[OpenWrt-Devel] First boot provisioning
David Lang
david at lang.hm
Wed Jan 27 02:47:18 EST 2016
catching up on old e-mail
On Wed, 9 Dec 2015, Lukáš Macura wrote:
> Hello,
>
> I would want to start some discussion about first boot provisioning and theoretical inclusion of some script into default images.
>
> Today, if somebody want some automatic way to autoconfigure OpenWrt boxes, he has to create its own image. But if there is some possibility directly in OpenWrt, how to do some well-documented procedure during first boot, first boot auto configuration could be offloaded from image. I know there are some security issues. But I think that such procedure could be very tiny and efficient.
>
> For example, it is very easy to write handler for reset button /etc/rc.button/reset :
>
> if [ "$SEEN" -lt 1 ]
> then
> echo "REBOOT" > /dev/console
> sync
> reboot
> elif [ "$SEEN" -gt 10 ]
> then
> ( echo "PROVISIONING"
> wget -q -O- http://openwrt-prov/opkg.repo >/etc/opkg/provisioned.conf
> packages=$(wget -q -O- http://openwrt-prov/default/opkg.install)
> [ -n "$packages" ] && opkg update && opkg install $packages
> ) 2>&1 | logger
>
> elif [ "$SEEN" -gt 5 ]
> then
> echo "FACTORY RESET" > /dev/console
> jffs2reset -y && reboot &
> fi
>
> so if you press reset button for more than 10 seconds, box will download two files from some server. One which can add some local repositories and second to get package names to install. Next to this, it will do opkg update and install.
> There are more ways how to trigger first boot procedure. This is only proof of concept.
> Another way is to include this procedure in uci-defaults and run each time when device is in factory defaults mode.
>
> Some questions:
> - - How to form url? Which url?
> - - Is it secure to download some external content by default? No, but this will hapen only during first boot.
> - - Should this procedure be manual? eg. it needs to press button or automaticaly?
It all depends on the environment. For he Scale conference last week, I had 120
APs out and they got configured by a combination of the base image (populating
/files) and DHCP parameters. That wouldn't work in home systems where the AP is
the DHCP.
Automating configuation and updates from your own system is a great thing to do.
Doing so from someone else's system on the Internet is something else. And
taking on the responsibility for holding such configs (and the potential
liability if the configs get tampered with and access is granted to lots of
peoples systmes) is something else again. It's not something Openwrt is going to
want to get involved with.
The bigger issue is that the reason why most openwrt devices get updated by
flashing a complete image is the shortage of storage on them. By using a
pre-compressed, read-only filesystem, the compression ratio is much higher, but
it means that anything that gets installed on the device after that point has
two versions taking up space, the original, highly compressed version, and a
later, less compressed version. You very quickly run out of space updating
individual packages and overriding basic configs.
But I do like the idea of holding the reset button down to pull from a local
system. I'll use that trick in the future :-)
David Lang
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list