Setting up machineconnect

This section describes how to setup machineconnect incl. a production-ready networking setup with a PLC network.

Instructions

Installation of Proxmox

Requirements: Keyboard (with English layout), mouse, computer monitor, password generator (e. g. BitWarden), (optional) device connected via WAN port with the final network

  1. Start the Edge PC and boot it via the USB stick with Proxmox
  2. Accept EULA
  3. On the next screen press next
  4. On the next screen select Country, time zone and keyboard layout (best: English/ US)
  5. On the next screen enter a secure password (document it!) and your email
  6. On the next screen enter the hostname in the format dccaachen-2-3-proxmox.dccaachen-2.umh (document it!), the IP, gateway and DNS (last one is usually 8.8.8.8, if not already automatically detected). The networking can be adjusted and finalized later.
  7. On the next screen press Install

Setting up Proxmox

Requirements: Computer connected with the same network as the edge device with its WAN port

  1. Access the web interface of Proxmox by entering <https://IP:8006> in your browser
  2. Click away the subscription/warning (it is legal although there is no license)
  3. Go to the console of the machine (click on the node and then on shell) and enter nano /etc/network/interfaces

Now you have two options to setup the final networking:

Option 1: DHCP

Delete the existing file and add the following lines:

auto lo
iface lo inet loopback

iface enp6s0 inet manual

iface enp7s0 inet manual

iface enp8s0 inet manual

auto vmbr0
iface vmbr0 inet dhcp
        bridge-ports enp6s0
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet manual
        bridge-ports enp7s0
        bridge-stp off
        bridge-fd 0

auto vmbr2
iface vmbr2 inet manual
        bridge-ports enp8s0
        bridge-stp off
        bridge-fd 0

Option 2: static IP

Just add the following lines at the end of the file:

auto vmbr1
iface vmbr1 inet manual
        bridge-ports enp7s0
        bridge-stp off
        bridge-fd 0

auto vmbr2
iface vmbr2 inet manual
        bridge-ports enp8s0
        bridge-stp off
        bridge-fd 0

Next steps

You can close the file with Control + X. Reboot the system using reboot.

Install VMs

Go into the console and enter:

cd /var/lib/vz/template/iso/ && wget https://mirror.dns-root.de/opnsense/releases/20.7/OPNsense-20.7-OpenSSL-dvd-amd64.iso.bz2 && bunzip2 OPNsense-20.7-OpenSSL-dvd-amd64.iso.bz2 && wget https://github.com/rancher/k3os/releases/download/v0.11.1/k3os-amd64.iso && qm create 100 --memory 1024 --sockets 1 -ostype l26 --onboot yes --name opnsense --net0 virtio,bridge=vmbr0 --net1 virtio,bridge=vmbr1 --net2 virtio,bridge=vmbr2 --cdrom local:iso/OPNsense-20.7-OpenSSL-dvd-amd64.iso --virtio0 local-lvm:4 --bootdisk virtio0 && qm create 101 --memory 6144 --sockets 3 -ostype l26 --onboot yes --name k3OS --net0 virtio,bridge=vmbr1 --cdrom local:iso/k3os-amd64.iso --virtio0 local-lvm:200 --bootdisk virtio0 && qm start 100 && qm start 101

This sets up two VMs:

  1. 100 with 1024 MB RAM, 1 CPU, 4GB file storage with OPNsense
  2. 101 with 6114 MB RAM, 3 CPU, 200 GB file storage with k3OS

You should adjust the RAM, CPUs and file storage if you are using a different device.

Setup OPNsense

Requirements: Passwort generator (e. g. BitWarden)

  1. Go to the console of OPNsense
  2. Login with user: installer and password: opnsense
  3. Press enter so often that the installation starts (just accept all default values)
  4. Setup your root password (document it!) and reboot
  5. After installation and reboot, login again with root as user and your selected password
  6. Press 1 and then select no VLAN, WAN --> vtnet0, LAN --> vtnet1, Optional interface 1 --> vtnet2, Optional interface 2 –> just press enter to abort. Confirm with y.
  7. Reboot the VM by selecting 6 and press enter
  8. After reboot, connect to the LAN network
  9. Type into your browser: <https://192.168.1.100> or <https://192.168.1.1> (random what works and what not) and login with your selected credentials
  10. Wait some seconds and the setup wizard will appear
  11. Go through the process and select the following options:
    1. DNS according to your network settings
    2. Timezone and timeserver
    3. IPv4 configuration (usually static IP), remeber to set IP Address to /24 and not use the default /32, upstream gateway, uncheck Block RFC1918 networks
    4. Select LAN IP Address (usually 172.16.SERIALNUMBER.1 e.g., 172.16.95.1 for serial number 2021-1095)
    5. Don’t change the root password!

The following steps can be skipped if no VPN is desired by the customer. Continue with step 17.

  1. Add VPN CA and VPN certificate in System –> Trust –> CA / certificate (router not technician, ca.crt into CA, client.crt as public key, client.key as private key). Copy the contents into the fields.
  2. Go to VPN –> OpenVPN–>Clients and add a new client. Select the following options:
    1. Host: vpn.umh.app
    2. Port: 3SERIALNUMBER, e.g., if the serial number is 2021-0105 enter 3005.
    3. Check Retry DNS resolution
    4. Uncheck Enable authentification of TLS packets
    5. Select your certificates for Peer Certificate Authority and Client certificate
    6. Select AES-256-CBC as Encryption algorithm
    7. Select the IP as IPv4 Remote Network, e.g., 172.16.106.0/24
  3. Go to Firewall –> Rules –> OpenVPN and click add. Use all default values and press save.
  4. Click on Apply changes
  5. Go to VPN –> OpenVPN –> Connection status and verify whether the status is up

Continue here:

  1. Adjust DHCP server range by going to Services –> DHCPv4 –> [LAN] and changing the .10 in Range / from to 100. Press save.

TODO: SETUP PLC NETWORKTODO: Reserve IP for k3OS

k3OS

  1. Go to k3OS console in Proxmox and login with the user rancher (no password).
  2. type sudo k3os install
  3. Press enter
  4. Press enter
  5. Press enter (or add Github keys, if keys are added password is disabled)
  6. Enter password and press enter
  7. Press enter
  8. Press enter
  9. Press enter
  10. Press y and then enter

Now go back to the web interface of OPNsense and give k3OS a reserved IP:

  1. Services –> DHCPv4 –> Leases and press on k3os the plus sign.
  2. Add there the IP address in the format of 172.16.SERIALNUMBER.10, e.g., 172.16.107.10
  3. Press save
  4. Press Apply changes
  5. Reboot k3os e.g., using Proxmox (right click on VM and then reboot)

Now setup k3OS according to the documentation.

Local host

Requirements: Python previously installed on your computer.

  1. Open the local path of your computer in command line (cmd), e.g. C:\Users\YOURNAME
  2. Create a new folder with the command mkdir NAME
  3. Change to the folder with the command cd NAME
  4. Create a directory list with the command python -m http.server
  5. Call your browser and enter localhost:8000

Now you can easily add files to your new folder and host them locally.

Last modified February 17, 2023: update (#208) (ea731fc)