Difference between revisions of "Mesh/Firmware/Generating"

From Sudo Room
Jump to navigation Jump to search
Line 8: Line 8:
 
* python SSL socket server for configuring nodes over secure socket.
 
* python SSL socket server for configuring nodes over secure socket.
 
* python web server as a UI to the SSL configuration server.
 
* python web server as a UI to the SSL configuration server.
 
+
** SSL libraries on the client (node) are often big. BusyBox wget does not support SSL for example. In wlan slovenija we were thinking of using SSH/SCP instead. [[User:Mitar|Mitar]] ([[User talk:Mitar|talk]]) 06:09, 17 October 2013 (PDT)
  SSL libraries on the client (node) are often big. BusyBox wget does not support SSL for example. In wlan slovenija we were thinking of using SSH/SCP instead. [[Special:Contributions/24.5.192.44|24.5.192.44]] 06:09, 17 October 2013 (PDT)
 
  
 
Node:   
 
Node:   

Revision as of 06:09, 17 October 2013

Model (rough)

Build Server: The one and only server responsible for building and signing SudoMesh OpenWRT images, mostly a collection of bash scripts.

Configuration Server: One of possibly multiple servers responsible for and authenticated to query, configure and update nodes.

  • python SSL socket server for configuring nodes over secure socket.
  • python web server as a UI to the SSL configuration server.
    • SSL libraries on the client (node) are often big. BusyBox wget does not support SSL for example. In wlan slovenija we were thinking of using SSH/SCP instead. Mitar (talk) 06:09, 17 October 2013 (PDT)

Node: The basic build block of any mesh!

  • node-admin: extended from the openWRT admin page, used by node owner for configuration.
  • node-conf-client: lua client for accepting configs and answering config queries from a configuraion server.

Node Attributes

The following attributes are required of the Build Server at image build time:

  • Hardware model
  • Firmware version

The following attributes are required of the Configuration Server for initial configuration:

  • SSH host RSA keypair
  • SSH host DSA keypair (optional?)
  • SSH host ECDSA keypair (optional?)
  • SSH keys allowed root access for debugging

The following attributes are required of the Node Op for initial configuration through the Configuration Server:

  • Geographic address
  • Node Op name
  • Node Op email address
  • Node Op phone number

wlan slovenija

wlan slovenija has a firmware generator tool. Here are some links:

Some relevant code from config_generator.py:

      buildString = 'make image FILES="../files" PROFILE="%s" PACKAGES="policy-routing olsrd uhttpd tc nodewatcher-core nodewatcher-clients ntpclient hostapd -ppp -ppp-mod-pppoe -wpad-mini kmod-l2tp kmod-l2tp-ip kmod-l2tp-eth tunneldigger wireless-tools qos-scripts %s"' % (profile_map[self.portLayout], pkgs)
      os.chdir(path)
      os.system(buildString)

The whole nodewatcher system is in fact a web interface to the image generator (this is how it all started, historically, as a web interface + IP allocation, and then we added network monitoring, node telemetry and so on).

freifunk

Freifunk has a web app called meshkit for generating images.

Meshkit takes a strange approach. From the readme file:

Meshkit itself just writes a uci config file and stores it in
/etc/config/meshkwizard in the resulting firmware image. The actual
configuration is done by meshwizard, which uses community profiles
and the settings from meshkit to configure the device at first boot after
the device has been flashed.

While I understand why community profiles would be a good idea, it seems odd that the configuration would happen on the device. Why not generate all of the required configuration before generating the image? That way you save a bit of space and an extra reboot of the device.

After looking at the code, I am not inclined to use it. Lots of freifunk-specific stuff. Few comments. In the end, all it does that we really care about is take a few values from the web app, write some config files for openwrt and run "make image" with some parameters. It does have a system for queuing builds, which is nice. Honestly, I think we're going to be better off making our own system