Manage Edge Nodes with EVE-OS Local UI

Updated

Introduction

The primary interface to interact with and monitor edge nodes is through ZEDEDA Cloud, using API or any of the user agents (GUI, ZCLI, Terraform). In certain cases, you might need to have a local user interface to the edge node. This can be to interact with the node while (temporarily) disconnected or air-gapped, or to establish/restore connectivity to the cloud to enable remote management. 

While the edge node is disconnected, you have the ability to do the following through the Local UI:

  • Understand if apps are running.
  • Restart an application if needed.
  • If EVE-OS fails to boot or fails to start the applications, troubleshoot why that is the case and how it can be resolved.

The local UI is built into EVE-OS and enabled by default if you haven't onboarded your device to the controller yet. You might not see it until you use the USB keystrokes mentioned in the prerequisites.   

The local UI will be disabled (by default) after the node is onboarded to the controller, as the VGA and USB keyboard access are typically turned off to enhance security. The local UI USB, VGA, and console can be re-enabled by setting the following debug flags:

  • zcli edge-node update NODE_NAME --config=debug.enable.usb:true
  • zcli edge-node update NODE_NAME --config=debug.enable.vga:true
  • zcli edge-node update NODE_NAME --config=debug.enable.console:true

Note that depending on your hardware, you may be required to attach a screen during the BIOS/UEFI boot to correctly initialize the screen.

Prerequisites

  • You are running EVE-OS version 14.5.0 LTS or greater.  
  • You have physical access to the edge node.
  • You have a connected keyboard and monitor so that you can use alt +   (or option + on Mac keyboard) and alt + (or option + on Mac keyboard) to toggle between the EVE-OS Linux terminal and the Local UI tool.
  • You have a connected keyboard and monitor so that you can use ctrl +  to navigate through the tabs.

View the Summary Statistics

From the Summary tab, you can see the following:

  1. Server: The server where you’ve onboarded the edge node, such as zedcontrol.zededa.net. 
  2. Onboarding status: The status of your edge node.
  3. App summary: The number of apps running, starting, stopping, or in error on your edge node.
  4. Vault: The status of your encrypted storage for application data, the affected PCRs, the error (if applicable). The Vault tab contains more details. 
  5. Device attestation: The state of the device attestation process. Attestation verifies the integrity of the edge node's hardware and software, and any errors here may indicate security concerns. The display also includes suggestions for remediation. 
  6. Connectivity status: The status of the network connection. This is essential for diagnosing communication issues between the edge node and ZEDEDA Cloud.

Change the Onboarded Server

From the Summary tab, if you have not yet onboarded the edge node, you can enter the server selection, such as zedcloud.zededa.net:

  1. Type ctrl + s to change the server. 
  2. Enter the new server name.
  3. Navigate to ok to save the changes.

View the Network Interfaces

From the Network tab, you can see the following:

  • Current configuration: The origin of the configuration. This is useful for determining whether the configuration was applied via ZEDEDA Cloud or locally, aiding in troubleshooting configuration discrepancies.
  • Network Interfaces: The list of each interface and its attributes:
    • Name: The identifier of the network interface (such as ethernet).
    • Link Status: The operational state of the interface, indicating whether a connection is established (such as up or down).
    • IP Address: The assigned IP address of the interface for network communication.
    • MAC Address: The unique Media Access Control address of the interface, used for physical identification.
  • Interface details: The details of each interface: 
    • Type: The type of network interface (such as Ethernet).
    • IP Source: How the IP address was assigned (such as DHCP).
    • DNS: The IP address of the Domain Name System (DNS) server used for name resolution.
    • Gateway: The IP address of the gateway router, enabling communication with networks outside the local subnet.
    • NTP Server: The IP address of the Network Time Protocol (NTP) server used for time synchronization (n/a if not configured).

Change the Network Interfaces

For more information about networks in general, see the Network Overview. For more details and definitions about the configurable options, see Create a Network.

From the Network tab:

  1. Use the up or down arrows to navigate to the interface you want to change. 
  2. Click Enter to edit.
  3. You can edit the IP or Proxy.
  4. Navigate to ok to save the changes.

IP

You can choose from the following: 

  • DHCP
  • Static
    • IPv4
    • IPv6
    • Mask
    • Gateway
    • Domain
    • DNS
    • NTP

Proxy

You can manually specify the proxy server details to include the IP address or hostname of your proxy server:

  • Manual
    • HTTP
    • HTTPS
    • FTP
    • SOCKS

View the Applications

From the Applications tab, you can see the following:

  • Name: The user-defined name of the application.
  • GUID: The unique ID of the application.
  • Status: The status of the application.

Analyze with Vault

The Vault tab provides information about the status and integrity of the encrypted storage (Vault) used by applications on the edge node. If the Vault is locked, your applications don’t run on the edge node. 

From the Vault  tab, you can see the following:

  • TPM Events: The events that have occurred and the files that have recently changed. 
  • Event details: The details for each event.
  • Possible mitigations: A suggestion of what to do next to resolve any issues. 
  • Expert mode: 
    • Customer Support and Engineering can use F12 to toggle into expert mode to see more detailed logs. 
    • Customer Support and Engineering can use F2 to see the diff that might have led to the change. 

Watch the example analysis video

The following video is an example of analyzing an attestation issue. In the example scenario, the Summary tab shows that the vault status is locked, three PCRs are affected, the vault key is unavailable, and the device attestation has an error. 

The Vault tab shows the PCR events and details for each, and also the potential mitigation. The cause and mitigation are separated by a pipe (|). For example: Boot options were modified | USB drive was removed, insert the USB drive and reboot.

View the Dmesg

From the Dmesg  tab, you can see the debugging messages in the Linux kernel. These messages are valuable for diagnosing hardware and driver-related issues, as well as gaining insight into the overall system behavior.

Was this article helpful?
1 out of 1 found this helpful