You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
alex 8d6ec7b624
lnd: suspend service start until clock sync
ndg release v0.6.0 introduced a mechanism in which LND TLS cert is
regenerated if ndg's HTTP client refuses to initialize TLS certs bundle
in https://git.qcode.ch/nakamochi/ndg/commit/b57ebacd

in most cases, it is due to outdated cert's notAfter.
however, because raspberry pi cannot preserve current system time,
it starts from year 1969 and the TLS client init fails.

the latter leads to ndg forcing LND to regenerate the certs to no avail
because the system time isn't syncronized yet.

simple solution: wait to start LND service until the system clock is in
sync.
1 year ago
base base: disable 'abort on errors' in tor setup script 2 years ago
btc btc,lnd: ensure service loggers are present 1 year ago
files/etc btc,lnd: ensure service loggers are present 1 year ago
keys keys: add my other, newer gpg key 2 years ago
lnd lnd: suspend service start until clock sync 1 year ago
ndg ndg: upgrade to v0.6.0 1 year ago
LICENSE initial import 2 years ago
README.md docs: add a section on how to test changes on a live device 2 years ago
apply.sh apply: report a bit more info during an update run 1 year ago
update.sh apply: report a bit more info during an update run 1 year ago

README.md

system updates

the plan is for this repo to contain all system updates, incremental in a form of text/source code. a node periodically runs the update.sh script which pulls the repo to receive updates executes apply.sh. the latter then makes changes and updates the operating system.

at the moment, all updates are executed in form of shell scripts. these are error-prone and hard to reason about in a comprehesive way once the codebase gets sufficiently large. the short term goal is to migrate shell scripts to something more managaeble like saltstack but with less resource requirements, suitable for embedded devices without python dependencies.

typical update examples are: upgrade bitcoind, lnd and other services, system packages, improve configuration of components such as firewall. the run sequence on the node is approximately as follows:

  1. fetch updates with a git fetch.
  2. provide a git diff on the screen and confirm with the user.
  3. pull in the changes with a git pull --verify-signatures.
  4. run apply.sh.

at the moment, an on-screen diff and confirmation aren't implemented yet. nd and ngui is where it'll happen, in the ndg repo.

when configuring a new node, clone this repo and set up a cron job to execute the update.sh script once a day. The script requires REPODIR and LOGFILE env variables set.

TODO: add a list of supported platforms; the "native" is void linux.

testing a live change

the procedure to run a modified sysupdate on the device while ssh'ed into the instance.

first, make sure periodic updates are disabled:

chmod -x /etc/cron.hourly/sysupdate

then set required env variables and run the apply script:

cd /ssd/sysupdates
export SYSUPDATES_ROOTDIR=$PWD
./apply.sh

to reactivate periodic sysupdates, flip the x bit:

chmod +x /etc/cron.hourly/sysupdate

note that the periodic sysupdate script will revert the repo to the latest commit of the branch specified in the script or master as the default.