From d44b20977b3815dd882d4625a6ceb8d112f1ea73 Mon Sep 17 00:00:00 2001 From: Kyle Isom Date: Thu, 13 Apr 2023 20:40:57 -0700 Subject: [PATCH] docs: add dev plan, node provisioning, and updates. --- docs/dev.rst | 93 ++++++++++++++++++++++++++++++++++++++ docs/index.rst | 2 + docs/node-provisioning.rst | 20 ++++++++ docs/packer.rst | 4 ++ 4 files changed, 119 insertions(+) create mode 100644 docs/dev.rst create mode 100644 docs/node-provisioning.rst diff --git a/docs/dev.rst b/docs/dev.rst new file mode 100644 index 0000000..0739897 --- /dev/null +++ b/docs/dev.rst @@ -0,0 +1,93 @@ +Development +=========== + +The cluster isn't going to arrive until at least September. In the +meantime, there are a few phases of development. This is a rough +outline of how I think development will progress. The development +stages will move forward based on when hardware arrives as well as +when certain acceptance criteria are met. + +Hardware states +--------------- + +Key: + +- Pi 4/X: Pi 4 with X GB of memory +- CM4 X: Pi CM4 with X GB of memory (has eMMC, wifi, and bluetooth) +- CM4 XL: Pi CM4 with X GB of memory, lite version (no eMMC, wifi, or + bluetooth) +- D35: Zymbit `D35 Secure Edge Node `_ + ++=======+==========+ +| Stage | Hardware | ++=======+==========+ +| image validation | Pi 3B+, CM4 8L | +| pxeboot validation | Pi 4/8, CM4 8L | + + +Current stage: 0 + +Stage 0: basic image validation +------------------------------- + +Status: basic validation complete. + +This stage is basic validation that the :doc:`packer` process produces +valid images. The goal is to get to a place where, with wired +connectivity, the serial console isn't needed. + +This is being done on a CM4 8 at the moment with a carrier board. + +Goals +^^^^^ + +- Ensure :doc:`packer` produces valid images. +- Ensure that images can be flash and installed without requiring + serial console intervention. + +Stage: PXEboot +-------------- + +The focus here will be on developing a PXE image and figuring out how +to get the Pi to boot that. This is mostly to determine whether or not +this approach will work. + +Goals +^^^^^ + +- Determine if PXE boot is a valid approach. +- Automated build of a PXE image that can perform node + :doc:`node-provisioning`. + +Stage: Automated TPM provisioning +--------------------------------- + +Here, the goal is to have each node automatically provision and +register its TPM on first boot. + +Goals +^^^^^ + +- Build out a TPM provisioning service. +- Package a TPM provisioner into the boot image. + + +Stage: 5-node cluster +----------------------- + +The next stage is to build out a cluster of 5 Raspberry Pi 4's to +develop basic node bring up and ansible configuration. This will be +built on an UCTRONICS `U6260 +`_ +cabinet. + +Goals +^^^^^ + +The 5-node cluster will focus on bringing up nodes automatically. + +Stage: 6-node cluster +----------------------- + +This stage will add a Zymbit D35 secure edge node in as the secure +root of trust for the cluster - an HSM and identity management system. diff --git a/docs/index.rst b/docs/index.rst index 7d4c6f5..143359a 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -11,6 +11,8 @@ bladerunner :caption: Contents: intro + dev + provisioning packer tools diff --git a/docs/node-provisioning.rst b/docs/node-provisioning.rst new file mode 100644 index 0000000..bd1b2f9 --- /dev/null +++ b/docs/node-provisioning.rst @@ -0,0 +1,20 @@ +Node Provisioning +================= + +What needs to happen when a node first boots up? + +- It needs to find the network. +- The TPM must be provisioned. +- Storage should be provisioned. +- Ansible should be run to set up any software. + +Questions: + +1. What should boot look like after the first PXE boot? + - PXE boot and run ansible each time? + - Install an image to the eMMC (or SD card), booting from that in + the future and using the NVMe drive for storage? + - Install an image to the NVMe drive and boot off that in the + future? +2. What can we do with the TPM? + - It needs to be registered on first boot. diff --git a/docs/packer.rst b/docs/packer.rst index 20b9820..f7bb17d 100644 --- a/docs/packer.rst +++ b/docs/packer.rst @@ -69,6 +69,10 @@ the environment variable ``SKIP_LOCAL_CACHE=yes``, it will skip doing this. It will also skip caching if the local file exists, though it will print a command to remove the file to force redownloading. +It currently supports two targets: ``cdev``, for cluster development and +management nodes, and ``cnode`` for cluster compute nodes. An additional +target, ``custom``, can be specified along with a path to the board file. + Board files ------------