Configuring networking

Configure and test a local static network for your operating system (OS) image that enables the following wired network connection capabilities for your system on a chip (SoC):

• In-vehicle connectivity between electronic control units (ECUs)
• Wired vehicle-to-cloud (V2C) connectivity
• Connectivity for applications in the quality-managed (QM) partition

Images built with Automotive Image Builder have two network options:

• Dynamic Host Configuration Protocol (DHCP), which uses NetworkManager to dynamically assign IP addresses and is useful for development and testing
• A preconfigured static IP network setup, which uses the “nmstatectl –kernel” feature for efficient, daemon-less configuration

Prerequisites

• A custom OS image manifest that includes a containerized application in the QM partition

Procedure

1. Configure the static network for the entire operating system (OS):

   Example OS static network configuration

   network:
     static:
       # Configure a static network
       ip: "169.254.6.21"
       ip_prefixlen: 24
       gateway: "169.254.6.2"
       dns: "169.254.6.3"
   

2. In the content: portion of your manifest, configure the ports for your containerized QM applications by adding a drop-in file to /etc/containers/systemd/qm.container.d/:

   Example systemd directory and configuration file to store container port configurations

     make_dirs:
       - path: /etc/containers/systemd/qm.container.d/
         parents: true
         exist_ok: true
     add_files:
       - path: /etc/containers/systemd/qm.container.d/nginx.conf
         text: |
           [Container]
           PublishPort=8080:80
   

3. In the content: portion of the qm: section of your manifest, set publish ports for your containerized QM applications and add a subnet to prevent IP address conflicts and routing issues:

   Subnet, port, and static network configurations for an example NGINX QM container

   qm:
     memory_limit:
       max: 10%
       high: 5%
     content:
       rpms: []
       container_images:
         - source: docker.io/library/nginx
           tag: latest
           name: localhost/nginx
       add_files:
         - path: /etc/containers/systemd/nginx.container
           text: |
             [Container]
             Image=localhost/nginx
             PublishPort=8080:80
   
             [Install]
             WantedBy=multi-user.target
   
   network:
     static: {}
   

4. To be able test the image after you build it, add ssh packages, and then enable the SSH service through systemd, and enableSSH root access:

   1. Add SSH packages to your manifest:

      Extra SSH RPMs

        rpms:
          # For testing the image only:
          - openssh-server
          - openssh-clients
      

   2. Enable the SSH service through systemd:

      SSH service managed by systemd

        # Required for testing the image only:
        systemd:
          enabled_services:
            # Enable ssh daemon
            - sshd.service
      

   3. Enable SSH root access:

      SSH root access configuration

      auth:
        # "password"
        root_password: $6$xoLqEUz0cGGJRx01$H3H/bFm0myJPULNMtbSsOFd/2BnHqHkMD92Sfxd.EKM9hXTWSmELG8cf205l6dktomuTcgKGGtGDgtvHVXSWU.
        # Required for testing the image only:
        sshd_config:
          PasswordAuthentication: true
          PermitRootLogin: true
      

Next steps

1. Configure interprocess communications (IPCs) between your containers in the root partition and containers in the QM partition and across partitions.
2. Encrypt your filesystem.
3. Enable BlueChi orchestration.
4. Build your automotive OS image with kernel-automotive or your custom kernel.