Guys,This is a great effort, and one that is really really needed. Thanks!But if this can be done in a way that doesn't need a dedicated raspberry-pi, it would be fantastic. Many of us have a raspberry pi in our networks as pi-holes, yacy servers, etc. and it would be great if we can install the probe on the same OS that is running other stuff as well. I don't think it needs as much resource as a dedicated pi.Your thoughts?
Cheers;--
Hamed Khoramyar
Aivivid.com / IT Infrastructure and Cybersecurity services.
Managing Director
Office: +46-8-121-44-227
Mobile / Signal: +46-76-309-2020
Twitter: @khoramyar / @aivivid
EU VAT Number: SE559113506501
SnailMail: Box 1456, 11674 Stockholm, Sweden------- Original Message ---------
On Monday, September 19th, 2022 at 2:58 PM, Michel Stam <mstam@ripe.net> wrote:
Hi Rodolfo,I am not familiar with Packer, but from a quick glance on packer.io it seems to generate machine images, correct?I’ve taken a look at your suggestion, and I agree that mentioning backup and restore of the keys of the software probe is a good idea. Going forward we’ll have a critical look to see if this cannot be done differently (without clobbering keys).Thanks for the idea!Cheers,MichelLooking at your instructions, I’ll discuss them internally and get back to you.On 5 Sep 2022, at 00:12, Rodolfo García Peñas (kix) <kix@kix.es> wrote:Hello,I did a method to make Raspberry PI images for Atlas SW probes using Packer.After create this method, I have two comments:
- The Raspberry PI image uses Debian. When the Debian package is installed, it launches the Atlas service. The atlas service creates the public and private keys. For this reason I can create the Debian package in the image creation with Packer, but I cannot install it. I am using an script in the first boot to install the package.
- As I pointed in the previous comment, the keys are created when the package is installed. This is a good idea if the package is created for first time or if the user is updating the package. But if the user is moving the installation to a new device, when the package is installed, a new key-pair is created. Therefore, probably the user wants to replace the new keys with the previous and these keys will left unused (but registered).
For these reasons, probably split the package installation and the service startup could be an idea. Then, the user can install the package, if the user has previous keys copy them to the keys folder and then launch the service.These steps (https://github.com/RIPE-NCC/ripe-atlas-software-probe/blob/master/INSTALL.rst) will change from:
- Install this .deb file: sudo dpkg -i atlasswprobe-??????.deb
- The public key is stored in /var/atlas-probe/etc/probe_key.pub
- Then register your probe at https://atlas.ripe.net/apply/swprobe/
To
- Install this .deb file: sudo dpkg -i atlasswprobe-??????.deb
- If you have previous keys, from other SW probe, copy them to /var/atlas-probe/etc/
- Launch the service: sudo sytemctl start atlas
- If you are using a new atlas probe, then:
- The public key is stored in /var/atlas-probe/etc/probe_key.pub
- Then register your probe at https://atlas.ripe.net/apply/swprobe/
What do you think?Best regards,kix----Rodolfo García Peñas (kix)"I asked him once how to change the key bindings and Dave said 'You use the Change Configuration command. On Unix it is abbreviated as cc.' Dave Conroy and Lawrence Stewart.
atlas-sw-probes mailing list
atlas-sw-probes@ripe.net
https://lists.ripe.net/mailman/listinfo/atlas-sw-probes
atlas-sw-probes mailing list
atlas-sw-probes@ripe.net
https://lists.ripe.net/mailman/listinfo/atlas-sw-probes