XS Blueprints:Lease and update server

From OLPC
Jump to navigation Jump to search


Lease and activation services are a key role of the XS. They are key enablers at the school and in the warehouse where the XOs are prepared for deployment.

Scenarios

  • Tama is a field technician, he's visiting a rural school without internet. He has a new OS build to install on the existing laptops and 20 new laptops to hand out with serial numbers that the existing XS doesn't have leases for.
  • Lee is a field technician. He is deploying an XS to a school that did not have one earlier - so the XOs had very long leases, which now need to be shortened.
  • Teacher Catalina travelled to town and got leases and an OS image on a USB stick. The XS at his school is slow -- she wonders whether anything is happening with the USB stick.
  • Jocinta is a NOC sysadmin and wants to get all the XSs out there with the new leases for a XO shipment that is being handed out, new blacklist (a few machines have been misplaced) and updated XO OS images. She has to prepare an update for the internet-connected XSs, and a usb img for the non-connected ones.
  • Ludmilla and Jim are technicians at the warehouse in Wellingtonia-- they have 5K XOs to activate and update. They want to use a temporary machine - perhaps one of the XOs even - as lease and update server.
  • In Zoolandia it is the first day of school after summer holidays -- kids are returning to school and those who haven't visited school in the holidays have their XOs locked. The wireless signal in the Zoolandia schools is unencrypted.
  • First day at school in Oz is a bit more complicated -- wireless network signal is WPA encrypted or perhaps the wireless antenna is broken, flaky, saturated. Teacher wants to prepare an "unlocker" usb stick to pass around.

Implementation Notes

After talking with Wad, we broke the activation/lease server scenario down to

Warehouse scenario

  • Initial activation
    • FW client - by Mitch - probably looks for a pre-set ESSID and dns name
    • Known to work in Mitch's lab
  • Wireless-based reflash
    • For perf reasons you really want to do it via multicast with a bumped multicast rate. We can
      • document how to bump the MC rate on APs
      • document how to bump the MC rate on AAs (script it if we have a "turn into reflash server" script)
    • Needs XOs to be booted off a USB stick with a forth script to trigger the "reflash from network"
    • Worked -- at least once -- via multicast

In school

  • Lease renewal, blacklists
  • olpc-update (done!)


XO side

  • OFW: delegation support is a nice-to-have (but unlikely to happen soon).

Leases/OATC checks against XS in 2 places: initrd and olpc-update-query.

Initrd:

  • Trivial proto port 191
  • 'STOLEN' response is taken "unwrapped", but is transient
  • FIX: hardcoded XS url in init, differs from activate.py -> service announcement (if we have dns at this stage!)

olpc-update-query:

  • FIX: hardcoded XS url -> svc announcement
  • REVIEW: frequency is weird
  • FIX: checks only for update
    • add 'lease' support (dsd patches)
    • add 'stolen' support (&& touch /security/.private/stolen)
  • TEST/REVIEW: Bitfrost delegated keys support seems to be complete - test!

Also:

  • REVIEW: do we need an "I don't know you" response from the server?
  • FIX: Large JSON files problem in initrd. We need a stream parser for this :-)

XS side

...

Test plans and user walkthrough

...

TODOs and future work

...