=encoding utf8 =head1 NAME novaboot-shell - provides novaboot with unified SSH-based interface for controlling target hardware =head1 SYNOPSIS B -c "[command [arguments...]]" B [command [arguments...]] B [command [arguments...]] =head1 DESCRIPTION B provides L with a unified SSH-based interface for controlling the target hardware. This simplifies client-side configuration, since clients typically only need the I<--ssh=...> option. B is usually configured as the login shell of special user accounts associated with the target hardware (as set by L). It ensures that users can only perform a limited number of actions (see L below) with the target and have no shell access on the server. =head1 COMMANDS =over 8 =item console Connect to the target console (usually a serial line). When someone is connected to the console, other users are blocked from controlling the target. Blocked users see a message indicating who is blocking them. The user connected to the console can invoke other commands such as L, but only if the command is invoked via the same SSH connection. This can be accomplished by using SSH connection sharing, which is what L uses (see I<-M> and I<-S> in L). This is the default command if no command is specified on the command line and C is not set in the configuration file. =item reset Reset the target hardware. =item on Power on the target hardware. =item off Power off the target hardware. =item rsync [...] This command is not intended to be invoked directly by the user. It allows using L to copy files to the target, perhaps for a TFTP server. The rsync command must be invoked as: C, i.e. without specifying destination path. The files will be stored into I<$HOME/tftproot>. =item user [admin] User command is intended for use with the C option in the SSH L file. It allows the shell to display human-readable names when printing information about who is blocking the target. Then, the actual command is taken from SSH_ORIGINAL_COMMAND environment variable. If "admin" is specified after the user name, that user is considered an administrator and is allowed to run the L and L commands. =item get-config Prints novaboot configuration options needed for the target. One option per line. =back =head2 Administration commands Only administrators (see L) are authorized to execute these commands. =over 8 =item add-key Reads the SSH public key from standard input and adds it to F<~/.ssh/authorized_keys>. Example: C =item shell Runs the shell on the server. Useful for editing the configuration file. It is better used with an allocated pseudo-terminal. Example: C =back =head1 CONFIGURATION FILE B reads the configuration file from F<$HOME/.novaboot-shell>. It can define values for the following variables in shell syntax. =over 8 =item console_cmd Command to C that connects to the target's console. Note that if you need more complex behavior of the console command, e.g., different behavior for different users (distinguished by the value of the C<$NB_USER> variable), you can set this variable to the name of a shell function, that you define in the configuration file and implement the complex behavior there. =item reset_cmd Command to C that resets the Target. =item on_cmd Command to C that powers the target on. =item off_cmd Command to C that powers the target off. This command is executed either explicitly, when novaboot-shell C command is invoked or automatically, after the last novaboot-shell session finishes and the C systemd user service is enabled (see below). =item target_config Novaboot command line options that specify which boot loader is used by the target (L rejects other, possibly dangerous, options). Each option is on a separate line and the values are not quoted, escaped or stripped. Example: target_config="\ --uboot=(uboot) --uboot-init=setenv serverip 192.168.1.1; setenv ipaddr 192.168.1.10 --uboot-addr=kernel=0x8100000 --uboot-addr=fdt=0x83000000 --uboot-addr=ramdisk=0x83100000 " =item default_cmd If set, this command will be executed if no command is specified on the command line. If not set, C will be executed instead. F (client) always uses the C command to connect to the console, therefore C can be used to boot the target with a default configuration for users who do not use F client to boot their own configuration. In other words, C will boot the board with a default configuration, whereas C will boot the board as configured in C<...>. It is often desirable to run F on the server to boot the default configuration. To configure this more easily, the C can be set to: run_novaboot [...] This command will execute C with the F<\ script as argument and passes it a few switches with values from the F<$HOME/.novaboot-shell> configuration file. In particular, it will pass all switches from the C variable, the switches C<--reset-cmd> and C<--remote-cmd> with values of C and C variables respectively (see above) and the C<--server> switch. Therefore, to boot the default configuration as specified in the F script, it is sufficient to set C to: run_novaboot ./default_boot --interactive To have different configurations for different users, you can use the C<$NB_USER> variable as outlined above. Perhaps the simplest example is this command: run_novaboot ./default_boot-"$NB_USER" --interactive =back =head1 AUTOMATIC POWER OFF The target can be powered off automatically when the last session is finished. This can be enabled by running: systemctl --user enable novaboot-delayed-power-off Perhaps via the C subcommand. To enable delayed power-off for all novaboot-shell accounts, run the follwing as root: systemctl --global enable novaboot-delayed-power-off Individual accounts can disable this global configuration by running: systemctl --user mask novaboot-delayed-power-off When C is enabled, the I and I commands are executed through systemd rather than by C directly. The delay between the end of the session and power off is hard-coded in the B unit. To override the timeout for individual targets, run: systemctl edit novaboot-power-off@TARGET.timer for your B (the user running C) and insert the following into the spawned editor: [Timer] OnActiveSec=30min =head2 Implementation/Debugging Implementation of delayed power off is a bit tricky because it uses C in combination with several systemd services and timers. Here is a summary of the call chains in various situations. This might be useful for debugging. Powering on (via I or I subcommands): novaboot-shell -c on systemctl --user start novaboot-delayed-power-off.service sudo novaboot-power on systemctl stop "novaboot-power-off@${SUDO_USER}.timer" systemctl start "novaboot-power@${SUDO_USER}.service" novaboot-shell -c on (with $PPID = 1) eval "$on_cmd" Powering off via explicit I subcommand: novaboot-shell -c off sudo novaboot-power off systemctl stop "novaboot-power@${SUDO_USER}.service" novaboot-shell -c off (with $PPID = 1) eval $off_cmd Delayed off (executed automatically as a stop job of novaboot-delayed-power-off.service at session end): sudo novaboot-power delayed-off systemctl start "novaboot-power-off@${SUDO_USER}.timer" ... novaboot-power-off@${SUDO_USER}.service conflicts novaboot-power@${SUDO_USER}.service novaboot-shell -c off (with $PPID = 1) eval $off_cmd =head1 AUTHORS Michal Sojka Latest version can be found at L. =cut