Jetson Storage
The storage service enables auto setup and provisioning of external storage (such as hard disks) attached to a Jetson device, and provided as a systemd service called jetson-storage. Before enabling or starting the jetson-storage service you may want to customize few configurations in Customizations first. And the service detects and formats available storages at the next boot automatically after you enable jetson-storage service by:
sudo systemctl enable jetson-storage
Then it configures the storage device according to the config file /opt/nvidia/jetson-configs/jetson-storage.conf and /opt/nvidia/jetson-configs/storage-quota.json at subsequent boots until you disable the service by running:
sudo systemctl disable jetson-storage
Note
The storage drive will be mounted under /data. If there is an existing /data directory in the root file system, its contents will get hidden by the mounted storage. It is recommended to delete any existing content in /data before starting storage service, as that will continue to occupy disk space in the root file system.
The jetson-storage service will create a symlink /var/lib/docker to /data/docker-volume. If you already have docker running before starting jetson-storage service, the docker service will be stopped, and all the containers will be terminated. You may start the docker service manually by “systemctl start docker” or reboot your device, so the service can be up and running again. The existing files in original /var/lib/docker directory will be moved to /data/docker-volume by jetson-storage service, so the docker images you downloaded previously will be kept.
Note
When removing package nvidia-jetson-services the symlink /var/lib/docker will be removed. A new /var/lib/docker directory will be created when restarting docker service, so you won’t be able to access any previous data in /data/docker-volume.
Factory Reset
If you want to use a drive that was used earlier by storage service and want to erase the old data and use it like a new drive, reset the disk label (see following examples) and restart the storage service, so it will format the drive and re-setup the filesystem for storage.
SATA: sudo e2label /dev/sda1 ""
NVMe: sudo e2label /dev/nvme0n1p1 ""
Customizations
jetson-storage.conf
There are two options which can be changed in the /opt/nvidia/jetson-configs/jetson-storage.conf:
ENCRYPTION_ENABLED=0
# User defined storage list, ex: ("/dev/sda" "/dev/nvmen1" "dev/sdb")
# Only feasible when ENCRYPTION_ENABLED=0
STORAGE_PATH=()
The ENCRYPTION_ENABLED is used to enable Disk Encryption on Jetson storages. Please refer to Disk Encryption.
The STORAGE_PATH is an array in Bash. For now only one storage is supported. The option is only feasible when Disk Encryption is disabled (ENCRYPTION_ENABLED is 0). You can specify the storage you want to use before enabling jetson-storage , e.g.:
STORAGE_PATH=("/dev/sda")
If the STORAGE_PATH is empty (as the default), the jetson-storage service will automatically pick one available storage as Jetson Storage.
storage-quota.json
Storage quotas enable limits to be placed on the amount of storage utilized by each of the microservices deployed in a system. These microservices each have a unique Linux user associated with them, and all data written to disk by them is accounted for based on that user. The storage-quota.json file specifies amount of storage available to each of these microservices based on user definitions.
The default /opt/nvidia/jetson-configs/storage-quota.json includes items for few microservices, and this file will be overwritten by application bundle.
Below is one example from ai_nvr to fill in the required fields in storage-quota.json. Anyone can add their own setting in the bottom of the file. The service will create a system user with name and user id, and then it will configure disk quota for the user with the field quota in KiB. NVME or SATA HDD partition is mounted to /data, and within that are sub-directories which are named by volume for various Jetson software modules. Below is the default configuration:
{
"default-group" : "logusers",
"default-group-id" : "150",
"jetson-quota" : [
{
"name" : "ingress",
"id" : 2002,
"quota" : 1048576,
"volume" : "ingress-secrets-volume",
"in-group" : "logusers"
},
{
"name" : "redis",
"id" : 2003,
"quota" : 5242880,
"volume" : "redis-volume",
"in-group" : "logusers"
},
{
"name" : "logging",
"id" : 2004,
"quota" : 10485760,
"volume" : "logging-volume",
"in-group" : "logusers",
"share-volume" : "true"
},
{
"name" : "monitoring",
"id" : 2005,
"quota" : 5242880,
"volume" : "monitoring-volume",
"dirs" : "db",
"in-group" : "logusers"
},
{
"name": "vodi",
"id" : 2007,
"quota" : 104857600,
"volume" : "vodi-volume",
"in-group" : "logusers"
},
{
"name": "iotgateway",
"id" : 2008,
"quota" : 1048576,
"volume" : "iotgateway-volume",
"in-group" : "logusers"
}
]
}
Note
The defined storage quotas are not enforced in the first release.
Note
Configure the quota carefully otherwise your application might encounter Disk quota exceeded issue. Goal is to allocate necessary space for eMDAT and logging, and provide the rest for VST to store videos.
Disk Encryption
You can follow the instructions below to enable Disk Encryption on Jetson Storage.
Flashing
Please refer to section Security > Disk Encryption in Jetson Linux Developer Guide and flash your Jetson device with Disk Encryption first. Below is an example to enable Disk Encryption on Jetson AGX Orin and Jetson Orin Nx:
Generate EKS image according to Jetson Linux Developer Guide and overwrite the
Linux_for_Tegra/bootloader/eks.img.Generate default EKB key:
cd Linux_for_Tegra echo "f0e0d0c0b0a001020304050607080900" > ekb.key
Put device into recovery modules
Flash Jetson AGX Orin:
sudo ROOTFS_ENC=1 ./flash.sh -i "./ekb.key" jetson-agx-orin-devkit mmcblk0p1
Flash Jetson Orin Nx:
sudo ./tools/kernel_flash/l4t_initrd_flash.sh --network usb0 --showlogs -p "-c bootloader/generic/cfg/flash_t234_qspi.xml" -i ./ekb.key --no-flash jetson-orin-nano-devkit internal sudo ROOTFS_ENC=1 ./tools/kernel_flash/l4t_initrd_flash.sh --network usb0 --showlogs --no-flash --external-device nvme0n1p1 -S 16GiB -c ./tools/kernel_flash/flash_l4t_t234_nvme_rootfs_enc.xml --external-only --append -i ./ekb.key jetson-orin-nano-devkit external sudo ./tools/kernel_flash/l4t_initrd_flash.sh --network usb0 --showlogs --flash-only
Enablement
Install nvidia-jetson-services package as described in Quick Start Guide.
Edit /opt/nvidia/jetson-configs/jetson-storage.conf and set ENCRYPTION_ENABLED as 1:
ENCRYPTION_ENABLED=1
Then enable jetson-storage service:
sudo systemctl enable jetson-storage
Power-off your Jetson device, make sure the storage is inserted properly, and then power-on the device. Note that the jetson-storage would need to detect and add your storage into LUKS table at first boot after enabling the jetson-storage, so you will need to check the service status by:
systemctl status jetson-storage
If the status is active (exited) as below, reboot your Jetson again so that Jetson Disk Encryption utility could format and encrypt your device properly.
ubuntu@tegra-ubuntu:~$ systemctl status jetson-storage
● jetson-storage.service - Jetson storage service
Loaded: loaded (/lib/systemd/system/jetson-storage.service; enabled; vendor preset: enabled)
Active: active (exited) since Thu 2023-11-23 02:49:37 UTC; 4 days ago
Process: 4315 ExecStart=/opt/nvidia/jetson/services/storage/bin/jetson-storage-setup init (code=exited, status=0/SUCCESS)
Main PID: 4315 (code=exited, status=0/SUCCESS)
CPU: 597ms
Now when you login the console you should see the mounted message like below. You’re ready to use your encrypted storage now.
CURRENT STORAGE STATUS ON JETSON:
* Mount Point: /data
* Mount Path: /dev/mapper/jetson-enc-nvme0n1
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/jetson-enc-nvme0n1 1.9T 48K 1.8T 1% /data