Switch to bullseye, fix conn.close(), deploy script

This commit is contained in:
ABelliqueux 2022-10-22 14:22:38 +02:00
parent 29b125725e
commit abb06f9c80
6 changed files with 105 additions and 46 deletions

9
app.py
View File

@ -244,9 +244,14 @@ def sendCommand(host, arg0, arg1, arg2):
conn = http.client.HTTPConnection( host + ":" + str(portl), timeout=3 ) conn = http.client.HTTPConnection( host + ":" + str(portl), timeout=3 )
try: try:
conn.request( "GET", req, headers = headers ) conn.request( "GET", req, headers = headers )
resp = conn.getresponse()
except http.client.HTTPException:
print("Connection to " + host + " timed out")
return "Connection to " + host + " timed out"
except: except:
return "Connection to " + host + " was refused on port " + str(portl) return "Error while connecting to " + host + ":" + str(portl)
resp = conn.getresponse() finally:
conn.close()
# Parse response # Parse response
data = resp.read() data = resp.read()

View File

@ -28,15 +28,15 @@ sha256 : 0fe3fe76d0e56e445124fa20646fa8b3d8c59568786b3ebc8a96d83d92f203e3
* Use nginx reverse proxy + SSL between server and clients ( https://medium.com/@antelle/how-to-generate-a-self-signed-ssl-certificate-for-an-ip-address-f0dd8dddf754 ) * Use nginx reverse proxy + SSL between server and clients ( https://medium.com/@antelle/how-to-generate-a-self-signed-ssl-certificate-for-an-ip-address-f0dd8dddf754 )
* Webgui beautifying * Webgui beautifying
## 0.4 : 2022-10-19-videopi.img.xz ## 0.4 : 2022-10-21-videopi.img.xz
md5 : md5 : 2a54eb1763060db652c4c5d89c07ef2a
sha256 : sha256 : 10b65d5260222e4cdc591ad5384247cbc22d515dc55ea6b31b2daf0b6fd01004
* Apt upgrade * Switch to rpi os Bullseye
* Switch to user 'pil', pw 'pilpoil' * Switch to user 'pil', pw 'pilpoil'
* client config file parsing ( look for 'pilpil-client.toml' in ./, ~/., ~/.config/) * client config file parsing ( look for 'pilpil-client.toml' in ./, ~/., ~/.config/)
* Add media folder sync (scp, rsync, http upload) * Add media folder sync (scp, rsync, http upload)
* General filesystem clean up * Install script ; Wifi setup, generate/install SSH keys/ nginx SSL cert/key fore each host, change hostname, static IPs
# FS checklist # FS checklist
@ -51,13 +51,10 @@ sha256 :
# DOING NEXT : # DOING NEXT :
* Test with several rpis * ~ Test with several rpis
* Define http auth secret at setup * Define http auth secret at setup
# DONE : # DONE :
* media sync (scp, rsync, http)
* Install script ; Wifi setup, generate/install SSH keys/ nginx SSL cert/key fore each host, change hostname, static IPs
* Test static IP ok
# OTHER: # OTHER:
* get_client_rssi.sh on server * get_client_rssi.sh on server
@ -68,6 +65,5 @@ sha256 :
* ? Scripts hotspot linux/win/mac * ? Scripts hotspot linux/win/mac
* ? Config sync * ? Config sync
* ? Linux Minimal Virtualbox image
* ! Remove git personal details/resolv.conf, remove authorized_keys, ssh config, clean home, re-enable ssh pw login * ! Remove git personal details/resolv.conf, remove authorized_keys, ssh config, clean home, re-enable ssh pw login
* ~ Doc * ~ Doc

View File

@ -32,8 +32,8 @@ then
exit 0 exit 0
fi fi
DD_BS="128K" DD_BS="128K"
DISK_IMAGE="$HOME/niels/imgs/2022-10-19-pilpil.img.xz" DISK_IMAGE="$HOME/niels/imgs/2022-10-20-pilpil.img.xz"
CONFIG_DIR="$HOME/niels/flasktest" CONFIG_DIR="$HOME/niels/pilpil-server"
PI_USER="pil" PI_USER="pil"
BOOT_MOUNT="/run/media/$USER/boot" BOOT_MOUNT="/run/media/$USER/boot"
ROOTFS_MOUNT="/run/media/$USER/rootfs" ROOTFS_MOUNT="/run/media/$USER/rootfs"
@ -185,13 +185,28 @@ network={
sudo cp "$CONFIG_DIR/selfCA.crt" "$ROOTFS_MOUNT/etc/ssl/certs/nginx-selfsigned.crt" sudo cp "$CONFIG_DIR/selfCA.crt" "$ROOTFS_MOUNT/etc/ssl/certs/nginx-selfsigned.crt"
sudo cp "$CONFIG_DIR/selfCA.key" "$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key" sudo cp "$CONFIG_DIR/selfCA.key" "$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key"
sync sync
# 6. Copy medias #~ # 6. Copy medias
green "Operation 12/13 : Syncing media folder $LOCAL_MEDIA_DIR/ with $REMOTE_MEDIA_DIR/ \n" green "Operation 12/13 : Syncing media folder $LOCAL_MEDIA_DIR/ with $REMOTE_MEDIA_DIR/ \n"
USER_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $3}' ) # Remove filler file
GROUP_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $4}' ) if [ -f "$REMOTE_MEDIA_DIR/remove_me" ]
sudo cp "$LOCAL_MEDIA_DIR/*" "$REMOTE_MEDIA_DIR/" then
sudo chown $USER_ID:$GROUP_ID "$REMOTE_MEDIA_DIR/*" sudo rm "$REMOTE_MEDIA_DIR/remove_me"
sync fi
# Get available space on rootfs
ROOTFS_AVAILABLE_SPACE=$(df -t ext4 -P $ROOTFS_MOUNT | tail -1 | awk '{print $4}')
# Get Media folder size
MEDIA_SIZE=$(du -c $LOCAL_MEDIA_DIR | tail -1 | awk '{print $1}')
# Only copy files if enough space available
if [ $MEDIA_SIZE -lt $ROOTFS_AVAILABLE_SPACE ]
then
USER_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $3}' )
GROUP_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $4}' )
sudo cp "$LOCAL_MEDIA_DIR/*" "$REMOTE_MEDIA_DIR/"
sudo chown $USER_ID:$GROUP_ID "$REMOTE_MEDIA_DIR/*"
sync
else
red "Not enough space on $ROOTFS_MOUNT, skipping..."
fi
# Unmount FS # Unmount FS
green "Operation 13/13 : Unmounting filesystems" green "Operation 13/13 : Unmounting filesystems"
umount $BOOT_MOUNT umount $BOOT_MOUNT

View File

@ -5,12 +5,12 @@ CAfile = "selfCA.crt"
# scp, rsync, http # scp, rsync, http
sync_facility = "http" sync_facility = "http"
media_folder_local = "../medias" media_folder_local = "../medias"
media_folder_remote = "/home/pi/Videos/" media_folder_remote = "/home/pil/Videos"
media_exts = ["mp4", "avi", "mkv"] media_exts = ["mp4", "avi", "mkv"]
auth = "secret" auth = "secret"
# OnNlY3JldA== # OnNlY3JldA==
cmd_auth = "secret" cmd_auth = "secret"
hosts = ["10.42.0.10", "10.42.0.11"] hosts = ["10.42.0.135", "10.42.0.11"]
# VLC http LUA port # VLC http LUA port
port = 8887 port = 8887
# Clients cmd port # Clients cmd port

View File

@ -28,6 +28,7 @@ network={
``` ```
4. Insérer la carte dans le RPI et démarrer le système. 4. Insérer la carte dans le RPI et démarrer le système.
5. Se connecter via SSH. 5. Se connecter via SSH.
6. Adduser pil
## Modification de config.txt ## Modification de config.txt
@ -92,15 +93,16 @@ console=tty3 loglevel=3 vt.global_cursor_default=0 logo.nologo consoleblank=1
### Login silencieux ### Login silencieux
Lancer les commandes suivantes : Lancer les commandes suivantes :
* `echo "" > sudo tee /etc/issue` * `echo "" | sudo tee /etc/issue`
* `touch .hushlogin` * `echo "" | sudo tee /etc/motd`
* `touch ~/.hushlogin`
Editer le fichier `/etc/systemd/system/getty@tty1.service.d/autologin.conf` et remplacer le contenu par : Editer le fichier `/etc/systemd/system/getty@tty1.service.d/autologin.conf` et remplacer le contenu par :
``` ```
[Service] [Service]
ExecStart= ExecStart=
ExecStart=-/sbin/agetty --skip-login --noclear --noissue --login-options "-f pi" %I $TERM ExecStart=-/sbin/agetty --skip-login --noclear --noissue --login-options "-f pil" %I $TERM
``` ```
Editer le fichier `/etc/rc.local` et ajouter la ligne suivante juste avant "exit 0" : Editer le fichier `/etc/rc.local` et ajouter la ligne suivante juste avant "exit 0" :
@ -116,7 +118,8 @@ Lancer la commande `raspi-config`, puis aller dans "1 System Options", "S5 Boot
``` ```
sudo apt-get update sudo apt-get update
# min # min
sudo apt-get install vlc vlc-plugin-base va-driver-all va-driver vdpau-driver-all python3-minimal python3-flask python3-waitress python3-toml sudo apt-get install vlc vlc-plugin-base python3-minimal python3-pip nginx file lua5.2
python pip install flask flask-httpauth waitress toml werkzeug
# build # build
# sudo apt-get install vlc git dkms firmware-realtek firmware-iwlwifi firmware-ipw2x00 firmware-atheros raspberrypi-kernel-headers build-essential va-driver-all va-driver vdpau-driver-all # sudo apt-get install vlc git dkms firmware-realtek firmware-iwlwifi firmware-ipw2x00 firmware-atheros raspberrypi-kernel-headers build-essential va-driver-all va-driver vdpau-driver-all
``` ```
@ -153,21 +156,19 @@ Host 10.42.0.135
``` ```
## VLC : démarrage automatique du serveur http ## Systemd Unit : démarrage automatique des services
### Systemd Unit ## VLC
Créer le fichier `/lib/systemd/system/vlc.service` contenant: Créer le fichier `.config/systemd/user/vlc.service` contenant:
``` ```
[Unit] [Unit]
Description=VLC http service Description=VLC http service
[Service] [Service]
User=pi WorkingDirectory=/home/pil/
#Environment="DISPLAY=:0"
ExecStart=/usr/bin/cvlc --quiet -I http --no-osd --http-password=secret ExecStart=/usr/bin/cvlc --quiet -I http --no-osd --http-password=secret
WorkingDirectory=/home/pi
Restart=always Restart=always
[Install] [Install]
@ -177,11 +178,40 @@ WantedBy=multi-user.target
Puis lancer les commandes : Puis lancer les commandes :
``` ```
sudo chmod +x /lib/systemd/system/vlc.service systemctl --user daemon-reload
sudo systemctl enable vlc systemctl --user enable vlc
sudo systemctl start vlc systemctl --user start vlc
``` ```
## pilpil
Créer le fichier `.config/systemd/user/pilpil.service` contenant:
```
[Unit]
Description=Pilpil Command Server
After=network.target
[Service]
WorkingDirectory=/home/pil/pilpil-client
ExecStart=/home/pil/pilpil-client/app.py
Restart=always
[Install]
WantedBy=multi-user.target
```
Puis lancer les commandes :
```
systemctl --user daemon-reload
systemctl --user enable pilpil
systemctl --user start pilpil
```
## Configuration du serveur régie ## Configuration du serveur régie
### Linux : network-manager cli ### Linux : network-manager cli
@ -389,22 +419,35 @@ sudo apt-get install nginx
/etc/nginx/sites-available/default : /etc/nginx/sites-available/default :
``` ```
# Cmd server
server { server {
listen 443 ssl; listen 8888 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
#server_name example.com; location / {
location / { client_max_body_size 100M; # Max http_upload size
proxy_pass http://your.ip.adress:5000; proxy_pass http://127.0.0.1:5000;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
} }
} }
# VLC server
server { server {
listen 80; listen 8887 ssl;
server_name example.com; ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
return 302 https://$server_name$request_uri; ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
location / {
proxy_pass http://127.0.0.1:5001;
proxy_set_header X-Real-IP $remote_addr;
}
} }
```
openssl :
```
openssl req -new -newkey rsa:4096 -days 1825 -nodes -x509 -subj "/C=/ST=Denial/L=/O=/CN=10.42.0.135" -addext "subjectAltName=10.42.0.135" -keyout "/etc/ssl/private/nginx-selfsigned.key" -out "/etc/ssl/certs/nginx-selfsigned.crt"
``` ```
#### Fix nginx startup fail if /var/log/nginx doesn't exists #### Fix nginx startup fail if /var/log/nginx doesn't exists