clawdie/clawdie-iso
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
clawdie-iso/docs/ISO-DEPLOYMENT-TARGET-ZFS.md
Sam & Claude 0e6d8cbe53 Drop unresolved Clawdie service staging from USB (Sam & Codex) 
Keeps service clawdie as a deployed-system contract only, removes the old mini-binary FEATURE_CLAWDIE staging lane from the ISO build, and adds explicit Linux-vs-FreeBSD proof boundaries for provider/runtime claims.\n\nChecks: ./scripts/check-format.sh; git diff --check; sh -n over scripts/ firstboot/ live/operator-session/ executables
2026-06-13 12:12:34 +02:00

160 lines
5.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# ISO Deployment Target — ZFS Disk Install
> Internal document. IPs use 10.0.0.0/8 placeholder range; real addresses
> are in the live USB's ARP table at build time.
**Date:** 4 Jun 2026
**Milestone:** v1.0.0 — USB live → ZFS disk deploy
**Repo:** `clawdie-iso`
---
## Target machine
| Detail | Value |
| ---------------- | -------------------------------------------------- |
| **Make / Model** | HPE ProLiant ML350p Gen8 tower |
| **Serial** | `CZ22160QQY` |
| **Product ID** | `646676-421` |
| **Management** | iLO 4 (firmware 2.76 → needs 2.82 update) |
| **iLO License** | Advanced (remote console + virtual media) |
| **iLO IP** | `10.0.0.2` (dedicated iLO management port) |
| **Server NICs** | 4× onboard GbE (MAC 9c:8e:99:4c:43:e6e9) |
| **Server IP** | DHCP from LAN port 1 (currently no OS booted) |
| **iLO password** | Physical pull-tab tag on chassis (factory default) |
## Network layout (sanitised)
```
10.0.0.1 — gateway / DHCP server
10.0.0.2 — iLO 4 management (dedicated port)
10.0.0.7 — operator USB laptop (ue0, FreeBSD 15)
10.0.0.? — server LAN port 1 (DHCP, TBD once OS boots)
```
## Current state
- Server powered on, iLO reachable at `https://10.0.0.2/`
- No host OS installed or booted — no server NIC has an IP
- iLO 4 firmware 2.76 (CVEs fixed in 2.82 — upgrade required)
- iLO Advanced license installed (remote console active)
- Disks unknown (requires iLO login or OS boot)
## Deployment plan
### Phase 1 — pre-flight (on USB live)
```sh
# Verify iLO access
curl -sk -u Administrator:<tag-password> https://10.0.0.2/xmldata?item=all
# Check server health
ipmitool -H 10.0.0.2 -U Administrator -P <tag-password> sdr list
ipmitool -H 10.0.0.2 -U Administrator -P <tag-password> power status
# Mount ISO via iLO virtual media
# → iLO web UI → Remote Console → Virtual Drives → Mount clawdie-iso
# Boot from virtual ISO
ipmitool -H 10.0.0.2 -U Administrator -P <tag-password> chassis bootdev cdrom
ipmitool -H 10.0.0.2 -U Administrator -P <tag-password> chassis power reset
```
### Phase 2 — USB live boots on server
Once the ISO boots on the server hardware:
1. Server gets DHCP on its LAN port (visible in ARP)
2. `colibri-daemon` starts, skills catalog loaded
3. `colibri status` / `colibri list-skills` passes from the live USB
4. `tailscale up` for mesh access (if auth key available)
`service clawdie` is the deployed-system target service name, not a live-USB
service in the current baseline image.
### Phase 3 — disk survey + ZFS pool create
```sh
# List disks
camcontrol devlist
geom disk list
# Create ZFS pool (single disk or mirror, TBD after survey)
zpool create -o ashift=12 zroot /dev/ada0
zfs create -o mountpoint=/ zroot/ROOT/default
```
### Phase 4 — install FreeBSD to ZFS + deployed service
```sh
# Bootstrap FreeBSD base system onto ZFS
# Install the future deployed-system clawdie service once its implementation lands
# Keep colibri-daemon as the control-plane core
# Copy config, skills DB, pi sessions from USB
# Set boot environment
```
### Phase 5 — reboot to disk + validate
```sh
# On reboot, server boots from local ZFS
# Future deployed-service acceptance, once implemented:
# service clawdie health # daemon ✓, skills ✓, glasspane ✓
# service clawdie inventory # runtime manifest
colibri list-skills # catalog intact
# Tailscale mesh active, operator can SSH in
```
## iLO firmware upgrade
Current: 2.76 (Dec 2019)
Target: 2.82 (Aug 2023)
Download: https://support.hpe.com/ → ProLiant ML350p Gen8 → Firmware → iLO 4
**Method A (from USB live):**
```sh
# Upload firmware via iLO REST API
curl -sk -u Administrator:<pw> -X POST \
-F "file=@ilo4_282.bin" \
https://10.0.0.2/json/upload_firmware
```
**Method B (via iLO web UI):**
1. Log into `https://10.0.0.2/`
2. Administration → Firmware → Upload
3. Select `ilo4_282.bin`, apply, iLO reboots (~2 min)
## System ROM / BIOS
Check version after iLO login:
```sh
curl -sk -u Administrator:<pw> https://10.0.0.2/xmldata?item=all | grep -i rom
```
Likely needs update — Gen8 latest is 2019.05.00 (P79). Check HPE support.
## Required packages on ISO
| Package | Purpose |
| ---------- | ------------------------------------------------ |
| `ipmitool` | IPMI/BMC management (power, sensors, boot order) |
| `freeipmi` | Alternative IPMI toolset (optional, heavier) |
| `curl` | iLO REST API calls ✅ already included |
| `openssl` | Certificate handling ✅ already included |
| `python3` | Scripting + JSON ✅ already included |
## Notes
- iLO 4 password is on a **physical pull-tab tag** on the chassis.
- Front panel: pull the plastic tab below the optical drive.
- Behind bezel: remove the plastic front bezel, check metal.
- Rear: sticker near the dedicated iLO RJ45 port.
- Inside: top lid off → sticker on motherboard near iLO chip.
- If tag is truly lost: physical "iLO Security Override" jumper (SW1 position 1)
on motherboard resets iLO to factory defaults (requires monitor + keyboard).
- The server has an iLO Advanced license — remote console (.NET/Java) and
virtual media work. HTML5 console may not be available on iLO 4; use the
standalone IRC client or `ipmitool sol` for Serial-over-LAN.
Reference in a new issue View git blame Copy permalink