tanshu
/
barker
1
0
Fork 0
Code Issues 1 Pull Requests Releases 4 Activity

Updated the docker and ansible files for setting up and building / running rasberry pi with the frank service 

Still need to manually copy the new id_rsa created on the pi to knox.
This commit is contained in:
Amritanshu Agrawal 2021-07-24 12:57:34 +05:30
parent 5cd0acc7a9
commit eedc571ade
8 changed files with 216 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docker/app/frank.Dockerfile
View File

@ -1,15 +1,15 @@
FROM python:latest
RUN mkdir /app
WORKDIR /app
ADD https://git.tanshu.com/tanshu/barker/raw/branch/main/frank/pyproject.toml /app/pyproject.toml
# Install Poetry
RUN curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/install-poetry.py | POETRY_HOME=/opt/poetry python && \
RUN curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | POETRY_HOME=/opt/poetry python && \
cd /usr/local/bin && \
ln -s /opt/poetry/bin/poetry && \
poetry config virtualenvs.create false && \
cd /app && \
poetry install --no-root --no-dev
mkdir /app
WORKDIR /app
ADD https://git.tanshu.com/tanshu/barker/raw/branch/main/frank/pyproject.toml /app/pyproject.toml
RUN poetry install --no-root --no-dev
ADD https://git.tanshu.com/api/v1/repos/tanshu/barker/tags /tags.json
RUN git clone --single-branch --depth 1 https://git.tanshu.com/tanshu/barker.git /repo

153
docker/bake-pies.yml Executable file
View File

@ -0,0 +1,153 @@
#################################################
# DO Community Playbooks: Docker
#################################################
---
- hosts: all
become: true
vars_files:
- vars/pies.yml
tasks:
- name: Check if LCD Rotated
shell: grep -c "lcd_rotate=2" /boot/config.txt || true
register: lcd_rotate_test
- name: rotate the lcd
lineinfile:
dest: /boot/config.txt
line: lcd_rotate=2
when: lcd_rotate_test.stdout == "0"
- name: Update the hostname file
replace:
path: /etc/hostname
regexp: '(\s*)raspberrypi(\s+.*)?$'
replace: "\\1{{ hostname }}\\2"
backup: yes
- name: Update the hosts file
replace:
path: /etc/hosts
regexp: '(\s+)raspberrypi(\s+.*)?$'
replace: "\\1{{ hostname }}\\2"
backup: yes
- name: Ensure SSH Directory exists
file:
path: /home/pi/.ssh
state: directory
group: pi
owner: pi
mode: 0700
- name: Ensure authorized_keys file exists
copy:
content: ""
dest: /home/pi/.ssh/authorized_keys
force: no
group: pi
owner: pi
mode: 0644
- name: Check Peitho public key
shell: "grep -c \"{{ peitho_key }}\" /home/pi/.ssh/authorized_keys || true"
register: peithokey_test
- name: Add Peitho public key
lineinfile:
dest: /home/pi/.ssh/authorized_keys
line: "{{ peitho_key }}"
when: peithokey_test.stdout == "0"
- name: Check if .ssh config file exists
stat:
path: /home/pi/.ssh/config
register: config_status
- name: No need to upload the .ssh config
when: config_status.stat.exists == true
debug:
msg: No need to upload the .ssh config as it already exists.
- name: Upload the .ssh config file
when: config_status.stat.exists == false
template:
src: "files/config"
dest: "/home/pi/.ssh/config"
group: pi
owner: pi
mode: 0644
- name: Check if rsa key exists
stat:
path: /home/pi/.ssh/id_rsa
register: key_status
- name: No need to generate new rsa key
when: key_status.stat.exists == true
debug:
msg: No need to generate new rsa key as it already exists.
- name: Generate new rsa key
when: key_status.stat.exists == false
become: yes
become_user: pi
shell: ssh-keygen -t rsa -b 4096 -q -f /home/pi/.ssh/id_rsa -C "pi@{{ hostname }} $(date '+%Y.%m.%d')" -N ""
# shell: ssh-keygen -t rsa -b 4096 -q -f /home/pi/.ssh/id_rsa -C "$(whoami)@$(hostname) $(date '+%Y.%m.%d')" -N ""
- name: Install Docker
shell: curl -sSL https://get.docker.com | sh
- name: Install matchbox-keyboard
package:
name: matchbox-keyboard
state: latest
- name: Install python3-docker
package:
name: python3-docker
state: latest
- name: adding user pi to group docker
user:
name: pi
groups: docker
append: yes
- name: adding user pi to group lp (line printers)
user:
name: pi
groups: lp
append: yes
- name: install knox-redis-tunnel systemd unit file
template:
src: "files/knox-redis-tunnel.service"
dest: "/etc/systemd/system/knox-redis-tunnel.service"
- name: enable service knox-redis-tunnel and ensure it is not masked
systemd:
name: knox-redis-tunnel
enabled: yes
masked: no
- name: Make sure knox-redis-tunnel service is running
systemd:
state: started
name: knox-redis-tunnel
- name: install knox-redis-tunnel systemd unit file
template:
src: "files/gotthard.service"
dest: "/etc/systemd/system/gotthard.service"
- name: enable service gotthard and ensure it is not masked
systemd:
name: gotthard
enabled: yes
masked: no
- name: Make sure gotthard service is running
systemd:
state: started
name: gotthard

4
docker/files/config Normal file
View File

@ -0,0 +1,4 @@
Host do knox knox.tanshu.com
HostName knox.tanshu.com
IdentityFile ~/.ssh/id_rsa
User tanshu

2
docker/files/frank.sh
View File

@ -1 +1 @@
docker run --detach --name frank --hostname=moh1 --env-file=/home/pi/frank.env --network=host --restart=no --device /dev/usb/lp0:/printer frank:latest
docker run --detach --name frank --env-file=/home/pi/frank.env --network=host --restart=no --device /dev/usb/lp0:/printer frank:latest

16
docker/files/gotthard.service Normal file
View File

@ -0,0 +1,16 @@
[Unit]
Description=Reverse SSH connection
After=network.target
[Service]
Type=simple
User=pi
ExecStart=/usr/bin/ssh -NTg -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -o ServerAliveCountMax=3 -o StrictHostKeyChecking=no -i /home/pi/.ssh/id_rsa -R {{ ssh_port }}:localhost:22 tanshu@knox.tanshu.com
# Restart every >2 seconds to avoid StartLimitInterval failure
Restart=always
RestartSec=5s
[Install]
WantedBy=default.target

15
docker/files/knox-redis-tunnel.service Normal file
View File

@ -0,0 +1,15 @@
[Unit]
Description=Keep ssh tunnel to specified remote host open
After=network.target
[Service]
User=pi
ExecStart=/usr/bin/ssh -NT -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -o ServerAliveCountMax=3 -o StrictHostKeyChecking=no -i /home/pi/.ssh/id_rsa -L 6379:localhost:6379 tanshu@knox.tanshu.com
# Restart every >2 seconds to avoid StartLimitInterval failure
RestartSec=5
Restart=always
[Install]
WantedBy=multi-user.target

21
docker/playbook-frank.yml
View File

@ -31,8 +31,11 @@
- name: Upload the frank .env file
when: status.stat.exists == false
template:
src: "files/frank.env"
dest: "/home/pi/frank.env"
src: files/frank.env
dest: /home/pi/frank.env
group: pi
owner: pi
mode: 0644
- name: Create frank worker container
docker_container:
@ -46,10 +49,20 @@
- "{{ printer_port }}:/printer"
- name: Copy docker build script
synchronize: src=files/build-frank.sh dest=/home/pi/dockerfile/build-frank.sh
template:
src: files/build-frank.sh
dest: /home/pi/dockerfile/build-frank.sh
group: pi
owner: pi
mode: 0644
- name: Copy docker run script
synchronize: src=files/frank.sh dest=/home/pi/dockerfile/frank.sh
template:
src: files/frank.sh
dest: /home/pi/dockerfile/frank.sh
group: pi
owner: pi
mode: 0644
- name: install frank systemd unit file
template:

4
docker/vars/pies.yml Normal file
View File

@ -0,0 +1,4 @@
---
hostname: "chd3"
ssh_port: "22447"
peitho_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCrT4geK0hUTc/3NDVt0g3DZwdOg2dRq4MbNdVvmRVsJHXRXWkyehzDVTRmxxmUvPZgy20QgLcMVJWQ1128ksg7tYNcVRw7/8kV9xMmVFeHGc03H+8WltUuDrbcM5ejaIFvYgZvZpl1A7uuE8VOT6Z0LentV7VSKpmhrRsnYw3+parmjCLWSoW6HLj6L841OlF+4u07fPj92qXonqufeWvh5Fr2RF+uBkDv3Bk+Lk7ENa0GLt9zu/5zVZGynXpCIRwltxCFkLoFYEzXYxT4jGWSxZQmLizm08RFfQGlrbYx/3qUomF/A7cgpkPo8kOq4iXtc+1+1GZNKhg8356yeQonUdbZ9hUfEfgyHRGRx9x5cq588XKYy7VsYDp/08ZYB0RvvGvO4fVzmVUwrTwxQXJaKkqTMdkee11JAaDfJpfsyrAcLiD/jp2ezoJhGWJxZLZQSMLtZcyRWPw6bPT65a8MdyF3b1Mv2aOU78Gjagh7mH8DCa3ZtPglngiwjKMZTMvSavNtDEE5CUL6hE+Hsqo6RUGRnYy3VvqvBepx3+CyTwYNvg2+AuzacKjumhrxG5Ca0gyxFdHVSK0eFqsVotU7/m8yJUxSYzsyeEC/sELpj3H3JU1aaySCnW22T6b/8Fwe2Sj0YHIvNidN1K5/voxqd9WgNObdcvbOXNUfd4vAdQ== 2020.05.26 peitho"