This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
remote_upgrade_poc [2023/06/17 05:24] – [Preservation of Parameters and Restore Process] hogwild | remote_upgrade_poc [2023/07/13 16:50] – [Concerns, Issues, and Known Challenges] -formatting hogwild | ||
---|---|---|---|
Line 40: | Line 40: | ||
- A VPN server is configured, enabled and working. | - A VPN server is configured, enabled and working. | ||
- Dropbear/ | - Dropbear/ | ||
- | - The internal network has an Ethernet LAN client that accessible via Teamviewer, once Internet connectivity | + | - The internal network has an Ethernet LAN client that accessible via Teamviewer, |
Line 71: | Line 71: | ||
- How critical is Internet access at the remote location? \\ \\ | - How critical is Internet access at the remote location? \\ \\ | ||
- How quickly can you reach the remote location to fix possible problems? \\ \\ | - How quickly can you reach the remote location to fix possible problems? \\ \\ | ||
- | - Best practices include firmware upgrades when available. However, in scenarios involving | + | - Best practices include firmware upgrades when available. However, in remote |
- Make a backup plan in case the upgrade fails: | - Make a backup plan in case the upgrade fails: | ||
- Keep a spare device on site, fully configured and ready, or; | - Keep a spare device on site, fully configured and ready, or; | ||
- Reach the remote location in x hours/days or; | - Reach the remote location in x hours/days or; | ||
- Have someone on site who can recover from a failure. | - Have someone on site who can recover from a failure. | ||
- | - (Such as using the factory | + | - (Such as using the Reset button to restore the backup configuration/ |
- | - One problem with these routers is that newer firmware is written on top of the running firmware. This involves some risk that \\ the (now invalid) filesystem could cause issues/ crash during reboot. This would cause a manual power cycle to be needed. | + | - A problem with these routers is the newer firmware is written on top of the running firmware. |
- This could be easily resolved if someone on site could perform the power cycle. \\ \\ | - This could be easily resolved if someone on site could perform the power cycle. \\ \\ | ||
- | - Asus tries to avoid this by creating a temporary rootfs where the critical bits are copied during reboot. | + | - Asus tries to avoid this by creating a temporary rootfs where the critical bits are copied during reboot. |
- | - Newer Broadcom routers solve this using two separate | + | - Newer Broadcom routers solve this using two firmware partitions. The new firmware is written to \\ the other partition, so the running filesystem remains intact. |
- **If you need something that is remotely managed, you need a router designed for that.**\\ | - **If you need something that is remotely managed, you need a router designed for that.**\\ | ||
- Trying to script fail-safe procedures for all possible scenarios will require a lot of work. | - Trying to script fail-safe procedures for all possible scenarios will require a lot of work. | ||
- | - Other, potentially unrecoverable issues remain when physical access isn't available. Even in non-critical use cases, \\ it's annoying to perform that kind of recovery. \\ \\ | + | - Other, potentially unrecoverable issues remain when physical access isn't available. |
- You are strongly advised to perform an NVRAM full erase/reset after a FreshTomato upgrade. | - You are strongly advised to perform an NVRAM full erase/reset after a FreshTomato upgrade. | ||
- On its first run, FreshTomato will recreate and initialize required default parameters. | - On its first run, FreshTomato will recreate and initialize required default parameters. | ||
- A " | - A " | ||
- | - Some form of permanent storage is needed. A full erase/reset of NVRAM-stored parameters via // | + | - Some form of permanent storage is needed. A full erase/reset of NVRAM-stored parameters via // |
- What is the difference betweeen the // | - What is the difference betweeen the // | ||
- | - Issuing the //nvram erase// command still erases the nvram mtd. However, | + | - Issuing the //nvram erase// command still erases the nvram mtd. However, |
- | - The //nvram erase// command maintains the NVRAM structure (header/ | + | - The //nvram erase// command maintains the NVRAM header/ |
- | - Thus, options for storage persistence seem to be: | + | - Thus, options for storage persistence |
- JFFS. However, by default, if NVRAM is cleared, JFFS is unmounted. Also, JFFS needs to be unmounted \\ before an upgrade, since occasionally it gets repartitioned/ | - JFFS. However, by default, if NVRAM is cleared, JFFS is unmounted. Also, JFFS needs to be unmounted \\ before an upgrade, since occasionally it gets repartitioned/ | ||
- USB storage \\ \\ | - USB storage \\ \\ | ||
- | - All forks of Tomato | + | - All forks of Tomato trigger execution of certain shell scripts with the < |
- Automount mounts all partitions to subdirectories in "/ | - Automount mounts all partitions to subdirectories in "/ | ||
- | - Logic is needed to distinguish | + | - Logic is needed to tell if the .autorun |
- | - Performing an upgrade via the shell is safer than via the web interface. From the shell, you download a .zip and check \\ for magic number errors when extracting the archive. Most devices have enough RAM to host the .zip. Uploading a " | + | - Performing an upgrade via the shell is safer than via the web interface. From the shell, you download a .zip \\ and check for magic number errors when extracting the archive. Most devices have enough RAM \\ to host the .zip. Uploading a " |
- | - Clearing NVRAM and restoring variables remotely via a script could lead to a serious lockout or bootloop. \\ Even if such an approach (having a list of nvram set commands) saved time, too many things | + | - Clearing NVRAM and restoring variables remotely via a script could lead to a serious lockout or bootloop. \\ Even if such an approach (having a list of nvram set commands) saved time, too many things |
- | - Having a persistent | + | - Having a stable |
- | - Upgrade options using TFTP wouldn' | + | - Upgrade options using TFTP wouldn' |
- | - Other options | + | - Other options to do a controlled reconfiguration during upgrade might include leaving specific entry points, \\ hooks, or callback scripts. However, this would require thorough examination, |
Line 116: | Line 116: | ||
There are several types of remote upgrades. They can be summarized in order of risk, as follows: | There are several types of remote upgrades. They can be summarized in order of risk, as follows: | ||
+ | | ||
+ | | ||
+ | * Dirty upgrade - overwrites the firmware and retains current NVRAM settings. This is probably \\ the safest method. It will function similar to an upgrade using the router' | ||
+ | * Clean upgrade - overwrites firmware and erases NVRAM settings, (restoring the default ones). \\ This will restore default settings, IP address and logon credentials. This is generally not a good option \\ when doing a remote upgrade. However, it can speed up the upgrade process if you're beside the router. \\ \\ | ||
+ | * Advanced upgrade - overwrites firmware, saves selected NVRAM configuration, | ||
- | * Dirty upgrade - overwrites the firmware and retains current NVRAM settings. | + | |
- | * Clean upgrade - overwrites the firmware and erases NVRAM settings, (restoring the default ones). | + | |
- | * Advanced upgrade - overwrites firmware, saves selected NVRAM configuration, | + | |
- | + | ||
- | A dirty upgrade is probably the least risky method. It will function similar to an upgrade using the router' | + | |
- | + | ||
- | A clean upgrade will restore the default settings, IP address and logon credentials. This is generally not a good option when doing a remote upgrade. However, it can useful for speeding up the upgrade process if you are physically beside the hardware device. | + | |
- | + | ||
- | Advanced upgrades should be used only in unusual cases. Such cases include sensitive remote installations, | + | |
- | + | ||
==== Dirty Upgrade ==== | ==== Dirty Upgrade ==== | ||
Line 163: | Line 158: | ||
- Evaluate the use of external files for certificates. | - Evaluate the use of external files for certificates. | ||
- | - Evaluate the use of an external file for the list of parameters | + | - Evaluate the use of an external file for the list of parameters to be preserved. |
- Replace the: `....` notation for subshell with FreshTomato' | - Replace the: `....` notation for subshell with FreshTomato' | ||
- | - Consider handling EOL of files you reference internally. There are many sed examples on how to achieve | + | - Consider handling EOL of files you reference internally. There are many sed examples |
- Consider defining the USB path as a variable at the beginning of your script. | - Consider defining the USB path as a variable at the beginning of your script. | ||
- | - Remember: some devices might have multiple USB drives plugged/ | + | - Remember: some devices might have multiple USB drives plugged/ |
\\ | \\ | ||
Line 178: | Line 173: | ||
The Main Preserve Script, with a list of parameters to save, creates the Restore script with actual parameter values. | The Main Preserve Script, with a list of parameters to save, creates the Restore script with actual parameter values. | ||
- | **Caution: Unexpected side effects can occur if any parameter value contains the single quote (') character. | + | **Caution: Unexpected side effects can occur if any parameter value contains the single quote (') character. Consider replacing single quotes with double |
- | + | ||
- | **Consider replacing single quotes with double | + | |
\\ | \\ | ||
- | After every upgrade, you should review the FreshTomato | + | After every upgrade, you should review the FreshTomato |
- Bug fixes | - Bug fixes | ||
Line 190: | Line 183: | ||
- New features | - New features | ||
- Explicit recommendations from the developers | - Explicit recommendations from the developers | ||
+ | |||
\\ | \\ | ||
Line 203: | Line 197: | ||
\\ | \\ | ||
+ | |||
<code bash> | <code bash> | ||
#!/bin/sh | #!/bin/sh | ||
Line 590: | Line 585: | ||
\\ | \\ | ||
- | === Script 00-00-identify.autorun | + | Script: 00-00-identify.autorun |
+ | \\ | ||
<code bash> | <code bash> | ||
#!/bin/sh | #!/bin/sh | ||
Line 694: | Line 689: | ||
</ | </ | ||
+ | \\ | ||
+ | | ||
===== Alternatives ===== | ===== Alternatives ===== | ||
- | | + | |
- | - A lot of effort | + | |
- | - Consolidated experience with such process is necessary | + | - Building the compilation environment requires a lot of effort. |
- | - Several attempts | + | - Consolidated experience with such process is necessary. |
+ | - Several | ||
===== References and Online Resources ===== | ===== References and Online Resources ===== | ||
Line 721: | Line 719: | ||
\\ | \\ | ||
- | The //nvram set// command can be nicely | + | The "//nvram set//" |