Enhance provisioning documentation and scripts for improved network boot and DNS management</message>

<message>Add new documentation files for device DNS management via DHCP and dnsmasq configuration. Update cloud-init scripts to ensure proper handling of /etc/resolv.conf and DNS settings, allowing for seamless integration with file.server. Modify existing scripts to support dynamic LAN subnet configuration and improve overall network boot functionality. These changes enhance user experience and streamline the setup process for the CM4 eMMC provisioning service.
2026-03-04 19:15:38 +02:00
parent b5134098c0
commit 031e1c3415
16 changed files with 658 additions and 60 deletions
--- a/emmc-provisioning/cloud-init/bootstrap.sh
+++ b/emmc-provisioning/cloud-init/bootstrap.sh
@@ -6,4 +6,124 @@ set -e
 H="$(hostname)"
 grep -q "127.0.1.1.*$H" /etc/hosts || echo "127.0.1.1	$H" >> /etc/hosts

+# Do not overwrite /etc/resolv.conf: use DNS from DHCP so file.server and LXC DNS work.
+
+# --- Chromium kiosk autostart (same behaviour as gnss-guard start-chromium.sh) ---
+PI_USER="${PI_USER:-pi}"
+SCRIPT_DEST="/usr/local/bin/start-chromium.sh"
+AUTOSTART_SYSTEM="/etc/xdg/autostart"
+PI_HOME="/home/$PI_USER"
+# Icon: download start-here.png from file server, or set DESKTOP_ICON to override
+FILE_SERVER="${FILE_SERVER:-http://file.server:5000/files/first-boot}"
+ICON_DEST="/usr/share/pixmaps/tm.png"
+DESKTOP_ICON="${DESKTOP_ICON:-chromium-browser}"
+if [ "$DESKTOP_ICON" = "chromium-browser" ]; then
+  mkdir -p /usr/share/pixmaps
+  icon_url="${FILE_SERVER}/start-here.png"
+  if ! curl -fsSL "$icon_url" -o "$ICON_DEST" 2>/dev/null; then
+    # Fallback: use gateway IP (LXC on provisioning LAN) when DNS not ready yet at first boot
+    gw="$(ip -4 route show default 2>/dev/null | awk '{print $3; exit}')"
+    if [ -n "$gw" ]; then
+      curl -fsSL "http://${gw}:5000/files/first-boot/start-here.png" -o "$ICON_DEST" 2>/dev/null || true
+    fi
+  fi
+  if [ -s "$ICON_DEST" ]; then
+    chmod 644 "$ICON_DEST"
+    DESKTOP_ICON="$ICON_DEST"
+  fi
+fi
+
+# Install start-chromium.sh system-wide so it works regardless of user home
+cat << 'START_CHROMIUM_EOF' > "$SCRIPT_DEST"
+#!/bin/bash
+# Disable keyring prompts
+export GNOME_KEYRING_CONTROL=""
+export DISPLAY=:0
+
+# Force X11 instead of Wayland for better fullscreen support
+export GDK_BACKEND=x11
+unset WAYLAND_DISPLAY
+
+# Wait for display and desktop environment to be ready
+for i in {1..60}; do
+    if xset q >/dev/null 2>&1 || [ -n "$DISPLAY" ]; then
+        if pgrep -x pcmanfm >/dev/null 2>&1 || pgrep -x lxsession >/dev/null 2>&1 || pgrep -x xfdesktop >/dev/null 2>&1; then
+            break
+        fi
+    fi
+    sleep 0.5
+done
+
+sleep 5
+
+/usr/bin/chromium --start-fullscreen --noerrdialogs --disable-infobars --disable-session-crashed-bubble --disable-restore-session-state --no-first-run --password-store=basic --use-mock-keychain --ozone-platform=x11 --disable-features=UseChromeOSDirectVideoDecoder --app=http://127.0.0.1:8080 &
+
+sleep 3
+for i in {1..10}; do
+    WINDOW_ID=$(wmctrl -l 2>/dev/null | grep -i chromium | head -1 | awk '{print $1}')
+    if [ -n "$WINDOW_ID" ]; then
+        wmctrl -i -r "$WINDOW_ID" -b add,fullscreen 2>/dev/null
+        break
+    fi
+    sleep 0.5
+done
+
+wait
+START_CHROMIUM_EOF
+chmod 755 "$SCRIPT_DEST"
+
+# Autostart entry (runs Chromium at desktop login)
+mkdir -p "$AUTOSTART_SYSTEM"
+cat > "$AUTOSTART_SYSTEM/chromium-kiosk.desktop" << DESKTOP_EOF
+[Desktop Entry]
+Type=Application
+Name=Chromium Fullscreen
+Exec=/usr/local/bin/start-chromium.sh
+Icon=$DESKTOP_ICON
+Hidden=false
+NoDisplay=false
+X-GNOME-Autostart-enabled=true
+DESKTOP_EOF
+chmod 644 "$AUTOSTART_SYSTEM/chromium-kiosk.desktop"
+
+# Desktop shortcut: real .desktop file on Desktop so the file manager treats it as a launcher (not a script).
+# Symlink with no extension was shown as "executable script" and prompted; .desktop runs directly with quick_exec=1.
+if getent passwd "$PI_USER" >/dev/null 2>&1; then
+  mkdir -p "$PI_HOME/Desktop" "$PI_HOME/.config/libfm"
+  if [ -f "$PI_HOME/.config/libfm/libfm.conf" ] && grep -q '^quick_exec=' "$PI_HOME/.config/libfm/libfm.conf"; then
+    sed -i 's/^quick_exec=.*/quick_exec=1/' "$PI_HOME/.config/libfm/libfm.conf"
+  else
+    echo 'quick_exec=1' >> "$PI_HOME/.config/libfm/libfm.conf"
+  fi
+  chown -R "$PI_USER:$PI_USER" "$PI_HOME/.config/libfm" 2>/dev/null || true
+  DESKTOP_FILE="$PI_HOME/Desktop/GNSS Guard.desktop"
+  cat > "$DESKTOP_FILE" << DESKTOP_SHORTCUT_EOF
+[Desktop Entry]
+Type=Application
+Name=GNSS Guard
+Comment=GNSS Guard Dashboard (e.g. if closed)
+Exec=/usr/local/bin/start-chromium.sh
+Icon=$DESKTOP_ICON
+Terminal=false
+Categories=Utility;
+DESKTOP_SHORTCUT_EOF
+  chmod 644 "$DESKTOP_FILE"
+  chown "$PI_USER:$PI_USER" "$DESKTOP_FILE"
+  # Remove old symlink if present
+  rm -f "$PI_HOME/Desktop/GNSS Guard"
+  # Application menu/panel entry (same content)
+  SHORTCUT_FILE="/usr/share/applications/gnss-guard.desktop"
+  cat > "$SHORTCUT_FILE" << DESKTOP_SHORTCUT_EOF
+[Desktop Entry]
+Type=Application
+Name=GNSS Guard
+Comment=GNSS Guard Dashboard (e.g. if closed)
+Exec=/usr/local/bin/start-chromium.sh
+Icon=$DESKTOP_ICON
+Terminal=true
+Categories=Utility;
+DESKTOP_SHORTCUT_EOF
+  chmod 644 "$SHORTCUT_FILE"
+fi
+
 echo "[$(date -Iseconds)] test completed" | tee -a /var/log/cloud-init-bootstrap.log
--- a/emmc-provisioning/cloud-init/user-data-remote-gnss.example
+++ b/emmc-provisioning/cloud-init/user-data-remote-gnss.example
@@ -10,10 +10,15 @@
 #    as first-boot.conf; then add a runcmd line to download it to /tmp/first-boot.conf before
 #    running first-boot.sh so the script loads your config.
 # 4. To use a different username than "pi", set PI_USER in first-boot.conf and create that user below.
+# 5. DNS: manage_resolv_conf: false and NM rc-manager=symlink so the device uses DNS from DHCP
+#    (LXC option 6) and file.server resolves. See docs/DEVICE-DNS-DHCP-RESOLVCONF.md.

 package_update: true
 package_upgrade: false

+# Do not overwrite /etc/resolv.conf; device will use DNS from DHCP (LXC sends option 6).
+manage_resolv_conf: false
+
 packages:
  - curl

@@ -30,7 +35,17 @@ write_files:
      PasswordAuthentication yes
      PermitRootLogin no

+  # NetworkManager: manage resolv.conf via symlink so it gets DNS from DHCP (option 6 from LXC).
+  - path: /etc/NetworkManager/conf.d/99-resolv-dhcp.conf
+    content: |
+      [main]
+      rc-manager=symlink
+    permissions: '0644'
+
 runcmd:
+  # Allow NM to manage resolv.conf with DHCP DNS (remove static file if present).
+  - rm -f /etc/resolv.conf
+  - systemctl restart NetworkManager || true
  - systemctl enable ssh
  - systemctl start ssh
  - curl -fsSL "http://10.20.50.1:5000/files/first-boot.sh" -o /tmp/first-boot.sh
--- a/emmc-provisioning/cloud-init/user-data.bootstrap
+++ b/emmc-provisioning/cloud-init/user-data.bootstrap
@@ -5,6 +5,9 @@
 #    provisioning portal or file server). Example: http://10.20.50.1:5000/files/bootstrap.sh
 # 2. Copy this file to the boot partition as "user-data" (with meta-data and optional network-config).
 # 3. Edit BOOTSTRAP_URL below to match your server (or set it once in the runcmd section).
+#
+# DNS: This config uses systemd-resolved; /etc/resolv.conf is a stub and DNS comes from DHCP
+# (LXC option 6). Ensure bootstrap.sh does not overwrite /etc/resolv.conf. See docs/DEVICE-DNS-DHCP-RESOLVCONF.md.

 package_update: true
 package_upgrade: false
@@ -99,7 +102,7 @@ runcmd:
  - systemctl start ssh
  # Download and run bootstrap script (edit URL to match your file server)
  - |
-    BOOTSTRAP_URL="http://10.20.50.1:5000/files/bootstrap.sh"
+    BOOTSTRAP_URL="http://file.server:5000/files/bootstrap.sh"
    LOG="/var/log/cloud-init-bootstrap.log"
    if ! curl -fsSL "$BOOTSTRAP_URL" -o /tmp/bootstrap.sh 2>>"$LOG" || [ ! -s /tmp/bootstrap.sh ]; then
      echo "$(date -Iseconds) ERROR: Failed to download bootstrap.sh from $BOOTSTRAP_URL (file missing or empty)" >> "$LOG"