ProHoster > Блог > Whakahaerenga > Panana Pi R64 pouara - Debian, Wireguard, RKN

Panana Pi R64 pouara - Debian, Wireguard, RKN

Ko te Panana Pi 64 he rorohiko papa kotahi e rite ana ki te Raspberry Pi, engari he maha nga tauranga Ethernet, e taea ai te huri hei pouara i runga i te tohatoha Linux kaupapa whanui.

Panana Pi R64 pouara - Debian, Wireguard, RKN

Ae, kei kona ano a Openwrt, engari kei a ia ano ona raru, ko tana GUI me te CLI; He Mikrotik, engari ano kei a ia ano tana GUI / CLI, a kaore a Wireguard e mahi i waho o te pouaka ... I te nuinga o te waa, e hiahia ana ahau ki te pouara me nga tautuhinga ngawari, i te wa e noho ana i roto i te anga o te Linux paerewa, e mahi ana koe me ia ra.

I roto i te tuhinga i raro i nga ingoa BPI, R64, kotahi-poari, ka rite ano taku korero - ko te Banana Pi R64 kotahi-papa.

Te whiriwhiri whakaahua. Tikiake mā te eMMC

Ko te tino pukenga tuatahi me whiwhi koe ina mahi koe SBC i te nuinga o te waa, me te R64 otira, ko te tikanga tenei ko te ako me pehea te utaina i tetahi punaha whakahaere ki roto me te kaha ki te taunekeneke ki a ia, na te mea kaore he tauranga a te R64 mo te aroturuki (HDMI, hei tauira). Ka hinga nga mea katoa - Wifi, Ethernet, Bluetooth, USB, me etahi atu ka mutu te mahi. He UART, na roto i te atanga ka taea e koe te kite i nga mea i he, me te whakahaere ano i nga whakahau e rua mai i te papatohu, mehemea e tika ana.

Hātepe mō te tūhono ki R64 mā te USB-UART:

  • ka rere matou ki te toa waahanga reo irirangi mo te taura USB-UART (PL2303, Serial-to-USB)
  • hono tetahi pito USB ki te rorohiko, me tetahi atu, UART, ki te R64, me nga waea e toru mai i te wha, penei i te pikitia i raro nei.
  • rere i roto i te papatohu rorohiko sudo minicom

I muri i tenei, i te nuinga o nga wa ka puta te papatohu papa-kotahi = angitu.
Ka taea e koe te kite i etahi atu korero konei.

Panana Pi R64 pouara - Debian, Wireguard, RKN

I muri mai, ko te huarahi ngawari ki te uta i te punaha whakahaere mai i te kaari SD: tango ma hono whakaahua ka whakakiia:

unzip -p 2019-08-23-ubuntu-16.04-lite-preview-bpi-r64-sd-emmc.img.zip | pv | sudo dd of=/dev/mmcblk0 bs=10M status=noxfer

Ka whakauruhia e matou te kaari ki roto i te mokamoka R64 SD, ka whakahurihia, ka mataki i te papatohu hono e uta ana i te uboot tuatahi, katahi ka utaina te Linux paerewa.

Ko tetahi atu whiringa whawhai ko te whakamahi i te kaari 64Gb kua hangaia ki roto i te R8, e kiia nei ko eMMC. E ai ki nga tohutohu i te wiki, ka kapehia e matou te ahua ki te taputapu
/dev/mmcblk0 ki te BPI, whakaara ano, tango i te kaari SD, whakahurihia ano te BPI ... a kaore e mahi. Me pehea te hoki whakamuri Boot select kaua e whakararuraru.

Ko te meka ko te iti rawa mo te BPI me whakarite e koe he haki motuhake kia taea ai e koe te peke mai i te puku kohiko o roto:

root@bpi-r64:~# ./mmc extcsd read /dev/mmcblk1 | grep 'PARTITION_CONFIG'
Boot configuration bytes [PARTITION_CONFIG: 0x00]
root@bpi-r64:~# ./mmc bootpart enable 1 1 /dev/mmcblk1
root@bpi-r64:~# ./mmc extcsd read /dev/mmcblk1 | grep 'PARTITION_CONFIG'
Boot configuration bytes [PARTITION_CONFIG: 0x48]

I muri mai, me tuhi koe i te preloader ki roto i tetahi waahanga whawhai motuhake

root@bpi-r64:~# echo 0 > /sys/block/mmcblk0boot0/force_ro 
root@bpi-r64:~# dd if=preloader_evb7622_64_foremmc.bin of=/dev/mmcblk0boot0

Ko te Kaihanga R64 (Haina) i whakairihia tenei takirua konei. He aha tana mahi kaore i te mohiotia (kare he waehere puna), engari kaore e mahi me te kore.

I te nuinga, i muri i tenei, ka timata nga whakaahua ki te uta mai i te eMMC. Mena kei te pirangi koe ki te whakaaro me te hanga whakaahua mai i te wahanga, na mo nga keehi e rua (SD/eMMC) me tuhi e koe etahi atu konae (whakaekea mo te kaari SD, ATF, u-boot) kia eke noa ki te uta i te kernel. Kei te noho tonu tenei kaupapa ka whanake, engari mo matou ko te mea nui ko te mahi me te pai.

Inaianei ka tango ahau ma te eMMC, kia pono, kaore au i te whakamahi, he kaari SD ka nui, engari he nui te wa i whakapaua e au ki te mahi, na me waiho i roto i te tuhinga.

Te whiriwhiri i tetahi punaha whakahaere. Armbian

Ko te mahi tono tuatahi ko te whakarewa i te VPN, ko Wireguard. I kitea tonutia ko te taha o te kakano kaore i whakahiato, kaore he pane. I hanga ano e ahau te kakano, a, pera i taku mahi ki te x86, i whakaemihia e au te konae ma te whakamahi i te DKMS. Heoi, ko te tere o te hanga i nga taputapu iti i runga i te arm64 i tino miharo ahau. Na ka hiahiatia tetahi atu kōwae kernel, etc. I te nuinga o te waa, ka puta ko nga mea katoa e pa ana ki te kakano he pai te whakahiato i runga i te pona x86 mahana, ka whakawhitia ki te R64 ma te kape ngawari, ka whakaara ano me te whakamatau.

Ko tetahi atu mea ko te waahanga mokowāmahi. I taku keehi mo te kowhiri i a Debian, ko nga mea katoa mo te hoahoanga arm64 kei runga i packages.debian.org kaore he take ki te hanga ano i tetahi mea.

Kia kore ai e whakaputa i tetahi atu paihikara, I tauranga Arapia mo BPI R64.
Engari, ko tenei: ko te waahanga mokowāmahi ko Armbian, ka tangohia te kernel mai i te putunga Frank-A. Ka taea te tango i te ahua hou konei.

Ko nga mahi katoa mo te whakawhanaketanga o te waahanga rorohiko o R64 ka mahia hui. I te nuinga o te korero, ko te kaihanga tonu e kaha ana ki te whakanui i te pouara mo Openwrt, engari na te mahi a te kaiwhakawhanake a Frank mai i Tiamana, ka mutu nga ahuatanga katoa ki te kernel mo Debian. He mea whakamiharo, he kaha a Frank ki nga miro huinga katoa.

Te whakahaere mokowāmahi: waea

Ma te wehe, ka hiahia ahau ki te korero ki a koe me pehea, i te wa o te whakawhanaketanga/whakamatautau, te whakanoho i tetahi SBC (ehara i te BPI anake) ki runga tepu kia kore ai e rere he taura Ethernet ki a ia mai i te puna Ipurangi puta noa i te ruma katoa/te tari. Ko te mea pono, i tetahi taha, me whakarato koe i tetahi taputapu me te Ipurangi, engari i tetahi atu ringa, ka pakaru nga mea katoa i roto i taua taputapu, me te tuatahi o te Wifi.

Tuatahi, ka whakatau ahau ki te hoko i te "whistle" USB-Wifi iti, whakauruhia ki te tauranga anake i runga i te BPI ka wareware ki nga waea. Ki te mahi i tenei, i hokona e ahau he TP-LINK TL-WN725N USB 2.0 iti, engari i muri tata ka marama ka kore e rere: kia mahi te whiowhio, me hiahia koe ki te taraiwa kernel, he pono, kaore i reira. (i muri mai ka kohia e ahau te taraiwa RTL8XXXU e tika ana, engari he koretake tonu). Na te taura Ethernet i pahuatia te ahua o te ruma mo tetahi wa.

Ko te mutunga, i kaha ahau ki te whakakore i te taura me te awhina a Tenda MW3 (Wifi mesh system): I tukuna noa e ahau tetahi poraka i raro i te tepu me te hono i te BPI ki te tauranga LAN o muri me te taura Ethernet mita-roa. Angitu.

Wireguard, RKN, Manu

Ko tetahi o nga mea e hiahia ana ahau ki te whakamahi i te Panana PI mo te whai waahi kore utu ki nga waahi kua aukatihia e te RKN, ina koa, kia mahi nga waea a Telegram me Slack. Ko nga tuhinga mo te Habré kua tukuna kee mo tenei kaupapa: wa, два, e toru.

I tukuna e ahau tenei otinga ma te whakamahi i te Ansible: hono.

Ko te VPS e kiia ana kei te whakahaere i te Ubuntu 18.04. I tirohia e au te mahi i runga i nga hosters e rua i Uropi: Amazon me Digital Ocean.

Na, i whakauruhia e matou te Armbian i runga ake nei i runga i te R64, ka uru ma te ssh i raro i te ingoa hm-bananapi-1 me te uru ipurangi. I nga wa katoa ka tukuna e matou nga tuhinga Ansible, aunoatanga me te whakarewa i te whakaurunga ake i runga i te R64:

# зависимости для Debian-based дистрибутивов
$ sudo apt install --no-install-recommends python3-pip python3-setuptools python3-wheel git
$ which pip3
/usr/bin/pip3

# ansible с pybook, скриптование на Python
$ pip3 install https://github.com/muravjov/ansible/archive/ansible-2.10.0.dev0-pybook2019.tar.gz

$ export PATH=~/.local/bin:$PATH
$ which ansible-playbook
/home/sa/.local/bin/ansible-playbook

$ git clone https://github.com/muravjov/ansible-bpi-r64.git
$ cd ansible-bpi-r64

$ git submodule update --init

# убеждаемся в доступности hm-bananapi-1
$ ssh hm-bananapi-1 which python3
/usr/bin/python3

# собственно установка
$ ansible-playbook ./router.py -l hm-bananapi-1

I muri mai, me tuku e koe to maatau VPN ki te VPS i te huarahi ano:

ansible-playbook ./router.py -l current-vpn

I konei ko te tautohe he vpn o naianei tonu, a ko te ingoa VPS pono kua whirihorahia ki tetahi taurangi (i tenei keehi ko paris-vpn-aws-t2-micro-1):

$ grep current_vpn group_vars/all 
current_vpn: paris-vpn-aws-t2-micro-1
#current_vpn: frankfurt-vpn-d0-starter-1

Ae, i mua i enei mahi katoa me whakaputa e koe nga mea ngaro (ina koa nga taviri Wireguard) ki roto i te kōpaki ./secrets, kia rite te ahua o te whaiaronga na.

Aunoatanga Ansible i roto i te Python

Ka kite pea koe kaore i roto i te whakatakotoranga YAML, ko nga whakahau Ansible kei te whakawaeheretia ki nga tuhinga Python. Hei whakataurite, me pehea te whakaahei i te daemon manu ki te tikanga o mua:

- name: start bird
  systemd:
    name: bird
    state: started
    enabled: yes

me pehea te mahi pera ma te Python:

with mapping:
    append("name", "start bird")
    with mapping("systemd"):
        append("name",  "bird")
        append("state", "started")
        append("enabled", "yes")

Ko te tuhi i nga whakahau Ansible i roto i te Python ka taea e koe te whakamahi ano i te waehere, a, i te nuinga o te waa ka whakatuwhera i nga waahanga katoa o te reo kaupapa whanui. Hei tauira, te whakauru manu ki R64 me VPS:

install_bird("router/bird.conf.j2")
install_bird("vpn/bird.conf.j2")

tirohia te waehere mahi tāuta_manu().

Ka karangahia tenei ahuatanga pybook whakatinana konei. Karekau he tuhinga mo te pybook, engari ka whakatikahia e au tenei take a muri ake nei.

He aha tana whakaaro whakarunga i tenei wa.

Te aroturuki. Prometheus

Tapeke: mahi waea waea, hono me te pornhub hoki, i te nuinga o te waa he pai te wheako kaiwhakamahi. Engari ka pakaru nga mea katoa, tae atu ki nga taputapu Hainamana.

Ka taea hoki e nga whakahou Kernel te whakahihiri: hei tauira, i hiahia ahau ki te whakahou i te kernel 5.4 => 5.6, he pai, kei waho a Wireguard i waho o te pouaka, kaore he take ki te papaki... Kaore i roa ka kii atu: I whakapau kaha ahau ki te whakawhiti i nga papanga mai i te 5.4 ki te 5.6, ka timata te kakano, ka pinged te kauhanga ki te VPS, engari kaore e taea e te manu te hono ki te hapa "Hapa BGP" ... "Ka hoki ahau i te wehi" (c) ki te 5.4; Ko te nekehanga ki te 5.6 i hiki i TODO.

Na reira, i tua atu i te whakauru i te pouara me te VPS, i taapirihia e au te tirotiro (i runga i te x86 Ubuntu 18.04), ka whakauruhia ki runga i tetahi kaihautu motuhake me nga waahanga e whai ake nei:

  • prometheus, alertmanager, blackbox_exporter - kei te docker katoa
  • Ka tukuna nga matohi ki te hongere waea ma te whakamahi i te karetao metalmatze/alertmanager-bot - kei Docker hoki
  • tor mo te karetao, kia taea e te karetao te mataara i nga ahuatanga kei reira te Ipurangi, engari kaore ano a Telegram e mahi, a kaore e taea e te karetao te hono atu
  • tono matohi: NodeVPNRaruraru (kaore he ping ki te VPS), BirdVPNRaruraru (kare he huihuinga Manu), AntifilterDownloadRararuraru (he hapa te uta i nga wahitau IP kua aukatihia), PaeRaruraru (kare i te waatea te waea waea kino)
  • matohi punaha, hei tauira, HostGrowingDiskReadLatency (kare e taea te panui te kaari SD iti)

Aroturuki tauira tāutanga:

ansible-playbook ./monitoring.py -l monitoring-preprod

Ko te Whakakitenga Aunoa mo Prometheus kua whirihorahia i roto i te kōpaki /etc/prometheus/auto_http, he tauira mo te taapiri i te kaihautu ki te aroturuki (kaore nga kaihautu e aro turuki taunoa):

bash << 'EOF'
HOSTNAME=hm-bananapi-1
IP_ADDRESS=`ssh -G $HOSTNAME | awk '/^hostname / { print $2 }'`

ssh monitoring-preprod sudo sponge /etc/prometheus/auto_http/$HOSTNAME.json << EOF2
[
  {
    "targets": ["$IP_ADDRESS:9100"],
    "labels": {
      "env": "prod",
      "hostname": "$HOSTNAME"
    }
  }
]
EOF2
EOF

TODO: 2 kaiwhakarato, 2 BPI, anycast failover

I tua atu i nga mea katoa, i whakamahere ahau ki te hono atu ki nga kaiwhakarato e rua kia mahi tonu te Ipurangi, ahakoa he raruraru tetahi o nga kaiwhakarato ki te whatunga, ka wareware ranei ki te utu mo te Ipurangi, me etahi atu, me etahi atu take tangata.

Ko te wheako kaiwhakamahi tino matatau mo te kaupapa o te maha-wan e whakaahuatia ana konei mo te punaha Mwan3 i raro i Openwrt. He nui nga mahi a tenei otinga, engari he tino raruraru te whakatu me te whakahaere i te nuinga o te waa mo te maha-wan. Kotahi noa te tauira: ki te tae mai koe ki etahi waahi mai i nga wahitau IP e rua i te wa kotahi, kare pea ratou e pai, ka mutu te mahi => "Kaore te Ipurangi e mahi."

Ma te whai whakaaro ki tenei wheako, i whakatau ahau ko te multihoming ehara i te kaupapa matua, engari he kore noa iho. Ahakoa, ko te ahua kei roto i nga putanga hou o Linux me mahi nga mea katoa me te whakahau kotahi penei:

ip route add default 
    nexthop via 192.168.1.1 weight 10 
    nexthop via 192.168.2.1 weight 5

Na, ki te karo i te waahi kotahi o te kore, ka tango matou i nga BPI e 2, ka hono ia ki tetahi kaiwhakarato, ka hono atu ki a raatau me te hanga hononga ki a raatau ano he huarahi hihiri ma te manu/OSPF.

I muri mai, ka panuihia e matou te wahitau IP kotahi ki ia waahanga mena kei te waatea te ratonga (Ipurangi, DNS). Arā, kāre mātou e whakatakoto i te huarahi taunoa mā mātou anō, engari mā te manu. I kite ahau i te otinga konei .

Kaore ano kia whakatinanahia tenei mahi, ko te coronavirus nanakia he mahi tinihanga i konei (kaore nga mea katoa i tae mai i Aliexpress; tetahi atu toa ipurangi, Layta, i oati kia tukuna i roto i te wiki, engari neke atu i te marama kua pahemo; kaore he wa o te kaiwhakarato tuarua. ki te whakaroa i te taura i mua i te taratahi, ka taea noa e koe te kohao ki te keri ki te pakitara mo te taura).

Me pehea te ota R64

Ko te poari tonu kei roto i te toa mana SinoVoip.
He pai ake hoki te ota tonu:

  • te kai tōtika + whakamohio i te paerewa mono EU, US ranei
  • totohu wera: radiators/fans; na te mea kei te wera te PTM me te maramara whakawhiti
  • antenna wifi, hei tauira

He ahua ke - kua iti te utu o te tuku i roto i te toa mana mo etahi wa. Ko te Kaiwhakahaere a Judy Huang i whakapono ahau kaore he he, ka taea e koe te whiriwhiri i te ePacket mo te $5, engari i kite ahau mo Russia he EMS anake mo> $33. He kino, engari ehara i te mea kino. I tua atu, ki te whiriwhiri koe i tetahi atu whenua mo te tuku (I haere ahau ki nga whenua katoa), ka utu te utu ~ $5. Russophobes?.. Engari ka kitea e au mo Parani te utu tuku he ~30$ hoki, a ka marino ahau.

Ko te mutunga mai, ka tono a Judy ki te tuku ota, engari kaore e utua (tohu: kia iti iho ki runga i te kaari kia kore ai e puta te utu aunoa); tuhia ki a ia ka whakaitihia e ia te utu tuku ki te tikanga. Angitu.

take

Kaore ano nga mea katoa e mahi pai ana.

Te whai hua

Ansible=Ko nga whakahau a Python ka ata mahia, ahakoa he mangere, mo te 20-30 hēkona; he raupapa o te rahi te roa ake i te pona x86. I tua atu, i te tuatahi ka tere te mahi, ~ 3 hekona, katahi ka tere haere. Ko te take pea tenei na te whakamahana o te PTM (te toronga). He roa hoki te mahi a te waehere Haere:

# запрос метрик для прометея из node_exporter на Go
$ time curl -s http://172.30.1.1:9100/metrics > /dev/null

real    0m6,118s
user    0m0,005s
sys     0m0,009s

# однако температура 51 градус, не так и много
sa@bananapir64:~$ cat /sys/devices/virtual/thermal/thermal_zone0/temp
51700

Wifi

Ka mahi a Wifi, engari mo Armbian ka mutu i muri i te ra kotahi, ka tuhi:

sa@bananapir64:~$ dmesg | grep -E 'mt7622_wmac.*timeout'
[470303.802539] mt7622_wmac 18000000.wmac: Message 38 (seq 3) timeout
[470314.042508] mt7622_wmac 18000000.wmac: Message 50 (seq 4) timeout
...

Ko te whakaara ano anake ka awhina. Me haere tonu tatou whakaarohia.

Itarangi

Ka mahi a Ethernet, engari i muri i te ~64 haora ka mutu nga kete (DHCP) mai i te RXNUMX ka tae mai.
Ko te whakaara ano i te atanga ka awhina:

ifdown br0; sleep 30; ifup br0

He hou te taraiwa, kaore ano kia whakaaehia ki roto i te kakano, ko taku tumanako he Hainamana Landen Chao ka oti.

Source: will.com

Tāpiri i te kōrero