lf-edge · eriknordmark · Nov 23, 2021 · Nov 23, 2021 · Nov 23, 2021 · Nov 24, 2021
@@ -4,3 +4,7 @@
 # to force booting in Xen mode, uncomment:
 #   set_global eve_flavor xen
 set_getty
+
+# set_global dom0_cmdline "$dom0_cmdline eve_inventory_server=http://10.129.17.151:8888"
+# set_global dom0_cmdline "$dom0_cmdline eve_inventory_server=http://192.168.1.55:8888"
+set_global dom0_cmdline "$dom0_cmdline eve_inventory_server=http://192.168.1.254:8888"
@@ -76,6 +76,12 @@ the number in the INVENTORY partition as a newly created folder, where the folde
 that soft serial number. Simply plug the USB stick back into a computer to view the contents
 of the INVENTORY partition to read the number.
 
+In addition, if you pass in a URL in the ```eve_inventory_server``` variables,
+then the EVE-OS installer will save this inventory partition and on boot of
+EVE-OS it will attempt to do http(s) POSTs of the inventory files to that URL.
+The POSTs will be retried until all the inventory files have been successfully
+POSTED to the server.
+
 ## Deploying EVE-OS in physical environments (aka onto bare metal)
 
 Deploying EVE-OS in a physical environment assumes it will be installed to run directly on an actual,

@@ -7,9 +7,9 @@
 #
 FROM lfedge/eve-alpine:9fb9b9cbf7d90066a70e4704d04a6fe248ff52bb AS build
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
-ENV BUILD_PKGS grep patch git make gcc linux-headers musl-dev autoconf automake pkgconfig kmod-dev util-linux-dev cryptsetup-dev lddtree libgcc
+ENV BUILD_PKGS grep patch git make gcc linux-headers musl-dev autoconf automake pkgconfig kmod-dev util-linux-dev cryptsetup-dev lddtree libgcc mkinitfs
 ENV PKGS mtools dosfstools libarchive-tools sgdisk e2fsprogs util-linux squashfs-tools coreutils tar dmidecode \
-    kmod-libs cryptsetup-libs libblkid
+    kmod-libs cryptsetup-libs libblkid curl
 RUN eve-alpine-deploy.sh
 
 # get mkinitfs source from git and build it locally

@@ -227,6 +227,14 @@
                 "rshared"
             ]
         },
+        {
+            "destination": "/etc",
+            "type": "tmpfs",
+            "source": "tmpfs",
+            "options": [
+                "rw"
+            ]
+        },
         {
             "destination": "/opt/debug",
             "type": "bind",
@@ -271,6 +279,22 @@
                 "rw"
             ]
         },
+        {
+            "destination": "/var",
+            "type": "tmpfs",
+            "source": "tmpfs",
+            "options": [
+                "rw"
+            ]
+        },
+        {
+            "destination": "/persist",
+            "type": "tmpfs",
+            "source": "tmpfs",
+            "options": [
+                "rw"
+            ]
+        },
         {
             "destination": "/dev",
             "type": "bind",

@@ -168,7 +168,56 @@ zfs_umount() {
   umount /root/dev ||:
 }
 
+# XXX post_inventory needs to run in background - do inside client.go?
+# XXX change to /persist/inventory
+post_inventory() {
+    if [ ! -d /config/inventory ]; then
+        return
+    fi
+    cd /config/inventory || exit
+    inventory_server=$(cat ./server)
+    files=$(find . -type f -print | grep -v ^./server)
+    for f in $files; do
+        logmsg "device-steps: posting $f to $inventory_server"
+        curl -X POST "$inventory_server/$f" -H "Content-Type: text/plain" -d "@$f" || return
+    done
+    logmsg "device-steps: done posting $inventory_server"
+    cd || exit
+    rm -rf /config/inventory
+}
+
 logmsg "EVE-OS installation started"
+
+# XXX remove
+ip link show
+
+# Kick off network configuration on eth0 so we can run ntpd and later post
+# inventory
+mkdir -p /var/run/
+mkdir -p /etc/network/if-up.d/
+mkdir -p /etc/network/if-pre-up.d/
+mkdir -p /etc/network/interfaces.d/
+cat <<EOF >/etc/network/interfaces
+auto eth0
+iface eth0 inet dhcp
+EOF
+mkdir -p /etc/conf.d/
+cat <<EOF >/etc/conf.d/ntpd
+NTPD_OPTS="-s"
+EOF
+ifup -av
+# XXX remove
+ls -l /etc/network/interfaces*
+ifconfig
+ip route show
+
+# XXX This is bogus since not from udhcp
+# https://www.unix.com/man-page/suse/8/udhcpc/ - ntpsrv
+ls -l /usr/share/udhcpc/default.script
+ping -c 1 pool.ntp.org
+# Wait until synchronized and force the clock to be set from ntp
+/usr/sbin/ntpd -q -n -g -p pool.ntp.org
+
 # do this just in case
 modprobe usbhid && modprobe usbkbd
 # clean partition tables on disks defined to nuke
@@ -511,6 +560,27 @@ if [ -f $DEVICE_CERT_NAME ] && [ -n "$REPORT" ]; then
    cat $DEVICE_CERT_NAME > "$REPORT/device.cert.pem"
 fi
 
+# If we have an inventory server then save report so we can push on first
+# boot
+INVENTORY_SERVER=$(tr ' ' '\012' < /proc/cmdline | sed -n '/eve_inventory_server=/s#eve_inventory_server=##p')
+if [ -n "$INVENTORY_SERVER" ]; then
+    mkdir /config/inventory
+    echo "$INVENTORY_SERVER" >/config/inventory/server
+    cp -rp "$REPORT" /config/inventory/
+    # XXX
+    ls -lR /config/inventory
+    # Try once and if this fails EVE-OS will try again on boot
+    ping -c 1 192.168.1.2
+    ping -c 1 192.168.1.55
+    post_inventory
+    # XXX sleep and try again?
+    ping -c 1 192.168.1.2
+    ping -c 1 192.168.1.254
+    ip route show
+    sleep 5
+    post_inventory
+fi
+
 # finally check whether we are collecting a black box
 if [ -n "$REPORT" ]; then
    # then we can collect our black box

@@ -185,6 +185,24 @@ access_usb() {
     fi
 }
 
+# XXX post_inventory needs to run in background - do inside client.go?
+# XXX change to /persist/inventory across
+post_inventory() {
+    if [ ! -d /config/inventory ]; then
+        return
+    fi
+    cd /config/inventory || exit
+    inventory_server=$(cat ./server)
+    files=$(find . -type f -print | grep -v ^./server)
+    for f in $files; do
+        echo "$(date -Ins -u) device-steps: posting $f to $inventory_server"
+        curl -X POST "$inventory_server/$f" -H "Content-Type: text/plain" -d "@$f" || return
+    done
+    echo "$(date -Ins -u) device-steps: done posting $inventory_server"
+    cd || exit
+    rm -rf /config/inventory
+}
+
 # Read any usb.json with DevicePortConfig, and deposit our identity
 access_usb
 
@@ -259,6 +277,7 @@ if [ ! -s "$DEVICE_CERT_NAME" ] || [ $RTC = 0 ] || [ -n "$FIRSTBOOT" ]; then
 
     # Deposit any diag information from nim
     access_usb
+    post_inventory
 
     # We need to try our best to setup time *before* we generate the certifiacte.
     # Otherwise the cert may have start date in the future or in 1970
@@ -382,6 +401,8 @@ fi
 # Deposit any diag information from nim and onboarding
 access_usb
 
+post_inventory
+
 # Add zedclient to watchdog; it runs as a separate process
 touch "$WATCHDOG_PID/zedclient.pid"
 
@@ -428,6 +449,7 @@ echo "$(date -Ins -u) Done starting EVE version: $(cat /run/eve-release)"
 # and dump any diag information
 while true; do
     access_usb
+    post_inventory
     # Check if NTP server changed
     # Note that this really belongs in a separate ntpd container
     ns=$(get_ntp_server)