Automated enrollment using USB

Lighthouse supports low touch enrollment of Opengear Nodes using Enrollment Bundles and a specially prepared USB storage device, for example a thumb drive, henceforth referred to as the USB key. This is useful in remote deployment scenarios where a remote technician has physical access to the new Node, but no UI or CLI access. A single USB key can be used to enroll many Nodes.

For full zero-touch enrollment, see this article.

1. Create an Enrollment Bundle

• Login to the Lighthouse Web UI as a Lighthouse Administrator
• Click Manage -> Configure Nodes -> Node Enrollment -> Enrollment Bundles
• Click + to add a new Bundle:
•  

Bundle name: Enter a name of your choice, for example USBDemoNodes
Token: Enter a password of your choice, for example my-secret-token
Auto-approve node: Leave unchecked (see this article for details)

• Click Apply

2. Prepare the USB key

• Insert a USB key into your PC
• Format the USB key as a single FAT32 volume

3. Save the Enrollment Bundle manifest to USB

• Login to the Lighthouse Web UI as a Lighthouse Administrator
• Click Manage -> Configure Nodes -> Node Enrollment -> Enrollment Bundles -> Download Manifest File
• Save the manifest.og file to the top-level directory of the USB key

4. Optional: Amend the Enrollment Bundle manifest for full provisioning

Note: Use the freely available Notepad++ which allows you to save the manifest.og or script with Unix (LF) line endings, not DOS (CRLF) line endings. If manifest.og is not saved in Unix LF format any or all of (enrollment, script and firmware image upgrade) will fail. 

By default, the manifest contains these fields which are sufficient for registration with Lighthouse
Make sure the last line of manifest.og is empty eg simply press <Enter> at the end:

address=address.of.lighthouse
api_port=443
bundle=USBDemoNodes
password=my-secret-token

To apply full custom configuration and update the firmware the following options can be added. When both are used the firmware will be updated and then script is applied.

address=address.of.lighthouse
api_port=443
bundle=USBDemoNodes
password=my-secret-token
script=node_template.sh
image=acm7004-5-4.2.0.flash

• When using "image" option, download the firmware image and save it to the top-level directory of the USB key, ensuring the filename matches that specified
• When using "script" option, save the configuration script to the top-level directory of the USB key, ensuring the filename matches that specified

Note: A sample node_template.sh configuration script is attached to this article. Due to issues with running configurators early in the boot process we should not run any "config -a" or "config -r" in this file.

5. Start enrollment

• Connect a new or factory erased [] Opengear device to the network, or install antennas if using configuration script to configure cellular
• Insert the USB key into any USB port
• Apply power

6. Approve enrollment

• Login to Lighthouse as a Lighthouse Administrator
• Click Configure Nodes -> Node Enrollment -> Pending Nodes
• When the Node has Waiting for approval Status, click Approve Node
• Enrollment is now complete and the new Node is ready for management

7. How to debug USB enrollment

• Boot the unit
• Connect to the Local Console Port
• Login as root and turn on debug console "config -s config.console.debug=on -a"
• Insert USB key into any USB port
• Run "flatfsd -i" to factory erase
• Look for "netflash" and "load-manifest" which are related to this process