Capturing Changes in the Configuration of a Board on Torizon OS
Introduction
During the development process with Torizon OS, usually it is required to capture configuration changes on the /etc directory that needs to be committed to the Torizon OS image.
Here are some examples of procedures that require changes in the configuration of the system:
- Custom networking configuration
- Touch screen calibration
- Cellular modem configuration
- Torizon OS boot time optimization
- Use of private registries with Torizon Cloud
- Enable additional reliability services on Torizon
- Apply udev rules to tweak configurations related to Weston
- Storage of Docker data on an external storage device (USB/SD Card)
- Enforcing strong passwords in Torizon OS
- Device Monitoring in Torizon OS
- Modifying updates configuration in Aktualizr
This article shows how to capture these system configurations.
This article complies with the Typographic Conventions for Torizon Documentation.
Pre-requisites
The pre-requisite to complete these instructions are:
- Prerequisites from Configure Build Environment for Torizon Containers installed.
- A Toradex SoM with Torizon installed.
- Having read the Torizoncore Builder - Getting Started article can be helpful.
- A Torizon OS image downloaded.
Installing TorizonCore Builder
To install TorizonCore Builder, read our statements on OS and shell compatibility, then follow the instructions below, in order.
Download the setup script into some writable directory in your system (here we use
~/tcbdir/):$ mkdir -p ~/tcbdir/ && cd ~/tcbdir/
$ wget https://raw.githubusercontent.com/toradex/tcb-env-setup/master/tcb-env-setup.shnoteIf you did this before then you can skip this step unless you want to update the setup script. When you source the script (next step) it will show you a warning message if it determines an update is advisable.
Source the script:
$ cd ~/tcbdir/
$ source tcb-env-setup.shMake sure to do this from every shell instance that you intend to use with TorizonCore Builder. For advanced usage, run
source tcb-env-setup.sh -h, or see the project README. The latter has information about using the early-access version of the tool for those interested.tip- Remember to source the setup script every time you start a new terminal (or shell instance).
- The setup script installs a Bash completion script for TorizonCore Builder, making it possible to autocomplete commands and parameters by just pressing the TAB key.
Beware that under Windows, you must pass extra parameters to the script when the use of the following commands is intended:
ostree serve: consult the ostree serve reference.
Verify that the command
torizoncore-builderis available:$ torizoncore-builder --help
Capturing Changes in the Configuration of a Board
If you have made any configuration changes, they will be saved in the /etc directory of your board. The isolate command will fetch all those changes (modifications, addition, deletion, and files and directories permissions and ownership). It requires an SSH connection for the communication between the host PC and the target board.
Get configuration changes from the target board, saving them in a specific directory, in this case changes1, with this command:
$ torizoncore-builder isolate --remote-host 192.168.1.117 --remote-username torizon --remote-password torizon --changes-directory changes1
Changes in /etc successfully isolated.
Change the arguments --remote-host,--remote-username and --remote-password to your board IP Address, username and password, respectively.
From TorizonCore Builder 3.1.0 after, the default value of --remote-username and --remote-password is torizon, so if the username or the password is torizon the argument can be omitted.
In order to keep credentials (files and directories permissions and ownership) the isolate command will create the file /etc/.tcattr which will be automatically used later by the union command.
For more details about the isolate command, please check the isolate command in the commands manual.
Applying Captured Changes to a Custom Image
There are two possible approaches to apply the customization and generate a custom Toradex Easy Installer image, described in the next two sections Approach 1 and Approach 2. These approaches in some cases are interchangeable and in some not as described in the next sections.
To learn about TorizonCore Builder workflow and the different approaches to use the tool, with explanatory diagrams, please refer to the TorizonCore Builder - Workflow article.
Both approaches generate a custom Toradex Easy Installer image as output, so the approaches should be followed alternatively and not in sequence.
Approach 1: Applying Changes to a Custom Image Using the Build Command
TorizonCore Builder build command generates a custom Torizon OS image with the captured configuration changes, ready to be installed with Toradex Easy Installer, named torizon-core-docker-colibri-imx6-Tezi_5.3.0.CUSTOM in the example below. This is achieved using a configuration YAML file, tcbuild.yaml as default.
This is the recommended approach on production programming and on CI/CD (continuous integration / continuous development) pipelines.
To learn about TorizonCore Builder workflow and the different approaches to use the tool, with explanatory diagrams, please refer to the TorizonCore Builder - Workflow article.
It requires a Toradex Easy Installer image of Torizon OS (preferably without containers), torizon-core-docker-colibri-imx6-Tezi_5.3.0+build.7.tar in this case, as input. The directory (or directories) with the captured configuration changes is passed as customization: filesystem.
# Sample configuration file:
input:
easy-installer:
local: images/torizon-core-docker-colibri-imx6-Tezi_5.3.0+build.7.tar
#Sample customization: insert the configuration changes made in the device
customization:
filesystem:
- changes1/
output:
easy-installer:
local: torizon-core-docker-colibri-imx6-Tezi_5.3.0.CUSTOM
Build The Custom Image
To generate the Torizon OS image, run the command below, in the same directory where the tcbuild.yaml file is:
$ torizoncore-builder build
...
1091 metadata, 12741 content objects imported; 412.2 MB content written
Pulling done.
Deploying OSTree with checksum 58629613a342197c31c5911d0874aac1b0fcb46b68a63f59760c03bacc4df08a
Deploying done.
Copy files not under OSTree control from original deployment.
Packing rootfs...
Packing rootfs done.
=>> Build command successfully executed!
In case of using a configuration file with a different name than tcbuild.yaml, run the command specifying the configuration file name:
$ torizoncore-builder build --file <configuration_file_name>
Deploy The Custom Toradex Easy Installer Image
To deploy the custom Toradex Easy Installer image to the board, click on the link below and choose between the available options.
Deploy The Custom Toradex Easy Installer Image
The output image can be deployed in three ways to the board:
- Using Toradex Easy Installer, the recommended method for production programming.
- Directly on the board through SSH, the recommended method during development.
- Through Torizon Cloud server, the recommended method to perform updates on a device already deployed to the field.
- It's also possible to use a static-delta approach, which is more network efficient.
Despite the recommendations, it is also possible to use a different method, using the Torizon Cloud method during development for example.
To learn more about when to use each method, please refer to the Deployment Methods Comparison section of the TorizonCore Builder - Workflow article.
Toradex Easy Installer
Toradex Easy Installer Tool allows users to install an image into the internal flash memory of Toradex modules in an extremely simple way.
Copy the output image into a USB stick and follow the steps in the Toradex Easy Installer article linked above. The copy of the output image can be done with the command below:
$ cp -a torizon-core-docker-colibri-imx6-Tezi_5.3.0.CUSTOM /media/user/myUSBstick
Where, in my case, /media/user/myUSBstick is the path to USB stick mount point and torizon-core-docker-colibri-imx6-Tezi_5.3.0.CUSTOM is the directory containing the custom Toradex Easy Installer image.
Directly, through SSH
In this case, before deployment the output image needs to be unpacked, using the command below:
$ torizoncore-builder images unpack torizon-core-docker-colibri-imx6-Tezi_5.3.0.CUSTOM
Change the argument torizon-core-docker-colibri-imx6-Tezi_5.3.0.CUSTOM to the directory containing your custom Toradex Easy Installer image.
For more details on how this command works, please check the images unpack command in the commands manual.
To deploy it directly to the board, through SSH, use the command below:
$ torizoncore-builder deploy --remote-host 192.168.1.117 --remote-username torizon --remote-password torizon --reboot
For more details on how this command works, please check the deploy command in the commands manual.
Change the arguments --remote-host,--remote-username and --remote-password to your board IP Address, username and password, respectively.
From TorizonCore Builder 3.1.0 after, the default value of --remote-username and --remote-password is torizon, so if the username or the password is torizon the argument can be omitted.
This way does not support the deployment of the pre-provisioned containers.
Torizon Cloud
In this case, before deployment the output image needs to be unpacked, using the command below:
$ torizoncore-builder images unpack torizon-core-docker-colibri-imx6-Tezi_5.3.0.CUSTOM
Change the argument torizon-core-docker-colibri-imx6-Tezi_5.3.0.CUSTOM to the directory containing your custom Toradex Easy Installer image.
For more details on how this command works, please check the images unpack command in the commands manual.
To deploy it to the Torizon Cloud Update Service, use the command below:
$ torizoncore-builder platform push --credentials credentials.zip --package-name base-package --package-version base-package-1.0 base
For more details on how this command works, please check the platform push command documentation in the Commands Manual.
This way does not support the deployment of the pre-provisioned containers, so their Docker Compose file will need to be deployed separately in the server.
To deploy the image from the Torizon Cloud Remote Update Service to the board, please follow the steps in the OTA Web Interface article.
To obtain credentials (credentials.zip file) and to obtain more information on how to sign and securely deploy a custom image using Torizon Cloud Updates, check the Signing and pushing the image to Torizon Cloud article.
Approach 2: Applying Changes to a Custom Image: Using Standalone Commands
In this second approach, instead of using a configuration YAML file and a one-step command, the generation of the custom Torizon OS with the captured configuration changes is done using standalone commands, each performing one step towards this generation.
This approach is especially useful when making incremental changes, generating multiple images with captured configuration changes (or other customizations like different device tree overlays). Including a directory with captured changes on an image of Torizon OS is just a matter of passing it as a --changes-directory argument to the union command. Therefore, it is just necessary to perform the union and deploy stages (also the isolate step is necessary if you want to capture the new configuration changes from the device).
To learn about TorizonCore Builder workflow and the different approaches to use the tool, with explanatory diagrams, please refer to the TorizonCore Builder - Workflow article.
To generate a custom Toradex Easy Installer image with the desired directories with captured configuration changes follow the sequence of steps below.
You just need to execute once. Then, you are ready to apply multiple changes to the image. For example, in addition to applying configuration changes captured from the device, you can also apply a custom splash screen, a new device tree, among other possibilities.
If you have not unpacked an image yet, download a base Torizon OS image (preferably without containers) inside the TorizonCore Builder working directory, then run the command below to unpack it. In the example below the torizon-core-docker-colibri-imx6-Tezi_5.3.0+build.7.tar image is used as a reference:
$ torizoncore-builder images unpack torizon-core-docker-colibri-imx6-Tezi_5.3.0+build.7.tar
If you want to change the Torizon OS base image, download the new image and run the images unpack command again, passing the new image as the argument.
For more details about the images unpack command, please check the images unpack command in the commands manual.
Instead of using the images unpack you can use the images download command. This command checks which is the connected Toradex SoM, downloads the compatible latest quarterly release of a Torizon OS image without containers, and unpacks this image.
$ torizoncore-builder images download --remote-host 192.168.1.117 --remote-username torizon --remote-password torizon
Change the arguments --remote-host,--remote-username and --remote-password to your board IP Address, username and password, respectively.
For more details on how the images download command works, please check the images download command in the commands manual.
Merge Changes
As a reminder, you must have captured changes as explained previously.
Merge the captured configuration changes (as well as other customizations like a kernel module or a device tree) into the base Toradex Easy Installer image of Torizon OS - use whatever branch name you want.
As an example, to commit changes into a branch named custom-branch use the command below, accordingly with the TorizonCore Builder version:
$ torizoncore-builder union custom-branch
Applying changes from STORAGE/dt.
Commit 58629613a342197c31c5911d0874aac1b0fcb46b68a63f59760c03bacc4df08a has been generated for changes and is ready to be deployed.
$ torizoncore-builder union --union-branch=custom-branch
We recommend that you switch to the latest version of TorizonCore Builder to enjoy its simpler and more consistent user interface besides other improvements and bug fixes.
For more details about the union command, please check the union command in the commands manual.
Deploy The Custom Toradex Easy Installer Image
To deploy the custom Toradex Easy Installer image to the board, click on the link below and choose between the available options.
Deploy The Custom Toradex Easy Installer Image
The output image can be deployed in three ways to the board:
- Using Toradex Easy Installer, the recommended method for production programming.
- Directly on the board through SSH, the recommended method during development.
- Through Torizon Cloud server, the recommended method to perform updates on a device already deployed to the field.
Despite the recommendations, it is also possible to use a different method, using the Torizon Cloud method during development for example.
To learn more about when to use each method, please refer to the Deployment Methods Comparison section of the TorizonCore Builder - Workflow article.
However, the commands have differences in comparison to the deploy in Approach 1.
Toradex Easy Installer
Toradex Easy Installer Tool allows users to install an image into the internal flash memory of Toradex modules in an extremely simple way.
First, to generate a Toradex Easy Installer image, into the output directory torizon-core-docker-colibri-imx6-Tezi_5.3.0.CUSTOM, use the command below:
$ torizoncore-builder deploy custom-branch --output-directory torizon-core-docker-colibri-imx6-Tezi_5.3.0.CUSTOM
Change the arguments custom-branch to the branch where you merged the changes (with the union command).
Copy the output image into a USB stick and follow the steps in the Toradex Easy Installer Tool article linked above. The copy of the output image can be done with the command below:
$ cp -a torizon-core-docker-colibri-imx6-Tezi_5.3.0.CUSTOM /media/user/myUSBstick
Where /media/user/myUSBstick is, in my case, the path to USB stick mount point.
Directly, through SSH
To deploy it directly to the board, through SSH, use the command below:
$ torizoncore-builder deploy custom-branch --remote-host 192.168.1.117 --remote-username torizon --remote-password torizon --reboot
Change the arguments custom-branch, --remote-host,--remote-username and --remote-password to the branch where you merged the changes (with the union command), your board IP Address, username and password, respectively.
From TorizonCore Builder 3.1.0 after, the default value of --remote-username and --remote-password is torizon, so if the username or the password is torizon the argument can be omitted.
For more details on how this command works, please check the deploy command in the commands manual.
This way does not support the deployment of the pre-provisioned containers.
Torizon Cloud Remote Update Service
To deploy it to the Torizon Cloud Remote Update Service, use the command below:
$ torizoncore-builder push --credentials credentials.zip custom-branch
Change the argument custom-branch to the branch where you merged the changes (with the union command).
This way does not support the deployment of the pre-provisioned containers, so their Docker Compose file will need to be deployed separately in the server.
To deploy the image from the Torizon Cloud Remote Update Service to the board, please follow the steps in the OTA Web Interface article.
To obtain credentials (credentials.zip file) and to obtain more information on how to sign and securely deploy a custom image using Over-the-Air (OTA) updates, check the Signing and pushing the image to Torizon Cloud article.
For more details on how this command works, please check the push command in the commands manual.
Verifying The New Custom Image On The Device
After rebooting, in your target device's terminal, verify that your new custom image of Torizon OS is active on the device with the command below:
# sudo ostree admin status
Password:
* torizon 58629613a342197c31c5911d0874aac1b0fcb46b68a63f59760c03bacc4df08a.0
Version: 5.3.0+build.7-tcbuilder.20211008140217
origin refspec: tcbuilder:58629613a342197c31c5911d0874aac1b0fcb46b68a63f59760c03bacc4df08a
torizon 36ad904617b170339b6ded7b9dce87ed8cf0f76473b897fdd832d91e82eb1ddc.0 (rollback)
Version: 5.3.0+build.7
origin refspec: tcbuilder:36ad904617b170339b6ded7b9dce87ed8cf0f76473b897fdd832d91e82eb1ddc
Where 58629613a342197c31c5911d0874aac1b0fcb46b68a63f59760c03bacc4df08a is the OSTree commit hash and should be the same as:
- The one in the output of the
unioncommand in the case of the standalone commands - The one in the "Deploying OSTree with checksum ..." part of the output of the
buildcommand.