Merge pull request 'Setup platon via Ansible (minus asterisk)' (!56) from platon-setup into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/56 Reviewed-by: dkdent <dkdent@netz39.de>
This commit is contained in:
commit
eaf1d1c3d2
11 changed files with 334 additions and 1 deletions
7
files/platon/i2cspeed.sh
Executable file
7
files/platon/i2cspeed.sh
Executable file
|
@ -0,0 +1,7 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# https://gist.github.com/ribasco/c22ab6b791e681800df47dd0a46c7c3a
|
||||||
|
|
||||||
|
var="$(xxd -ps /sys/class/i2c-adapter/i2c-1/of_node/clock-frequency)"
|
||||||
|
var=${var//[[:blank:].\}]/}
|
||||||
|
printf "%d\n" 0x$var
|
2
files/platon/mosquitto-local.conf
Normal file
2
files/platon/mosquitto-local.conf
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
listener 1883
|
||||||
|
allow_anonymous true
|
37
files/platon/reboot.sh
Executable file
37
files/platon/reboot.sh
Executable file
|
@ -0,0 +1,37 @@
|
||||||
|
#!/bin/sh
|
||||||
|
PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games'
|
||||||
|
echo 'start i2c-foo'
|
||||||
|
sudo modprobe i2c_dev
|
||||||
|
sudo modprobe i2c_bcm2708
|
||||||
|
echo 'starting log'
|
||||||
|
tmux new-session -s status -d 'sudo less /var/log/shuttercontrol.log'
|
||||||
|
cd /home/pi/netz39_rollladensteuerung/raspberry/shuttercontrol
|
||||||
|
echo 'switch-on.sh'
|
||||||
|
../switch-on.sh
|
||||||
|
cd /home/pi
|
||||||
|
echo 'start shuttercontrol'
|
||||||
|
tmux new-window -t status:1 'cd /home/pi/netz39_rollladensteuerung/raspberry/shuttercontrol && ./shuttercontrol.sh'
|
||||||
|
echo 'start watchdog'
|
||||||
|
tmux new-window -t status:2 'cd /home/pi/netz39_rollladensteuerung/raspberry/doorcontrol && ./door-with-spacestatus.sh'
|
||||||
|
#tmux new-window -t status:2 'cd /home/pi/netz39_rollladensteuerung/raspberry/door-watchdog && python3 ./door-watchdog.py'
|
||||||
|
|
||||||
|
echo 'start door-sound.sh'
|
||||||
|
tmux new-window -t status:3 'cd /home/pi/netz39_rollladensteuerung/raspberry/doorcontrol && ./door-sound.sh'
|
||||||
|
echo 'start ic3-client'
|
||||||
|
tmux new-window -t status:4 'cd /home/pi/netz39_xmpp_space_control/i3c_client && build/i3c_client --foreground'
|
||||||
|
echo 'start asterisk abuse check'
|
||||||
|
tmux new-window -t status:5 'cd /home/pi/netz39_rollladensteuerung/raspberry/asterisk && sudo ./check-abuse.sh'
|
||||||
|
echo 'start asterisk console'
|
||||||
|
tmux new-window -t status:6 'sudo asterisk -vvvr'
|
||||||
|
echo 'start door service'
|
||||||
|
tmux new-window -t status:7 'cd /home/pi/netz39_rollladensteuerung/raspberry/door-service && python3 door-service.py'
|
||||||
|
echo 'start mqtt-clock'
|
||||||
|
tmux new-window -t status:8 'cd /home/pi/mqtt-tools/agents && ./mqtt-clock'
|
||||||
|
|
||||||
|
#echo 'start ampel controller'
|
||||||
|
# This does not work as intended xD
|
||||||
|
#tmux new-window -t status:9 'cd /home/pi/netz39_space_notification/raspberry/ledcontrol && ./ledcontrol'
|
||||||
|
|
||||||
|
|
||||||
|
#echo 'start shuttercontrol-service (experimental)'
|
||||||
|
#tmux new-window -t status:9 'cd /home/pi && python3 ./shuttercontrol-service.py'
|
7
files/platon/sesam-door-open.sh
Executable file
7
files/platon/sesam-door-open.sh
Executable file
|
@ -0,0 +1,7 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
echo "`date` : $SSH_KEY_OWNER" >> /home/sesam/door_open.log
|
||||||
|
ssh pi@localhost -i /home/sesam/.ssh/id_rsa \
|
||||||
|
-t /home/pi/sesame-open.sh
|
||||||
|
|
||||||
|
|
5
files/platon/sesame-open.sh
Executable file
5
files/platon/sesame-open.sh
Executable file
|
@ -0,0 +1,5 @@
|
||||||
|
#/bin/bash
|
||||||
|
|
||||||
|
/home/pi/netz39_rollladensteuerung/raspberry/doorcontrol/door-open.sh
|
||||||
|
/home/pi/netz39_rollladensteuerung/raspberry/shuttercontrol/doorshutter-open.sh
|
||||||
|
|
4
files/platon/syslog-shuttercontrol.conf
Normal file
4
files/platon/syslog-shuttercontrol.conf
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
if $programname == 'lockfailsafe' then /var/log/shuttercontrol.log
|
||||||
|
if $programname == 'shuttercontrol' then /var/log/shuttercontrol.log
|
||||||
|
if $programname == 'doorservice' then /var/log/shuttercontrol.log
|
||||||
|
& ~
|
13
files/platon/unstuck.sh
Executable file
13
files/platon/unstuck.sh
Executable file
|
@ -0,0 +1,13 @@
|
||||||
|
#!/bin/bash
|
||||||
|
logger -t unstuck "unstuck $(date)"
|
||||||
|
|
||||||
|
killall tmux
|
||||||
|
gpio mode 2 output
|
||||||
|
gpio mode 3 output
|
||||||
|
gpio write 2 0
|
||||||
|
gpio write 3 0
|
||||||
|
sudo modprobe -r i2c_dev
|
||||||
|
sudo modprobe -r i2c_bcm2708
|
||||||
|
|
||||||
|
sleep 1
|
||||||
|
~/reboot.sh
|
3
files/sysctl-no-ipv6.conf
Normal file
3
files/sysctl-no-ipv6.conf
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
net.ipv6.conf.all.disable_ipv6 = 1
|
||||||
|
net.ipv6.conf.default.disable_ipv6 = 1
|
||||||
|
net.ipv6.conf.lo.disable_ipv6 = 1
|
|
@ -76,7 +76,8 @@ all:
|
||||||
server_admin: "admin+unicorn@netz39.de"
|
server_admin: "admin+unicorn@netz39.de"
|
||||||
platon.n39.eu:
|
platon.n39.eu:
|
||||||
server_admin: "admin+platon@netz39.de"
|
server_admin: "admin+platon@netz39.de"
|
||||||
ansible_ssh_user: pi
|
mac: "b8:27:eb:8f:98:2f"
|
||||||
|
gatekeeper_user: pi
|
||||||
radon.n39.eu:
|
radon.n39.eu:
|
||||||
server_admin: "admin+radon@netz39.de"
|
server_admin: "admin+radon@netz39.de"
|
||||||
krypton.n39.eu:
|
krypton.n39.eu:
|
||||||
|
|
248
platon.yml
248
platon.yml
|
@ -7,3 +7,251 @@
|
||||||
ble_keykeeper_dir: '/home/pi/netz39_ble_keykeeper'
|
ble_keykeeper_dir: '/home/pi/netz39_ble_keykeeper'
|
||||||
roles:
|
roles:
|
||||||
- role: ble-keykeeper-role
|
- role: ble-keykeeper-role
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Install packages needed for the system
|
||||||
|
# This is a list of all packages,
|
||||||
|
# unless they are installed by a specific role
|
||||||
|
ansible.builtin.apt:
|
||||||
|
state: present
|
||||||
|
name:
|
||||||
|
# Should come from ble-keeper-role
|
||||||
|
# see https://github.com/netz39/ble-keykeeper-role/issues/4
|
||||||
|
- python3-pip
|
||||||
|
# This is needed for the user-executed tasks
|
||||||
|
- acl
|
||||||
|
# Regular packages
|
||||||
|
- tmux
|
||||||
|
- git-core
|
||||||
|
- cmake
|
||||||
|
- build-essential
|
||||||
|
- libmosquitto-dev
|
||||||
|
- libconfig-dev
|
||||||
|
- mpg123
|
||||||
|
- mosquitto
|
||||||
|
- i2c-tools
|
||||||
|
|
||||||
|
|
||||||
|
- name: Set MAC address for proper DHCP recognition
|
||||||
|
# Uses mac variable from inventory
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: templates/network-interfaces-dhcp-mac.j2
|
||||||
|
dest: /etc/network/interfaces.d/platon-mac
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
|
||||||
|
- name: Disable IPv6
|
||||||
|
# Because it is not working....
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: files/sysctl-no-ipv6.conf
|
||||||
|
dest: /etc/sysctl.d/99-systcl-no-ipv6.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
|
||||||
|
|
||||||
|
### Mosquitto for local MQTT
|
||||||
|
|
||||||
|
- name: Local configuration for Mosquitto
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: files/platon/mosquitto-local.conf
|
||||||
|
dest: /etc/mosquitto/conf.d/platon-local.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
notify: restart mosquitto
|
||||||
|
|
||||||
|
|
||||||
|
### Sesam for SSH access
|
||||||
|
#
|
||||||
|
# Make sure to provide the .ssh/authorized_keys from backup, if needed
|
||||||
|
|
||||||
|
- name: Ensure sesam user is there
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: sesam
|
||||||
|
shell: /home/sesam/door-open.sh
|
||||||
|
groups: i2c
|
||||||
|
append: yes
|
||||||
|
generate_ssh_key: yes
|
||||||
|
|
||||||
|
- name: Get the SSH public key for sesam
|
||||||
|
ansible.builtin.slurp:
|
||||||
|
src: /home/sesam/.ssh/id_rsa.pub
|
||||||
|
register: sesam_key
|
||||||
|
|
||||||
|
- name: Add SSH public identity as authorized key to pi
|
||||||
|
ansible.posix.authorized_key:
|
||||||
|
user: "{{ gatekeeper_user }}"
|
||||||
|
state: present
|
||||||
|
key: "{{ sesam_key['content'] | b64decode }}"
|
||||||
|
comment: "Sesam access"
|
||||||
|
|
||||||
|
- name: Copy door-open.ssh for sesam
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: files/platon/sesam-door-open.sh
|
||||||
|
dest: /home/sesam/door-open.sh
|
||||||
|
owner: sesam
|
||||||
|
group: sesam
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
|
|
||||||
|
### Gatekeeper user (pi for now)
|
||||||
|
#
|
||||||
|
# All the gatekeeping / door control stuff is here!
|
||||||
|
|
||||||
|
- name: Ensure gatekeeper user is there
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: "{{ gatekeeper_user }}"
|
||||||
|
groups: dialout,audio,plugdev,input,netdev,i2c,gpio
|
||||||
|
append: yes
|
||||||
|
|
||||||
|
- name: Copy management scripts
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: "files/platon/{{ item }}"
|
||||||
|
dest: "/home/{{ gatekeeper_user }}/{{ item }}"
|
||||||
|
owner: "{{ gatekeeper_user }}"
|
||||||
|
group: "{{ gatekeeper_user }}"
|
||||||
|
mode: "0755"
|
||||||
|
loop:
|
||||||
|
- i2cspeed.sh
|
||||||
|
- reboot.sh
|
||||||
|
- unstuck.sh
|
||||||
|
- sesame-open.sh
|
||||||
|
|
||||||
|
- name: Install start-up cron
|
||||||
|
ansible.builtin.cron:
|
||||||
|
name: Start the gatekeeper services
|
||||||
|
job: "/home/{{ gatekeeper_user }}/reboot.sh"
|
||||||
|
user: "{{ gatekeeper_user }}"
|
||||||
|
special_time: reboot
|
||||||
|
|
||||||
|
- name: Download wiringPi library
|
||||||
|
# WiringPi needs to be installed, but that library seems to be
|
||||||
|
# obsolete. We download something and hope it works...
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: https://project-downloads.drogon.net/wiringpi-latest.deb
|
||||||
|
dest: "/home/{{ gatekeeper_user }}/wiringpi-latest.deb"
|
||||||
|
mode: "0644"
|
||||||
|
force: no
|
||||||
|
register: wiringPi_download
|
||||||
|
|
||||||
|
- name: Install wiringPi library
|
||||||
|
ansible.builtin.apt:
|
||||||
|
state: present
|
||||||
|
deb: "/home/{{ gatekeeper_user }}/wiringpi-latest.deb"
|
||||||
|
when: wiringPi_download.changed
|
||||||
|
|
||||||
|
|
||||||
|
### Rollladensteuerung
|
||||||
|
|
||||||
|
- name: Clone netz39_rollladensteuerung initial checkout
|
||||||
|
# Do this as the gatekeeper user!
|
||||||
|
become: yes
|
||||||
|
become_user: "{{ gatekeeper_user }}"
|
||||||
|
ansible.builtin.git:
|
||||||
|
repo: https://github.com/netz39/rollladensteuerung.git
|
||||||
|
dest: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung"
|
||||||
|
clone: yes
|
||||||
|
update: no
|
||||||
|
|
||||||
|
- name: Compile dootstate agent
|
||||||
|
# Do this as the gatekeeper user!
|
||||||
|
become: yes
|
||||||
|
become_user: "{{ gatekeeper_user }}"
|
||||||
|
ansible.builtin.shell:
|
||||||
|
chdir: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung/raspberry/doorstate"
|
||||||
|
cmd: make
|
||||||
|
creates: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung/raspberry/doorstate/doorstate"
|
||||||
|
|
||||||
|
- name: Compile shuttercontrol
|
||||||
|
# Do this as the gatekeeper user!
|
||||||
|
become: yes
|
||||||
|
become_user: "{{ gatekeeper_user }}"
|
||||||
|
ansible.builtin.shell:
|
||||||
|
chdir: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung/raspberry/shuttercontrol"
|
||||||
|
cmd: make
|
||||||
|
creates: "/home/{{ gatekeeper_user }}/netz39_rollladensteuerung/raspberry/shuttercontrol/shuttercontrol"
|
||||||
|
|
||||||
|
- name: Create directory for tyr sounds
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "/home/{{ gatekeeper_user }}/tyr/sounds"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ gatekeeper_user }}"
|
||||||
|
group: "{{ gatekeeper_user }}"
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
|
|
||||||
|
### MQTT Tools
|
||||||
|
|
||||||
|
- name: Clone MQTT tools (initial checkout)
|
||||||
|
# Do this as the gatekeeper user!
|
||||||
|
become: yes
|
||||||
|
become_user: "{{ gatekeeper_user }}"
|
||||||
|
ansible.builtin.git:
|
||||||
|
repo: https://github.com/penguineer/mqtt-tools.git
|
||||||
|
dest: "/home/{{ gatekeeper_user }}/mqtt-tools"
|
||||||
|
clone: yes
|
||||||
|
update: no
|
||||||
|
|
||||||
|
- name: Compile MQTT clock
|
||||||
|
# Do this as the gatekeeper user!
|
||||||
|
become: yes
|
||||||
|
become_user: "{{ gatekeeper_user }}"
|
||||||
|
ansible.builtin.shell:
|
||||||
|
warn: false
|
||||||
|
chdir: "/home/{{ gatekeeper_user }}/mqtt-tools"
|
||||||
|
cmd: |
|
||||||
|
mkdir build
|
||||||
|
cd build
|
||||||
|
cmake ..
|
||||||
|
make
|
||||||
|
cp agents/mqtt-clock ../agents/mqtt-clock
|
||||||
|
creates: "/home/{{ gatekeeper_user }}/mqtt-tools/agents/mqtt-clock"
|
||||||
|
|
||||||
|
|
||||||
|
### Syslog setup for shuttercontrol.log
|
||||||
|
|
||||||
|
- name: Check if rsyslog is actually installed
|
||||||
|
ansible.builtin.package:
|
||||||
|
name: rsyslog
|
||||||
|
state: present
|
||||||
|
check_mode: true
|
||||||
|
register: rsyslog_check
|
||||||
|
|
||||||
|
- name: Fail if rsyslog is missing
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: "Please make sure that rsyslog is installed!"
|
||||||
|
when: rsyslog_check is not succeeded
|
||||||
|
|
||||||
|
- name: Make sure shuttercontrol.log exists
|
||||||
|
ansible.builtin.copy:
|
||||||
|
content: ""
|
||||||
|
dest: /var/log/shuttercontrol.log
|
||||||
|
# force=no ensures the file is created only if it does not exist
|
||||||
|
force: no
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: Copy syslog setting for shuttercontrol
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: files/platon/syslog-shuttercontrol.conf
|
||||||
|
dest: /etc/rsyslog.d/20-shuttercontrol.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
notify: restart rsyslog
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
- name: restart mosquitto
|
||||||
|
service:
|
||||||
|
name: mosquitto
|
||||||
|
state: restarted
|
||||||
|
enabled: yes
|
||||||
|
|
||||||
|
- name: restart rsyslog
|
||||||
|
service:
|
||||||
|
name: rsyslog
|
||||||
|
state: restarted
|
||||||
|
enabled: yes
|
||||||
|
|
6
templates/network-interfaces-dhcp-mac.j2
Normal file
6
templates/network-interfaces-dhcp-mac.j2
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
# Set a specific MAC address to enable DHCP recognition
|
||||||
|
allow-hotplug eth0
|
||||||
|
iface eth0 inet dhcp
|
||||||
|
hwaddress ether {{ mac }}
|
||||||
|
|
||||||
|
# THIS FILE IS MANAGED VIA ANSIBLE!
|
Loading…
Reference in a new issue