Adam and EVE-OS initial deploy issue

[rightkick]

Hi, I am trying to run a PoC with EVE-OS + Adam controller.
EVE-OS runs in a qemu VM while adam within a docker container.

First, I generated certs for Adam controller:

mkdir adam && cd adam
docker run -v $PWD:/adam/run -p 8080:8080 lfedge/adam generate server --cn adam-controller.lab.local --hosts adam-controller.lab.local

Then ran the controller using the following docker-compose:

version: '3.8'

services:
  adam:
    image: lfedge/adam
    container_name: adam
    command: server --conf-dir /adam/run/config --db-url /adam/run/adam --server-cert /adam/run/private/adam-controller.lab.local.pem --server-key /adam/run/private/adam-controller.lab.local-key.pem
    ports:
      - "8080:8080"
    volumes:
      - .:/adam/run
    extra_hosts:
      - "adam-controller.lab.local:192.168.1.41"
    restart: unless-stopped

It seems the controller runs normally but when trying to reach the web UI at https://adam-controller.lab.local:8080 it gives just a blank page.

I placed the generated adam certs under the conf directory of the repository and copied root-certificate.pem to v2tlsbaseroot-certificates.pem (understand these should be identical?). Then built EVE-OS by using installer-raw build target as below:

sudo make ROOTFS_VERSION=snapshot ZARCH=amd64 HV=kvm installer-raw

The installation is done successfully and I can confirm also that the Adam controller sees registration attempts from the edge device. Below are the logs from the Adam controller:

2024/07/10 11:50:47 404 returned for /api/v2/edgedevice/certs
2024/07/10 11:50:48 404 returned for /api/v2/edgedevice/ping
2024/07/10 11:50:53 404 returned for /api/v2/edgedevice/ping
2024/07/10 11:50:54 404 returned for /api/v2/edgedevice/ping
2024/07/10 11:50:55 404 returned for /api/v2/edgedevice/ping
2024/07/10 11:50:55 404 returned for /api/v2/edgedevice/certs

I generated the device onboarding key-pair with:

./pkg/pillar/scripts/generate-onboard.sh -c edge1516 -o LAB

Then went to the adam controller with docker exec and ran the following:

adam admin --server https://adam-controller.lab.local:8080 --server-ca run/config/root-certificate.pem device add --path run/config/onboard.cert.pem
adam admin --server https://adam-controller.lab.local:8080 --server-ca run/config/root-certificate.pem onboard add --path run/config/onboard.cert.pem

Then listing the device I see the following:

adam admin --server https://adam-controller.lab.local:8080 --server-ca run/config/root-certificate.pem device list
f8815e88-622f-496d-9b24-f4292661ebd3

adam admin --server https://adam-controller.lab.local:8080 --server-ca run/config/root-certificate.pem onboard list
edge1516

So I have two issues:

1. The adam controller is giving me no web content (blank page)
2. The EVE-OS VM seems to be contacting the adam controller but registration seems to fail.

AM I missing sth? I would appreciate your assistance to overcome this and complete the onboarding. Will eventually check to request a demo account at the commercial controller.

Thank you.

[europaul]

have you looked at https://github.com/lf-edge/eden ? it's a harness that we use for testing EVE and it's basic functionality is running an EVE instance in QEMU with Adam in a container, which looks like what you are trying to achieve. maybe try following these steps and you should get a running EVE and Adam instances around the eden start step. And then you can compare this approach with the one you are following or if you are unsure about the certificates for example, you can copy those from the instances inside Eden to yours.

let me know if this was helpful or we should investigate further!

[rightkick]

Thanks I will try this approach. I will eventually need to run it manually using separate instances so as to understand the requirements better.

[shjala]

@rightkick have you tried https://lfedge.org/resources/lf-edge-sandbox/ ?

[shjala]

Thanks I will try this approach. I will eventually need to run it manually using separate instances so as to understand the requirements better.

@rightkick I managed to onboard EVE in Adam, here is how to do it.

1- First you need to generate the required certificates using Eden, Adam has --auto-cert option but EVE won't accept those certificates because they are not chained with root-certificate (I'll send a PR to fix Adam, but in the meanwhile). Make sure the domain is right otherwise eve will reject the certs if it is not matching the domain in conf/server.

git clone git@github.com:lf-edge/eden.git
cd eden
make build
# generate the certs, use your own domain name or localhost
./eden utils certs --domain zedcontrol.local.zededa.net
# copy certs to adam path
cp ~./eden/certs <adam_path>

2- Copy the Eden generated root-certificate.pem to eve /eve/conf.
3- Run Adam with Eden generated certs.
4- Onboard and add a device to the Adam.
5- Change eve conf/server to point to Adam.
6- Run EVE, it should onboarded itself to Adam.

I have fashioned a script together which is doing all of the above, feel free to use, but don't forget to adjust DOMAIN, EVE_CONFIG and EDEN_BIN with the correct values.

#!/bin/sh
set -x

PORT=9090
DOMAIN=zedcloud.local.zededa.net
SERVER=$DOMAIN:$PORT
SERVER_URL=https://$SERVER
EDEN_CERTS=~/.eden/certs
EDEN_BIN=~/shah-dev/eden/eden
EVE_CONFIG=~/shah-dev/eve/conf

STORE=run/adam
CERTS=run/certs
ADAM_BIN=./bin/adam
ADAM_CMD="$ADAM_BIN admin --server $SERVER_URL --server-ca $CERTS/server.pem"

add_device() {
    # wait for adam to run, then add and onboard a device
    sleep 3
    $ADAM_CMD device add --path $EVE_CONFIG/onboard.cert.pem
    $ADAM_CMD onboard add --path $EVE_CONFIG/onboard.cert.pem --serial '*'

    UUID=$($ADAM_CMD device list | head -1)
   if [ -n "$UUID" ]; then
      cp samples/simple.json run/default.json
      $ADAM_CMD device config set --uuid $UUID --config-path run/default.json
   fi
}

rm -rf $STORE

# generate required certificates using eden
ln -s $EDEN_BIN eden
./eden utils certs --domain $DOMAIN
cp -r $EDEN_CERTS run/

# copy root certificate to eve
rm -f $EVE_CONFIG/root-certificate.pem
cp $CERTS/root-certificate.pem $EVE_CONFIG/

add_device &
$ADAM_BIN server \
    --server-cert $CERTS/server.pem \
    --server-key $CERTS/server-key.pem \
    --signing-cert $CERTS/signing.pem \
    --signing-key $CERTS/signing-key.pem \
    --encrypt-cert $CERTS/encrypt.pem \
    --encrypt-key $CERTS/encrypt-key.pem \
    --conf-dir run/adam \
    --port $PORT

Please check this and close the issue if it answered your question.

[gitNastou1]

Thank you for providing this nice tutorial.

Hi, I am trying to implement the tutorial given in the following website:
https://github.com/shantanoo-desai/EVE-OS-tutorials/blob/master/02-Eve-Eden-RPi4-nginx.md

I am using Ubuntu (WSL2 under Windows 11), and Raspberry Pi 4.

i am on my private network with DSL from Vodafone.

EVE live.img is flashed on an SD Card using balenaEtcher.

My network detects Raspberry / EVE very well.

But EVE registration with Adam fails, the following error is always displayed:
INFO[0380] Adam waiting for EVE registration (19) of (20)
FATA[0400] Eve onboard failed: error onboarding onboarding timeout. You may try to run 'eden eve onboard' command again in several minutes. If not successful see logs of adam/eve

Could you please help? Or am I missing something?

thanks