openwisp/ansible-openwisp2-imagegenerator openwisp/ansible-openwisp2-imagegenerator

  • Stars
    star
    120
  • Rank 295,024 (Top 6 %)
  • Language
    Shell
  • License
    BSD 3-Clause "New...
  • Created almost 8 years ago
  • Updated over 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
openwisp/ansible-openwisp2-imagegenerator
github

openwisp

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Automatically build several openwisp2 firmware images for different organizations while keeping track of their differences

ansible-openwisp2-imagegenerator

Galaxy

This ansible role allows to build several openwisp2 firmware images for different organizations while keeping track of their configurations.

NOTE: this role has not been tested in the wild yet. If you intend to use it, try it out and if something goes wrong please proceed to report your issue, but bear in mind you need to be willing to understand the build process and it's inner working in order to make it work for you.

Required role variables

The following variables are required:

Usage (tutorial)

If you don't know how to use ansible, don't panic, this procedure will guide you step by step.

If you already know how to use ansible, you can skip this section and jump straight to the "Install this role" section.

First of all you need to understand two key concepts:

  • for "compilation server" we mean a server which is used to compile the images
  • for "local machine" we mean the host from which you launch ansible, eg: your own laptop or CI server

Ansible is a configuration management/automation tool that works by entering the compilation server via SSH and executing a series of commands.

1. Install ansible

Install ansible on your local machine if you haven't done already, there are various ways in which you can do this, but we prefer to use the official python package manager, eg:

sudo pip install ansible

If you don't have pip installed see Installing pip on the pip documentation website.

Installing ansible in other ways is fine too, just make sure to install a version of the 2.0.x series (which is the version with which we have tested this playbook).

2. Install this role

For the sake of simplicity, the easiest thing is to install this role on your local machine via ansible-galaxy (which was installed when installing ansible), therefore run:

sudo ansible-galaxy install openwisp.openwisp2-imagegenerator

3. Choose a working directory

Choose a working directory on your local machine where to put the configuration of your firmware images.

Eg:

mkdir ~/my-openwisp2-firmware-conf
cd ~/my-openwisp2-firmware-conf

Putting this working directory under version control is also a very good idea, it will help you to track change, rollback, set up a CI server to automatically build the images for you and so on.

4. Create inventory file

The inventory file is where group of servers are defined. In our simple case we can get away with defining a group in which we will put just one server.

Create a new file hosts on your local machine with the following contents:

[myserver]
mycompiler.mydomain.com ansible_user=<youruser> ansible_become_pass=<sudo-password>

Substitute mycompiler.mydomain.com with your hostname (ip addresses are allowed as well).

Also put your SSH user and password respectively in place of <youruser> and <sudo-password> (must be sudoer and non-root). These credentials are used during the Installation of dependencies step.

5. Create playbook file

Create a new playbook file playbook.yml on your local machine with the following contents:

# playbook.yml
- hosts: your_host_here
  roles:
    - openwisp.openwisp2-imagegenerator
  vars:
    openwisp2fw_source_dir: /home/user/openwisp2-firmware-source
    openwisp2fw_generator_dir: /home/user/openwisp2-firmware-generator
    openwisp2fw_bin_dir: /home/user/openwisp2-firmware-builds
    openwisp2fw_source_targets:
        - system: ar71xx
          subtarget: generic
          profile: Default
        - system: x86
          subtarget: generic
          profile: Generic
    openwisp2fw_organizations:
        - name: snakeoil # name of the org
          flavours: # supported flavours
            - standard
          luci_openwisp: # /etc/config/luci_openwisp
            # other config keys can be added freely
            username: "operator"
            # clear text password that will be encrypted in /etc/config/luci_openwisp
            password: "<CHANGE_ME>"
          openwisp: # /etc/config/openwisp
            # other config keys can be added freely
            url: "https://my-openwisp2-instance.com"
            shared_secret: "my-openwisp2-secret"
            unmanaged: "{{ openwisp2fw_default_unmanaged }}"
          # clear text password that will be encrypted in /etc/shadow
          root_password: "<CHANGE_ME>"

This playbook will let you compile firmware images for an organization named snakeoil using only the standard flavour (which includes a default OpenWRT 19.07 image with the standard OpenWISP2 modules) for two architectures, ar71xx and x86.

See the section Role Variables to know how to customize the available configurations.

At this stage your directory layout should look like the following:

.
├── hosts
└── playbook.yml

6. Run the playbook

Now is time to start the compilation of OpenWISP2 Firmware.

Launch the playbook from your local machine with:

ansible-playbook -i hosts playbook.yml -e "recompile=1 cores=4"

You can substitute cores=4 with the number of cores at your disposal.

When the playbook is done running you will find the images on the compilation server located in the directory specified in openwisp2fw_bin_dir, which in our example is /home/user/openwisp2-firmware-builds with a directory layout like the following:

/home/user/openwisp2-firmware-builds
├── snakeoil/                                      # (each org has its own dir)
├── snakeoil/2016-12-02-094316/ar71xx/standard/    # (contains ar71xx images for standard flavour)
├── snakeoil/2016-12-02-094316/x86/standard/       # (contains x86 images for standard flavour)
└── snakeoil/latest/                               # (latest is a symbolic link to the last compilation)

Now, if you followed this tutorial and everything worked out, you are ready to customize your configuration to suit your needs! Read on to find out how to accomplish this.

Role variables

There are many variables that can be customized if needed, take a look at the defaults for a comprehensive list.

Some of those variables are also explained in Organizations and Flavours.

Organizations

If you are working with OpenWISP, there are chances you may be compiling images for different groups of people: for-profit clients, no-profit organizations or any group of people that can be defined as an "organization".

Organizations can be defined freely in openwisp2fw_organizations.

For an example of how to do this, refer to the "example playbook.yml file".

If you need to add specific files in the filesystem tree of the images of each organization, see "Adding files for specific organizations".

Flavours

A flavour is a combination of packages that are included in an image.

You may want to create different flavours for your images, for example:

  • standard: the most common use case
  • minimal: an image for device which have little storage space available
  • mesh: an image with packages that are needed for implementing a mesh network

By default only a standard flavour is available.

You can define your own flavours by setting openwisp2fw_image_flavours - take a look at the default variables to undetstand its structure.

Build process

The build process is composed of the following steps.

1. Installation of dependencies

tag: install

In this phase the operating system dependencies needed for the subsequent steps are installed or upgraded.

2. Compilation

tag: compile

The OpenWRT source is compiled in order to produce something called "Image Generator". The image generator is an archive that contains the precompiled packages and a special Makefile that will be used to generate the customized images for each organization.

The source is downloaded and compiled in the directory specified in openwisp2fw_source_dir.

3. Preparation of generators

tag: generator

During this step the image generators are extracted and prepared for building different images for different organizations, each organization can build images for different flavours (eg: full-featured, minimal, mesh, ecc);

The images are extracted and prepared in the directory specified in openwisp2fw_generator_dir.

4. Building of final images

tag: build

In this phase a series of images is produced.

Several images will be built for each architecture, organization and flavour. This can generate quite a lof of files, therefore use this power with caution: it's probably better to start with fewer options and add more cases as you go ahead.

For example, if you choose to use 2 architectures (ar71xx and x86), 2 organizations (eg: A and B) and 2 flavours (eg: standard and mini), you will get 8 groups of images:

  • organization: A / flavour: standard / arch: ar71xx
  • organization: A / flavour: standard / arch: x86
  • organization: A / flavour: mini / arch: ar71xx
  • organization: A / flavour: mini / arch: x86
  • organization: B / flavour: standard / arch: ar71xx
  • organization: B / flavour: standard / arch: x86
  • organization: B / flavour: mini / arch: ar71xx
  • organization: B / flavour: mini / arch: x86

The images will be created in the directory specified in openwisp2fw_bin_dir.

5. Upload images to OpenWISP Firmware Upgrader

The last step is to upload images to the OpenWISP Firmware Upgrader module. This step is optional and disabled by default.

To enable this feature, the variables openwisp2fw_uploader and openwisp2fw_organizations.categories need to be configured as in the example below:

- hosts:
    - myhost
  roles:
    - openwisp.openwisp2-imagegenerator
  vars:
    openwisp2fw_controller_url: "https://openwisp.myproject.com"
    openwisp2fw_organizations:
      - name: staging
        flavours:
          - default
        openwisp:
          url: "{{ openwisp2fw_controller_url }}"
          shared_secret: "xxxxx"
        root_password: "xxxxx"
        categories:
          default: <CATEGORY-UUID>
      - name: prod
        flavours:
          - default
        openwisp:
          url: "{{ openwisp2fw_controller_url }}"
          shared_secret: "xxxxx"
        root_password: "xxxxx"
        categories:
          default: <CATEGORY-UUID>
    openwisp2fw_uploader:
        enabled: true
        url: "{{ openwisp2fw_controller_url }}"
        token: "<REST-API-USER-TOKEN>"
        image_types:
            - ath79-generic-ubnt_airrouter-squashfs-sysupgrade.bin
            - ar71xx-generic-ubnt-bullet-m-xw-squashfs-sysupgrade.bin
            - ar71xx-generic-ubnt-bullet-m-squashfs-sysupgrade.bin
            - octeon-erlite-squashfs-sysupgrade.tar
            - ath79-generic-ubnt_nanostation-loco-m-xw-squashfs-sysupgrade.bin
            - ath79-generic-ubnt_nanostation-loco-m-squashfs-sysupgrade.bin
            - ath79-generic-ubnt_nanostation-m-xw-squashfs-sysupgrade.bin
            - ar71xx-generic-ubnt-nano-m-squashfs-sysupgrade.bin
            - ath79-generic-ubnt_unifiac-mesh-squashfs-sysupgrade.bin
            - x86-64-combined-squashfs.img.gz
            - x86-generic-combined-squashfs.img.gz
            - x86-geode-combined-squashfs.img.gz
            - ar71xx-generic-xd3200-squashfs-sysupgrade.bin

The following placeholders in the example will have to be substituted:

  • <CATEGORY-UUID> is the UUID o the firmware category in OpenWISP Firmware Upgrader
  • <REST-API-USER-TOKEN> is the REST auth token of a user with permissions to upload images

You can retrieve the REST auth token by sending a POST request using the Browsable API web interface of OpenWISP:

  1. Open the browser at https://<openwisp-base-url>/api/v1/user/token/.
  2. Enter username and password in the form at the bottom of the page.
  3. Submit the form and you will get the REST auth token in the response.

The upload script creates a new build object and then uploads the firmware images specified in image_types, which have to correspond to the identifiers like ar71xx-generic-tl-wdr4300-v1-il-squashfs-sysupgrade.bin defined in the hardware.py file of OpenWISP Firmware Upgrader.

Other important points to know about the upload_firmware.py script:

  • The script reads CONFIG_VERSION_DIST and CONFIG_VERSION_NUMBER from the .config file of the OpenWrt source code to determine the build version.
  • The script will find out if a build with the same version and category already exists and try to add images to that build instead of creating a new one, if duplicates are found, a failure message will be printed to the console but the script will not terminate; this allows to generate images for new hardware models and add them to existing builds

Adding files to images

You can add arbitrary files in every generated image by placing these files in a directory named files/ in your playbook directory.

Example:

.
├── hosts
├── playbook.yml
└── files/etc/profile

files/etc/profile will be added in every generated image.

Adding files for specific organizations

You can add files to images of specific organizations too.

Let's say you have an organization called snakeoil and you want to add a custom banner, you can accomplish this by creating the following directory structure:

.
├── hosts
├── playbook.yml
└── organizations/snakeoil/etc/banner

Since this step is one of the last steps performed before building the final images, you can use this feature to overwrite any file built automatically during the previous steps.

Extra parameters

You can pass the following extra parameters to ansible-playbook:

  • recompile: wether to repeat the compilation step
  • cores: number of cores to use during the compilation step
  • orgs: comma separated list of organization names if you need to limit the generation of images to specific organiations

Examples

Recompile with 16 cores:

ansible-playbook -i hosts playbook.yml -e "recompile=1 cores=16"

Generate images only for organization foo:

ansible-playbook -i hosts playbook.yml -e "orgs=foo"

Generate images only for organizations foo and bar:

ansible-playbook -i hosts playbook.yml -e "orgs=foo,bar"

Run specific steps

Since each step in the process is tagged, you can run specific steps by using ansible tags.

Example 1, run only the preparation of generators:

ansible-playbook -i hosts playbook.yml -t generator

Example 2, run only the preparation of generators and build steps:

ansible-playbook -i hosts playbook.yml -t generator,build

Targets with no subtarget

This example shows how to fill openwisp2fw_source_targets in order to compile targets that do not specify a subtarget (eg: sunxi, ARMv8, QEMU):

openwisp2fw_source_targets:
    # Allwinner SOC, Lamobo R1
    - system: sunxi
      profile: sun7i-a20-lamobo-r1
    # QEMU ARM Virtual Image
    - system: armvirt
      profile: Default

Support

See OpenWISP Support Channels.

More Repositories

1

django-rest-framework-gis

Geographic add-ons for Django REST Framework. Maintained by the OpenWISP Project.
Python
1,070
star
2

openwisp-controller

Network and WiFi controller: provisioning, configuration management and updates, (pull via openwisp-config or push via SSH), x509 PKI management and more. Mainly OpenWRT, but designed to work also on other systems.
Python
545
star
3

ansible-openwisp2

Ansible role that installs and upgrades OpenWISP.
Python
472
star
4

openwisp-config

OpenWRT configuration agent for OpenWISP Controller
Lua
372
star
5

django-freeradius

Administration web interface and REST API for freeradius 3 build in django & python, development has moved to openwisp-radius
Python
367
star
6

netjsonconfig

Network configuration management library based on NetJSON DeviceConfiguration
Python
360
star
7

openwisp-radius

Administration web interface and REST API for freeradius 3 build in django & python. Supports captive portal authentication, WPA Enerprise (802.1x), freeradius rlm_rest, social login, Hotspot 2.0 / 802.11u, importing users from CSV, registration of new users and more.
Python
356
star
8

django-x509

Reusable django app implementing x509 PKI certificates management
Python
338
star
9

netjsongraph.js

NetJSON NetworkGraph visualizer.
JavaScript
270
star
10

django-swappable-models

Swapper - The unofficial Django swappable models API. Maintained by the OpenWISP project.
Python
229
star
11

django-netjsonconfig

Configuration manager for embedded devices, implemented as a reusable django-app
JavaScript
196
star
12

django-loci

Reusable Django app for storing geographic and indoor coordinates. Maintained by the OpenWISP Project.
Python
180
star
13

openwisp-users

Implementation of user management and multi-tenancy for OpenWISP
Python
163
star
14

openwisp-network-topology

Network topology collector and visualizer. Collects network topology data from dynamic mesh routing protocols or other popular networking software like OpenVPN, allows to visualize the network graph, save daily snapshots that can be viewed in the future and more.
Python
158
star
15

openwisp-monitoring

Network monitoring system written in Python and Django, designed to be extensible, programmable, scalable and easy to use by end users: once the system is configured, monitoring checks, alerts and metric collection happens automatically.
Python
157
star
16

docker-openwisp

OpenWISP in docker. For production usage we recommend using the ansible-openwisp2 role.
Python
149
star
17

django-netjsongraph

Network Topology Visualizer & Network Topology Collector
Python
139
star
18

openwisp-wifi-login-pages

Configurable captive page for public/private WiFi services providing login, sign up, social login, SMS verification, change password, reset password, change phone number and more.
JavaScript
120
star
19

openwisp-ipam

IP address space administration module of OpenWISP
Python
101
star
20

OpenWISP-Firmware

An OpenWRT based firmware to be used with OpenWISP Manager
Shell
86
star
21

django-ipam

The development of this project has moved to openwisp-ipam
Python
78
star
22

netdiff

Python library for parsing network topology data (eg: dynamic routing protocols, OpenVPN, NetJSON, CNML) and detect changes.
Python
78
star
23

openwisp-utils

Python and Django utilities shared between different openwisp modules
Python
74
star
24

django-flat-json-widget

Flat JSON widget for django, used and maintained by the OpenWISP project.
Python
63
star
25

OpenWISP-Captive-Portals-Manager

OWCPM is a captive portal written from scratch with Ruby on Rails.
Ruby
58
star
26

openwisp-firmware-upgrader

Firmware upgrade solution for OpenWRT with possibility to add support for other embedded OSes. Provides features like automatic retry for network failures, mass upgrades, REST API and more.
Python
50
star
27

openwisp-docs

OpenWISP Documentation.
Python
48
star
28

vagrant-openwisp2

Ansible Vagrant profile to install an OpenWISP 2 server
44
star
29

OpenWISP-User-Management-System

OpenWISP User Management System (OWUMS) is a Ruby on Rails application, capable of managing a WISP's user base.
Ruby
40
star
30

openwisp-notifications

Notifications module of OpenWISP
Python
39
star
31

netengine

Python abstraction layer for extracting information from network devices.
Python
39
star
32

OpenWISP-Website

OpenWISP Project's website
HTML
37
star
33

OpenWISP-Manager

The OpenWISP Manager is a RoR web GUI for configuring OpenWISP firmware-based access points.
Ruby
36
star
34

openwrt-openwisp-monitoring

OpenWRT monitoring agent for openwisp-monitoring
Lua
21
star
35

luci-openwisp

OpenWISP configuration interface implemented as LuCI extensions
HTML
20
star
36

django-owm-legacy

OpenWISP Manager backward compatible legacy features implemented in django
Python
17
star
37

OpenWISP-Geographic-Monitoring

A Rails application for managing a wISP's access points
Ruby
15
star
38

openwrt-zabbixd

Ucified Zabbix Packages
Makefile
13
star
39

coova-chilli-openwrt

Makefile
12
star
40

netjsonconfig-editor.js

[GSOC 2017] This project has stalled.
JavaScript
12
star
41

django-jsonschema-widget

JavaScript
11
star
42

OpenWISP-Middle-Ware

A Sinatra application for interconnecting OpenWISP applications via a RESTful API
Ruby
11
star
43

OpenWISP-Puppet-Modules

A set of modules and hacks for the https://openwisp.caspur.it project
HTML
10
star
44

AdaLoveBot-intents

Helping bot of the OpenWISP Chat
JavaScript
9
star
45

openwisp-netcheck

Shell
9
star
46

openwisp-template-library-backend

Python
8
star
47

ansible-freeitaliawifi-login-page

Standard login page for Free ItaliaWifi federated networks
JavaScript
7
star
48

netjson-templates

CSS
6
star
49

ansible-wireguard-openwisp

Python
6
star
50

openwisp-template-library-frontend

GSOC 19
JavaScript
6
star
51

OpenWISP-ETL

Extract Transform Load Module developed with pentaho pdi ce-5.0.1.A
6
star
52

openVPNServer

Ruby
5
star
53

openwrt-feed

DEPRECATED, work moved on OpenWisp-Firmware repo
Shell
5
star
54

lxdock-openwisp2

This repository is only a mirror. If you want to work on it, make a fork on https://gitlab.com/openwisp/lxdock-openwisp2
5
star
55

packet-legacy

packet-legacy
Ruby
4
star
56

ansible-ow-influxdb

4
star
57

OpenWISP-BI

Business Intelligence module developed with pentaho biserver ce-4.8.0
4
star
58

ansible-openwisp-wifi-login-pages

Ansible role to deploy and manage OpenWISP WiFi Login Pages
Jinja
4
star
59

openwisp-sphinx-theme

OpenWISP Sphinx Theme
CSS
3
star
60

openwisp-dev-env

Automated development environment for OpenWISP, work in progress.
3
star
61

openwisp-sentry-utils

Python
2
star
62

ansible-openwisp2-iptables

ansible role containing iptables rules to protect an openwisp2 instance
Shell
2
star
63

ansible-letsencrypt

An ansible role to generate TLS certificates and get them signed by Let's Encrypt
1
star