Merge pull request 'Ansible playbook for wittgenstein' (#102) from wittgenstein into master

Reviewed-on: Netz39_Admin/netz39-infra-ansible#102
Reviewed-by: dkdent <dkdent@netz39.de>

files/wittgenstein/reboot.sh

@@ -0,0 +1,22 @@
+#!/bin/sh
+PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games'
+
+echo 'switch-on.sh'
+/home/pi/switch-on.sh
+
+echo 'start i2c-foo'
+sudo modprobe i2c_dev
+sudo modprobe i2c_bcm2708
+
+# wait for network devices
+sleep 30
+
+cd /home/pi
+echo 'start ampel controller'
+tmux new-session -s ampel 'cd /home/pi/netz39_space_notification/raspberry/ledcontrol && ./ledcontrol'
+
+echo 'start lever controller'
+tmux new-window -t ampel:1 'cd /home/pi/netz39_space_notification/raspberry/statusswitch && ./statusswitch'
+
+#echo 'start spaceapi controller'
+#tmux new-window -t ampel:2 'cd /home/pi/netz39_space_notification/SpaceAPI && ./update-json.py --server=platon'

files/wittgenstein/switch-off.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+gpio write 2 0
+gpio write 3 0
+
+gpio mode 2 tri
+gpio mode 3 tri

files/wittgenstein/switch-on.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# INT
+gpio mode 0 tri
+
+# Power
+gpio mode 2 out
+gpio mode 3 out
+
+gpio write 2 1
+gpio write 3 1

files/wittgenstein/unstuck.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+logger -t unstuck "unstuck $(date)"
+
+killall tmux
+
+sleep 1
+/home/pi/reboot.sh

host-pottwal.yml

@@ -634,6 +634,8 @@
         site_name: "spaceapi.n39.eu"
         proxy_preserve_host: "On"
       notify: Restart apache2
+      tags:
+        - spaceapi
 
     - name: Ensure renovate bot cronjob is present
       ansible.builtin.template:

host-wittgenstein.yml

@@ -0,0 +1,172 @@
+---
+- hosts: wittgenstein.n39.eu
+  become: true
+
+  roles:
+    - role: docker_setup
+      vars:
+        docker_data_root: "/srv/docker"
+    - role: apache
+    - role: apache_letsencrypt  # Uses configuration from dehydrated setup
+    - role: ansible-role-dehydrated
+      vars:
+        dehydrated_contact_email: "{{ server_admin }}"
+    - role: penguineer.dehydrated_cron
+
+  tasks:
+    - name: Install packages needed for the system
+      # This is a list of all packages,
+      # unless they are installed by a specific role
+      ansible.builtin.apt:
+        state: present
+        name:
+          # This is needed for the user-executed tasks
+          - acl
+          # Regular packages
+          - tmux
+          - git-core
+          - cmake
+          - build-essential
+          - libmosquitto-dev
+          - libconfig-dev
+          - mosquitto-clients
+          - python3-paho-mqtt
+          - i2c-tools
+
+
+    - name: Set MAC address for proper DHCP recognition
+      # Uses mac variable from inventory
+      ansible.builtin.template:
+        src: templates/network-interfaces-dhcp-mac.j2
+        dest: /etc/network/interfaces.d/wittgenstein-mac
+        owner: root
+        group: root
+        mode: '0644'
+
+    - name: Disable IPv6
+      # Because it is not working....
+      ansible.builtin.copy:
+        src: files/sysctl-no-ipv6.conf
+        dest: /etc/sysctl.d/99-systcl-no-ipv6.conf
+        owner: root
+        group: root
+        mode: '0644'
+
+
+    ### Gatekeeper user (pi for now)
+    #
+    # All the gatekeeping / door control stuff is here!
+
+    - name: Ensure gatekeeper user is there
+      ansible.builtin.user:
+        name: "{{ gatekeeper_user }}"
+        groups: dialout,audio,plugdev,input,netdev,i2c,gpio
+        append: yes
+
+    - name: Copy management scripts
+      ansible.builtin.copy:
+        src: "files/wittgenstein/{{ item }}"
+        dest: "/home/{{ gatekeeper_user }}/{{ item }}"
+        owner: "{{ gatekeeper_user }}"
+        group: "{{ gatekeeper_user }}"
+        mode: "0750"
+      loop:
+        - reboot.sh
+        - unstuck.sh
+        - switch-on.sh
+        - switch-off.sh
+
+    - name: Install start-up cron
+      ansible.builtin.cron:
+        name: Start the gatekeeper services
+        job: "/home/{{ gatekeeper_user }}/reboot.sh"
+        user: "{{ gatekeeper_user }}"
+        special_time: reboot
+
+
+    - name: Download wiringPi library
+      # WiringPi needs to be installed, but that library seems to be
+      # obsolete. We download something and hope it works...
+      ansible.builtin.get_url:
+        url: https://project-downloads.drogon.net/wiringpi-latest.deb
+        dest: "/home/{{ gatekeeper_user }}/wiringpi-latest.deb"
+        mode: "0644"
+        force: no
+      register: wiringPi_download
+
+    - name: Install wiringPi library  # noqa 503
+      ansible.builtin.apt:
+        state: present
+        deb: "/home/{{ gatekeeper_user }}/wiringpi-latest.deb"
+      when: wiringPi_download.changed
+
+
+    ### Ampelsteuerung
+    - name: Clone netz39_space_notification initial checkout
+      # Do this as the gatekeeper user!
+      become: yes
+      become_user: "{{ gatekeeper_user }}"
+      ansible.builtin.git:
+        repo: https://github.com/netz39/space_notification.git
+        dest: "/home/{{ gatekeeper_user }}/netz39_space_notification"
+        clone: yes
+        update: no
+
+    - name: Compile ledcontrol agent
+      # Do this as the gatekeeper user!
+      become: yes
+      become_user: "{{ gatekeeper_user }}"
+      ansible.builtin.shell:
+        chdir: "/home/{{ gatekeeper_user }}/netz39_space_notification/raspberry/ledcontrol"
+        cmd: make
+        creates: "/home/{{ gatekeeper_user }}/netz39_space_notification/raspberry/ledcontrol/ledcontrol"
+
+    - name: Compile statusswitch agent
+      # Do this as the gatekeeper user!
+      become: yes
+      become_user: "{{ gatekeeper_user }}"
+      ansible.builtin.shell:
+        chdir: "/home/{{ gatekeeper_user }}/netz39_space_notification/raspberry/statusswitch"
+        cmd: make
+        creates: "/home/{{ gatekeeper_user }}/netz39_space_notification/raspberry/statusswitch/statusswitch"
+
+    ### Space API
+    - name: Setup the SpaceAPI Docker container
+      docker_container:
+        name: spaceapi
+        image: "{{ spaceapi_image }}"
+        pull: true
+        state: started
+        detach: yes
+        restart_policy: unless-stopped
+        ports:
+          - "0.0.0.0:{{ spaceapi_host_port }}:8080" # Must be reached by pottwal
+#          - "127.0.0.1:{{ spaceapi_host_port }}:8080"
+        env:
+          TZ: "{{ timezone }}"
+          MQTT_BROKER: "platon.n39.eu"
+          MQTT_TOPIC_STATUS: "{{ spaceapi_topic_status }}"
+          MQTT_TOPIC_LASTCHANGE:  "{{ spaceapi_topic_lastchange }}"
+      tags:
+        - spaceapi
+
+    - name: Setup the Ampel Controller Docker container
+      docker_container:
+        name: ampelcontroller
+        image: "{{ ampelcontroller_image }}"
+        pull: true
+        state: started
+        detach: yes
+        restart_policy: unless-stopped
+        env:
+          TZ: "{{ timezone }}"
+          MQTT_BROKER: "platon.n39.eu"
+          MQTT_LEVER_STATE_TOPIC: "{{ topic_lever_state }}"
+          MQTT_DOOR_EVENTS_TOPIC: "{{ topic_door_events }}"
+          MQTT_SPACESTATUS_ISOPEN_TOPIC: "{{ spaceapi_topic_status }}"
+          MQTT_SPACESTATUS_LASTCHANGE_TOPIC: "{{ spaceapi_topic_lastchange }}"
+          MQTT_TRAFFIC_LIGHT_TOPIC: "{{ topic_traffic_light }}"
+      tags:
+        - spaceapi
+
+  handlers:

host_vars/wittgenstein.n39.eu/vars.yml

@@ -0,0 +1,16 @@
+server_admin: "admin+wittgenstein@netz39.de"
+mac: "b8:27:eb:48:f1:59"
+ansible_python_interpreter: /usr/bin/python3
+gatekeeper_user: pi
+data_dir: "/srv/data"
+
+spaceapi_host_port: 8001
+spaceapi_domain_name: spaceapi.n39.eu
+spaceapi_image: netz39/spaceapi-service:0.1.0
+spaceapi_topic_status: "Netz39/SpaceAPI/isOpen"
+spaceapi_topic_lastchange: "Netz39/SpaceAPI/lastchange"
+
+ampelcontroller_image: netz39/ampel-controller:0.1.0
+topic_lever_state: "Netz39/Things/StatusSwitch/Lever/State"
+topic_door_events: "Netz39/Things/Door/Events"
+topic_traffic_light: "Netz39/Things/Ampel/Light"

inventory.yml

@@ -12,6 +12,7 @@ all:
     pottwal.n39.eu:
     radon.n39.eu:
     unicorn.n39.eu:
+    wittgenstein.n39.eu:
     k3s-c1.n39.eu:
     k3s-c2.n39.eu:
     k3s-c3.n39.eu:

main.yml

@@ -42,3 +42,6 @@
 
 - name: Plumbum specific setup
   import_playbook: host-plumbum.yml
+
+- name: Wittgenstein specific setup
+  import_playbook: host-wittgenstein.yml

templates/pottwal/spaceapi-apache-site.j2

@@ -44,9 +44,9 @@
     RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}
     ProxyPreserveHost {{ proxy_preserve_host | default("Off") }}
 
-    ProxyPass /json http://172.23.48.7/spaceapi
+    ProxyPass /json http://172.23.48.7:8001/json
-    ProxyPass /text http://172.23.48.7/state.txt
+    ProxyPass /text http://172.23.48.7:8001/text
-    ProxyPass /state.png  http://172.23.48.7/state.png
+    ProxyPass /state.png  http://172.23.48.7:8001/state.png
 </VirtualHost>
 </IfFile>
 </IfFile>