ota-client preparations

docs/setup-kas.md

@@ -27,4 +27,4 @@ To perform a dry-run of the build:
 
 To execute QEMU:
 
-    kas shell -c "runqemu kvm ovmf nographic" kas/.config-kirkstone.yaml
+    kas shell -c "runqemu slirp kvm ovmf nographic" kas/.config-kirkstone.yaml

meta-leda-components/recipes-sdv/eclipse-leda/files/ota-client/README-ota-client.txt

@@ -0,0 +1,44 @@
+OTA Client for cloud connection
+Backend: Eclipse Backend Function Bindings endpoints
+
+Installation and configuration
+
+1. Add ghcr.io credentials to /etc/container-management/config.json
+   For example, see /etc/ota-client/container-management-config.json.template
+
+   Restart the Kanto Container Management service to pick up the new configuration:
+
+   systemctl restart container-management
+
+2. Prepare Device Certificates
+   The certificates are bound to the device name. Please prepare them and be sure that they are working before continue.
+
+   The device certs should be placed under /etc/ota-client/config/certs folder:
+
+    /etc/ota-client/config/certs/device.crt
+    /etc/ota-client/config/certs/device.key
+
+    Note: The SSL Trust CA Certificate may need to be updated. By default, it is set to QuoVadis Root CA:
+    /etc/ssl/certs/QuoVadis_Root_CA_2_G3.pem
+
+   You may change the certificate by editing the /etc/ota-client/ota-config.json
+
+3. Create and start the OTA Client container:
+
+   cd /data/var/containers/manifests_dev
+   mv ota-client.json.disabled ota-client.json
+   kanto-auto-deployer
+
+4. Check OTA Client Container
+
+   kantui
+   kanto-cm list
+   cat /var/lib/container-management/containers/***ID***/json.log 
+
+Offline Installation
+1. Download tar package
+2. Import container image:
+   sudo ctr --namespace kanto-cm i import --base-name ota-client/arm64 ota-client-v0.0.2.tar --digests=true
+3. Verify image has been imported
+   sudo ctr --namespace kanto-cm i ls
+4. Continue with steps from previous chapter

meta-leda-components/recipes-sdv/eclipse-leda/files/ota-client/container-management-config.json.template

@@ -0,0 +1,19 @@
+{
+    "log": {
+        "log_file": "/var/log/container-management/container-management.log",
+        "log_level": "DEBUG"
+    },
+    "containers": {
+        "registry_configurations": {
+            "ghcr.io": {
+                "credentials": {
+                    "user_id": "***MY-USERID***",
+                    "password": "***MY-Personal-Access-Token***"
+                }
+            }
+        }
+    },
+    "things": {
+        "enable": false
+    }
+}

meta-leda-components/recipes-sdv/eclipse-leda/files/ota-client/ota-config.json

@@ -0,0 +1,12 @@
+{
+    "mqtt-server-addr": "ssl://mqtt.connect.devices.eu.bosch-mobility-cloud.com:15443",
+    "mqtt-local-server-addr": "tcp://mosquitto:1883",
+    "mqtt-client-id":"ota-client",
+    "ssl-tcert": "/app/config/ca-certs/QuoVadis_Root_CA_2_G3.pem",
+    "ssl-cert": "/app/config/certs/device.crt",
+    "ssl-pkey": "/app/config/certs/device.key",
+    "use-otang-plugin": true,
+    "use-mqtt-plugin": false,
+    "persistent-directory": "/tmp",
+    "upload-directory": "/tmp"
+}

meta-leda-components/recipes-sdv/eclipse-leda/kanto-containers/example_dev/ota-client.json.disabled

@@ -0,0 +1,94 @@
+{
+    "id": "ota-client",
+    "name": "ota-client",
+    "image": {
+        "name": "ghcr.io/softwaredefinedvehicle/sdv-ota-client/ota-client:v0.0.2",
+        "decrypt_config": null
+    },
+    "host_name": "",
+    "domain_name": "",
+    "resolv_conf_path": "",
+    "hosts_path": "",
+    "hostname_path": "",
+    "mounts": [
+        {
+            "source": "/etc/ota-client",
+            "destination": "/app/config",
+            "propagation_mode": "rprivate"
+        },
+        {
+            "source": "/data/var/certificates",
+            "destination": "/app/config/certs",
+            "propagation_mode": "rprivate"
+        },
+        {
+            "source": "/etc/ssl/certs",
+            "destination": "/app/config/ca-certs/",
+            "propagation_mode": "rprivate"
+        },
+        {
+            "source": "/tmp",
+            "destination": "/tmp",
+            "propagation_mode": "rprivate"
+        }
+    ],
+    "hooks": [],
+    "host_config": {
+        "devices": [],
+        "network_mode": "bridge",
+        "privileged": false,
+        "restart_policy": {
+            "maximum_retry_count": 0,
+            "retry_timeout": 0,
+            "type": "unless-stopped"
+        },
+        "runtime": "io.containerd.runc.v2",
+        "extra_hosts": [
+            "mosquitto:host_ip"
+        ],
+        "port_mappings": [],
+        "log_config": {
+            "driver_config": {
+                "type": "json-file",
+                "max_files": 2,
+                "max_size": "1M",
+                "root_dir": ""
+            },
+            "mode_config": {
+                "mode": "blocking",
+                "max_buffer_size": ""
+            }
+        },
+        "resources": null
+    },
+    "io_config": {
+        "attach_stderr": false,
+        "attach_stdin": false,
+        "attach_stdout": false,
+        "open_stdin": false,
+        "stdin_once": false,
+        "tty": false
+    },
+    "config": {
+        "env": [],
+        "cmd": []
+    },
+    "network_settings": null,
+    "state": {
+        "pid": -1,
+        "started_at": "",
+        "error": "",
+        "exit_code": 0,
+        "finished_at": "",
+        "exited": false,
+        "dead": false,
+        "restarting": false,
+        "paused": false,
+        "running": false,
+        "status": "",
+        "oom_killed": false
+    },
+    "created": "",
+    "manually_stopped": false,
+    "restart_count": 0
+}

meta-leda-components/recipes-sdv/eclipse-leda/leda-ota-client_git.bb

@@ -0,0 +1,45 @@
+# /********************************************************************************
+# * Copyright (c) 2023 Contributors to the Eclipse Foundation
+# *
+# * See the NOTICE file(s) distributed with this work for additional
+# * information regarding copyright ownership.
+# *
+# * This program and the accompanying materials are made available under the
+# * terms of the Apache License 2.0 which is available at
+# * https://www.apache.org/licenses/LICENSE-2.0
+# *
+# * SPDX-License-Identifier: Apache-2.0
+# ********************************************************************************/
+
+SUMMARY = "OTA Client for connection with Eclipse Backend Function Bindigs"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
+
+PGM_NAME = "ota-client"
+
+SRC_URI += " \
+    file://${PGM_NAME}/ota-config.json \
+    file://${PGM_NAME}/README-ota-client.txt \
+    file://${PGM_NAME}/container-management-config.json.template \
+"
+
+S = "${WORKDIR}/${PGM_NAME}"
+
+FILES:${PN} += " \
+    ${sysconfdir}/${PGM_NAME} \
+    ${sysconfdir}/${PGM_NAME}/certs \
+    ${sysconfdir}/${PGM_NAME}/ota-config.json \
+    ${sysconfdir}/${PGM_NAME}/README-ota-client.txt \
+    ${sysconfdir}/${PGM_NAME}/container-management-config.json.template \
+"
+
+do_install() {
+    # Install templat configuration file
+    install -d ${D}${sysconfdir}/${PGM_NAME}
+    install -m 755 ${B}/ota-config.json ${D}${sysconfdir}/${PGM_NAME}
+    install -m 755 ${B}/README-ota-client.txt ${D}${sysconfdir}/${PGM_NAME}
+    install -m 755 ${B}/container-management-config.json.template ${D}${sysconfdir}/${PGM_NAME}
+
+    # Create empty folder for device certificates
+    install -d ${D}${sysconfdir}/${PGM_NAME}/certs
+}

meta-leda-components/recipes-sdv/eclipse-leda/sdv-example-containers.bb

@@ -22,6 +22,7 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/kanto-containers:"
 SRC_URI:append = " file://example/hvac.json"
 SRC_URI:append = " file://example/feedercan.json"
 SRC_URI:append = " file://example_dev/seatservice.json"
+SRC_URI:append = " file://example_dev/ota-client.json.disabled"
 
 do_install:append() {
     install -d ${D}${KANTO_MANIFESTS_LOCAL_DIR}
@@ -32,21 +33,25 @@ do_install:append() {
 
     install -d ${D}${KANTO_MANIFESTS_LOCAL_DEV_DIR}
     install ${WORKDIR}/example_dev/seatservice.json ${D}${KANTO_MANIFESTS_LOCAL_DEV_DIR}
+    install ${WORKDIR}/example_dev/ota-client.json.disabled ${D}${KANTO_MANIFESTS_LOCAL_DEV_DIR}
+
 # Under construction
 #    install ${WORKDIR}/example_dev/otelcol-sdv-agent.json ${D}${KANTO_MANIFESTS_LOCAL_DEV_DIR}
 #    install ${WORKDIR}/example_dev/otelcol-sdv-exporter.json ${D}${KANTO_MANIFESTS_LOCAL_DEV_DIR}
 
 }
 
 PACKAGES = "${PN}"
+
 FILES:${PN} += "${KANTO_MANIFESTS_LOCAL_DIR}"
 FILES:${PN} += "${KANTO_MANIFESTS_LOCAL_DIR}/hvac.json"
 FILES:${PN} += "${KANTO_MANIFESTS_LOCAL_DIR}/feedercan.json"
-# Under construction
-# FILES:${PN} += "${KANTO_MANIFESTS_LOCAL_DIR}/zipkin.json"
 
 FILES:${PN} += "${KANTO_MANIFESTS_LOCAL_DEV_DIR}"
 FILES:${PN} += "${KANTO_MANIFESTS_LOCAL_DEV_DIR}/seatservice.json"
+FILES:${PN} += "${KANTO_MANIFESTS_LOCAL_DEV_DIR}/ota-client.json.disabled"
+
 # Under construction
+# FILES:${PN} += "${KANTO_MANIFESTS_LOCAL_DIR}/zipkin.json"
 # FILES:${PN} += "${KANTO_MANIFESTS_LOCAL_DEV_DIR}/otelcol-sdv-agent.json"
 # FILES:${PN} += "${KANTO_MANIFESTS_LOCAL_DEV_DIR}/otelcol-sdv-exporter.json"

meta-leda-components/recipes-sdv/packagegroups/packagegroup-sdv-examples.bb

@@ -24,6 +24,7 @@ RDEPENDS:${PN} = "\
     can-utils-cantest \
     can-utils-slcan \
     can-utils-log \
+    leda-ota-client \
     "
 
 KERNEL_MODULE_AUTOLOAD += "can"