These are chat archives for resin-io/chat

4th
Jun 2017
Paul Flint
@flintiii
Jun 04 2017 02:45
Hard wired ethernet. Yes 4 green and pause
Actually, 4 green and then a red. Note that this is a known good setup, tested with another SD chip.
Paul Flint
@flintiii
Jun 04 2017 11:46
Thanks for the answer above. Is there a way to put the resin.io image into a diagnostic or debug mode? The white screen with the yellow square is getting old...
resin.io team
@resinio
Jun 04 2017 11:52
[Alexandros Marinos (alexandrosm)] @flintiii it sounds like there may be a network connectivity issue. Are you sure the ethernet cable leads to the network?
Tobias Oberstein
@oberstet
Jun 04 2017 13:43
Could someone explain to me how updates of the Resin.io supervisor itself work, as this also runs in its own container and manages the updates of other containers? IOW: how does it manage its own update?
resin.io team
@resinio
Jun 04 2017 13:53
[Alexandros Marinos (alexandrosm)] @oberstet, there's a separate, super-minimal supervisor updater in the host
[Alexandros Marinos (alexandrosm)] its basically a shell script that checks the resin server directly
[Alexandros Marinos (alexandrosm)] but the truth is that we very rarely use that mechanism
[Alexandros Marinos (alexandrosm)] these days supervisors get updated when we update the hostOS
[Alexandros Marinos (alexandrosm)] we're trying to make hostOS updates easy and available for users to do themselves, so the supervisor should easily be updated that way, and otherwise it's a pretty robust system
[Alexandros Marinos (alexandrosm)] so it very rarely needs updates on its own that don't depend on the host to update as well
Tobias Oberstein
@oberstet
Jun 04 2017 13:56
So "normally" the supervisor Docker container is updated together (and hence part of) the base OS image?
Doesn't that require that the supervisor container image is eg on the A/B partition rootfs of the base OS, rather than the non-A/B data partition?
@alexandrosm "super minimal supervisor updater": to you have a link to the shell script? Is it part of https://github.com/resin-io/resin-supervisor ?
resin.io team
@resinio
Jun 04 2017 14:00
[Alexandros Marinos (alexandrosm)] no, it's probably in meta-resin
[Alexandros Marinos (alexandrosm)] all the OS code is in https://github.com/resin-os/
[Alexandros Marinos (alexandrosm)] and meta-resin is the core yocto repo
[Alexandros Marinos (alexandrosm)] the OS team hangs out at gitter.im/resin-os/ , they can answer more detailed questions for you there (though probably on monday is best)
Tobias Oberstein
@oberstet
Jun 04 2017 14:03
Thx! I will dig into it. Just that 1 follow up Q: the supervisor OS container image is part of the base OS image (A/B rootfs partitions), different from other container images which I assume reside on a data partition, right?
resin.io team
@resinio
Jun 04 2017 14:03
[Alexandros Marinos (alexandrosm)] the supervisor container is stored with all the other containers in the data partition, not in the A/B partitions
[Alexandros Marinos (alexandrosm)] the host in the A/B partition has enough for us to recover the device in case of corruption/disaster, so we don't need the supervisor to be duplicated
Tobias Oberstein
@oberstet
Jun 04 2017 14:05
ok, I need to dig into that. sounds interesting ..
thanks for your explanations!
resin.io team
@resinio
Jun 04 2017 14:05
[Alexandros Marinos (alexandrosm)] I see you are involved in crossbar.io, are you looking to use resinOS for that?
Tobias Oberstein
@oberstet
Jun 04 2017 14:06
I am core dev at crossbar.io, right, and also co-founder of crossbar.io gmbh
and yes, I am looking into ways of bringing crossbar.io to (more) devices ..
crossbar.io itself is already avail on docker for x86-64, armhf and aarch64
resin.io team
@resinio
Jun 04 2017 14:22
[Alexandros Marinos (alexandrosm)] cool
[Alexandros Marinos (alexandrosm)] does it work as a container?
Tobias Oberstein
@oberstet
Jun 04 2017 14:22
sure
resin.io team
@resinio
Jun 04 2017 14:24
[Alexandros Marinos (alexandrosm)] we're about to release support for multicontainer in the next few months
[Alexandros Marinos (alexandrosm)] will crossbar.io be useful in that context? o ris it more useful for device-to-cevice scenarios?
[Alexandros Marinos (alexandrosm)] I guess I should do some more research
Tobias Oberstein
@oberstet
Jun 04 2017 14:25
short version: crossbar.io supports multiple protocols: WAMP/WebSocket, HTTP/REST and MQTT. and WAMP has a number of advantages .. in particular if there is a need for remote, secure "command & control"
=> device / container management ..
eg when I read "VPN", this is making me nervous ..
resin.io team
@resinio
Jun 04 2017 14:27
[Alexandros Marinos (alexandrosm)] the features we have at resin need a vpn, or something very similar
[Alexandros Marinos (alexandrosm)] e.g. the terminal feature, and the public url feature
Tobias Oberstein
@oberstet
Jun 04 2017 14:27
well, "require a VPN", I don't believe that tbh
you dont need a VPN to do secure command & control
resin.io team
@resinio
Jun 04 2017 14:28
[Alexandros Marinos (alexandrosm)] what I mean is that we need persistent tunnels
[Alexandros Marinos (alexandrosm)] not just messaging
Tobias Oberstein
@oberstet
Jun 04 2017 14:28
why would I want that?
"persistent tunnel": what exactly?
resin.io team
@resinio
Jun 04 2017 14:28
[Alexandros Marinos (alexandrosm)] e.g. if you're streaming video, or connecting via ssh, etc
Tobias Oberstein
@oberstet
Jun 04 2017 14:28
no, not needed
resin.io team
@resinio
Jun 04 2017 14:28
[Alexandros Marinos (alexandrosm)] a vpn is an example of one
Tobias Oberstein
@oberstet
Jun 04 2017 14:29
if you really need to, you can tunnel SSH over WAMP/WebSocket without any VPN
resin.io team
@resinio
Jun 04 2017 14:29
[Alexandros Marinos (alexandrosm)] sure, but the performance is much much worse
[Alexandros Marinos (alexandrosm)] you're basically inverting the stack
[Alexandros Marinos (alexandrosm)] we've got people streaming video over that vpn
Tobias Oberstein
@oberstet
Jun 04 2017 14:30
sure, same with WAMP (I know one user that is rendering 3D on GPUs in data center and streams the video bvia WAMP to browsers)
resin.io team
@resinio
Jun 04 2017 14:31
[Alexandros Marinos (alexandrosm)] truth be told I haven't researched wamp that much
Tobias Oberstein
@oberstet
Jun 04 2017 14:31
the pilots we are working on (automotive) won't run a VPN on their embedded HW
eg there is a bare metal hypervisor running, and Linux is only confined to partitions .. (HW virtualized)
resin.io team
@resinio
Jun 04 2017 14:32
[Alexandros Marinos (alexandrosm)] but ultimately, if you can create persistent tunnels, what's the real difference? the letters "vpn"?
Tobias Oberstein
@oberstet
Jun 04 2017 14:33
depends on the exact VPN tech of course .. but even with VPNs that only do outgoing TCP and establish a inner reverse tunnel, you are creating "one network" ..
resin.io team
@resinio
Jun 04 2017 14:33
[Alexandros Marinos (alexandrosm)] not sure what you mean by "one network"
[Alexandros Marinos (alexandrosm)] also, the main benefit of having a VPN for us is being able to reach devices in any environment, using a lightweight, battle tested stack
[Alexandros Marinos (alexandrosm)] if the kernel and dropbear start, we can repair the device, even if everything else has failed (docker, supervisor, etc etc)
[Alexandros Marinos (alexandrosm)] perhaps as we harden our stack more and more the VPN will be less useful, but in the early stages it has helped us find and fix countless issues, which happens when you're trying to put together a complex stack with Docker on non-x86 platforms
Tobias Oberstein
@oberstet
Jun 04 2017 14:36
there are many factors, and I certainly wont claim there is only 1 solution;)
our philosophy is: no open ports on the device, none at all, not even via VPN
resin.io team
@resinio
Jun 04 2017 14:36
[Alexandros Marinos (alexandrosm)] we're also working with a SIM provider that creates an implicit VPN via the cell network, so the device doesn't need to run anything
[Alexandros Marinos (alexandrosm)] right -- so the device cannot be reached by the server
[Alexandros Marinos (alexandrosm)] it only works the other way around
[Alexandros Marinos (alexandrosm)] we have some customers who work in that way by disabling the vpn, resin still functions
[Alexandros Marinos (alexandrosm)] but they lose the features I was talking about
[Alexandros Marinos (alexandrosm)] the core still works of course
Tobias Oberstein
@oberstet
Jun 04 2017 14:38
we only need 1 thing: the device must be able to open an outgoing, secure WebSocket connections over 443. nothing else. it works basically in every network environment ..
resin.io team
@resinio
Jun 04 2017 14:38
[Alexandros Marinos (alexandrosm)] I see
[Alexandros Marinos (alexandrosm)] well, hopefully resinOS is a useful component for your stack, we look forward to having many more people using our work so far and hopefully building a community of diverse use cases
Tobias Oberstein
@oberstet
Jun 04 2017 14:41
at least the automotive sector is extremely security/safety sensitive .. so our story works quite well there (0 open ports, no VPN, only outgoing websocket) - but I will continue to follow resin.io! great project
Paul Flint
@flintiii
Jun 04 2017 16:19
@resinio Alexandros, I can boot the Pi off of a Raspbian SD card and the unit functions with all features including both wired and wireless LAN connectivity.
Any way that I can get into a debug mode or a way of allowing me to see what the unit is doing while rebooting? So far I only see the white field with the yellow resin.io square.
Paul Flint
@flintiii
Jun 04 2017 16:31
Alexandros, me I just want to see the silly thing boot beyond the white screen of uncertainty. In a lot of systems, <page up>.or <page down> will remove the cover graphic and let you watch the unit operate. Got anything like that here for debug/troubleshooting?
BTW I do not believe I am having network issues.
Paul Flint
@flintiii
Jun 04 2017 16:51
After about 5 minutes it goes black... I am gonna go to lunch...
resin.io team
@resinio
Jun 04 2017 16:57
[Alexandros Marinos (alexandrosm)] @flintiii so to summarise, you download the image from resin.io, write it with etcher having no warnings, boot the device off of ethernet, yet see nothing on the resin.io dashboard?
[Alexandros Marinos (alexandrosm)] the only thing i can imagine in this case is a corrupted download. mind telling me the size of the downloaded image, or re-downloading the OS?
[Alexandros Marinos (alexandrosm)] (I'm not ignoring your point on debug messages, I am noting it internally, but also trying to help you get off the ground in this particular case :) )
Paul Flint
@flintiii
Jun 04 2017 19:41
Greetings Alexandros Marinos, Note that we are a Linux only shop, so the program I used to copy the iso image was gnome-disks. Here are the details of the file that I copied onto the SD card:
1803550720 May 31 13:24 resin-yaest-2.0.3+rev1-4.2.2-3c6a3f9be568.img
BTW can I set this thing to not respond to an <enter> key as a post?
The MD5 checksum for this file is: 9bb3ff4cfdbfcfc8f5a36dd359ac5ed9
The corrupted download theory is interesting. I will cut another SD card and see if it makes a difference. Keep in mind the damn thing is booting.
resin.io team
@resinio
Jun 04 2017 19:59
[Alexandros Marinos (alexandrosm)] @flintiii etcher works on linux too. the reason I specified Etcher is that it verifies what it wrote, so it would rule out corrupt SD card scenarios.
[Alexandros Marinos (alexandrosm)] you can of course use whatever program you prefer for the task
[Alexandros Marinos (alexandrosm)] lmk if it works this time around. the size looks roughly correct for what it's worth
[Alexandros Marinos (alexandrosm)] if it's not a corrupted download, I can only imagine there may be some blocking going on? are you behind some sort of firewall etc?
Paul Flint
@flintiii
Jun 04 2017 22:40
flint@seltzer:~/jobhunt/resin.io/etcher$ ./Etcher-1.0.0-linux-x86.AppImage
./Etcher-1.0.0-linux-x86.AppImage: error while loading shared libraries: libfuse.so.2: cannot open shared object file: No such file or directory
...and I really like AppImages...
Paul Flint
@flintiii
Jun 04 2017 23:13
Jeez finally got the damn micro-sd erased so that I could write my next attempt. I am gonna try to download libfuse.so.2...
Ah...resin-io/etcher#1384
Paul Flint
@flintiii
Jun 04 2017 23:22
Ok, so that is going. I would try to expand the documentation allow customers to avoid this pitfall. The kind of thing a Dev-ops person should be doing...
Paul Flint
@flintiii
Jun 04 2017 23:28
Ah, stuck on 56%.... restarting...
Paul Flint
@flintiii
Jun 04 2017 23:35
Just blew by 75%... the excitement mounts...validating... very cool... Needs an audio "ta-da" like k3b... but on to testing!
Paul Flint
@flintiii
Jun 04 2017 23:44
Alenandros, Here in testing, the White Screen and the Yellow box have survived the use of etcher... bummer...
Paul Flint
@flintiii
Jun 04 2017 23:52
Some good news, just did an nmap on the apparent ip address that dhcp'd on to my firewall. There is an ssh shell available. Wonder what the userid and password are?