Difference between revisions of "Mesh/Firmware/Generating"

From Sudo Room
Jump to navigation Jump to search
 
(7 intermediate revisions by 4 users not shown)
Line 1: Line 1:
= Node Attributes =
= Model (rough) =
The following attributes are required of the Node Operator for node firmware generation:


*Hardware model
Build Server: 
*Primary vs. non-primary AP
The one and only server responsible for building and signing SudoMesh OpenWRT images, mostly a collection of bash scripts.
*Geographic address (location)
*Node Op name
*Node Op phone number
*Node Op email address


The following attributes are to be generated (securely!) on the fly for node firmware generation:
Configuration Server: 
One of possibly multiple servers responsible for and authenticated to query, configure and update nodes.
* python SSL socket server for configuring nodes over secure socket.
* python web server as a UI to the SSL configuration server.
** SSL libraries on the client (node) are often big. BusyBox wget does not support SSL for example. In wlan slovenija we were thinking of using SSH/SCP instead. [[User:Mitar|Mitar]] ([[User talk:Mitar|talk]]) 06:09, 17 October 2013 (PDT)


*SSH host DSA keypair (optional?)
Node: 
*SSH host ECDSA keypair (optional?)
The basic build block of any mesh!
*SSH host RSA keypair
*node-admin: extended from the openWRT admin page, used by node owner for configuration.
*SSH root password
*node-conf-client: lua client for accepting configs and answering config queries from a configuraion server.


= wlan slovenija =
= Node Attributes =


wlan slovenija has a firmware generator tool. Here are some links:
The following attributes are required of the Build Server at image build time:


*[https://github.com/wlanslovenija/nodewatcher/blob/master/generator/config_generator.py config_generator.py: the core code for the generator]
*Hardware model
*[https://github.com/wlanslovenija/nodewatcher/blob/master/generator/build_image.py build_image.py: the command line tool that uses config_generator.py]
*Firmware version


Some relevant code from config_generator.py:
The following attributes are required of the Configuration Server for initial configuration:


<pre>
*SSH host RSA keypair
      buildString = 'make image FILES="../files" PROFILE="%s" PACKAGES="policy-routing olsrd uhttpd tc nodewatcher-core nodewatcher-clients ntpclient hostapd -ppp -ppp-mod-pppoe -wpad-mini kmod-l2tp kmod-l2tp-ip kmod-l2tp-eth tunneldigger wireless-tools qos-scripts %s"' % (profile_map[self.portLayout], pkgs)
*SSH host DSA keypair (optional?)
      os.chdir(path)
*SSH host ECDSA keypair (optional?)
      os.system(buildString)
*SSH keys allowed root access for debugging
</pre>


The whole ''nodewatcher'' system is in fact a web interface to the image generator (this is how it all started, historically, as a web interface + IP allocation, and then we added network monitoring, node telemetry and so on).
The following attributes are required of the Node Op for initial configuration through the Configuration Server:


*[http://nodes.wlan-si.net/ live version]
*Geographic address
*Node Op name
*Node Op email address
*Node Op phone number


= freifunk =
= freifunk =
Line 55: Line 56:


After looking at the code, I am not inclined to use it. Lots of freifunk-specific stuff. Few comments. In the end, all it does that we really care about is take a few values from the web app, write some config files for openwrt and run "make image" with some parameters. It does have a system for queuing builds, which is nice. Honestly, I think we're going to be better off making our own system
After looking at the code, I am not inclined to use it. Lots of freifunk-specific stuff. Few comments. In the end, all it does that we really care about is take a few values from the web app, write some config files for openwrt and run "make image" with some parameters. It does have a system for queuing builds, which is nice. Honestly, I think we're going to be better off making our own system
= SQLite =
SQL Script for meshnode database:
<pre>
BEGIN TRANSACTION;
CREATE TABLE node (model TEXT, version TEXT, id TEXT, rsakeypair TEXT, dsakeypair TEXT, ecdsakeypair TEXT, rootkeypair TEXT, geoloc TEXT, opname TEXT, opemail TEXT, opphone TEXT);
INSERT INTO node VALUES('Ubiquity','PICO2-H EU','5f80ce728aa2032a55e6f86bb3d0dd7b154c5c39','-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtBqXujQ9kefbhpS2sLgu3G6bw
iwUySFTd10+8X3cVx2OkZnRqqWCRMyjfMhMfRl7duBxcaDb0Q5MhqjsYO7W1y3V+
Rqu2xn9+HdAYl2EGXD4jwzSiGgMCvtB0vogI+wQVYHVi6X60pu6rfyNWI/4LfVeD
HAMgIU/cBt7SQ1ESUwIDAQAB
-----END PUBLIC KEY-----','cc:50:d4:85:86:56:b8:8a:77:57:61:51:63:89:46:09','045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5','-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANBUpUcWbR5e8EX5BCdz3pz4D7Xbq5cJ
6zY9rq94lXoZ2vOijwkAcwrCFzdXDXWETw9/KdO7m6xJa0Yebu7W9zUCAwEAAQ==
-----END PUBLIC KEY-----','37.810869,-122.267554','Chris Jefferies','operator@gmail.com','510.444.5555');
CREATE UNIQUE INDEX id ON node(id ASC);
COMMIT;
</pre>
SQLite database definition:
<pre>
SQLite format 3���@  ����
��:�:ÅC������Çitablenodenode�CREATE TABLE node (model TEXT, version TEXT, id TEXT, rsakeypair TEXT, dsakeypair TEXT, ecdsakeypair TEXT, rootkeypair TEXT, geoloc TEXT, opname TEXT, opemail TEXT, opphone )
�
</pre>

Latest revision as of 21:06, 24 October 2013

Model (rough)

Build Server: The one and only server responsible for building and signing SudoMesh OpenWRT images, mostly a collection of bash scripts.

Configuration Server: One of possibly multiple servers responsible for and authenticated to query, configure and update nodes.

  • python SSL socket server for configuring nodes over secure socket.
  • python web server as a UI to the SSL configuration server.
    • SSL libraries on the client (node) are often big. BusyBox wget does not support SSL for example. In wlan slovenija we were thinking of using SSH/SCP instead. Mitar (talk) 06:09, 17 October 2013 (PDT)

Node: The basic build block of any mesh!

  • node-admin: extended from the openWRT admin page, used by node owner for configuration.
  • node-conf-client: lua client for accepting configs and answering config queries from a configuraion server.

Node Attributes

The following attributes are required of the Build Server at image build time:

  • Hardware model
  • Firmware version

The following attributes are required of the Configuration Server for initial configuration:

  • SSH host RSA keypair
  • SSH host DSA keypair (optional?)
  • SSH host ECDSA keypair (optional?)
  • SSH keys allowed root access for debugging

The following attributes are required of the Node Op for initial configuration through the Configuration Server:

  • Geographic address
  • Node Op name
  • Node Op email address
  • Node Op phone number

freifunk

Freifunk has a web app called meshkit for generating images.

Meshkit takes a strange approach. From the readme file:

Meshkit itself just writes a uci config file and stores it in
/etc/config/meshkwizard in the resulting firmware image. The actual
configuration is done by meshwizard, which uses community profiles
and the settings from meshkit to configure the device at first boot after
the device has been flashed.

While I understand why community profiles would be a good idea, it seems odd that the configuration would happen on the device. Why not generate all of the required configuration before generating the image? That way you save a bit of space and an extra reboot of the device.

After looking at the code, I am not inclined to use it. Lots of freifunk-specific stuff. Few comments. In the end, all it does that we really care about is take a few values from the web app, write some config files for openwrt and run "make image" with some parameters. It does have a system for queuing builds, which is nice. Honestly, I think we're going to be better off making our own system

SQLite

SQL Script for meshnode database:

BEGIN TRANSACTION;
CREATE TABLE node (model TEXT, version TEXT, id TEXT, rsakeypair TEXT, dsakeypair TEXT, ecdsakeypair TEXT, rootkeypair TEXT, geoloc TEXT, opname TEXT, opemail TEXT, opphone TEXT);
INSERT INTO node VALUES('Ubiquity','PICO2-H EU','5f80ce728aa2032a55e6f86bb3d0dd7b154c5c39','-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtBqXujQ9kefbhpS2sLgu3G6bw
iwUySFTd10+8X3cVx2OkZnRqqWCRMyjfMhMfRl7duBxcaDb0Q5MhqjsYO7W1y3V+
Rqu2xn9+HdAYl2EGXD4jwzSiGgMCvtB0vogI+wQVYHVi6X60pu6rfyNWI/4LfVeD
HAMgIU/cBt7SQ1ESUwIDAQAB
-----END PUBLIC KEY-----','cc:50:d4:85:86:56:b8:8a:77:57:61:51:63:89:46:09','045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5','-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANBUpUcWbR5e8EX5BCdz3pz4D7Xbq5cJ
6zY9rq94lXoZ2vOijwkAcwrCFzdXDXWETw9/KdO7m6xJa0Yebu7W9zUCAwEAAQ==
-----END PUBLIC KEY-----','37.810869,-122.267554','Chris Jefferies','operator@gmail.com','510.444.5555');
CREATE UNIQUE INDEX id ON node(id ASC);
COMMIT;


SQLite database definition:

SQLite format 3���@  ����
��:�:ÅC������Çitablenodenode�CREATE TABLE node (model TEXT, version TEXT, id TEXT, rsakeypair TEXT, dsakeypair TEXT, ecdsakeypair TEXT, rootkeypair TEXT, geoloc TEXT, opname TEXT, opemail TEXT, opphone )
�