IT-Syndikat
/
its-ap-builder
13
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
its-ap-builder/README.md

2.9 KiB
Raw Blame History

ITS WiFi Access Points Setup

This directory contains the scripts and configuration for the automated building of OpenWrt image-build based firmware images.

We use this to build fully pre-configured images for our 802.11 access-points. The deployed images are completely hands-off. No configuration of the running firmware should be necessary as all the device specific setup is done using /etc/uci-defaults/ by keying off the device's MAC address.

See files/common/its/etc/uci-defaults/50-config-from-mac for details.

Note that some of the files in this repository contain secrets, like passwords. These files are stored using git-annex which merely stores a hash in the (public) git repo and ships the relevant file contents off to a fileserver or other internal storage location.

Building Images

The Makefile provides a target for each device type we have images for, to build images for all devices at the space you can use:

$ make its
[...]
Wrote images to images/v0.20180506-3-g115cc99-dirty

the resulting sysupgrade images land in a directory in images/. The symlink images/latest points to the directory of the image built most recently. The build system also produces a *.image-manifest file which contains the URL to the ImageBuilder used as well its hash and the corresponding image's hash.

Each produced image file contains the target, subtarget and profile names for the targeted device (among other things), for example the Ubiquity UniFi AC Lite's image is called *-ar71xx-generic-ubnt-unifiac-lite*-sysupgrade.bin standing for TARGET=ar71xx, SUBTARGET=generic, PROFILE=ubnt-unifiac-lite.

These images can then be deployed by copying them to the respective device in /tmp using scp and then running, over ssh:

# sysupgrade -n /tmp/*-sysupgrade.bin

If this fails for some reason and the target device is subsequently bricked so bad it cannot even boot into failsafe mode any more, see OpenWrt Debricking Guide.

Using Released Binaries

The offically released and deployed images are available in this repo in the images/ directory. They need to be retrived from an internal server using git annex before they can be accessed. The public git repo only contains their hashes.

We also use git-annex to add the secrets used for generating the images to the repo, which will then only be available to authorized people using the internal git-annex store. For an example, see files/common/its/etc/uci-defaults/51-secrets. This file just sets up secrets, such as the WiFi/root password.