diff --git a/conf/bblayers.conf.sample b/conf/bblayers.conf.sample index c92a26c6..4a8f136e 100644 --- a/conf/bblayers.conf.sample +++ b/conf/bblayers.conf.sample @@ -16,6 +16,7 @@ BBLAYERS ?= " \ ##OEROOT##/meta-openembedded/meta-networking \ ##OEROOT##/meta-openembedded/meta-perl \ ##OEROOT##/meta-openembedded/meta-python \ + ##OEROOT##/meta-virtualization \ ##OEROOT##/meta-raspberrypi \ ##OEROOT##/meta-security \ ##OEROOT##/meta-nodejs \ diff --git a/conf/local.conf.sample b/conf/local.conf.sample index d22b595c..c404f28c 100644 --- a/conf/local.conf.sample +++ b/conf/local.conf.sample @@ -9,7 +9,7 @@ RPI_USE_U_BOOT = "1" #DISABLE_RPI_BOOT_LOGO = "1" #IMAGE_FEATURES_remove = "splash" -DISTRO_FEATURES = "ext2 opengl usbhost ${DISTRO_FEATURES_LIBC}" +DISTRO_FEATURES = "ext2 opengl usbhost ${DISTRO_FEATURES_LIBC} virtualization k8s" DISTRO_FEATURES_BACKFILL_CONSIDERED += "pulseaudio" diff --git a/recipes-containers/docker/docker_%.bbappend b/recipes-containers/docker/docker_%.bbappend new file mode 100644 index 00000000..298167a1 --- /dev/null +++ b/recipes-containers/docker/docker_%.bbappend @@ -0,0 +1,4 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" +SRC_URI += "file://daemon.json" + + diff --git a/recipes-containers/docker/files/daemon.json b/recipes-containers/docker/files/daemon.json new file mode 100644 index 00000000..954ff825 --- /dev/null +++ b/recipes-containers/docker/files/daemon.json @@ -0,0 +1,4 @@ +{ + "graph": "/userdata/docker", + "storage-driver": "overlay2" +} \ No newline at end of file diff --git a/recipes-containers/kubelet/files/10-c2d.conf b/recipes-containers/kubelet/files/10-c2d.conf new file mode 100644 index 00000000..2b4fb4f9 --- /dev/null +++ b/recipes-containers/kubelet/files/10-c2d.conf @@ -0,0 +1,6 @@ +{ + "cniVersion": "0.2.0", + "name": "edgenet", + "type": "c2d", + "debug": true +} diff --git a/recipes-containers/kubelet/files/99-loopback.conf b/recipes-containers/kubelet/files/99-loopback.conf new file mode 100644 index 00000000..1acb85a0 --- /dev/null +++ b/recipes-containers/kubelet/files/99-loopback.conf @@ -0,0 +1,4 @@ +{ + "cniVersion": "0.3.1", + "type": "loopback" +} diff --git a/recipes-containers/kubelet/files/kubeconfig b/recipes-containers/kubelet/files/kubeconfig new file mode 100644 index 00000000..b42cc1c9 --- /dev/null +++ b/recipes-containers/kubelet/files/kubeconfig @@ -0,0 +1,12 @@ +apiVersion: v1 +clusters: +- cluster: + server: http://127.0.0.1:8080 + name: kaas +contexts: +- context: + cluster: kaas + name: default +current-context: default +kind: Config +preferences: {} diff --git a/recipes-containers/kubelet/files/kubelet-config.yaml b/recipes-containers/kubelet/files/kubelet-config.yaml new file mode 100644 index 00000000..d45f43aa --- /dev/null +++ b/recipes-containers/kubelet/files/kubelet-config.yaml @@ -0,0 +1,19 @@ +kind: KubeletConfiguration +apiVersion: kubelet.config.k8s.io/v1beta1 +authentication: + anonymous: + enabled: false + webhook: + enabled: true + x509: + clientCAFile: "/var/lib/kubelet/ca.pem" +authorization: + mode: Webhook +clusterDomain: "cluster.local" +clusterDNS: + - "10.32.0.10" +podCIDR: "10.0.0.0/24" +resolvConf: "/etc/resolv.conf" +runtimeRequestTimeout: "15m" +tlsCertFile: "/var/lib/kubelet/kubelet.pem" +tlsPrivateKeyFile: "/var/lib/kubelet/kubelet-key.pem" diff --git a/recipes-containers/kubelet/files/kubelet-watcher.service b/recipes-containers/kubelet/files/kubelet-watcher.service new file mode 100644 index 00000000..abe561d8 --- /dev/null +++ b/recipes-containers/kubelet/files/kubelet-watcher.service @@ -0,0 +1,9 @@ +[Unit] +Description=kubelet restarter + +[Service] +Type=oneshot +ExecStart=/bin/systemctl restart kubelet.service + +[Install] +WantedBy=network.target \ No newline at end of file diff --git a/recipes-containers/kubelet/files/kubelet.path b/recipes-containers/kubelet/files/kubelet.path new file mode 100644 index 00000000..beda16bc --- /dev/null +++ b/recipes-containers/kubelet/files/kubelet.path @@ -0,0 +1,9 @@ +[Unit] +Description=Monitor the changes to identity.json file and restart kubelet + +[Path] +PathChanged=/userdata/edge_gw_config/identity.json +Unit=kubelet-watcher.service + +[Install] +WantedBy=network.target diff --git a/recipes-containers/kubelet/files/kubelet.service b/recipes-containers/kubelet/files/kubelet.service new file mode 100644 index 00000000..c6134428 --- /dev/null +++ b/recipes-containers/kubelet/files/kubelet.service @@ -0,0 +1,12 @@ +[Unit] +Descritpion=Kubelet +Requires=wait-for-pelion-identity.service +After=edge-proxy.service + +[Service] +Restart=always +RestartSec=5 +ExecStart=/wigwag/system/bin/launch-kubelet.sh + +[Install] +WantedBy=network.target diff --git a/recipes-containers/kubelet/files/launch-edgenet.sh b/recipes-containers/kubelet/files/launch-edgenet.sh new file mode 100755 index 00000000..6ced9419 --- /dev/null +++ b/recipes-containers/kubelet/files/launch-edgenet.sh @@ -0,0 +1,20 @@ +#!/bin/bash +# ---------------------------------------------------------------------------- +# Copyright (c) 2020, Arm Limited and affiliates. +# +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ---------------------------------------------------------------------------- + +docker network inspect edgenet &>/dev/null || docker network create --subnet=10.0.0.0/24 --gateway=10.0.0.1 edgenet diff --git a/recipes-containers/kubelet/files/launch-kubelet.sh b/recipes-containers/kubelet/files/launch-kubelet.sh new file mode 100755 index 00000000..d9be3bb0 --- /dev/null +++ b/recipes-containers/kubelet/files/launch-kubelet.sh @@ -0,0 +1,42 @@ +#!/bin/bash +# ---------------------------------------------------------------------------- +# Copyright (c) 2020, Arm Limited and affiliates. +# +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ---------------------------------------------------------------------------- + +DEVICE_ID=`jq -r .deviceID /userdata/edge_gw_config/identity.json` +if [ $? -ne 0 ]; then + echo "Unable to extract device ID from identity.json" + exit 1 +fi + +/wigwag/system/bin/launch-edgenet.sh +if [ $? -ne 0 ]; then + echo "Unable to create edgenet docker network" + exit 2 +fi + +exec /wigwag/system/bin/kubelet \ +--root-dir=/var/lib/kubelet \ +--offline-cache-path=/wigwag/system/var/lib/kubelet/store \ +--fail-swap-on=false \ +--image-pull-progress-deadline=2m \ +--hostname-override=${DEVICE_ID} \ +--kubeconfig=/wigwag/system/var/lib/kubelet/kubeconfig \ +--cni-bin-dir=/wigwag/system/opt/cni/bin \ +--cni-conf-dir=/wigwag/system/etc/cni/net.d \ +--network-plugin=cni \ +--register-node=true diff --git a/recipes-containers/kubelet/kubelet_git.bb b/recipes-containers/kubelet/kubelet_git.bb new file mode 100644 index 00000000..88303ee9 --- /dev/null +++ b/recipes-containers/kubelet/kubelet_git.bb @@ -0,0 +1,69 @@ +DESCRIPTION = "Kubernetes without all the extra stuff" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +inherit go pkgconfig gitpkgv systemd +SRC_URI = "git://git@github.com/armPelionEdge/edge-kubelet.git;protocol=ssh;branch=master;depth=1 \ +file://10-c2d.conf \ +file://99-loopback.conf \ +file://kubeconfig \ +file://kubelet.service \ +file://kubelet-watcher.service \ +file://kubelet.path \ +file://launch-edgenet.sh \ +file://launch-kubelet.sh \ + " + +SYSTEMD_PACKAGES = "${PN}" +SYSTEMD_SERVICE_${PN} = "kubelet.service" +SYSTEMD_AUTO_ENABLE_${PN} = "enable" + +#SRCREV = "${AUTOREV}" +SRCREV = "83b266ae6939012883611d6dbda745f2490a67c4" +PR = "r1" + +DEPENDS = "libseccomp" +RDEPENDS_${PN} += " docker libseccomp cni" + +bindir = "/wigwag/system/bin" +confdir = "/wigwag/system/var/lib/kubelet" +cnidir = "/wigwag/system/etc/cni/net.d" +FILES_${PN} = "\ + ${bindir}/kubelet\ + ${bindir}/launch-kubelet.sh\ + ${bindir}/launch-edgenet.sh\ + ${confdir}/kubeconfig\ + ${cnidir}/10-c2d.conf\ + ${cnidir}/99-loopback.conf\ + ${systemd_system_unitdir}/kubelet.service\ + ${systemd_system_unitdir}/kubelet-watcher.service\ + ${systemd_system_unitdir}/kubelet.path\ + " +GO_IMPORT = "k8s.io/kubernetes" +GO_PACKAGES = "${GO_IMPORT}/cmd/kubelet" + +do_compile() { + export TMPDIR="${GOTMPDIR}" + # KUBE_GO_PACKAGE is expected to be set by the version.sh script + export KUBE_GO_PACKAGE=${GO_IMPORT} + # sh doesn't like variable names with '::' in them. Replace all '::' occurrences with '_' + eval "$(cat ${GOPATH}/src/${GO_IMPORT}/hack/lib/version.sh | sed --expression 's/::/_/g')" + echo "${GO} install -v -ldflags=\"$GO_RPATH $GO_LINKMODE -extldflags '$GO_EXTLDFLAGS' $(kube_version_ldflags)\" ${GO_PACKAGES}" > /tmp/gostuff + ${GO} install -v -ldflags="$GO_RPATH $GO_LINKMODE -extldflags '$GO_EXTLDFLAGS' $(kube_version_ldflags)" ${GO_PACKAGES} +} + +do_install() { + install -d ${D}${bindir} + install -d ${D}${confdir} + install -d ${D}${cnidir} + install -d ${D}${systemd_system_unitdir} + install -m 0755 ${B}/${GO_BUILD_BINDIR}/kubelet ${D}${bindir}/kubelet + install -m 0755 ${S}/../launch-kubelet.sh ${D}${bindir}/launch-kubelet.sh + install -m 0755 ${S}/../launch-edgenet.sh ${D}${bindir}/launch-edgenet.sh + install -m 0644 ${S}/../kubeconfig ${D}${confdir}/kubeconfig + install -m 0644 ${S}/../10-c2d.conf ${D}${cnidir}/10-c2d.conf + install -m 0644 ${S}/../99-loopback.conf ${D}${cnidir}/99-loopback.conf + install -m 0644 ${S}/../kubelet.service ${D}${systemd_system_unitdir}/kubelet.service + install -m 0644 ${S}/../kubelet-watcher.service ${D}${systemd_system_unitdir}/kubelet-watcher.service + install -m 0644 ${S}/../kubelet.path ${D}${systemd_system_unitdir}/kubelet.path +} diff --git a/recipes-core/images/console-image.bb b/recipes-core/images/console-image.bb index ed27999d..26f6d984 100644 --- a/recipes-core/images/console-image.bb +++ b/recipes-core/images/console-image.bb @@ -152,7 +152,10 @@ WIGWAG_STUFF = " \ deviceoswd \ emacs \ fftw \ + edge-proxy \ imagemagick \ + kubelet \ + tini \ lcms \ virtual/mbed-edge-core \ mbed-edge-examples \ diff --git a/recipes-core/netbase/netbase/hosts b/recipes-core/netbase/netbase/hosts new file mode 100644 index 00000000..12643df9 --- /dev/null +++ b/recipes-core/netbase/netbase/hosts @@ -0,0 +1,9 @@ +127.0.0.1 localhost.localdomain localhost +127.0.0.1 gateways.local + +# The following lines are desirable for IPv6 capable hosts +::1 localhost ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters \ No newline at end of file diff --git a/recipes-core/netbase/netbase_%.bbappend b/recipes-core/netbase/netbase_%.bbappend new file mode 100644 index 00000000..6568cee8 --- /dev/null +++ b/recipes-core/netbase/netbase_%.bbappend @@ -0,0 +1,2 @@ +#prepend to take precedence over poky/meta +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" diff --git a/recipes-kernel/linux/linux-raspberrypi_%.bbappend b/recipes-kernel/linux/linux-raspberrypi_%.bbappend index ea3dc017..77c1fb7c 100644 --- a/recipes-kernel/linux/linux-raspberrypi_%.bbappend +++ b/recipes-kernel/linux/linux-raspberrypi_%.bbappend @@ -2,3 +2,4 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/files:" SRC_URI += "file://0001-Edge-increased-the-HCI_LE_AUTOCONN_TIMEOUT-to-20-sec.patch \ file://default-cpu-scaling-gov.cfg" +CMDLINE_append = 'cgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1' diff --git a/recipes-networking/cni/cni_git.bb b/recipes-networking/cni/cni_git.bb new file mode 100644 index 00000000..e98da8cf --- /dev/null +++ b/recipes-networking/cni/cni_git.bb @@ -0,0 +1,79 @@ +HOMEPAGE = "https://github.com/containernetworking/cni" +SUMMARY = "Container Network Interface - networking for Linux containers" +DESCRIPTION = "CNI (Container Network Interface), a Cloud Native Computing \ +Foundation project, consists of a specification and libraries for writing \ +plugins to configure network interfaces in Linux containers, along with a \ +number of supported plugins. CNI concerns itself only with network connectivity \ +of containers and removing allocated resources when the container is deleted. \ +Because of this focus, CNI has a wide range of support and the specification \ +is simple to implement. \ +" + +SRCREV_cni = "4cfb7b568922a3c79a23e438dc52fe537fc9687e" +# Version 0.8.5 +SRCREV_plugins = "1f33fb729ae2b8900785f896df2dc1f6fe5e8239" +SRC_URI = "\ + git://github.com/containernetworking/cni.git;nobranch=1;name=cni \ + git://github.com/containernetworking/plugins.git;nobranch=1;destsuffix=${S}/src/github.com/containernetworking/plugins;name=plugins \ + file://c2d \ + file://c2d-inner \ + " + +RPROVIDES_${PN} += "kubernetes-cni" +RDEPENDS_${PN} += "bash" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=fa818a259cbed7ce8bc2a22d35a464fc" + +GO_IMPORT = "import" + +PV = "0.7.1+git${SRCREV_cni}" + +inherit go +inherit goarch + +do_compile() { + mkdir -p ${S}/src/github.com/containernetworking + ln -sfr ${S}/src/import ${S}/src/github.com/containernetworking/cni + + cd ${B}/src/github.com/containernetworking/cni/libcni + ${GO} build + + cd ${B}/src/github.com/containernetworking/cni/cnitool + ${GO} build + + cd ${B}/src/github.com/containernetworking/plugins + PLUGINS="$(ls -d plugins/meta/*; ls -d plugins/ipam/*; ls -d plugins/main/* | grep -v windows)" + mkdir -p ${B}/plugins/bin/ + for p in $PLUGINS; do + plugin="$(basename "$p")" + echo "building: $p" + ${GO} build -mod=vendor -o ${B}/plugins/bin/$plugin github.com/containernetworking/plugins/$p + done +} + +do_install() { + localbindir="/wigwag/system/opt/cni/bin" + + install -d ${D}${localbindir} + install -d ${D}/${sysconfdir}/cni/net.d + + install -m 755 ${S}/src/import/cnitool/cnitool ${D}/${localbindir} + install -m 755 -D ${B}/plugins/bin/* ${D}/${localbindir} + + # Parts of k8s expect the cni binaries to be available in /opt/cni + install -d ${D}/opt/cni + ln -sf /wigag/system/opt/cni/ ${D}/opt/cni/bin + # re-linking to the origional recipeies location + install -d ${D}${libexecdir}/cni + ln -sf /wigwag/system/opt/cni ${D}${libexecdir}/cni + #extra features needed by pe + install -m 755 -o root -g root ${WORKDIR}/c2d ${D}/${localbindir} + install -m 755 -o root -g root ${WORKDIR}/c2d-inner ${D}/${localbindir} +} + +FILES_${PN} += "${libexecdir}cni/* /opt/cni/* /wigwag/system/opt/cni/bin" + +INSANE_SKIP_${PN} += "ldflags already-stripped" + +deltask compile_ptest_base diff --git a/recipes-networking/cni/files/c2d b/recipes-networking/cni/files/c2d new file mode 100644 index 00000000..2a9581a7 --- /dev/null +++ b/recipes-networking/cni/files/c2d @@ -0,0 +1,40 @@ +#!/bin/bash +# Copyright 2016 The Kubernetes Authors All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This is a wrapper that converts the stdin/stdout part of the CNI +# calling convention into an input-file & output-file calling +# convention. All the stuff written to stdout and stderr by the inner +# script is saved to a file in /tmp/. + +INPUT=/tmp/c2d-$$-in +RESULT=/tmp/c2d-$$-out +LOG=/tmp/c2d-$$-log +cat > "${INPUT}" +"${0}-inner" "${INPUT}" "${RESULT}" &> "${LOG}" +RC=$? +if [ "${RC}" == "0" ]; then + cat "${RESULT}" + rm ${INPUT} ${RESULT} ${LOG} +else + cat <& 2 + exit 1 +fi +INPFN="$1" +OUTFN="$2" + +# Look for the "debug" setting in the config file and turn on +# debugging if requested. +if jq .debug < "${INPFN}" | grep -i true &> /dev/null; then + echo + printenv | grep CNI + set -x +fi + +# Extract a container name from the k8s POD name. This will used as the discoverable DNS name +# for the container +PN=$(mapfile -d ';' -t array <<<${CNI_ARGS}; for i in ${array[@]}; do echo $i | grep K8S_POD_NAME= | cut -d "=" -f 2-; done) + +# From here on, any failed command is a fatal error. +set -e + +case "${CNI_COMMAND}" in + (ADD) + + # Pick the desired network name out of the config. + thenet="$(jq -r .name < "${INPFN}")" + + # When the kubelet is configured to use a CNI plugin, the + # infrastructure container (the one running "/pause") starts + # out connected to the Docker network named "none". Docker + # does not allow a container to be connected to both "none" + # and another network, so remove that pain. + docker network disconnect none "${CNI_CONTAINERID}" + + # Connect to the desired Docker network + HOSTNAME_ALIAS=$(docker inspect --format='{{.Config.Hostname}}' ${CNI_CONTAINERID}) + docker network connect --alias "${HOSTNAME_ALIAS}" "${thenet}" "${CNI_CONTAINERID}" + + # Extract the needed output info from the container + CTR_INFO=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}} {{range .NetworkSettings.Networks}}{{.Gateway}}{{end}} {{range .NetworkSettings.Networks}}{{.IPPrefixLen}}{{end}}' ${CNI_CONTAINERID}) + PN=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}} {{range .NetworkSettings.Networks}}{{.Gateway}}{{end}} {{range .NetworkSettings.Networks}}{{.IPPrefixLen}}{{end}}' ${CNI_CONTAINERID}) + CTR_IP=$(echo "${CTR_INFO}" | cut '-d ' -f1) + CTR_GW=$(echo "${CTR_INFO}" | cut '-d ' -f2) + CTR_PF=$(echo "${CTR_INFO}" | cut '-d ' -f3) + + # Produce the proper CNI output + cat > "${OUTFN}" < "${OUTFN}" <& 2 + exit 2 + ;; +esac diff --git a/recipes-wigwag/edge-proxy/edge-proxy_git.bb b/recipes-wigwag/edge-proxy/edge-proxy_git.bb new file mode 100644 index 00000000..5e78693a --- /dev/null +++ b/recipes-wigwag/edge-proxy/edge-proxy_git.bb @@ -0,0 +1,49 @@ +DESCRIPTION = "Tunneling proxy for all FOG services" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" + +inherit go pkgconfig gitpkgv systemd + +PR = "r0" +SRC_URI = "git://git@github.com/armPelionEdge/edge-proxy.git;protocol=ssh;name=ep;depth=1\ + file://edge-proxy.service\ + file://edge-proxy-watcher.service\ + file://edge-proxy.path\ + file://launch-edge-proxy.sh\ + file://edge-proxy.conf.json\ + " + +SYSTEMD_PACKAGES = "${PN}" +SYSTEMD_SERVICE_${PN} = "edge-proxy.service" +SYSTEMD_AUTO_ENABLE_${PN} = "enable" + +SRCREV_FORMAT = "ep" +SRCREV_ep = "e0a7389ae4322ce8ceede6e2051d1832eb17cab4" +GO_IMPORT = "github.com/armPelionEdge/edge-proxy" + +RDEPENDS_${PN} = "jq" + +wbindir = "/wigwag/system/bin" +wetcdir = "/wigwag/etc" +FILES_${PN} = "\ + ${wbindir}/edge-proxy\ + ${wbindir}/launch-edge-proxy.sh\ + ${wetcdir}/edge-proxy.conf.json\ + ${systemd_system_unitdir}/edge-proxy.service\ + ${systemd_system_unitdir}/edge-proxy-watcher.service\ + ${systemd_system_unitdir}/edge-proxy.path\ + " + +do_install () { + install -d ${D}${wbindir} + install -m 0755 ${B}/${GO_BUILD_BINDIR}/edge-proxy ${D}${wbindir}/ + install -m 0755 ${WORKDIR}/launch-edge-proxy.sh ${D}${wbindir}/ + install -d ${D}${wetcdir} + install -m 0755 ${WORKDIR}/edge-proxy.conf.json ${D}${wetcdir}/ + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/edge-proxy.service ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/edge-proxy-watcher.service ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/edge-proxy.path ${D}${systemd_system_unitdir} +} + +do_package_qa[noexec] = "1" diff --git a/recipes-wigwag/edge-proxy/files/edge-proxy-watcher.service b/recipes-wigwag/edge-proxy/files/edge-proxy-watcher.service new file mode 100644 index 00000000..6141b4e6 --- /dev/null +++ b/recipes-wigwag/edge-proxy/files/edge-proxy-watcher.service @@ -0,0 +1,9 @@ +[Unit] +Description=edge-proxy restarter + +[Service] +Type=oneshot +ExecStart=/bin/systemctl restart edge-proxy.service + +[Install] +WantedBy=network.target \ No newline at end of file diff --git a/recipes-wigwag/edge-proxy/files/edge-proxy.conf.json b/recipes-wigwag/edge-proxy/files/edge-proxy.conf.json new file mode 100644 index 00000000..4bc4f4c4 --- /dev/null +++ b/recipes-wigwag/edge-proxy/files/edge-proxy.conf.json @@ -0,0 +1,3 @@ +{ + "edge_proxy_uri_relative_path": "/edge-proxy/connect" +} \ No newline at end of file diff --git a/recipes-wigwag/edge-proxy/files/edge-proxy.path b/recipes-wigwag/edge-proxy/files/edge-proxy.path new file mode 100644 index 00000000..d81064ee --- /dev/null +++ b/recipes-wigwag/edge-proxy/files/edge-proxy.path @@ -0,0 +1,9 @@ +[Unit] +Description=Monitor the changes to identity.json file and restart edge-proxy + +[Path] +PathChanged=/userdata/edge_gw_config/identity.json +Unit=edge-proxy-watcher.service + +[Install] +WantedBy=network.target diff --git a/recipes-wigwag/edge-proxy/files/edge-proxy.service b/recipes-wigwag/edge-proxy/files/edge-proxy.service new file mode 100644 index 00000000..ac15c6da --- /dev/null +++ b/recipes-wigwag/edge-proxy/files/edge-proxy.service @@ -0,0 +1,12 @@ +[Unit] +Descritpion=Tunneling Proxy for gateways +Requires=wait-for-pelion-identity.service +After=wait-for-pelion-identity.service + +[Service] +Restart=always +RestartSec=5 +ExecStart=/wigwag/system/bin/launch-edge-proxy.sh + +[Install] +WantedBy=network.target diff --git a/recipes-wigwag/edge-proxy/files/launch-edge-proxy.sh b/recipes-wigwag/edge-proxy/files/launch-edge-proxy.sh new file mode 100755 index 00000000..a53dbce4 --- /dev/null +++ b/recipes-wigwag/edge-proxy/files/launch-edge-proxy.sh @@ -0,0 +1,36 @@ +#!/bin/bash +# ---------------------------------------------------------------------------- +# Copyright (c) 2020, Arm Limited and affiliates. +# +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ---------------------------------------------------------------------------- + +EDGE_K8S_ADDRESS=$(jq -r .edgek8sServicesAddress /userdata/edge_gw_config/identity.json) +GATEWAYS_ADDRESS=$(jq -r .gatewayServicesAddress /userdata/edge_gw_config/identity.json) +EDGE_PROXY_URI_RELATIVE_PATH=$(jq -r .edge_proxy_uri_relative_path /wigwag/etc/edge-proxy.conf.json) + + + + +exec /wigwag/system/bin/edge-proxy \ +-proxy-uri=${EDGE_K8S_ADDRESS} \ +-proxy-listen=0.0.0.0:8080 \ +-tunnel-uri=ws://gateways.local$EDGE_PROXY_URI_RELATIVE_PATH \ +-cert-strategy=tpm \ +-cert-strategy-options=socket=/tmp/edge.sock \ +-cert-strategy-options=path=/1/pt \ +-cert-strategy-options=device-cert-name=mbed.LwM2MDeviceCert \ +-cert-strategy-options=private-key-name=mbed.LwM2MDevicePrivateKey \ +-forwarding-addresses={\"gateways.local\":\"${GATEWAYS_ADDRESS#"https://"}\"} diff --git a/recipes-wigwag/maestro/maestro/rpi3/devicejs.template.conf b/recipes-wigwag/maestro/maestro/rpi3/devicejs.template.conf index 20d4214f..14e48ef0 100644 --- a/recipes-wigwag/maestro/maestro/rpi3/devicejs.template.conf +++ b/recipes-wigwag/maestro/maestro/rpi3/devicejs.template.conf @@ -1,6 +1,6 @@ { "modulesDirectory": "/wigwag/etc/devicejs/modules", - "port": 8080, + "port": 8081, "cloudAddress": "{{ARCH_GW_SERVICES_URL}}/devicejs/socket.io", "databaseConfig": { "uri": "https://127.0.0.1:{{LOCAL_DEVICEDB_PORT}}",