Banana Pi 64 jẹ kọnputa kan-ọkọ kan ti o jọra si Rasipibẹri Pi, ṣugbọn pẹlu ọpọlọpọ awọn ebute oko oju omi Ethernet, eyiti o jẹ ki o ṣee ṣe lati tan-an sinu olulana ti o da lori pinpin Linux gbogbogbo-idi.
Bẹẹni, Openwrt ti wa tẹlẹ, ṣugbọn o ni awọn iṣoro tirẹ, GUI ati CLI rẹ; Mikrotik wa, ṣugbọn lẹẹkansi o ni GUI / CLI tirẹ, ati Wireguard ko ṣiṣẹ lati inu apoti ... Ni gbogbogbo, Mo fẹ olulana pẹlu awọn eto rọ, lakoko ti o wa laarin ilana ti Linux boṣewa, eyiti o ṣiṣẹ pẹlu gbogbo ọjọ.
Ninu nkan ti o wa labẹ awọn orukọ BPI, R64, ọkan-ọkọ, Emi yoo tumọ si ohun kanna - Banana Pi R64 nikan-ọkọ funrararẹ.
Yiyan aworan kan. Ṣe igbasilẹ nipasẹ eMMC
Imọye akọkọ ti o nilo lati gba nigba ṣiṣẹ pẹlu ni apapọ, ati pẹlu R64 ni pato, yi tumo si eko bi o lati fifuye ohun ẹrọ sinu o ati ki o ni anfani lati a se nlo pẹlu ti o, nitori R64 ko ni ni a ibudo fun a atẹle awọn (HDMI, fun apẹẹrẹ). Nigbati ohun gbogbo ba ṣubu - Wifi, Ethernet, Bluetooth, USB, bbl duro ṣiṣẹ UART kan wa, nipasẹ wiwo eyiti o le rii nigbagbogbo ohun ti ko tọ, ati tun ṣiṣẹ awọn aṣẹ meji lati console, ti o ba jẹ dandan.
Algorithm fun sisopọ si R64 nipasẹ USB-UART:
- a nṣiṣẹ si ile itaja awọn ẹya ara redio fun okun USB-UART (PL2303, Serial-to-USB)
- so ọkan USB opin si awọn kọmputa, ati awọn miiran, UART, si R64, pẹlu mẹta onirin jade ninu mẹrin, bi ninu aworan ni isalẹ.
- ṣiṣe ni console kọmputa
sudo minicom
Lẹhin eyi, ni ọpọlọpọ igba console-ọkọ kan yoo han = aṣeyọri.
O le wo awọn alaye diẹ sii .
Nigbamii, ọna ti o rọrun julọ ni lati ṣaja ẹrọ ṣiṣe lati kaadi SD kan: ṣe igbasilẹ nipasẹ aworan ki o kun:
unzip -p 2019-08-23-ubuntu-16.04-lite-preview-bpi-r64-sd-emmc.img.zip | pv | sudo dd of=/dev/mmcblk0 bs=10M status=noxferA fi kaadi sii sinu iho R64 SD, tan-an, ati ṣe akiyesi ikojọpọ console ti a ti sopọ ni akọkọ uboot, lẹhinna ikojọpọ Linux boṣewa.
Aṣayan bata yiyan jẹ lilo kaadi 64Gb ti a ti kọ tẹlẹ sinu R8, ti a pe ni eMMC. Gẹgẹbi awọn itọnisọna ni wiki, a daakọ aworan si ẹrọ naa
/ dev/mmcblk0 si BPI, atunbere, yọ kaadi SD kuro, tan BPI lẹẹkansi ... ati pe ko ṣiṣẹ. Bawo ni lati lọ sẹhin ati siwaju Boot select maṣe yọ ara rẹ lẹnu.
Otitọ ni pe o kere ju fun BPI o nilo lati ṣeto asia pataki kan lati ni anfani lati bata lati kọnputa filasi inu:
root@bpi-r64:~# ./mmc extcsd read /dev/mmcblk1 | grep 'PARTITION_CONFIG'
Boot configuration bytes [PARTITION_CONFIG: 0x00]
root@bpi-r64:~# ./mmc bootpart enable 1 1 /dev/mmcblk1
root@bpi-r64:~# ./mmc extcsd read /dev/mmcblk1 | grep 'PARTITION_CONFIG'
Boot configuration bytes [PARTITION_CONFIG: 0x48]Nigbamii, o nilo lati kọ iṣaju sinu ipin bata pataki kan
root@bpi-r64:~# echo 0 > /sys/block/mmcblk0boot0/force_ro
root@bpi-r64:~# dd if=preloader_evb7622_64_foremmc.bin of=/dev/mmcblk0boot0Olupese R64 (China) Pipa alakomeji yii . Ohun ti o ṣe jẹ aimọ (ko si awọn koodu orisun), ṣugbọn kii yoo ṣiṣẹ laisi rẹ boya.
Ni gbogbogbo, lẹhin eyi, awọn aworan bẹrẹ lati fifuye lati eMMC. Ti o ba fẹ lati ro ero rẹ ki o ṣẹda awọn aworan lati ibere, lẹhinna fun awọn ọran mejeeji (SD/eMMC) o nilo lati kọ ọpọlọpọ awọn faili diẹ sii (aṣapẹrẹ fun kaadi SD, ATF, u-boot) kan lati gba ikojọpọ ekuro naa. Yi koko jẹ ṣi , ṣugbọn fun wa ohun akọkọ ni pe o ṣiṣẹ ati dara.
Bayi Mo ṣe igbasilẹ nipasẹ eMMC, lati sọ otitọ, Emi ko lo, kaadi SD kan ti to, ṣugbọn Mo lo akoko pupọ lati gba lati ṣiṣẹ, nitorinaa jẹ ki o wa ninu nkan naa.
Yiyan ẹrọ ṣiṣe. Aramania
Iṣẹ ohun elo akọkọ ni lati ṣe ifilọlẹ VPN kan, Wireguard nipa ti ara. O ti ṣe awari lẹsẹkẹsẹ pe ni ẹgbẹ kernel ko pejọ ati pe ko si awọn akọle. Mo tun ekuro ati, gẹgẹ bi iṣe mi pẹlu x86, ṣajọpọ module ekuro ni lilo DKMS. Sibẹsibẹ, iyara ti kikọ paapaa awọn ohun elo kekere lori arm64 ya mi lẹnu ni iyalẹnu. Ati lẹhinna a nilo module ekuro miiran, ati bẹbẹ lọ. Ni gbogbogbo, o wa ni pe ohun gbogbo ti o ni ibatan si ekuro jẹ apejọ ti o dara julọ lori kọnputa x86 ti o gbona, lẹhinna gbe lọ si R64 nipasẹ didaakọ ti o rọrun, atunbere ati idanwo.
Ohun miiran jẹ apakan aaye olumulo. Ninu ọran mi ti yiyan Debian, ohun gbogbo fun arm64 faaji ti wa tẹlẹ lori packages.debian.org ati pe ko si iwulo lati tun ṣe ohunkohun.
Ni ibere ki o má ba gbe kẹkẹ miiran, I lori BPI R64.
Tabi dipo, eyi: apakan aaye olumulo jẹ Armbian, ati pe a mu ekuro lati ibi ipamọ naa -A. Aworan tuntun le ṣe igbasilẹ .
Gbogbo iṣẹ ṣiṣe lori idagbasoke ti apakan sọfitiwia ti R64 ni a ṣe lori . Ni gbogbogbo, olupese funrararẹ n tiraka lati ṣe olokiki olulana fun Openwrt, ṣugbọn ọpẹ si iṣẹ ti olupilẹṣẹ Frank lati Jamani, gbogbo awọn ẹya ni kiakia pari ni ekuro fun Debian. Iyalenu, Frank n ṣiṣẹ ni gbogbo o tẹle ara apejọ.
Workspace agbari: onirin
Lọtọ, Emi yoo fẹ lati sọ fun ọ bi, lakoko idagbasoke / idanwo, gbe SBC kan (kii ṣe BPI nikan) lori tabili kan ki o má ba ṣiṣẹ okun Ethernet kan si rẹ lati orisun Intanẹẹti kọja gbogbo yara / ọfiisi. Otitọ ni pe, ni apa kan, o nilo lati pese ohun elo ohun elo pẹlu Intanẹẹti, ṣugbọn ni apa keji, ohun gbogbo ti o wa ninu nkan ti ohun elo naa le fọ lulẹ, ati ni akọkọ gbogbo Wifi.
Ni akọkọ, Mo pinnu lati ra “súfèé” USB-Wifi olowo poku, pulọọgi sinu ibudo nikan lori BPI ki o gbagbe nipa awọn okun. Lati ṣe eyi, Mo ti ra ilamẹjọ TP-LINK TL-WN725N USB 2.0, ṣugbọn laipẹ o han gbangba pe kii yoo ya: fun súfèé lati ṣiṣẹ, o nilo awakọ ekuro kan, eyiti, dajudaju, ko si nibẹ. (nigbamii Mo ṣajọpọ awakọ RTL8XXXU pataki, ṣugbọn o tun jẹ alaiṣe). Ati okun Ethernet bajẹ iwo ti yara naa fun igba diẹ.
Bi abajade, Mo ṣakoso lati yọ okun kuro pẹlu iranlọwọ ti Tenda MW3 (Wifi mesh system): Mo kan gbe cube kan labẹ tabili ati so BPI pọ si ibudo LAN ti igbehin pẹlu okun Ethernet gigun-mita kan. Aseyori.
Wireguard, RKN, Eye
Ọkan ninu awọn ohun ti Mo fẹ lati lo Banana PI fun ni lati ni iraye si ọfẹ si awọn aaye ti dina nipasẹ RKN, ni pataki, ki Telegram ati awọn ipe Slack le ṣiṣẹ. Awọn nkan lori Habré ti ni imọran tẹlẹ lori koko yii: , , .
Mo ran gangan ojutu yii ni lilo Ansible: .
VPS ni a ro pe o nṣiṣẹ Ubuntu 18.04. Mo ṣayẹwo iṣẹ ṣiṣe lori awọn alejo gbigba meji ni Yuroopu: Amazon ati Digital Ocean.
Nitorinaa, a fi Armbian ti o wa loke sori R64, o wa nipasẹ ssh labẹ orukọ hm-bananapi-1 ati ki o ni wiwọle Ayelujara. A nigbagbogbo ran Ansible, awọn iwe afọwọkọ adaṣe ati ṣe ifilọlẹ fifi sori ẹrọ funrararẹ lori R64:
# зависимости для Debian-based дистрибутивов
$ sudo apt install --no-install-recommends python3-pip python3-setuptools python3-wheel git
$ which pip3
/usr/bin/pip3
# ansible с pybook, скриптование на Python
$ pip3 install https://github.com/muravjov/ansible/archive/ansible-2.10.0.dev0-pybook2019.tar.gz
$ export PATH=~/.local/bin:$PATH
$ which ansible-playbook
/home/sa/.local/bin/ansible-playbook
$ git clone https://github.com/muravjov/ansible-bpi-r64.git
$ cd ansible-bpi-r64
$ git submodule update --init
# убеждаемся в доступности hm-bananapi-1
$ ssh hm-bananapi-1 which python3
/usr/bin/python3
# собственно установка
$ ansible-playbook ./router.py -l hm-bananapi-1Nigbamii, o nilo lati ran VPN wa si VPS ni ọna kanna:
ansible-playbook ./router.py -l current-vpnNibi ariyanjiyan nigbagbogbo jẹ vpn lọwọlọwọ, ati pe orukọ VPS gangan jẹ tunto ni oniyipada kan (ninu ọran yii o jẹ paris-vpn-aws-t2-micro-1):
$ grep current_vpn group_vars/all
current_vpn: paris-vpn-aws-t2-micro-1
#current_vpn: frankfurt-vpn-d0-starter-1Bẹẹni, ṣaaju gbogbo awọn iṣẹ wọnyi o nilo lati ṣe ipilẹṣẹ awọn aṣiri (ni pato awọn bọtini Wireguard) sinu folda naa ./secrets, liana yẹ ki o dabi .
Automation Ansible ni Python
O le ṣe akiyesi pe dipo kikopa ni ọna kika YAML, awọn aṣẹ Ansible jẹ koodu ni awọn iwe afọwọkọ Python. Fun lafiwe, bii o ṣe le mu daemon ẹiyẹ ṣiṣẹ ni ọna deede:
- name: start bird
systemd:
name: bird
state: started
enabled: yesati bii o ṣe le ṣe kanna nipasẹ Python:
with mapping:
append("name", "start bird")
with mapping("systemd"):
append("name", "bird")
append("state", "started")
append("enabled", "yes")Kikọ Awọn aṣẹ Ansible ni Python gba ọ laaye lati tun lo koodu naa, ati ni gbogbogbo ṣii gbogbo awọn iṣeeṣe ti ede idi gbogbogbo. Fun apẹẹrẹ, fifi ẹiyẹ sori R64 ati VPS:
install_bird("router/bird.conf.j2")
install_bird("vpn/bird.conf.j2")wo koodu iṣẹ .
Ẹya ara ẹrọ yi ti a npe ni pybook imuse . Ko si iwe lori pybook sibẹsibẹ, ṣugbọn Emi yoo ṣatunṣe ọran yii nigbamii.
Kini o ro lori ayeye yii.
Abojuto. Prometheus
Lapapọ: teligiramu ṣiṣẹ, linkedin ati pornhub paapaa, ni gbogbogbo iriri olumulo dara. Ṣugbọn ohun gbogbo le fọ, pẹlu ohun elo Kannada.
Awọn imudojuiwọn Kernel tun le jẹ igbadun: fun apẹẹrẹ, Mo fẹ lati ṣe imudojuiwọn kernel 5.4 => 5.6, daradara, Wireguard wa nibẹ lati inu apoti, ko si ye lati patch... Ko pẹ diẹ ti a ti ṣe: Mo fi itara gbe awọn abulẹ naa lati 5.4 si 5.6, ekuro bẹrẹ soke, oju eefin si VPS pinged, ṣugbọn ẹiyẹ ko le sopọ pẹlu aṣiṣe "Aṣiṣe BGP" ... "Mo ti yiyi pada ni ẹru" (c) si 5.4; Gbe lọ si 5.6 ti sun siwaju ni TODO.
Nitorinaa, ni afikun si fifi sori ẹrọ olulana ati VPS, Mo ṣafikun ibojuwo (lori x86 Ubuntu 18.04), eyiti o fi sii lori agbalejo lọtọ pẹlu awọn paati wọnyi:
- prometheus, alertmanager, blackbox_exporter - gbogbo rẹ ni docker
- Awọn itaniji ni a fi ranṣẹ si ikanni telegram ni lilo metalmatze/alertmanager-bot bot - tun ni Docker
- tor fun bot, ki bot le ṣe akiyesi awọn ipo nigbati Intanẹẹti wa, ṣugbọn telegram ko tun ṣiṣẹ, ati bot funrararẹ ko le sopọ
- loo : NodeVPNTroubles (ko si ping to VPS), BirdVPNTroubles (ko si igba Bird), AntifilterDownloadTroubles (ikojọpọ aṣiṣe dina IP adirẹsi), SiteTroubles (aisan-fated telegram ko si)
- awọn titaniji eto, fun apẹẹrẹ, HostGrowingDiskReadLatency (kaadi SD olowo poku di ai ka)
Apẹẹrẹ fifi sori ẹrọ atẹle:
ansible-playbook ./monitoring.py -l monitoring-preprodAwari Aifọwọyi fun Prometheus jẹ tunto ninu folda /etc/prometheus/auto_http, apẹẹrẹ ti fifi ogun kun si ibojuwo (a ko ṣe abojuto awọn ọmọ ogun nipasẹ aiyipada):
bash << 'EOF'
HOSTNAME=hm-bananapi-1
IP_ADDRESS=`ssh -G $HOSTNAME | awk '/^hostname / { print $2 }'`
ssh monitoring-preprod sudo sponge /etc/prometheus/auto_http/$HOSTNAME.json << EOF2
[
{
"targets": ["$IP_ADDRESS:9100"],
"labels": {
"env": "prod",
"hostname": "$HOSTNAME"
}
}
]
EOF2
EOFTODO: 2 olupese, 2 BPI, anycast failover
Ni afikun si ohun gbogbo, Mo gbero lati sopọ si awọn olupese meji ki Intanẹẹti le tẹsiwaju lati ṣiṣẹ, paapaa ti olupese kan ba ni awọn iṣoro pẹlu nẹtiwọọki, tabi wọn gbagbe lati sanwo fun Intanẹẹti, ati bẹbẹ lọ, ati awọn ifosiwewe eniyan miiran.
Iriri olumulo ti ilọsiwaju julọ lori koko-ọrọ ti ọpọlọpọ-wan jẹ apejuwe fun eto Mwan3 labẹ Openwrt. Ojutu yii ni iṣẹ ṣiṣe ọlọrọ, ṣugbọn eto ati ṣiṣiṣẹ rẹ ni gbogbogbo fun ọpọlọpọ-wan jẹ wahala pupọ. Apeere kan kan: ti o ba wa si awọn aaye kan lati awọn adiresi IP meji ni ẹẹkan, wọn le ma fẹran rẹ, wọn yoo da iṣẹ duro => "ayelujara ko ṣiṣẹ."
Ni akiyesi iriri yii, Mo pinnu pe multihoming kii ṣe pataki sibẹsibẹ, ikuna nikan. Botilẹjẹpe, o dabi pe ni awọn ẹya tuntun ti Linux ohun gbogbo yẹ ki o ṣiṣẹ pẹlu aṣẹ kan bii:
ip route add default
nexthop via 192.168.1.1 weight 10
nexthop via 192.168.2.1 weight 5Nitorinaa, lati yago fun aaye ikuna kan, a mu awọn BPI 2, so ọkọọkan si olupese kan, so wọn pọ si ara wọn ati ṣe asopọ pẹlu ara wọn ni ipa ọna ipa ọna nipasẹ ẹiyẹ / OSPF.
Nigbamii, a polowo adiresi IP kanna lori ọkọọkan ti iṣẹ naa ba wa (ayelujara, DNS). Iyẹn ni, a kii yoo ṣeto ọna aiyipada funrararẹ, ṣugbọn nipasẹ ẹiyẹ. Mo ṣe amí ojutu naa .
Iṣẹ ṣiṣe yii ko tii ṣe imuse, coronavirus aṣiwere ṣe ẹtan kan nibi (kii ṣe ohun gbogbo ti de lati Aliexpress; ile itaja ori ayelujara miiran, Layta, ṣe ileri lati firanṣẹ ni ọsẹ kan, ṣugbọn diẹ sii ju oṣu kan ti kọja; olupese keji ko ni akoko lati fa okun sii ṣaaju ki o to ya sọtọ, nikan ni iṣakoso lati gba iho kan ni lu sinu odi fun okun).
Bawo ni lati paṣẹ R64
Awọn ọkọ ara jẹ ninu awọn osise itaja .
O tun dara lati paṣẹ lẹsẹkẹsẹ:
- + sọfun EU tabi US plug bošewa
- ooru ifọwọ: radiators / egeb; nitori awọn mejeeji Sipiyu ati awọn ërún yipada ti wa ni alapapo soke
- eriali wifi,
Nuance kan wa - idiyele ifijiṣẹ ti di aipe giga ni ile itaja osise fun igba diẹ. Oluṣakoso Judy Huang da mi loju pe ko si aṣiṣe, ati pe o le yan ePacket fun $ 5, ṣugbọn Mo rii pe fun Russia EMS nikan wa fun> $ 33. Unpleasant, sugbon ko lominu ni. Pẹlupẹlu, ti o ba yan orilẹ-ede miiran fun ifijiṣẹ (Mo ti lọ nipasẹ gbogbo awọn kọnputa), ifijiṣẹ yoo jẹ ~ $ 5. Russophobes? .. Ṣugbọn lẹhinna Mo rii pe fun Faranse ni idiyele ifijiṣẹ tun ~ 30 $, ati pe Mo tunu.
Bi abajade, Judy funni lati paṣẹ, ṣugbọn kii ṣe sanwo (ofiri: fi kere si kaadi ki sisanwo laifọwọyi ko lọ nipasẹ); kọ si i ati pe yoo dinku iye owo ifijiṣẹ si deede. Aseyori.
oran
Kii ṣe ohun gbogbo ti n ṣiṣẹ ni pipe sibẹsibẹ.
Ise sise
Ansible=Aṣẹ Python jẹ ṣiṣe laiyara, paapaa awọn ti ko ṣiṣẹ, fun iṣẹju 20-30; aṣẹ titobi to gun ju lori kọnputa x86 kan. Pẹlupẹlu, ni akọkọ wọn ti ṣiṣẹ ni iyara, ~ 3 awọn aaya, lẹhinna wọn fa fifalẹ didasilẹ. Eleyi le jẹ nitori awọn Sipiyu alapapo soke (throttling). Koodu Go naa tun gba akoko pipẹ lati ṣiṣẹ:
# запрос метрик для прометея из node_exporter на Go
$ time curl -s http://172.30.1.1:9100/metrics > /dev/null
real 0m6,118s
user 0m0,005s
sys 0m0,009s
# однако температура 51 градус, не так и много
sa@bananapir64:~$ cat /sys/devices/virtual/thermal/thermal_zone0/temp
51700Wifi
Wifi ṣiṣẹ, ṣugbọn lori Armbian o duro lẹhin bii ọjọ kan, kọwe:
sa@bananapir64:~$ dmesg | grep -E 'mt7622_wmac.*timeout'
[470303.802539] mt7622_wmac 18000000.wmac: Message 38 (seq 3) timeout
[470314.042508] mt7622_wmac 18000000.wmac: Message 50 (seq 4) timeout
...Tun bẹrẹ nikan ṣe iranlọwọ. A nilo lati tẹsiwaju .
àjọlò
Ethernet ṣiṣẹ, ṣugbọn lẹhin ~ 64 wakati awọn apo-iwe (DHCP) lati RXNUMX duro de.
Titun ni wiwo ṣe iranlọwọ:
ifdown br0; sleep 30; ifup br0Awakọ naa jẹ tuntun, ko ti gba sinu ekuro sibẹsibẹ, Mo nireti pe o jẹ Kannada Landen Chao .
orisun: www.habr.com