jmg
/
fbsdembdev
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Information and documentation on building an embedded board test lab.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17 Commits
1 Branch
120 KiB
 
 
 
 
Tree: 17c406d50f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '17c406d50f'
${ noResults }
fbsdembdev/lab.doc.md.html

143 lines
6.7 KiB
Raw Blame History 

  1. <meta charset="utf-8">

  2. <meta http-equiv="refresh" content="2">

  3. 

  4. Embedded Board dev cluster

  5. ==========================

  6. 

  7. This is the description of how the cluster is architected and setup.  There

  8. are a few design decisions that are likely to be different in other

  9. environments, but this made the most sense for mine.

  10. 

  11. Goal

  12. ----

  13. 

  14. The goal of this setup is to allow people to be able to install and test

  15. images on various boards remotely.

  16. 

  17. ###  Features

  18. 

  19. - Remote power control

  20. - serial console access

  21. - Network boot

  22. - Internet connectivity for boards w/ ethernet

  23. - Isolation between board environments

  24.   Likely implemented via VLANs+jails w/ VNET to provide complete control

  25. - Long term goals:

  26.   - Emulated microSD cards

  27. 

  28. ### Physical Architecture

  29. 

  30. The following diagrams the connections between the components.  It is expected

  31. that the connections for the RockPro64 is followed similarly for other embedded

  32. devices.

  33. 

  34. In the case of the Switch, the RockPro64 will be put on a VLAN which will be

  35. delivered to the Host machine tagged.  This will allow a jail in the host

  36. machine to have a direct control over the broadcast domain for the device.

  37. This will allow running dhcp/bootp/tftp services for netbooting by running dnsmasq

  38. or another service.  As fusefs is now jail friendly, the root FS could even be

  39. mounted via sshfs

  40. 

  41. The PoE part of the switch will be used for power control.  PoE splitters (~$10)

  42. are readily available and inexpensive, and the cost per port is realatively

  43. inexpensive considering that power consumption will also be provided.

  44. 

  45. **************************************************************************

  46. *                                                                        *

  47. * +--------------+                                   +-----------------+ *

  48. * | Host machine +-------------------------+         |    Internet     | *

  49. * +-+------------+                         |         +-+---------------+ *

  50. *   |                                      |           |                 *

  51. *   |                                      |           |                 *

  52. *   |                                      |           |                 *

  53. * +-+------------+     +----------------+  |         +-+---------------+ *

  54. * |   USB Hub    +-----+ Serial adapter |  +---------+ PoE/VLAN Switch | *

  55. * +--------------+     +-+--------------+            +-+---------------+ *

  56. *                        |                             |                 *

  57. *                        |                             |                 *

  58. *                        |                             |                 *

  59. *                      +-+--------------+  Network   +-+---------------+ *

  60. *                      |   RockPro64    +------------+  PoE Splitter   | *

  61. *                      +-+--------------+            +-+---------------+ *

  62. *                        |                Power        |                 *

  63. *                        +-----------------------------+                 *

  64. *                                                                        *

  65. **************************************************************************

  66. 

  67. ### Logical Architecture

  68. 

  69. No user will be able to log into the host machine directly.  The only user

  70. interface exposed on the host will be via an RPC interface, e.g.

  71. `echo function xxx | ssh labhost labcli`, or via a socket from within

  72. the jail.

  73. 

  74. Workflow

  75. --------

  76. 

  77. # Functions

  78. 

  79. The functions that take a device handle can be executed from within the device jail

  80. and the device handle of that device jail will be used.  An error will be raised if

  81. a device handle is provided and it does not match the current jail.

  82. 

  83. These are the functions a user can execute:

  84. 1. List device classes (onlyavailable=false)

  85.    List the device classes that are known about.  If onlyavailable is true, than only

  86.    ones that are currently available for claiming are returned.

  87. 2. Device status (claimed=false)

  88.    List all the device statuses currently.  This includes that status, claimed or

  89.    unclaimed.  If the device is claimed, it includes the user to claimed it.  If claimed

  90.    is true, only list devices that are currently claimed by you.  The default is to list

  91.    all devices.

  92. 3. Claim device (device class, power=false)

  93.    A user can use this to lock a device.  This will return a device handle with the

  94.    device information, such as the device's jail's IP address, or an error.  Once they

  95.    have obtained a device, it will not be allocated to another user till they have release

  96.    this device (or in the future a timeout has been hit).  The user's ssh keys will be

  97.    automatically populated in that jail.  By default, the device will be in the power off

  98.    state.  When a default configuration is provided for the board, it can be automatically

  99.    powered on to make it easier to integrate w/ systems like CI.

  100. 4. Reinit device (device handle)

  101.    This will remove the current jail, and recreate it as if it was claimed for the first

  102.    time.  This can be done so you can get the jail in a clean state w/o risk losing the

  103.    lock by freeing it and then reclaiming it.  If you have not claimed the device, an

  104.    error will be returned.  If the reinit fails, an error will be returned, but the claim

  105.    will be maintained.

  106. 5. Release device (device handle)

  107.    Release a claim on the device handle returned by claim device.  This will make it

  108.    available to users again.  All data in the jail will be deleted.  It will return an

  109.    error if you do have have a claim on the device.

  110. 6. Power off (device handle)

  111.    Turn off the power to the device.

  112. 7. Power on (device handle)

  113.    Turn on the power to the device.

  114. 

  115. # Services provided in the device jail

  116. 

  117. Once logged in, the jail will have the following services:

  118. 1. ssh

  119.    Incoming ssh must be provided for the user to login.

  120. 2. One interface for internet

  121.    nat setup so that all traffic appears from jail's IP.

  122. 3. One interface for device

  123. 4. Serial port for console access

  124. 5. dhcpd for device w/ tftp already configured

  125. 6. inetd w/ tftpd setup

  126. 7. nfsd setup w/ exports configured

  127. 8. power control for device

  128. 

  129. As the user will have root access, all of these can be modified after.

  130. 

  131. Questions

  132. =========

  133. 

  134. Should the host key for the device be kept between invocations.

  135. Pros: Users don't have to munch the known_hosts every time.

  136. Cons: Malicious user could impersonate the jail as they can copy out the key.

  137. 

  138. IPv6 support?

  139. 	I have enough that each device can get a /64, but this remove privacy in

  140. 	that the network will tell which device was active at the time

  141. 

  142. <!-- Markdeep: --><style class="fallback">body{visibility:hidden;white-space:pre;font-family:monospace}</style><script src="markdeep.min.js" charset="utf-8"></script><script src="https://casual-effects.com/markdeep/latest/markdeep.min.js" charset="utf-8"></script><script>window.alreadyProcessedMarkdeep||(document.body.style.visibility="visible")</script>