Banana Pi 64 ndi kompyuta yokhala ndi bolodi limodzi yofanana ndi Raspberry Pi, koma yokhala ndi madoko angapo a Ethernet, zomwe zimapangitsa kuti zisinthe kukhala rauta kutengera kugawa kwa Linux.
Inde, pali kale Openwrt, koma ili ndi mavuto ake, GUI yake ndi CLI; Pali Mikrotik, koma kachiwiri ili ndi GUI / CLI yake, ndipo Wireguard sagwira ntchito kunja kwa bokosi ... Kawirikawiri, ndikufuna router yokhala ndi zosinthika zosinthika, pokhalabe mkati mwa Linux standard, zomwe mumagwira ntchito. ndi tsiku lililonse.
M'nkhani yomwe ili pansi pa mayina a BPI, R64, bolodi limodzi, ndikutanthauza zomwezo - Banana Pi R64 bolodi lokha.
Kusankha chithunzi. Tsitsani kudzera ku eMMC
Luso loyamba lomwe muyenera kukhala nalo mukamagwira nawo ntchito kawirikawiri, komanso ndi R64 makamaka, izi zikutanthauza kuphunzira kukweza makina ogwiritsira ntchito mkati mwake ndikutha kuyanjana nawo, chifukwa R64 ilibe doko la polojekiti (HDMI, mwachitsanzo). Pamene chirichonse chinagwa - Wifi, Efaneti, Bluetooth, USB, ndi zina zinasiya kugwira ntchito.Pali UART, kupyolera mu mawonekedwe omwe mungathe kuwona zomwe zalakwika, komanso kuyendetsa malamulo angapo kuchokera ku console, ngati kuli kofunikira.
Algorithm yolumikizira ku R64 kudzera pa USB-UART:
- timathamangira kumalo osungira mawailesi kuti tipeze chingwe cha USB-UART (PL2303, seri-to-USB)
- polumikiza mbali imodzi ya USB ku kompyuta, ndi ina, UART, ku R64, ndi mawaya atatu mwa anayi, monga momwe chithunzi chili pansipa.
- kuthamanga mu kompyuta console
sudo minicom
Pambuyo pa izi, nthawi zambiri cholumikizira cha bolodi limodzi chidzawoneka = kupambana.
Mutha kuwona zambiri .
Chotsatira, njira yosavuta ndikutsitsa makina ogwiritsira ntchito kuchokera ku SD khadi: kutsitsa ndi chithunzi ndikudzaza:
unzip -p 2019-08-23-ubuntu-16.04-lite-preview-bpi-r64-sd-emmc.img.zip | pv | sudo dd of=/dev/mmcblk0 bs=10M status=noxferTimayika khadi mu kagawo ka R64 SD, kuyatsa, ndikuwona cholumikizira cholumikizidwa chikutsegula koyamba, kenako kutsitsa kwa Linux.
Njira ina yopangira boot ndiyo kugwiritsa ntchito khadi ya 64Gb yomwe idamangidwa kale mu R8, yotchedwa eMMC. Malinga ndi malangizo mu wiki, timakopera chithunzichi ku chipangizocho
/dev/mmcblk0 ku BPI, yambitsaninso, chotsani khadi la SD, yatsaninso BPI ... ndipo sizikugwira ntchito. Momwe mungapitire mmbuyo ndi mtsogolo Boot select musavutike.
Chowonadi ndi chakuti kwa BPI muyenera kuyika mbendera yapadera kuti muthe kuyambitsa kuchokera pagalimoto yamkati:
root@bpi-r64:~# ./mmc extcsd read /dev/mmcblk1 | grep 'PARTITION_CONFIG'
Boot configuration bytes [PARTITION_CONFIG: 0x00]
root@bpi-r64:~# ./mmc bootpart enable 1 1 /dev/mmcblk1
root@bpi-r64:~# ./mmc extcsd read /dev/mmcblk1 | grep 'PARTITION_CONFIG'
Boot configuration bytes [PARTITION_CONFIG: 0x48]Kenako, muyenera kulemba preloader mu wapadera jombo kugawa
root@bpi-r64:~# echo 0 > /sys/block/mmcblk0boot0/force_ro
root@bpi-r64:~# dd if=preloader_evb7622_64_foremmc.bin of=/dev/mmcblk0boot0Wopanga R64 (China) adayika binary iyi . Zomwe amachita sizidziwika (palibe magwero), koma sizigwira ntchito popanda izo.
Kawirikawiri, pambuyo pa izi, zithunzi zimayamba kunyamula kuchokera ku eMMC. Ngati mukufuna kuzilingalira ndikupanga zithunzi kuyambira poyambira, ndiye pazochitika zonse ziwiri (SD/eMMC) muyenera kulemba mafayilo ena angapo (ojambuliratu khadi la SD, ATF, u-boot) kuti mungotsitsa kernel. Mutu uwu ukadalipo , koma kwa ife chachikulu ndikuti zimagwira ntchito komanso zabwino.
Tsopano ndimatsitsa kudzera ku eMMC, kunena zoona, sindiigwiritsa ntchito, khadi ya SD ndiyokwanira, koma ndidakhala nthawi yayitali kuti igwire ntchito, ndiye izi zikhale m'nkhaniyi.
Kusankha makina ogwiritsira ntchito. Chi Armenian
Ntchito yoyamba yofunsira ndikukhazikitsa VPN, mwachilengedwe Wireguard. Nthawi yomweyo zidadziwika kuti kumbali ya kernel sinasonkhanitsidwe ndipo panalibe mitu. Ndinamanganso kernel ndipo, monga chizolowezi changa ndi x86, ndinasonkhanitsa gawo la kernel pogwiritsa ntchito DKMS. Komabe, liwiro lomanga ngakhale zida zazing'ono pa arm64 zidandidabwitsa. Ndiyeno gawo lina la kernel linkafunika, etc. Nthawi zambiri, zimakhala kuti zonse zokhudzana ndi kernel zimasonkhanitsidwa bwino pa laputopu yotentha ya x86, kenako imasamutsidwa ku R64 mwa kukopera kosavuta, kuyambiranso ndikuyesedwa.
Chinthu china ndi gawo la ogwiritsa ntchito. Pankhani yanga yosankha Debian, chilichonse chomanga arm64 chili kale pa package.debian.org ndipo palibe chifukwa chomanganso chilichonse.
Kuti ndisapange njinga ina, I pa BPI R64.
Kapena m'malo, izi: gawo la ogwiritsa ntchito ndi Armbian, ndipo kernel imachotsedwa kumalo osungira -A. Chithunzi chatsopano chikhoza kumasulidwa .
Ntchito zonse pakupanga gawo la pulogalamu ya R64 ikuchitika . Nthawi zambiri, wopanga yekha amayesetsa kufalitsa rauta ya Openwrt, koma chifukwa cha ntchito ya wopanga mapulogalamu Frank waku Germany, mawonekedwe onse amathera kernel ya Debian. Chodabwitsa n'chakuti Frank akugwira ntchito mu ulusi uliwonse.
Bungwe la malo ogwira ntchito: mawaya
Payokha, ndikufuna ndikuuzeni momwe, panthawi yachitukuko / kuyesa, ikani SBC (osati BPI) patebulo kuti musamayendetse chingwe cha Efaneti kuchokera pa intaneti pachipinda chonse / ofesi. Chowonadi ndi chakuti, kumbali imodzi, muyenera kupereka chidutswa cha hardware ndi intaneti, koma kumbali ina, chirichonse chomwe chili mu hardwareyo chikhoza kuwonongeka, ndipo choyamba Wifi.
Choyamba, ndinaganiza zogula "mluzu" wa USB-Wifi wotchipa, ndikuyiyika pa doko lokhalo pa BPI ndikuyiwala za mawaya. Kuti ndichite izi, ndinagula TP-LINK TL-WN725N USB 2.0 yotsika mtengo, koma posakhalitsa zinaonekeratu kuti sizingachoke: kuti mluzu ugwire ntchito, muyenera dalaivala wa kernel, yemwe, ndithudi, kunalibe. (kenako ndidasonkhanitsa woyendetsa wofunikira wa RTL8XXXU, koma sizothandiza). Ndipo chingwe cha Ethernet chidawononga mawonekedwe a chipindacho kwakanthawi.
Chotsatira chake, ndinatha kuchotsa chingwe mothandizidwa ndi Tenda MW3 (Wifi mesh system): Ndinangoyika kyubu imodzi pansi pa tebulo ndikugwirizanitsa BPI ku doko la LAN lakumapeto ndi chingwe cha Ethernet chautali wa mita. Kupambana.
Wireguard, RKN, Mbalame
Chimodzi mwazinthu zomwe ndikufuna kugwiritsa ntchito Banana PI ndikuti ndikhale ndi mwayi wopita kumasamba otsekedwa ndi RKN, makamaka, kuti mafoni a Telegraph ndi Slack agwire ntchito. Zolemba za HabrΓ© zaperekedwa kale pamutuwu: , , .
Ndinagwiritsa ntchito njira iyi pogwiritsa ntchito Ansible: .
VPS imaganiziridwa kuti ikuyendetsa Ubuntu 18.04. Ndidayang'ana magwiridwe antchito pa ma hoster awiri ku Europe: Amazon ndi Digital Ocean.
Chifukwa chake, tidayika Armbian pamwambapa pa R64, imapezeka kudzera pa ssh pansi pa dzina hm-bananapi-1 ndipo ali ndi intaneti. Timatumiza mosalekeza zolemba za Ansible, automation ndikuyambitsa kukhazikitsa pa R64:
# Π·Π°Π²ΠΈΡΠΈΠΌΠΎΡΡΠΈ Π΄Π»Ρ Debian-based Π΄ΠΈΡΡΡΠΈΠ±ΡΡΠΈΠ²ΠΎΠ²
$ sudo apt install --no-install-recommends python3-pip python3-setuptools python3-wheel git
$ which pip3
/usr/bin/pip3
# ansible Ρ pybook, ΡΠΊΡΠΈΠΏΡΠΎΠ²Π°Π½ΠΈΠ΅ Π½Π° Python
$ pip3 install https://github.com/muravjov/ansible/archive/ansible-2.10.0.dev0-pybook2019.tar.gz
$ export PATH=~/.local/bin:$PATH
$ which ansible-playbook
/home/sa/.local/bin/ansible-playbook
$ git clone https://github.com/muravjov/ansible-bpi-r64.git
$ cd ansible-bpi-r64
$ git submodule update --init
# ΡΠ±Π΅ΠΆΠ΄Π°Π΅ΠΌΡΡ Π² Π΄ΠΎΡΡΡΠΏΠ½ΠΎΡΡΠΈ hm-bananapi-1
$ ssh hm-bananapi-1 which python3
/usr/bin/python3
# ΡΠΎΠ±ΡΡΠ²Π΅Π½Π½ΠΎ ΡΡΡΠ°Π½ΠΎΠ²ΠΊΠ°
$ ansible-playbook ./router.py -l hm-bananapi-1Kenako, muyenera kutumiza VPN yathu ku VPS chimodzimodzi:
ansible-playbook ./router.py -l current-vpnApa mkangano umakhala waposachedwa-vpn, ndipo dzina lenileni la VPS limapangidwa mosinthika (panthawiyi ndi paris-vpn-aws-t2-micro-1):
$ grep current_vpn group_vars/all
current_vpn: paris-vpn-aws-t2-micro-1
#current_vpn: frankfurt-vpn-d0-starter-1O inde, izi zisanachitike muyenera kupanga zinsinsi (makamaka makiyi a Wireguard) mufoda. ./secrets, chikwatu chiyenera kuwoneka ngati .
Ansible Automation mu Python
Mutha kuzindikira kuti m'malo mokhala mumtundu wa YAML, malamulo a Ansible amasungidwa muzolemba za Python. Poyerekeza, momwe mungathandizire daemon ya mbalame mwachizolowezi:
- name: start bird
systemd:
name: bird
state: started
enabled: yesndi momwe mungachitire zomwezo kudzera pa Python:
with mapping:
append("name", "start bird")
with mapping("systemd"):
append("name", "bird")
append("state", "started")
append("enabled", "yes")Kulemba Malamulo Abwino mu Python kumakupatsani mwayi wogwiritsanso ntchito nambalayo, ndipo nthawi zambiri imatsegula mwayi wonse wachilankhulo chofuna kugwiritsa ntchito. Mwachitsanzo, kukhazikitsa mbalame pa R64 ndi VPS:
install_bird("router/bird.conf.j2")
install_bird("vpn/bird.conf.j2")onani ntchito kodi .
Mbali imeneyi amatchedwa pybook zakhazikitsidwa . Palibe zolemba pa pybook pano, koma ndikonza nkhaniyi pambuyo pake.
Akuganiza bwanji pa nthawiyi.
Kuyang'anira. Prometheus
Zonse: telegalamu imagwira ntchito, linkedin ndi pornhub nawonso, zambiri zomwe ogwiritsa ntchito ali nazo zili bwino. Koma zonse zimatha kusweka, kuphatikiza zida zaku China.
Zosintha za Kernel zingakhalenso zosangalatsa: mwachitsanzo, ndimafuna kusintha kernel 5.4 => 5.6, chabwino, Wireguard alipo kunja kwa bokosi, palibe chifukwa choyika ... mpaka 5.4, kernel idayamba, ngalande yopita ku VPS idayima, koma mbalame siyingalumikizane ndi cholakwika "BGP Error" ... "Ndinagubuduza m'mantha" (c) mpaka 5.6; Kusamukira ku 5.4 kudayimitsidwa ku TODO.
Chifukwa chake, kuwonjezera pakuyika rauta ndi VPS, ndidawonjezera kuwunika (pa x86 Ubuntu 18.04), yomwe imayikidwa pagulu lapadera ndi zigawo zotsatirazi:
- prometheus, alertmanager, blackbox_exporter - onse ali mu docker
- Zidziwitso zimatumizidwa ku njira ya telegraph pogwiritsa ntchito metalmatze/alertmanager-bot bot - komanso ku Docker.
- tor kwa bot, kuti bot ikhoza kuchenjeza zochitika pakakhala intaneti, koma Telegalamu sikugwirabe ntchito, ndipo botyo siyingalumikizane.
- ntchito : NodeVPNTroubles (palibe ping ku VPS), MbalameVPNMavuto (palibe gawo la Mbalame), AntifilterDownloadTroubles (zolakwika potsegula ma adilesi a IP otsekedwa), SiteTroubles (telegalamu yoyipa siyikupezeka)
- zidziwitso zamakina, mwachitsanzo, HostGrowingDiskReadLatency (khadi yotsika mtengo ya SD imakhala yosawerengeka)
Monitoring khwekhwe chitsanzo:
ansible-playbook ./monitoring.py -l monitoring-preprodAuto Discovery for Prometheus imakonzedwa mu /etc/prometheus/auto_http chikwatu, chitsanzo chowonjezera wolandila kuwunikira (makamu samayang'aniridwa mwachisawawa):
bash << 'EOF'
HOSTNAME=hm-bananapi-1
IP_ADDRESS=`ssh -G $HOSTNAME | awk '/^hostname / { print $2 }'`
ssh monitoring-preprod sudo sponge /etc/prometheus/auto_http/$HOSTNAME.json << EOF2
[
{
"targets": ["$IP_ADDRESS:9100"],
"labels": {
"env": "prod",
"hostname": "$HOSTNAME"
}
}
]
EOF2
EOFZOCHITA: 2 operekera, 2 BPI, anycast failover
Kuwonjezera pa chirichonse, ndinakonzekera kugwirizanitsa ndi othandizira awiri kuti intaneti ipitirize kugwira ntchito, ngakhale ngati wothandizira wina ali ndi vuto ndi intaneti, kapena anaiwala kulipira intaneti, ndi zina zotero, ndi zina zaumunthu.
Zomwe zimagwiritsidwa ntchito kwambiri pamutu wa multi-wan zikufotokozedwa kwa dongosolo la Mwan3 pansi pa Openwrt. Yankholi lili ndi magwiridwe antchito ambiri, koma kuyiyika ndikuyigwiritsa ntchito pafupipafupi kwa ma multi-wan ndikovuta. Chitsanzo chimodzi chokha: ngati mutabwera kumalo ena kuchokera ku ma adilesi awiri a IP nthawi imodzi, mwina sangakonde, adzasiya kugwira ntchito => "Intaneti sikugwira ntchito."
Poganizira izi, ndinaganiza kuti multihoming si chofunika kwambiri, koma failover yekha. Ngakhale, zikuwoneka kuti m'matembenuzidwe aposachedwa a Linux chilichonse chiyenera kugwira ntchito ndi lamulo limodzi monga:
ip route add default
nexthop via 192.168.1.1 weight 10
nexthop via 192.168.2.1 weight 5Kotero, kuti tipewe mfundo imodzi yolephera, timatenga 2 BPIs, kugwirizanitsa aliyense kwa wothandizira mmodzi, kugwirizanitsa iwo kwa wina ndi mzake ndi kupanga kugwirizana wina ndi mzake mayendedwe amphamvu kudzera pa mbalame / OSPF.
Kenako, timalengeza ma adilesi a IP omwewo pa aliyense ngati ntchitoyo ilipo (Intaneti, DNS). Ndiko kuti, sitidzakhazikitsa njira yokhazikika tokha, koma kudzera mwa mbalame. Ndinaona yankho .
Kugwira ntchito kumeneku sikunakwaniritsidwebe, ma coronavirus achinyengo adachita chinyengo apa (osati zonse zomwe zidachokera ku Aliexpress; sitolo ina yapaintaneti, Layta, adalonjeza kuti apereka pakatha sabata, koma mwezi wopitilira wadutsa; wopereka wachiwiri analibe nthawi. kukulitsa chingwe musanayambe kuika kwaokha, kungotha ββkupeza bowo pakhoma la chingwe).
Momwe mungayitanitsa R64
Bolodi palokha ili mu sitolo yovomerezeka .
Ndibwinonso kuyitanitsa nthawi yomweyo:
- + dziwitsani EU kapena US plug standard
- kutentha kwakuya: ma radiators / mafani; chifukwa CPU ndi switch chip zikuwotcha
- wifi antenna,
Pali nuance - mtengo wobweretsera wakhala wosakwera mokwanira m'sitolo yovomerezeka kwakanthawi. Woyang'anira Judy Huang adanditsimikizira kuti panalibe cholakwika, ndipo mutha kusankha ePacket ya $ 5, koma ndidawona kuti ku Russia kuli EMS yokha ya> $ 33. Zosasangalatsa, koma osati zotsutsa. Komanso, ngati musankha dziko lina lililonse kuti mutumize (ndinadutsa m'makontinenti onse), kutumiza kudzawononga ~ $ 5. Russophobes?.. Koma kenako ndinapeza kuti ku France mtengo wobweretsera ulinso ~ 30 $, ndipo ndinadekha.
Zotsatira zake, Judy adapereka lamulo, koma osalipira (kafungo: ikani pang'ono pa khadi kuti malipiro okhazikika asadutse); mulembereni ndipo achepetsa mtengo wobereka kukhala wabwinobwino. Kupambana.
Issues
Sikuti zonse zikuyenda bwino.
Kukonzekera
Ansible=Malamulo a Python amachitidwa pang'onopang'ono, ngakhale opanda pake, kwa masekondi 20-30; dongosolo lalitali kuposa laputopu ya x86. Kuphatikiza apo, poyamba amaphedwa mwachangu, ~ masekondi atatu, kenako amachepetsa kwambiri. Izi zitha kukhala chifukwa cha kutentha kwa CPU (kugwedeza). Go code imatenganso nthawi yayitali kuti igwire ntchito:
# Π·Π°ΠΏΡΠΎΡ ΠΌΠ΅ΡΡΠΈΠΊ Π΄Π»Ρ ΠΏΡΠΎΠΌΠ΅ΡΠ΅Ρ ΠΈΠ· node_exporter Π½Π° Go
$ time curl -s http://172.30.1.1:9100/metrics > /dev/null
real 0m6,118s
user 0m0,005s
sys 0m0,009s
# ΠΎΠ΄Π½Π°ΠΊΠΎ ΡΠ΅ΠΌΠΏΠ΅ΡΠ°ΡΡΡΠ° 51 Π³ΡΠ°Π΄ΡΡ, Π½Π΅ ΡΠ°ΠΊ ΠΈ ΠΌΠ½ΠΎΠ³ΠΎ
sa@bananapir64:~$ cat /sys/devices/virtual/thermal/thermal_zone0/temp
51700Wifi
Wifi imagwira ntchito, koma pa Armbian imayima patatha pafupifupi tsiku, akulemba kuti:
sa@bananapir64:~$ dmesg | grep -E 'mt7622_wmac.*timeout'
[470303.802539] mt7622_wmac 18000000.wmac: Message 38 (seq 3) timeout
[470314.042508] mt7622_wmac 18000000.wmac: Message 50 (seq 4) timeout
...Kungoyambitsanso kumathandiza. Tiyenera kupitiriza .
Efaneti
Efaneti imagwira ntchito, koma pambuyo ~ mapaketi a maola 64 (DHCP) kuchokera ku RXNUMX amasiya kufika.
Kuyambitsanso mawonekedwe kumathandiza:
ifdown br0; sleep 30; ifup br0Dalaivala ndi watsopano, sanavomerezedwe mu kernel pano, ndikuyembekeza kuti ndi Chinese Landen Chao .
Source: www.habr.com