azaion/loader
1
0
Fork 0
mirror of https://github.com/azaion/loader.git synced 2026-04-22 05:26:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
9a0248af72222ce5dc46faff36606177a79ee022
loader/_docs/02_tasks/done/AZ-187_device_provisioning_script.md
T
Oleksandr Bezdieniezhnykh 9a0248af72 [AZ-185][AZ-186] Batch 2 
Made-with: Cursor
2026-04-15 07:32:37 +03:00

2.5 KiB
Raw Blame History

Device Provisioning Script

Task: AZ-187_device_provisioning_script Name: Device Provisioning Script Description: Create a shell script that provisions a Jetson device identity (CompanionPC user) during the fuse/flash pipeline Complexity: 2 points Dependencies: None Component: DevOps Tracker: AZ-187 Epic: AZ-181

Problem

Each Jetson needs a unique CompanionPC user account for API authentication. This must be automated as part of the manufacturing/flash process so that provisioning 50+ devices is not manual.

Outcome

  • Single script creates device identity and embeds credentials in the rootfs
  • Integrates into the fuse/flash pipeline between odmfuse.sh and flash.sh
  • Provisioning runbook documents the full end-to-end flow

Scope

Included

  • provision_device.sh: generate device email (azaion-jetson-{serial}@azaion.com), random 32-char password
  • Call admin API POST /users to create Users row with Role=CompanionPC
  • Write credentials config file to rootfs image (at known path, e.g., /etc/azaion/device.conf)
  • Idempotency: re-running for same serial doesn't create duplicate user
  • Provisioning runbook: step-by-step from unboxing through fusing, flashing, and first boot

Excluded

  • fTPM provisioning (covered by NVIDIA's ftpm_provisioning.sh)
  • Secure Boot fusing (covered by solution_draft02 Phase 1-2)
  • OS hardening (covered by solution_draft02 Phase 3)
  • Admin API user creation endpoint (assumed to exist)

Acceptance Criteria

AC-1: Script creates CompanionPC user Given a new device serial AZJN-0042 When provision_device.sh is run with serial AZJN-0042 Then admin API has a new user azaion-jetson-0042@azaion.com with Role=CompanionPC

AC-2: Credentials written to rootfs Given provision_device.sh completed successfully When the rootfs image is inspected Then /etc/azaion/device.conf contains the email and password

AC-3: Device can log in after flash Given a provisioned and flashed device boots for the first time When the loader reads /etc/azaion/device.conf and calls POST /login Then a valid JWT is returned

AC-4: Idempotent re-run Given provision_device.sh was already run for serial AZJN-0042 When it is run again for the same serial Then no duplicate user is created (existing user is reused or updated)

AC-5: Runbook complete Given the provisioning runbook When followed step-by-step on a new Jetson Orin Nano Then the device is fully fused, flashed, provisioned, and can communicate with the admin API

Reference in New Issue View Git Blame Copy Permalink