cf66f5d279
First pass - generic updates only. (command input/output to be done) Address patchset 1 review comments. Replace examples using openstack with metrics server Remove DS app from application-list output Additional migration to FluxCD (snmp, auditd) Minor textual change. Fix merge conflict. Revert install r5 change. Story: 2009138 Task: 45238 Signed-off-by: Ron Stone <ronald.stone@windriver.com> Change-Id: Ia40ff45f12ec7b7ffa859e0d8bb5535303870d83
4.4 KiB
Enable SDO Rendezvous Service on StarlingX
Introduction
Secure Device Onboard (SDO) is open source software that is in the process of becoming an industry standard through the FIDO (Fast IDentity Online) alliance. automates the "onboard" process, which occurs when a device establishes the first trusted connection with a device management service.
can be used with x86 and ARM-based devices ranging from small compute IoT devices to higher compute Intel® Xeon® devices. The key requirement is that the device must be manufactured with the necessary credentials and client software.
The process involves interactions between a number of different entities including: Manufacturer, Device, Owner, Rendezvous service, and Device platform service.
This document describes how to enable the Rendezvous (RV) service on .
Integration Steps
Complete building all the build layers. See the Layered Build Guide for details.
Build the application exclusively. Enter the flock layer and refer to the Build flock layer steps for details.
Build the application using the commands:
build-pkgs --clean stx-sdo-helm build-pkgs --dep-test stx-sdo-helmAn example of successful logs is shown below:
13:49:21 ===== iteration 1 complete ===== 13:49:21 13:49:21 Results out to: /localdisk/loadbuild/stx/flock/std/results/stx-flock-4.0-std 13:49:21 13:49:21 Pkgs built: 2 13:49:21 Packages successfully built in this order: 13:49:21 /localdisk/loadbuild/stx/flock/std/rpmbuild/SRPMS/build-info-1.0-4.tis.src.rpm 13:49:21 /localdisk/loadbuild/stx/flock/std/rpmbuild/SRPMS/stx-sdo-helm-1.0-2.tis.src.rpm 13:49:22 Recreate repodata ######## Tue Feb 23 13:49:23 UTC 2021: build-rpm-parallel --std was successful Tue Feb 23 13:49:23 UTC 2021: std complete Skipping 'rt' build, no valid targets in list: stx-sdo-helm Skipping 'installer' build Skipping 'containers' build All builds were successfulCreate the system application using the command:
build-helm-charts.sh -a stx-sdoSample console output is as follows:
Merging yaml from file: usr/lib/armada/sdo_manifest.yaml Writing merged yaml file: stx-sdo.yaml Results: /localdisk/loadbuild/stx/flock/std/build-helm/stx/stx-sdo-1.0-2.tgzExit from the container. The SDO-RV system application will be found in the following location:
$HOME/starlingx/workspace/localdisk/loadbuild/stx/flock/std/build-helm/stx/stx-sdo-<version>.tgzCopy the application into the home folder of the controller.
Copy the certs folder of the version 1.10 release to the home folder using the command:
curl --progress-bar -LO https://github.com/secure-device-onboard/release/releases/download/v1.10.0/rendezvous-service-v1.10.0.tar.gz tar -zxf rendezvous-service-v1.10.0.tar.gzAcquire admin credentials:
source /etc/platform/openrcLoad the -openstack application package into . The tarball package contains the -openstack FluxCD manifest and -openstack set of Helm charts. For example:
system application-upload stx-sdo-<version>.tgzApply the
stx-sdoapplication to bring the Rendevous application into service. If your environment is preconfigured with a proxy server, make sure the HTTPS proxy is set before applyingstx-sdo.system application-apply stx-sdoCheck the application status using the command:
system application-show stx-sdo
When the Rendezvous application is in service, you will see the RV service and redis DB pods running. For example:
[sysadmin@controller-0 ~(keystone_admin)]$ kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
redis-6d76cdd759-wpnv7 1/1 Running 0 11d
rv.deploy-6b9c4b8b65-chf2v 1/1 Running 0 11d