$REPORT" ]; then cat $DEVICE_CERT_NAME > "$REPORT/device.cert.pem" fi +# If we have an inventory server then save report so we can push on first +# boot +INVENTORY_SERVER=$(tr ' ' '\012' < /proc/cmdline | sed -n '/eve_inventory_server=/s#eve_inventory_server=##p') +if [ -n "$INVENTORY_SERVER" ]; then + mkdir /config/inventory + echo "$INVENTORY_SERVER" >/config/inventory/server + cp -rp "$REPORT" /config/inventory/ +fi + # finally check whether we are collecting a black box if [ -n "$REPORT" ]; then # then we can collect our black box From 492458e6b56323a4458c560eaaee5a23a9896e30 Mon Sep 17 00:00:00 2001 From: eriknordmark Date: Mon, 22 Nov 2021 23:23:34 -0800 Subject: [PATCH 2/6] script-based post to inventory Signed-off-by: eriknordmark --- pkg/pillar/scripts/device-steps.sh | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/pkg/pillar/scripts/device-steps.sh b/pkg/pillar/scripts/device-steps.sh index 4b63c6cddb..0b942116d6 100755 --- a/pkg/pillar/scripts/device-steps.sh +++ b/pkg/pillar/scripts/device-steps.sh @@ -185,6 +185,24 @@ access_usb() { fi } +# XXX post_inventory needs to run in background - do inside client.go? +# XXX change to /persist/inventory across +post_inventory() { + if [ ! -d /config/inventory ]; then + return + fi + cd /config/inventory || exit + inventory_server=$(cat ./server) + files=$(find . -type f -print | grep -v ^./server) + for f in $files; do + echo "$(date -Ins -u) device-steps: posting $f to $inventory_server" + curl -X POST "$inventory_server/$f" -H "Content-Type: text/plain" -d "@$f" || return + done + echo "$(date -Ins -u) device-steps: done posting $inventory_server" + cd || exit + rm -rf /config/inventory +} + # Read any usb.json with DevicePortConfig, and deposit our identity access_usb @@ -259,6 +277,7 @@ if [ ! -s "$DEVICE_CERT_NAME" ] || [ $RTC = 0 ] || [ -n "$FIRSTBOOT" ]; then # Deposit any diag information from nim access_usb + post_inventory # We need to try our best to setup time *before* we generate the certifiacte. # Otherwise the cert may have start date in the future or in 1970 @@ -382,6 +401,8 @@ fi # Deposit any diag information from nim and onboarding access_usb +post_inventory + # Add zedclient to watchdog; it runs as a separate process touch "$WATCHDOG_PID/zedclient.pid" @@ -428,6 +449,7 @@ echo "$(date -Ins -u) Done starting EVE version: $(cat /run/eve-release)" # and dump any diag information while true; do access_usb + post_inventory # Check if NTP server changed # Note that this really belongs in a separate ntpd container ns=$(get_ntp_server) From da210d9b411af38b4cb44d8ebc80e18a3370fc8c Mon Sep 17 00:00:00 2001 From: eriknordmark Date: Mon, 22 Nov 2021 23:30:46 -0800 Subject: [PATCH 3/6] Document eve_inventory_server Signed-off-by: eriknordmark --- docs/DEPLOYMENT.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/DEPLOYMENT.md b/docs/DEPLOYMENT.md index e8b9ffc4a8..2dd76a3566 100644 --- a/docs/DEPLOYMENT.md +++ b/docs/DEPLOYMENT.md @@ -76,6 +76,12 @@ the number in the INVENTORY partition as a newly created folder, where the folde that soft serial number. Simply plug the USB stick back into a computer to view the contents of the INVENTORY partition to read the number. +In addition, if you pass in a URL in the ```eve_inventory_server``` variables, +then the EVE-OS installer will save this inventory partition and on boot of +EVE-OS it will attempt to do http(s) POSTs of the inventory files to that URL. +The POSTs will be retried until all the inventory files have been successfully +POSTED to the server. + ## Deploying EVE-OS in physical environments (aka onto bare metal) Deploying EVE-OS in a physical environment assumes it will be installed to run directly on an actual, From db8fc50246fc2db578e7830deab2d6ff5452bf8f Mon Sep 17 00:00:00 2001 From: eriknordmark Date: Tue, 23 Nov 2021 17:37:13 -0800 Subject: [PATCH 4/6] Experiment with networking from installer Signed-off-by: eriknordmark --- pkg/mkimage-raw-efi/config.json | 8 +++++++ pkg/mkimage-raw-efi/install | 39 +++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/pkg/mkimage-raw-efi/config.json b/pkg/mkimage-raw-efi/config.json index 231e831aaa..01496504c1 100644 --- a/pkg/mkimage-raw-efi/config.json +++ b/pkg/mkimage-raw-efi/config.json @@ -227,6 +227,14 @@ "rshared" ] }, + { + "destination": "/etc", + "type": "tmpfs", + "source": "tmpfs", + "options": [ + "rw" + ] + }, { "destination": "/opt/debug", "type": "bind", diff --git a/pkg/mkimage-raw-efi/install b/pkg/mkimage-raw-efi/install index 671354e210..13d5887abb 100755 --- a/pkg/mkimage-raw-efi/install +++ b/pkg/mkimage-raw-efi/install @@ -168,7 +168,26 @@ zfs_umount() { umount /root/dev ||: } +# XXX post_inventory needs to run in background - do inside client.go? +# XXX change to /persist/inventory +post_inventory() { + if [ ! -d /config/inventory ]; then + return + fi + cd /config/inventory || exit + inventory_server=$(cat ./server) + files=$(find . -type f -print | grep -v ^./server) + for f in $files; do + logmsg "device-steps: posting $f to $inventory_server" + curl -X POST "$inventory_server/$f" -H "Content-Type: text/plain" -d "@$f" || return + done + logmsg "device-steps: done posting $inventory_server" + cd || exit + rm -rf /config/inventory +} + logmsg "EVE-OS installation started" + # do this just in case modprobe usbhid && modprobe usbkbd # clean partition tables on disks defined to nuke @@ -518,6 +537,26 @@ if [ -n "$INVENTORY_SERVER" ]; then mkdir /config/inventory echo "$INVENTORY_SERVER" >/config/inventory/server cp -rp "$REPORT" /config/inventory/ + # XXX + ls -lR /config/inventory + ip link show + mkdir /etc/network + cat </etc/network/interfaces +auto eth0 +iface eth0 inet dhcp + hostname localhost + +EOF + ifup -av + ls -l /etc/network/interfaces* + ifconfig + # XXX This is bogus since not from dhcpcd + ping -c 1 pool.ntp.org + # Wait until synchronized and force the clock to be set from ntp + /usr/sbin/ntpd -q -n -g -p pool.ntp.org + + # Try once + post_inventory fi # finally check whether we are collecting a black box From 732970502bda9d96b90d648fc7e25644db95562f Mon Sep 17 00:00:00 2001 From: eriknordmark Date: Thu, 25 Nov 2021 21:47:07 -0800 Subject: [PATCH 5/6] Bring up networking and ntp during install; try post inventory Signed-off-by: eriknordmark --- pkg/mkimage-raw-efi/Dockerfile | 4 +-- pkg/mkimage-raw-efi/config.json | 16 ++++++++++ pkg/mkimage-raw-efi/install | 56 +++++++++++++++++++++++---------- 3 files changed, 57 insertions(+), 19 deletions(-) diff --git a/pkg/mkimage-raw-efi/Dockerfile b/pkg/mkimage-raw-efi/Dockerfile index d42272e85b..c78766f5a3 100644 --- a/pkg/mkimage-raw-efi/Dockerfile +++ b/pkg/mkimage-raw-efi/Dockerfile @@ -7,9 +7,9 @@ # FROM lfedge/eve-alpine:9fb9b9cbf7d90066a70e4704d04a6fe248ff52bb AS build SHELL ["/bin/ash", "-eo", "pipefail", "-c"] -ENV BUILD_PKGS grep patch git make gcc linux-headers musl-dev autoconf automake pkgconfig kmod-dev util-linux-dev cryptsetup-dev lddtree libgcc +ENV BUILD_PKGS grep patch git make gcc linux-headers musl-dev autoconf automake pkgconfig kmod-dev util-linux-dev cryptsetup-dev lddtree libgcc mkinitfs ENV PKGS mtools dosfstools libarchive-tools sgdisk e2fsprogs util-linux squashfs-tools coreutils tar dmidecode \ - kmod-libs cryptsetup-libs libblkid + kmod-libs cryptsetup-libs libblkid curl RUN eve-alpine-deploy.sh # get mkinitfs source from git and build it locally diff --git a/pkg/mkimage-raw-efi/config.json b/pkg/mkimage-raw-efi/config.json index 01496504c1..3498a849c7 100644 --- a/pkg/mkimage-raw-efi/config.json +++ b/pkg/mkimage-raw-efi/config.json @@ -279,6 +279,22 @@ "rw" ] }, + { + "destination": "/var", + "type": "tmpfs", + "source": "tmpfs", + "options": [ + "rw" + ] + }, + { + "destination": "/persist", + "type": "tmpfs", + "source": "tmpfs", + "options": [ + "rw" + ] + }, { "destination": "/dev", "type": "bind", diff --git a/pkg/mkimage-raw-efi/install b/pkg/mkimage-raw-efi/install index 13d5887abb..940b2e472f 100755 --- a/pkg/mkimage-raw-efi/install +++ b/pkg/mkimage-raw-efi/install @@ -188,6 +188,36 @@ post_inventory() { logmsg "EVE-OS installation started" +# XXX remove +ip link show + +# Kick off network configuration on eth0 so we can run ntpd and later post +# inventory +mkdir -p /var/run/ +mkdir -p /etc/network/if-up.d/ +mkdir -p /etc/network/if-pre-up.d/ +mkdir -p /etc/network/interfaces.d/ +cat </etc/network/interfaces +auto eth0 +iface eth0 inet dhcp +EOF +mkdir -p /etc/conf.d/ +cat </etc/conf.d/ntpd +NTPD_OPTS="-s" +EOF +ifup -av +# XXX remove +ls -l /etc/network/interfaces* +ifconfig +ip route show + +# XXX This is bogus since not from udhcp +# https://www.unix.com/man-page/suse/8/udhcpc/ - ntpsrv +ls -l /usr/share/udhcpc/default.script +ping -c 1 pool.ntp.org +# Wait until synchronized and force the clock to be set from ntp +/usr/sbin/ntpd -q -n -g -p pool.ntp.org + # do this just in case modprobe usbhid && modprobe usbkbd # clean partition tables on disks defined to nuke @@ -539,23 +569,15 @@ if [ -n "$INVENTORY_SERVER" ]; then cp -rp "$REPORT" /config/inventory/ # XXX ls -lR /config/inventory - ip link show - mkdir /etc/network - cat </etc/network/interfaces -auto eth0 -iface eth0 inet dhcp - hostname localhost - -EOF - ifup -av - ls -l /etc/network/interfaces* - ifconfig - # XXX This is bogus since not from dhcpcd - ping -c 1 pool.ntp.org - # Wait until synchronized and force the clock to be set from ntp - /usr/sbin/ntpd -q -n -g -p pool.ntp.org - - # Try once + # Try once and if this fails EVE-OS will try again on boot + ping -c 1 192.168.1.2 + ping -c 1 192.168.1.55 + post_inventory + # XXX sleep and try again? + ping -c 1 192.168.1.2 + ping -c 1 192.168.1.254 + ip route show + sleep 5 post_inventory fi From 7dcf802e26679176f4895ebca26abcafc6c1ee7f Mon Sep 17 00:00:00 2001 From: eriknordmark Date: Mon, 22 Nov 2021 23:22:22 -0800 Subject: [PATCH 6/6] XXX grub eve_inventory_server example Signed-off-by: eriknordmark --- conf/grub.cfg.tmpl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/conf/grub.cfg.tmpl b/conf/grub.cfg.tmpl index ee27f64fe1..9c3d52d31e 100644 --- a/conf/grub.cfg.tmpl +++ b/conf/grub.cfg.tmpl @@ -4,3 +4,7 @@ # to force booting in Xen mode, uncomment: # set_global eve_flavor xen set_getty + +# set_global dom0_cmdline "$dom0_cmdline eve_inventory_server=http://10.129.17.151:8888" +# set_global dom0_cmdline "$dom0_cmdline eve_inventory_server=http://192.168.1.55:8888" +set_global dom0_cmdline "$dom0_cmdline eve_inventory_server=http://192.168.1.254:8888"