Zero Touch Provisioning

[marcoherbst]

A proposed workflow is something like:

1. Burn SD card from standard image (using something like etcher.io or https://nerves-project.org/)
2. Insert into device
3. Device boots to SD
4. Script calls preconfigured ExNVR Cloud Deployment Endpoint ( e.g. media.evercam.io/v2/ExNVR/Deploy ) and identifies itself with the device MAC (or other unique ID).
5. API responds with a unique configuration (which can be pre-assigned or not).

I am proposing this as the most simple (from an Ops PoV) configuration workflow. i.e. burn SD, put SD in device.

Or look to something like this:
https://docs.aws.amazon.com/iot/latest/developerguide/jit-provisioning.html
https://aws.amazon.com/blogs/iot/setting-up-just-in-time-provisioning-with-aws-iot-core/
https://www.verytechnology.com/iot-insights/aws-iot-core-elixir-and-nerves-a-crash-course
https://fullsteamlabs.com/blog/workflows-for-elixir-nerves
https://github.com/nerves-hub/documentation/blob/main/nerves-key/provisioning-in-elixir.md

Possibly helpful:
https://github.com/nerves-project/boardid
https://github.com/mendersoftware

[magixus]

There is a simple way to do:

1. Create a working version and save as *.img
2. Use this image to burn all new MicroSDs. (dd if=*img of=/dev/new_sd)

The working version should have a service that check :

1. Configure proxy and security policies.
2. Auto mounting HDD
3. Install a working ExNVR
4. Communicate with Evercam API to inform existence
5. Deploy grafana agent for monitoring
6. Netbird checks (VPN checks in general)
7. more ...

In case we update new things, we will update the *.img and sync changes will all EDGE devices via ansible.

There is another option. We can use Compute Provisioning system from Raspberry themselves

However this will take more time & efforts to achieve.

Cloning is the best (time & money) it reduce the burning phase, and setting up new system.

> I have done this in the UK and it worked from 7/8 RPIs. the one that didn't worked had different Architecture (aarch7)

[magixus]

I have created an API before to call for new NXW provisioning. some work has been done here : I remember shifting this to github but don't remember where. I'll find out

[marcoherbst]

Just to keep this fresh, Riadh gave a summary of what today the steps are to configure a new kit from a fresh router + pi (with PiOS):

1. Add the router into RMS
2. Upgrade the FW (& erasing the old settings)
3. Pushing the configs into the router
4. Creating the camera in Admin (based on the info from CRM)
5. Accessing the Pi, & getting it an update and full upgrade
6. Configuring the Pi (HDD formatting, mount point, IP setting...)
7. Installing Exnvr from AWX (after adding the host details...)
8. Getting the camera into the router network and configuring it
9. Adding the camera into ExNVR
10. Final checks (cam recording, Exnvr recording, admin info all added, relay or output checking ...)

[magixus]

We are having this discussion here as well https://docs.google.com/spreadsheets/d/1PHp8Cs2poTjnuT28hTr8NDYFLAw9eD2yUXQojP6sxTY/edit?gid=1115603320#gid=1115603320