azaion/loader
1
0
Fork 0
mirror of https://github.com/azaion/loader.git synced 2026-04-22 11:26:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
599788aa702fa00a3ca9ba7f19438df95f9d2556
loader/_docs/02_tasks/done/AZ-187_device_provisioning_script.md
T
Oleksandr Bezdieniezhnykh d883fdb3cc [AZ-187] Rules & cleanup 
Made-with: Cursor
2026-04-17 18:54:04 +03:00

2.6 KiB
Raw Blame History

Device Provisioning Script

Task: AZ-187_device_provisioning_script Name: Device Provisioning Script Description: Interactive shell script that provisions Jetson device identities (CompanionPC users) during the fuse/flash pipeline Complexity: 2 points Dependencies: AZ-196 (POST /devices endpoint) Component: DevOps Tracker: AZ-187 Epic: AZ-181

Problem

Each Jetson needs a unique CompanionPC user account for API authentication. This must be automated as part of the manufacturing/flash process so that provisioning 50+ devices is not manual.

Outcome

  • Interactive provision_devices.sh detects connected Jetsons, registers identities via admin API, and runs fuse/flash pipeline
  • Serial numbers are auto-assigned server-side (azj-0000, azj-0001, ...)
  • Provisioning runbook documents the full end-to-end flow

Scope

Included

  • provision_devices.sh: scan USB for Jetsons in recovery mode, interactive device selection, call admin API POST /devices for auto-generated serial/email/password, write credentials to rootfs, fuse, flash
  • Configuration via scripts/.env (git-ignored), template at scripts/.env.example
  • Dependency checks at startup (lsusb, curl, jq, L4T tools, sudo)
  • Provisioning runbook: step-by-step for multi-device manufacturing flow

Excluded

  • fTPM provisioning (covered by NVIDIA's ftpm_provisioning.sh)
  • Secure Boot fusing (covered by solution_draft02 Phase 1-2)
  • OS hardening (covered by solution_draft02 Phase 3)
  • Admin API POST /devices endpoint implementation (AZ-196)

Acceptance Criteria

AC-1: Script registers device via POST /devices Given the admin API has the POST /devices endpoint deployed When provision_devices.sh is run and a device is selected Then the admin API creates a new user with auto-assigned serial (e.g. azj-0000) and Role=CompanionPC

AC-2: Credentials written to rootfs Given POST /devices returned serial, email, and password When the provisioning step completes for a device Then $ROOTFS_DIR/etc/azaion/device.conf contains the email and password with mode 600

AC-3: Device can log in after flash Given a provisioned and flashed device boots for the first time When the loader reads /etc/azaion/device.conf and calls POST /login Then a valid JWT is returned

AC-4: Multi-device support Given multiple Jetsons connected in recovery mode When provision_devices.sh is run Then the user can select individual devices or all, and each is provisioned sequentially

AC-5: Runbook complete Given the provisioning runbook When followed step-by-step on new Jetson Orin Nano devices Then the devices are fully fused, flashed, provisioned, and can communicate with the admin API

Reference in New Issue View Git Blame Copy Permalink