I-Banana Pi 64 iyikhompyutha enebhodi elilodwa efana ne-Raspberry Pi, kodwa enamachweba amaningana e-Ethernet, okwenza kube nokwenzeka ukuyiguqula ibe umzila osuselwe ekusabalaliseni kwe-Linux kwenhloso evamile.
Yebo, isivele ikhona i-Openwrt, kodwa inezinkinga zayo, i-GUI yayo ne-CLI; Kukhona i-Mikrotik, kodwa futhi ine-GUI / CLI yayo, futhi i-Wireguard ayisebenzi ngaphandle kwebhokisi ... Ngokuvamile, ngifuna i-router enezilungiselelo eziguquguqukayo, ngenkathi ihlezi ngaphakathi kohlaka lwe-Linux evamile, osebenzayo. nazo zonke izinsuku.
Esihlokweni esingaphansi kwamagama e-BPI, u-R64, ibhodi elilodwa, ngizosho into efanayo - ibhodi elilodwa le-Banana Pi R64 uqobo.
Ukukhetha isithombe. Landa nge-EMMC
Ikhono lokuqala okufanele ulithole lapho usebenza nalo
I-algorithm yokuxhuma ku-R64 nge-USB-UART:
- sigijimela esitolo sezingxenye zomsakazo ukuthola intambo ye-USB-UART (PL2303, Serial-to-USB)
- xhuma isiphetho esisodwa se-USB kukhompyutha, kanti enye, i-UART, ku-R64, nezintambo ezintathu kwezine, njengasesithombeni esingezansi.
- sebenzisa ikhonsoli yekhompyutha
sudo minicom
Ngemva kwalokhu, ezimweni eziningi kuzovela ikhonsoli yebhodi elilodwa = impumelelo.
Ungabona imininingwane eyengeziwe
Okulandelayo, indlela elula ukulayisha uhlelo lokusebenza ekhadini le-SD: landa nge
unzip -p 2019-08-23-ubuntu-16.04-lite-preview-bpi-r64-sd-emmc.img.zip | pv | sudo dd of=/dev/mmcblk0 bs=10M status=noxfer
Sifaka ikhadi ku-slot ye-R64 SD, siyivule, bese sibheka ikhonsoli exhunyiwe ilayisha kuqala i-uboot, bese ilayisha i-Linux evamile.
Enye inketho yokuqalisa ukusebenzisa ikhadi le-64Gb eselivele lakhiwe ku-R8, elibizwa nge-EMMC. Ngokwemiyalelo eku-wiki, sikopisha isithombe kudivayisi
/dev/mmcblk0 ku-BPI, qalisa kabusha, susa ikhadi le-SD, uvule i-BPI futhi... futhi ayisebenzi. Indlela yokubuyela emuva naphambili Boot select
ningazihluphi.
Iqiniso liwukuthi okungenani ku-BPI udinga ukusetha ifulege elikhethekile ukuze ukwazi ukuqala kusuka ku-flash drive yangaphakathi:
root@bpi-r64:~# ./mmc extcsd read /dev/mmcblk1 | grep 'PARTITION_CONFIG'
Boot configuration bytes [PARTITION_CONFIG: 0x00]
root@bpi-r64:~# ./mmc bootpart enable 1 1 /dev/mmcblk1
root@bpi-r64:~# ./mmc extcsd read /dev/mmcblk1 | grep 'PARTITION_CONFIG'
Boot configuration bytes [PARTITION_CONFIG: 0x48]
Okulandelayo, udinga ukubhala i-preloader ku-partition ye-boot ekhethekile
root@bpi-r64:~# echo 0 > /sys/block/mmcblk0boot0/force_ro
root@bpi-r64:~# dd if=preloader_evb7622_64_foremmc.bin of=/dev/mmcblk0boot0
Umkhiqizi u-R64 (e-China) uthumele le kanambambili
Ngokuvamile, ngemva kwalokhu, izithombe ziqala ukulayisha kusuka ku-EMMC. Uma ufuna ukukuthola bese udala izithombe kusukela ekuqaleni, kuzo zombili izimo (i-SD/eMMC) udinga ukubhala amanye amafayela amaningana (isilayishi sangaphambili sekhadi le-SD, i-ATF, i-u-boot) ukuze nje uthole ukulayisha i-kernel. Lesi sihloko namanje
Manje ngilanda nge-EMMC, uma ngikhuluma iqiniso, angilisebenzisi, ikhadi le-SD lanele, kodwa ngichithe isikhathi esiningi ngilisebenza, ngakho makube kusihloko.
Ukukhetha isistimu yokusebenza. I-Armbian
Umsebenzi wokuqala wohlelo lokusebenza ukwethula i-VPN, ngokwemvelo i-Wireguard. Kwavele kwatholakala ukuthi ngasohlangothini lwe-kernel ayizange ihlanganiswe futhi ingekho izihloko. Ngakhe kabusha i-kernel futhi, njengomkhuba wami nge-x86, ngahlanganisa imojula ye-kernel ngisebenzisa i-DKMS. Kodwa-ke, isivinini sokwakha ngisho nezinsiza ezincane ku-arm64 singimangaze kabi. Futhi-ke kwakudingeka enye imojula ye-kernel, njll. Ngokuvamile, kuvela ukuthi yonke into ehlobene ne-kernel ihlanganiswe kangcono kwi-laptop ye-x86 efudumele, bese idluliselwa ku-R64 ngokukopisha okulula, iqaliswe kabusha futhi ihlolwe.
Enye into ingxenye yendawo yomsebenzisi. Endabeni yami yokukhetha i-Debian, yonke into yokwakhiwa kwe-arm64 isivele iku-packages.debian.org futhi asikho isidingo sokwakha kabusha noma yini.
Ukuze ngingakhiqizi elinye ibhayisikili, I
Noma kunalokho, lokhu: ingxenye yendawo yomsebenzisi i-Armbian, futhi i-kernel ithathwa endaweni yokugcina
Wonke umsebenzi ekuthuthukisweni kwengxenye yesoftware ka-R64 wenziwa
Inhlangano yendawo yokusebenza: izintambo
Ngokwehlukana, ngithanda ukukutshela ukuthi, ngesikhathi sokuthuthukiswa/ukuhlola, ubeka kanjani i-SBC (hhayi nje i-BPI) etafuleni ukuze ungasebenzisi ikhebula le-Ethernet kuyo kusuka kumthombo we-inthanethi kulo lonke igumbi/ihhovisi. Iqiniso liwukuthi, ngakolunye uhlangothi, udinga ukuhlinzeka ngocezu lwehadiwe nge-Intanethi, kodwa ngakolunye uhlangothi, yonke into ekuleso siqeshana sehadiwe ingadiliza, futhi okokuqala i-Wifi.
Okokuqala, nginqume ukuthenga “inlozi” ye-USB-Wifi eshibhile, ngiyixhume echwebeni okuwukuphela kwe-BPI futhi ngikhohlwe izintambo. Ukuze ngenze lokhu, ngithenge i-TP-LINK TL-WN725N USB 2.0 engabizi, kodwa ngokushesha kwacaca ukuthi ngeke isuke: ukuze impempe isebenze, udinga umshayeli we-kernel, okuyiqiniso ukuthi wayengekho. (kamuva ngahlanganisa umshayeli we-RTL8XXXU odingekayo, kodwa akusasebenzi ). Futhi ikhebula le-Ethernet lonakalise ukubukeka kwegumbi okwesikhashana.
Ngenxa yalokho, ngakwazi ukulahla ikhebula ngosizo lwe-Tenda MW3 (uhlelo lwe-Wifi mesh): Ngimane ngibeke i-cube eyodwa ngaphansi kwetafula futhi ngixhume i-BPI echwebeni le-LAN yakamuva ngentambo ye-Ethernet ubude obuyimitha. Impumelelo.
I-Wireguard, i-RKN, Inyoni
Enye yezinto engifuna ukuyisebenzisela i-Banana PI iwukuba nokufinyelela kwamahhala kumasayithi avinjwe i-RKN, ikakhulukazi, ukuze izingcingo zeTelegram ne-Slack zisebenze. Izindatshana ezimayelana no-Habré sezivele zihlongozwa ngalesi sihloko:
Ngisebenzise lesi sixazululo ngisebenzisa i-Ansible:
I-VPS kucatshangwa ukuthi isebenzisa Ubuntu 18.04. Ngihlole ukusebenza kwabasingathi ababili eYurophu: i-Amazon ne-Digital Ocean.
Ngakho-ke, sifake i-Armbian engenhla ku-R64, ifinyeleleka nge-ssh ngaphansi kwegama hm-bananapi-1
futhi inokufinyelela ku-inthanethi. Sisebenzisa ngokungaguquki imibhalo ye-Ansible, automation scripts futhi siqalise ukufakwa ngokwako ku-R64:
# зависимости для Debian-based дистрибутивов
$ sudo apt install --no-install-recommends python3-pip python3-setuptools python3-wheel git
$ which pip3
/usr/bin/pip3
# ansible с pybook, скриптование на Python
$ pip3 install https://github.com/muravjov/ansible/archive/ansible-2.10.0.dev0-pybook2019.tar.gz
$ export PATH=~/.local/bin:$PATH
$ which ansible-playbook
/home/sa/.local/bin/ansible-playbook
$ git clone https://github.com/muravjov/ansible-bpi-r64.git
$ cd ansible-bpi-r64
$ git submodule update --init
# убеждаемся в доступности hm-bananapi-1
$ ssh hm-bananapi-1 which python3
/usr/bin/python3
# собственно установка
$ ansible-playbook ./router.py -l hm-bananapi-1
Okulandelayo, udinga ukuthumela i-VPN yethu ku-VPS ngendlela efanayo:
ansible-playbook ./router.py -l current-vpn
Lapha i-agumenti ihlala imanje-vpn, futhi igama langempela le-VPS lilungiswa ngokuguquguquka (kulokhu kuyi-paris-vpn-aws-t2-micro-1):
$ grep current_vpn group_vars/all
current_vpn: paris-vpn-aws-t2-micro-1
#current_vpn: frankfurt-vpn-d0-starter-1
Oh yebo, ngaphambi kwayo yonke le misebenzi udinga ukukhiqiza izimfihlo (ikakhulukazi okhiye be-Wireguard) kufolda ./secrets
, uhla lwemibhalo kufanele lubukeke
I-Ansible Automation kuPython
Ungase uqaphele ukuthi esikhundleni sokuba ngefomethi ye-YAML, imiyalo e-Ansible ibhalwa ngekhodi ye-Python scripts. Ukuze uqhathanise, ungayinika kanjani amandla i-daemon yenyoni ngendlela evamile:
- name: start bird
systemd:
name: bird
state: started
enabled: yes
nokuthi ungakwenza kanjani okufanayo ngePython:
with mapping:
append("name", "start bird")
with mapping("systemd"):
append("name", "bird")
append("state", "started")
append("enabled", "yes")
Ukubhala imiyalo enengqondo ku-Python kukuvumela ukuthi usebenzise kabusha ikhodi, futhi ngokuvamile kuvula wonke amathuba olimi lwenhloso evamile. Isibonelo, ukufaka inyoni ku-R64 naku-VPS:
install_bird("router/bird.conf.j2")
install_bird("vpn/bird.conf.j2")
bona ikhodi yomsebenzi
Lesi sici esibizwa ngokuthi pybook
kwenziwe
Ucabangani
Ukuqapha. I-Prometheus
Ingqikithi: i-telegraph iyasebenza, i-linkedin ne-pornhub nayo, ngokuvamile ulwazi lomsebenzisi lulungile. Kepha konke kungaphuka, kufaka phakathi i-hardware yaseShayina.
Izibuyekezo ze-Kernel nazo zingathakazelisa: isibonelo, bengifuna ukubuyekeza i-kernel 5.4 => 5.6, kahle, I-Wireguard ikhona ngaphandle kwebhokisi, asikho isidingo sokuchibiyela... Ngokushesha nje lapho ngiqeda: Ngidlulise ngokucophelela amapheshana ukusuka ku-5.4 kuya ku-5.6, i-kernel yaqala phezulu, umhubhe oya ku-VPS u-pinged, kodwa inyoni ayikwazi ukuxhuma nephutha "Iphutha le-BGP" ... "Ngibuyele emuva ngokwesaba" (c) kuya ku-5.4; Ukuthuthela ku-5.6 kuhlehlisiwe ku-TODO.
Ngakho-ke, ngaphezu kokufaka i-router ne-VPS, ngengeze ukuqapha (ku-x86 Ubuntu 18.04), efakwe kumsingathi ohlukile ngezinto ezilandelayo:
- i-prometheus, i-alertmanager, i-blackbox_exporter - konke ku-docker
- Izaziso zithunyelwa esiteshini setelegram kusetshenziswa i-metalmatze/alertmanager-bot bot - futhi ku-Docker
- tor for the bot, ukuze i-bot ikwazi ukuxwayisa izimo lapho kune-inthanethi, kodwa iTelegramu namanje ayisebenzi, futhi i-bot ngokwayo ayikwazi ukuxhuma
- kusetshenzisiwe
izexwayiso : I-NodeVPNIzinkinga (ayikho i-ping ku-VPS), I-BirdVPNIzinkinga (ayikho iseshini yezinyoni), I-AntifilterDownloadTroubles (iphutha ekulayisheni amakheli e-IP avinjiwe), SiteTroubles (i-telegram engasebenzi kahle ayitholakali) - izixwayiso zesistimu, isibonelo, i-HostGrowingDiskReadLatency (ikhadi le-SD elishibhile alifundeki)
Isibonelo sokusetha sokuqapha:
ansible-playbook ./monitoring.py -l monitoring-preprod
I-Auto Discovery ye-Prometheus ilungiselelwe kufolda /etc/prometheus/auto_http, isibonelo sokwengeza umsingathi ekuqashweni (ababungazi abagadwa ngokuzenzakalelayo):
bash << 'EOF'
HOSTNAME=hm-bananapi-1
IP_ADDRESS=`ssh -G $HOSTNAME | awk '/^hostname / { print $2 }'`
ssh monitoring-preprod sudo sponge /etc/prometheus/auto_http/$HOSTNAME.json << EOF2
[
{
"targets": ["$IP_ADDRESS:9100"],
"labels": {
"env": "prod",
"hostname": "$HOSTNAME"
}
}
]
EOF2
EOF
OKUMELE UKWENZE: Abahlinzeki abangu-2, 2 BPI, anycast failover
Ngaphezu kwakho konke, ngihlele ukuxhuma kubahlinzeki ababili ukuze i-intanethi iqhubeke nokusebenza, ngisho noma umhlinzeki oyedwa enezinkinga ngenethiwekhi, noma ukhohlwe ukukhokhela i-intanethi, njll, nezinye izici zomuntu.
Okuhlangenwe nakho okuthuthuke kakhulu komsebenzisi esihlokweni se-multi-wan kuchaziwe
Ngokucabangela lokhu okuhlangenwe nakho, nginqume ukuthi i-multihoming ayiyona into ehamba phambili okwamanje, i-failover kuphela. Nakuba, kubonakala sengathi ezinguqulweni zakamuva ze-Linux yonke into kufanele isebenze ngomyalo owodwa ofana:
ip route add default
nexthop via 192.168.1.1 weight 10
nexthop via 192.168.2.1 weight 5
Ngakho-ke, ukuze sigweme iphuzu elilodwa lokuhluleka, sithatha ama-BPI angu-2, sixhuma ngayinye kumhlinzeki oyedwa, sixhumane nomunye nomunye futhi senze ukuxhumana komunye nomunye umzila oshukumisayo ngenyoni/OSPF.
Okulandelayo, sikhangisa ikheli le-IP elifanayo kulelo nalelo sevisi uma isevisi itholakala (I-inthanethi, i-DNS). Okusho ukuthi, ngeke sibeke umzila ozenzakalelayo ngokwethu, kodwa ngenyoni. Ngalihlola ikhambi
Lokhu kusebenza akukakaqaliswa ukusetshenziswa, i-coronavirus ekhohlisayo idlale iqhinga lapha (akuyona yonke into efike ivela ku-Aliexpress; esinye isitolo se-inthanethi, i-Layta, sithembise ukuletha ngesonto, kodwa sekudlule isikhathi esingaphezu kwenyanga; umhlinzeki wesibili wayengenaso isikhathi. ukunweba ikhebula ngaphambi kokuvalelwa, ukwazile kuphela ukuthola imbobo yokubhoboza odongeni yekhebula).
Unga-oda kanjani u-R64
Ibhodi ngokwalo lisesitolo esisemthethweni
Kungcono futhi uku-oda ngokushesha:
umsoco + yazisa indinganiso yepulaki ye-EU noma yase-US- ukushisa okushisa: ama-radiator / abalandeli; ngoba kokubili i-CPU ne-switch chip kuyashisa
- i-antenna ye-wifi,
isibonelo
Kukhona i-nuance - intengo yokulethwa isibe phezulu ngokwanele esitolo esisemthethweni isikhathi esithile. Umphathi uJudy Huang wangiqinisekisa ukuthi belingekho iphutha, futhi ungakhetha i-ePacket ngama- $5, kodwa ngabona ukuthi eRussia kukhona i-EMS kuphela >$33. Akujabulisi, kodwa hhayi ukugxeka. Ngaphezu kwalokho, uma ukhetha noma yiliphi elinye izwe ozolethelwa kulo (ngadlula kuwo wonke amazwekazi), ukulethwa kuzobiza ~$5. AmaRussophobes?.. Kodwa-ke ngathola ukuthi eFrance intengo yokulethwa nayo ingu-~30$, futhi ngehlisa umoya.
Ngenxa yalokho, uJudy wacela ukufaka i-oda, kodwa angakhokhi (ukusikisela: faka kancane ekhadini ukuze ukukhokha okuzenzakalelayo kungadluli); mbhalele futhi uzokwehlisa inani lokudiliva libe ngokwejwayelekile. Impumelelo.
Issues
Akukona konke okusebenza kahle okwamanje.
Ukukhiqiza
Ansible=Imiyalo yePython ikhishwa kancane, ngisho neyize, imizuzwana engama-20-30; ukuhleleka kobukhulu okude kunekhompuyutha ephathekayo ye-x86. Ngaphezu kwalokho, ekuqaleni babulawa ngokushesha, ~ imizuzwana engu-3, bese behlisa ijubane kakhulu. Lokhu kungase kube ngenxa yokushisa kwe-CPU (i-throttling). Ikhodi ye-Go iphinde ithathe isikhathi eside ukusebenza:
# запрос метрик для прометея из node_exporter на Go
$ time curl -s http://172.30.1.1:9100/metrics > /dev/null
real 0m6,118s
user 0m0,005s
sys 0m0,009s
# однако температура 51 градус, не так и много
sa@bananapir64:~$ cat /sys/devices/virtual/thermal/thermal_zone0/temp
51700
I-Wifi
I-Wifi iyasebenza, kodwa ku-Armbian iyama ngemva kosuku, kubhala:
sa@bananapir64:~$ dmesg | grep -E 'mt7622_wmac.*timeout'
[470303.802539] mt7622_wmac 18000000.wmac: Message 38 (seq 3) timeout
[470314.042508] mt7622_wmac 18000000.wmac: Message 50 (seq 4) timeout
...
Ukuqala kabusha kuphela kuyasiza. Sidinga ukuqhubeka
Ethernet
I-Ethernet iyasebenza, kodwa ngemva kwamahora angu-64 amaphakethe (DHCP) asuka ku-RXNUMX ayayeka ukufika.
Ukuqalisa kabusha isixhumi esibonakalayo kusiza:
ifdown br0; sleep 30; ifup br0
Umshayeli usemusha, akakamukelwa ku-kernel okwamanje, ngithemba ukuthi yi-Chinese Landen Chao
Source: www.habr.com