From abb06f9c806a6a06d8c56ee1fadc315168882e4a Mon Sep 17 00:00:00 2001 From: ABelliqueux Date: Sat, 22 Oct 2022 14:22:38 +0200 Subject: [PATCH] Switch to bullseye, fix conn.close(), deploy script --- app.py | 9 ++++- changelog_todo.md | 18 ++++----- linux_server_deploy.sh | 31 +++++++++++---- pilpil-server.toml | 4 +- prepa_rpios.md | 87 +++++++++++++++++++++++++++++++----------- requirements.txt | 2 +- 6 files changed, 105 insertions(+), 46 deletions(-) diff --git a/app.py b/app.py index cd60b2b..872173e 100755 --- a/app.py +++ b/app.py @@ -244,9 +244,14 @@ def sendCommand(host, arg0, arg1, arg2): conn = http.client.HTTPConnection( host + ":" + str(portl), timeout=3 ) try: conn.request( "GET", req, headers = headers ) + resp = conn.getresponse() + except http.client.HTTPException: + print("Connection to " + host + " timed out") + return "Connection to " + host + " timed out" except: - return "Connection to " + host + " was refused on port " + str(portl) - resp = conn.getresponse() + return "Error while connecting to " + host + ":" + str(portl) + finally: + conn.close() # Parse response data = resp.read() diff --git a/changelog_todo.md b/changelog_todo.md index 67ba640..c61e284 100644 --- a/changelog_todo.md +++ b/changelog_todo.md @@ -28,15 +28,15 @@ sha256 : 0fe3fe76d0e56e445124fa20646fa8b3d8c59568786b3ebc8a96d83d92f203e3 * Use nginx reverse proxy + SSL between server and clients ( https://medium.com/@antelle/how-to-generate-a-self-signed-ssl-certificate-for-an-ip-address-f0dd8dddf754 ) * Webgui beautifying -## 0.4 : 2022-10-19-videopi.img.xz -md5 : -sha256 : +## 0.4 : 2022-10-21-videopi.img.xz +md5 : 2a54eb1763060db652c4c5d89c07ef2a +sha256 : 10b65d5260222e4cdc591ad5384247cbc22d515dc55ea6b31b2daf0b6fd01004 - * Apt upgrade + * Switch to rpi os Bullseye * Switch to user 'pil', pw 'pilpoil' * client config file parsing ( look for 'pilpil-client.toml' in ./, ~/., ~/.config/) * Add media folder sync (scp, rsync, http upload) - * General filesystem clean up + * Install script ; Wifi setup, generate/install SSH keys/ nginx SSL cert/key fore each host, change hostname, static IPs # FS checklist @@ -51,14 +51,11 @@ sha256 : # DOING NEXT : - * Test with several rpis + * ~ Test with several rpis * Define http auth secret at setup # DONE : - * media sync (scp, rsync, http) - * Install script ; Wifi setup, generate/install SSH keys/ nginx SSL cert/key fore each host, change hostname, static IPs - * Test static IP ok - + # OTHER: * get_client_rssi.sh on server @@ -68,6 +65,5 @@ sha256 : * ? Scripts hotspot linux/win/mac * ? Config sync - * ? Linux Minimal Virtualbox image * ! Remove git personal details/resolv.conf, remove authorized_keys, ssh config, clean home, re-enable ssh pw login * ~ Doc diff --git a/linux_server_deploy.sh b/linux_server_deploy.sh index dc7aea0..c5c5306 100755 --- a/linux_server_deploy.sh +++ b/linux_server_deploy.sh @@ -32,8 +32,8 @@ then exit 0 fi DD_BS="128K" -DISK_IMAGE="$HOME/niels/imgs/2022-10-19-pilpil.img.xz" -CONFIG_DIR="$HOME/niels/flasktest" +DISK_IMAGE="$HOME/niels/imgs/2022-10-20-pilpil.img.xz" +CONFIG_DIR="$HOME/niels/pilpil-server" PI_USER="pil" BOOT_MOUNT="/run/media/$USER/boot" ROOTFS_MOUNT="/run/media/$USER/rootfs" @@ -185,13 +185,28 @@ network={ sudo cp "$CONFIG_DIR/selfCA.crt" "$ROOTFS_MOUNT/etc/ssl/certs/nginx-selfsigned.crt" sudo cp "$CONFIG_DIR/selfCA.key" "$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key" sync - # 6. Copy medias + #~ # 6. Copy medias green "Operation 12/13 : Syncing media folder $LOCAL_MEDIA_DIR/ with $REMOTE_MEDIA_DIR/ \n" - USER_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $3}' ) - GROUP_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $4}' ) - sudo cp "$LOCAL_MEDIA_DIR/*" "$REMOTE_MEDIA_DIR/" - sudo chown $USER_ID:$GROUP_ID "$REMOTE_MEDIA_DIR/*" - sync + # Remove filler file + if [ -f "$REMOTE_MEDIA_DIR/remove_me" ] + then + sudo rm "$REMOTE_MEDIA_DIR/remove_me" + fi + # Get available space on rootfs + ROOTFS_AVAILABLE_SPACE=$(df -t ext4 -P $ROOTFS_MOUNT | tail -1 | awk '{print $4}') + # Get Media folder size + MEDIA_SIZE=$(du -c $LOCAL_MEDIA_DIR | tail -1 | awk '{print $1}') + # Only copy files if enough space available + if [ $MEDIA_SIZE -lt $ROOTFS_AVAILABLE_SPACE ] + then + USER_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $3}' ) + GROUP_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $4}' ) + sudo cp "$LOCAL_MEDIA_DIR/*" "$REMOTE_MEDIA_DIR/" + sudo chown $USER_ID:$GROUP_ID "$REMOTE_MEDIA_DIR/*" + sync + else + red "Not enough space on $ROOTFS_MOUNT, skipping..." + fi # Unmount FS green "Operation 13/13 : Unmounting filesystems" umount $BOOT_MOUNT diff --git a/pilpil-server.toml b/pilpil-server.toml index 4230676..bb7b9cf 100644 --- a/pilpil-server.toml +++ b/pilpil-server.toml @@ -5,12 +5,12 @@ CAfile = "selfCA.crt" # scp, rsync, http sync_facility = "http" media_folder_local = "../medias" -media_folder_remote = "/home/pi/Videos/" +media_folder_remote = "/home/pil/Videos" media_exts = ["mp4", "avi", "mkv"] auth = "secret" # OnNlY3JldA== cmd_auth = "secret" -hosts = ["10.42.0.10", "10.42.0.11"] +hosts = ["10.42.0.135", "10.42.0.11"] # VLC http LUA port port = 8887 # Clients cmd port diff --git a/prepa_rpios.md b/prepa_rpios.md index 1367cea..5103f06 100644 --- a/prepa_rpios.md +++ b/prepa_rpios.md @@ -28,6 +28,7 @@ network={ ``` 4. Insérer la carte dans le RPI et démarrer le système. 5. Se connecter via SSH. + 6. Adduser pil ## Modification de config.txt @@ -92,15 +93,16 @@ console=tty3 loglevel=3 vt.global_cursor_default=0 logo.nologo consoleblank=1 ### Login silencieux Lancer les commandes suivantes : - * `echo "" > sudo tee /etc/issue` - * `touch .hushlogin` + * `echo "" | sudo tee /etc/issue` + * `echo "" | sudo tee /etc/motd` + * `touch ~/.hushlogin` Editer le fichier `/etc/systemd/system/getty@tty1.service.d/autologin.conf` et remplacer le contenu par : ``` [Service] ExecStart= -ExecStart=-/sbin/agetty --skip-login --noclear --noissue --login-options "-f pi" %I $TERM +ExecStart=-/sbin/agetty --skip-login --noclear --noissue --login-options "-f pil" %I $TERM ``` Editer le fichier `/etc/rc.local` et ajouter la ligne suivante juste avant "exit 0" : @@ -116,7 +118,8 @@ Lancer la commande `raspi-config`, puis aller dans "1 System Options", "S5 Boot ``` sudo apt-get update # min -sudo apt-get install vlc vlc-plugin-base va-driver-all va-driver vdpau-driver-all python3-minimal python3-flask python3-waitress python3-toml +sudo apt-get install vlc vlc-plugin-base python3-minimal python3-pip nginx file lua5.2 +python pip install flask flask-httpauth waitress toml werkzeug # build # sudo apt-get install vlc git dkms firmware-realtek firmware-iwlwifi firmware-ipw2x00 firmware-atheros raspberrypi-kernel-headers build-essential va-driver-all va-driver vdpau-driver-all ``` @@ -153,21 +156,19 @@ Host 10.42.0.135 ``` -## VLC : démarrage automatique du serveur http +## Systemd Unit : démarrage automatique des services -### Systemd Unit +## VLC -Créer le fichier `/lib/systemd/system/vlc.service` contenant: +Créer le fichier `.config/systemd/user/vlc.service` contenant: ``` [Unit] Description=VLC http service [Service] -User=pi -#Environment="DISPLAY=:0" +WorkingDirectory=/home/pil/ ExecStart=/usr/bin/cvlc --quiet -I http --no-osd --http-password=secret -WorkingDirectory=/home/pi Restart=always [Install] @@ -177,11 +178,40 @@ WantedBy=multi-user.target Puis lancer les commandes : ``` -sudo chmod +x /lib/systemd/system/vlc.service -sudo systemctl enable vlc -sudo systemctl start vlc +systemctl --user daemon-reload +systemctl --user enable vlc +systemctl --user start vlc ``` +## pilpil + +Créer le fichier `.config/systemd/user/pilpil.service` contenant: + +``` +[Unit] +Description=Pilpil Command Server +After=network.target + +[Service] +WorkingDirectory=/home/pil/pilpil-client +ExecStart=/home/pil/pilpil-client/app.py +Restart=always + +[Install] +WantedBy=multi-user.target + +``` + +Puis lancer les commandes : + +``` +systemctl --user daemon-reload +systemctl --user enable pilpil +systemctl --user start pilpil +``` + + + ## Configuration du serveur régie ### Linux : network-manager cli @@ -389,22 +419,35 @@ sudo apt-get install nginx /etc/nginx/sites-available/default : ``` +# Cmd server server { - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; - #server_name example.com; - location / { - proxy_pass http://your.ip.adress:5000; + listen 8888 ssl; + ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; + ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; + location / { + client_max_body_size 100M; # Max http_upload size + proxy_pass http://127.0.0.1:5000; proxy_set_header X-Real-IP $remote_addr; } } +# VLC server server { - listen 80; - server_name example.com; - return 302 https://$server_name$request_uri; + listen 8887 ssl; + ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; + ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; + location / { + proxy_pass http://127.0.0.1:5001; + proxy_set_header X-Real-IP $remote_addr; + } } + +``` + +openssl : + +``` +openssl req -new -newkey rsa:4096 -days 1825 -nodes -x509 -subj "/C=/ST=Denial/L=/O=/CN=10.42.0.135" -addext "subjectAltName=10.42.0.135" -keyout "/etc/ssl/private/nginx-selfsigned.key" -out "/etc/ssl/certs/nginx-selfsigned.crt" ``` #### Fix nginx startup fail if /var/log/nginx doesn't exists diff --git a/requirements.txt b/requirements.txt index f55289f..389e227 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,3 @@ flask waitress -toml +toml \ No newline at end of file