Provisioning via USB sticks

[mikehaller]

Is your feature request related to a problem? Please describe.
It's cumbersome to do the device (pre-)provisioning: for copying device certificates into "anonymous" devices, network must be set up first and you need a separate computer, keyboards, displays etc.

If device provisioning information could be pre-provisioned using an external storage, such as an USB stick, it would make life easier for hackathon setups.

Describe the solution you'd like

• Device provisioning information is prepared by hackathon organizer upfront onto device-specific USB-stick
• USB stick is attached to a device, device is booted and automatically performs the provisioning

Additional context
Supported provisioning information should include:

• Network setup: one or more network configurations which get automatically applied. Should include Wifi SSID and credentials (non-device specific, so take care of salts problems) but also eth0 setups. Should automatically start up the network interfaces and reconnect them. May also include other network types, such as CAN-Bus or the Multicast-Setup required for Some/IP
• Device certificates for cloud connectors. This may also include having to restart the respective containers, once the information is updated at runtime or after the device was already booted.
• Additional containers: Airgap offline import of containers + the respective container descriptors.
• Removal of existing containers: Sometimes, the default setup containers are out of date, or configured differently and need to be replaced. This may also be problematic when we use Desired State, as it's not yet specified in which order a container is deployed: name conflicts, conflicts with existing host port mappings etc.
• Hardware configuration: For Raspberry Pi, that involves modifying the config.txt with specific dtoverlays, such as different CAN extensions

Additional Notes

• There is another topic: To do multiple devices "at once", it would be very convenient to have all the devices up and running with standard Leda images and a zero-conf network communication setup. That way, a single "controller" could be set up with the device provisioning information. As long as the network can auto-connect (eth0 or unsecure wifi setups...), the controller may distribute the provisioning information to all Leda-devices in the same network and assign the specifics to each device, basically "reserving" and assigning specific DeviceIDs to specific devices (e.g. based on MAC). This does not work when the network needs pre-configuration before it works. Having Leda images connect to a pre-defined "controller" AP may be a solution though. The "controller" may offer the AP and could be just another bootable partition (or a script on the default image...)
• Another idea is to use a "shared" USB-stick and let the user chose which Device to provision on the screen. Having to attach a display and keyboard is acceptable, although sometimes it is a bit cumbersome, since the raspi may be integrated into a suitcase etc.