Updated the docker and ansible files for setting up and building / running rasberry pi with the frank service
Still need to manually copy the new id_rsa created on the pi to knox.
This commit is contained in:
parent
5cd0acc7a9
commit
eedc571ade
|
@ -1,15 +1,15 @@
|
||||||
FROM python:latest
|
FROM python:latest
|
||||||
RUN mkdir /app
|
|
||||||
WORKDIR /app
|
|
||||||
ADD https://git.tanshu.com/tanshu/barker/raw/branch/main/frank/pyproject.toml /app/pyproject.toml
|
|
||||||
|
|
||||||
# Install Poetry
|
# Install Poetry
|
||||||
RUN curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/install-poetry.py | POETRY_HOME=/opt/poetry python && \
|
RUN curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | POETRY_HOME=/opt/poetry python && \
|
||||||
cd /usr/local/bin && \
|
cd /usr/local/bin && \
|
||||||
ln -s /opt/poetry/bin/poetry && \
|
ln -s /opt/poetry/bin/poetry && \
|
||||||
poetry config virtualenvs.create false && \
|
poetry config virtualenvs.create false && \
|
||||||
cd /app && \
|
mkdir /app
|
||||||
poetry install --no-root --no-dev
|
|
||||||
|
WORKDIR /app
|
||||||
|
ADD https://git.tanshu.com/tanshu/barker/raw/branch/main/frank/pyproject.toml /app/pyproject.toml
|
||||||
|
RUN poetry install --no-root --no-dev
|
||||||
|
|
||||||
ADD https://git.tanshu.com/api/v1/repos/tanshu/barker/tags /tags.json
|
ADD https://git.tanshu.com/api/v1/repos/tanshu/barker/tags /tags.json
|
||||||
RUN git clone --single-branch --depth 1 https://git.tanshu.com/tanshu/barker.git /repo
|
RUN git clone --single-branch --depth 1 https://git.tanshu.com/tanshu/barker.git /repo
|
||||||
|
|
|
@ -0,0 +1,153 @@
|
||||||
|
#################################################
|
||||||
|
# DO Community Playbooks: Docker
|
||||||
|
#################################################
|
||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
become: true
|
||||||
|
vars_files:
|
||||||
|
- vars/pies.yml
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Check if LCD Rotated
|
||||||
|
shell: grep -c "lcd_rotate=2" /boot/config.txt || true
|
||||||
|
register: lcd_rotate_test
|
||||||
|
|
||||||
|
- name: rotate the lcd
|
||||||
|
lineinfile:
|
||||||
|
dest: /boot/config.txt
|
||||||
|
line: lcd_rotate=2
|
||||||
|
when: lcd_rotate_test.stdout == "0"
|
||||||
|
|
||||||
|
- name: Update the hostname file
|
||||||
|
replace:
|
||||||
|
path: /etc/hostname
|
||||||
|
regexp: '(\s*)raspberrypi(\s+.*)?$'
|
||||||
|
replace: "\\1{{ hostname }}\\2"
|
||||||
|
backup: yes
|
||||||
|
|
||||||
|
- name: Update the hosts file
|
||||||
|
replace:
|
||||||
|
path: /etc/hosts
|
||||||
|
regexp: '(\s+)raspberrypi(\s+.*)?$'
|
||||||
|
replace: "\\1{{ hostname }}\\2"
|
||||||
|
backup: yes
|
||||||
|
|
||||||
|
- name: Ensure SSH Directory exists
|
||||||
|
file:
|
||||||
|
path: /home/pi/.ssh
|
||||||
|
state: directory
|
||||||
|
group: pi
|
||||||
|
owner: pi
|
||||||
|
mode: 0700
|
||||||
|
|
||||||
|
- name: Ensure authorized_keys file exists
|
||||||
|
copy:
|
||||||
|
content: ""
|
||||||
|
dest: /home/pi/.ssh/authorized_keys
|
||||||
|
force: no
|
||||||
|
group: pi
|
||||||
|
owner: pi
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Check Peitho public key
|
||||||
|
shell: "grep -c \"{{ peitho_key }}\" /home/pi/.ssh/authorized_keys || true"
|
||||||
|
register: peithokey_test
|
||||||
|
|
||||||
|
- name: Add Peitho public key
|
||||||
|
lineinfile:
|
||||||
|
dest: /home/pi/.ssh/authorized_keys
|
||||||
|
line: "{{ peitho_key }}"
|
||||||
|
when: peithokey_test.stdout == "0"
|
||||||
|
|
||||||
|
- name: Check if .ssh config file exists
|
||||||
|
stat:
|
||||||
|
path: /home/pi/.ssh/config
|
||||||
|
register: config_status
|
||||||
|
|
||||||
|
- name: No need to upload the .ssh config
|
||||||
|
when: config_status.stat.exists == true
|
||||||
|
debug:
|
||||||
|
msg: No need to upload the .ssh config as it already exists.
|
||||||
|
|
||||||
|
- name: Upload the .ssh config file
|
||||||
|
when: config_status.stat.exists == false
|
||||||
|
template:
|
||||||
|
src: "files/config"
|
||||||
|
dest: "/home/pi/.ssh/config"
|
||||||
|
group: pi
|
||||||
|
owner: pi
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Check if rsa key exists
|
||||||
|
stat:
|
||||||
|
path: /home/pi/.ssh/id_rsa
|
||||||
|
register: key_status
|
||||||
|
|
||||||
|
- name: No need to generate new rsa key
|
||||||
|
when: key_status.stat.exists == true
|
||||||
|
debug:
|
||||||
|
msg: No need to generate new rsa key as it already exists.
|
||||||
|
|
||||||
|
- name: Generate new rsa key
|
||||||
|
when: key_status.stat.exists == false
|
||||||
|
become: yes
|
||||||
|
become_user: pi
|
||||||
|
shell: ssh-keygen -t rsa -b 4096 -q -f /home/pi/.ssh/id_rsa -C "pi@{{ hostname }} $(date '+%Y.%m.%d')" -N ""
|
||||||
|
# shell: ssh-keygen -t rsa -b 4096 -q -f /home/pi/.ssh/id_rsa -C "$(whoami)@$(hostname) $(date '+%Y.%m.%d')" -N ""
|
||||||
|
|
||||||
|
- name: Install Docker
|
||||||
|
shell: curl -sSL https://get.docker.com | sh
|
||||||
|
|
||||||
|
- name: Install matchbox-keyboard
|
||||||
|
package:
|
||||||
|
name: matchbox-keyboard
|
||||||
|
state: latest
|
||||||
|
|
||||||
|
- name: Install python3-docker
|
||||||
|
package:
|
||||||
|
name: python3-docker
|
||||||
|
state: latest
|
||||||
|
|
||||||
|
- name: adding user pi to group docker
|
||||||
|
user:
|
||||||
|
name: pi
|
||||||
|
groups: docker
|
||||||
|
append: yes
|
||||||
|
|
||||||
|
- name: adding user pi to group lp (line printers)
|
||||||
|
user:
|
||||||
|
name: pi
|
||||||
|
groups: lp
|
||||||
|
append: yes
|
||||||
|
|
||||||
|
- name: install knox-redis-tunnel systemd unit file
|
||||||
|
template:
|
||||||
|
src: "files/knox-redis-tunnel.service"
|
||||||
|
dest: "/etc/systemd/system/knox-redis-tunnel.service"
|
||||||
|
|
||||||
|
- name: enable service knox-redis-tunnel and ensure it is not masked
|
||||||
|
systemd:
|
||||||
|
name: knox-redis-tunnel
|
||||||
|
enabled: yes
|
||||||
|
masked: no
|
||||||
|
|
||||||
|
- name: Make sure knox-redis-tunnel service is running
|
||||||
|
systemd:
|
||||||
|
state: started
|
||||||
|
name: knox-redis-tunnel
|
||||||
|
|
||||||
|
- name: install knox-redis-tunnel systemd unit file
|
||||||
|
template:
|
||||||
|
src: "files/gotthard.service"
|
||||||
|
dest: "/etc/systemd/system/gotthard.service"
|
||||||
|
|
||||||
|
- name: enable service gotthard and ensure it is not masked
|
||||||
|
systemd:
|
||||||
|
name: gotthard
|
||||||
|
enabled: yes
|
||||||
|
masked: no
|
||||||
|
|
||||||
|
- name: Make sure gotthard service is running
|
||||||
|
systemd:
|
||||||
|
state: started
|
||||||
|
name: gotthard
|
|
@ -0,0 +1,4 @@
|
||||||
|
Host do knox knox.tanshu.com
|
||||||
|
HostName knox.tanshu.com
|
||||||
|
IdentityFile ~/.ssh/id_rsa
|
||||||
|
User tanshu
|
|
@ -1 +1 @@
|
||||||
docker run --detach --name frank --hostname=moh1 --env-file=/home/pi/frank.env --network=host --restart=no --device /dev/usb/lp0:/printer frank:latest
|
docker run --detach --name frank --env-file=/home/pi/frank.env --network=host --restart=no --device /dev/usb/lp0:/printer frank:latest
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Reverse SSH connection
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
User=pi
|
||||||
|
|
||||||
|
ExecStart=/usr/bin/ssh -NTg -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -o ServerAliveCountMax=3 -o StrictHostKeyChecking=no -i /home/pi/.ssh/id_rsa -R {{ ssh_port }}:localhost:22 tanshu@knox.tanshu.com
|
||||||
|
|
||||||
|
# Restart every >2 seconds to avoid StartLimitInterval failure
|
||||||
|
Restart=always
|
||||||
|
RestartSec=5s
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=default.target
|
|
@ -0,0 +1,15 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Keep ssh tunnel to specified remote host open
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
User=pi
|
||||||
|
|
||||||
|
ExecStart=/usr/bin/ssh -NT -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -o ServerAliveCountMax=3 -o StrictHostKeyChecking=no -i /home/pi/.ssh/id_rsa -L 6379:localhost:6379 tanshu@knox.tanshu.com
|
||||||
|
|
||||||
|
# Restart every >2 seconds to avoid StartLimitInterval failure
|
||||||
|
RestartSec=5
|
||||||
|
Restart=always
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -31,8 +31,11 @@
|
||||||
- name: Upload the frank .env file
|
- name: Upload the frank .env file
|
||||||
when: status.stat.exists == false
|
when: status.stat.exists == false
|
||||||
template:
|
template:
|
||||||
src: "files/frank.env"
|
src: files/frank.env
|
||||||
dest: "/home/pi/frank.env"
|
dest: /home/pi/frank.env
|
||||||
|
group: pi
|
||||||
|
owner: pi
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
- name: Create frank worker container
|
- name: Create frank worker container
|
||||||
docker_container:
|
docker_container:
|
||||||
|
@ -46,10 +49,20 @@
|
||||||
- "{{ printer_port }}:/printer"
|
- "{{ printer_port }}:/printer"
|
||||||
|
|
||||||
- name: Copy docker build script
|
- name: Copy docker build script
|
||||||
synchronize: src=files/build-frank.sh dest=/home/pi/dockerfile/build-frank.sh
|
template:
|
||||||
|
src: files/build-frank.sh
|
||||||
|
dest: /home/pi/dockerfile/build-frank.sh
|
||||||
|
group: pi
|
||||||
|
owner: pi
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
- name: Copy docker run script
|
- name: Copy docker run script
|
||||||
synchronize: src=files/frank.sh dest=/home/pi/dockerfile/frank.sh
|
template:
|
||||||
|
src: files/frank.sh
|
||||||
|
dest: /home/pi/dockerfile/frank.sh
|
||||||
|
group: pi
|
||||||
|
owner: pi
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
- name: install frank systemd unit file
|
- name: install frank systemd unit file
|
||||||
template:
|
template:
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
hostname: "chd3"
|
||||||
|
ssh_port: "22447"
|
||||||
|
peitho_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCrT4geK0hUTc/3NDVt0g3DZwdOg2dRq4MbNdVvmRVsJHXRXWkyehzDVTRmxxmUvPZgy20QgLcMVJWQ1128ksg7tYNcVRw7/8kV9xMmVFeHGc03H+8WltUuDrbcM5ejaIFvYgZvZpl1A7uuE8VOT6Z0LentV7VSKpmhrRsnYw3+parmjCLWSoW6HLj6L841OlF+4u07fPj92qXonqufeWvh5Fr2RF+uBkDv3Bk+Lk7ENa0GLt9zu/5zVZGynXpCIRwltxCFkLoFYEzXYxT4jGWSxZQmLizm08RFfQGlrbYx/3qUomF/A7cgpkPo8kOq4iXtc+1+1GZNKhg8356yeQonUdbZ9hUfEfgyHRGRx9x5cq588XKYy7VsYDp/08ZYB0RvvGvO4fVzmVUwrTwxQXJaKkqTMdkee11JAaDfJpfsyrAcLiD/jp2ezoJhGWJxZLZQSMLtZcyRWPw6bPT65a8MdyF3b1Mv2aOU78Gjagh7mH8DCa3ZtPglngiwjKMZTMvSavNtDEE5CUL6hE+Hsqo6RUGRnYy3VvqvBepx3+CyTwYNvg2+AuzacKjumhrxG5Ca0gyxFdHVSK0eFqsVotU7/m8yJUxSYzsyeEC/sELpj3H3JU1aaySCnW22T6b/8Fwe2Sj0YHIvNidN1K5/voxqd9WgNObdcvbOXNUfd4vAdQ== 2020.05.26 peitho"
|
Loading…
Reference in New Issue