Switch to bullseye, fix conn.close(), deploy script
This commit is contained in:
parent
29b125725e
commit
abb06f9c80
9
app.py
9
app.py
|
@ -244,9 +244,14 @@ def sendCommand(host, arg0, arg1, arg2):
|
|||
conn = http.client.HTTPConnection( host + ":" + str(portl), timeout=3 )
|
||||
try:
|
||||
conn.request( "GET", req, headers = headers )
|
||||
resp = conn.getresponse()
|
||||
except http.client.HTTPException:
|
||||
print("Connection to " + host + " timed out")
|
||||
return "Connection to " + host + " timed out"
|
||||
except:
|
||||
return "Connection to " + host + " was refused on port " + str(portl)
|
||||
resp = conn.getresponse()
|
||||
return "Error while connecting to " + host + ":" + str(portl)
|
||||
finally:
|
||||
conn.close()
|
||||
# Parse response
|
||||
data = resp.read()
|
||||
|
||||
|
|
|
@ -28,15 +28,15 @@ sha256 : 0fe3fe76d0e56e445124fa20646fa8b3d8c59568786b3ebc8a96d83d92f203e3
|
|||
* Use nginx reverse proxy + SSL between server and clients ( https://medium.com/@antelle/how-to-generate-a-self-signed-ssl-certificate-for-an-ip-address-f0dd8dddf754 )
|
||||
* Webgui beautifying
|
||||
|
||||
## 0.4 : 2022-10-19-videopi.img.xz
|
||||
md5 :
|
||||
sha256 :
|
||||
## 0.4 : 2022-10-21-videopi.img.xz
|
||||
md5 : 2a54eb1763060db652c4c5d89c07ef2a
|
||||
sha256 : 10b65d5260222e4cdc591ad5384247cbc22d515dc55ea6b31b2daf0b6fd01004
|
||||
|
||||
* Apt upgrade
|
||||
* Switch to rpi os Bullseye
|
||||
* Switch to user 'pil', pw 'pilpoil'
|
||||
* client config file parsing ( look for 'pilpil-client.toml' in ./, ~/., ~/.config/)
|
||||
* Add media folder sync (scp, rsync, http upload)
|
||||
* General filesystem clean up
|
||||
* Install script ; Wifi setup, generate/install SSH keys/ nginx SSL cert/key fore each host, change hostname, static IPs
|
||||
|
||||
|
||||
# FS checklist
|
||||
|
@ -51,13 +51,10 @@ sha256 :
|
|||
|
||||
|
||||
# DOING NEXT :
|
||||
* Test with several rpis
|
||||
* ~ Test with several rpis
|
||||
* Define http auth secret at setup
|
||||
|
||||
# DONE :
|
||||
* media sync (scp, rsync, http)
|
||||
* Install script ; Wifi setup, generate/install SSH keys/ nginx SSL cert/key fore each host, change hostname, static IPs
|
||||
* Test static IP ok
|
||||
|
||||
# OTHER:
|
||||
* get_client_rssi.sh on server
|
||||
|
@ -68,6 +65,5 @@ sha256 :
|
|||
|
||||
* ? Scripts hotspot linux/win/mac
|
||||
* ? Config sync
|
||||
* ? Linux Minimal Virtualbox image
|
||||
* ! Remove git personal details/resolv.conf, remove authorized_keys, ssh config, clean home, re-enable ssh pw login
|
||||
* ~ Doc
|
||||
|
|
|
@ -32,8 +32,8 @@ then
|
|||
exit 0
|
||||
fi
|
||||
DD_BS="128K"
|
||||
DISK_IMAGE="$HOME/niels/imgs/2022-10-19-pilpil.img.xz"
|
||||
CONFIG_DIR="$HOME/niels/flasktest"
|
||||
DISK_IMAGE="$HOME/niels/imgs/2022-10-20-pilpil.img.xz"
|
||||
CONFIG_DIR="$HOME/niels/pilpil-server"
|
||||
PI_USER="pil"
|
||||
BOOT_MOUNT="/run/media/$USER/boot"
|
||||
ROOTFS_MOUNT="/run/media/$USER/rootfs"
|
||||
|
@ -185,13 +185,28 @@ network={
|
|||
sudo cp "$CONFIG_DIR/selfCA.crt" "$ROOTFS_MOUNT/etc/ssl/certs/nginx-selfsigned.crt"
|
||||
sudo cp "$CONFIG_DIR/selfCA.key" "$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key"
|
||||
sync
|
||||
# 6. Copy medias
|
||||
#~ # 6. Copy medias
|
||||
green "Operation 12/13 : Syncing media folder $LOCAL_MEDIA_DIR/ with $REMOTE_MEDIA_DIR/ \n"
|
||||
USER_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $3}' )
|
||||
GROUP_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $4}' )
|
||||
sudo cp "$LOCAL_MEDIA_DIR/*" "$REMOTE_MEDIA_DIR/"
|
||||
sudo chown $USER_ID:$GROUP_ID "$REMOTE_MEDIA_DIR/*"
|
||||
sync
|
||||
# Remove filler file
|
||||
if [ -f "$REMOTE_MEDIA_DIR/remove_me" ]
|
||||
then
|
||||
sudo rm "$REMOTE_MEDIA_DIR/remove_me"
|
||||
fi
|
||||
# Get available space on rootfs
|
||||
ROOTFS_AVAILABLE_SPACE=$(df -t ext4 -P $ROOTFS_MOUNT | tail -1 | awk '{print $4}')
|
||||
# Get Media folder size
|
||||
MEDIA_SIZE=$(du -c $LOCAL_MEDIA_DIR | tail -1 | awk '{print $1}')
|
||||
# Only copy files if enough space available
|
||||
if [ $MEDIA_SIZE -lt $ROOTFS_AVAILABLE_SPACE ]
|
||||
then
|
||||
USER_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $3}' )
|
||||
GROUP_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $4}' )
|
||||
sudo cp "$LOCAL_MEDIA_DIR/*" "$REMOTE_MEDIA_DIR/"
|
||||
sudo chown $USER_ID:$GROUP_ID "$REMOTE_MEDIA_DIR/*"
|
||||
sync
|
||||
else
|
||||
red "Not enough space on $ROOTFS_MOUNT, skipping..."
|
||||
fi
|
||||
# Unmount FS
|
||||
green "Operation 13/13 : Unmounting filesystems"
|
||||
umount $BOOT_MOUNT
|
||||
|
|
|
@ -5,12 +5,12 @@ CAfile = "selfCA.crt"
|
|||
# scp, rsync, http
|
||||
sync_facility = "http"
|
||||
media_folder_local = "../medias"
|
||||
media_folder_remote = "/home/pi/Videos/"
|
||||
media_folder_remote = "/home/pil/Videos"
|
||||
media_exts = ["mp4", "avi", "mkv"]
|
||||
auth = "secret"
|
||||
# OnNlY3JldA==
|
||||
cmd_auth = "secret"
|
||||
hosts = ["10.42.0.10", "10.42.0.11"]
|
||||
hosts = ["10.42.0.135", "10.42.0.11"]
|
||||
# VLC http LUA port
|
||||
port = 8887
|
||||
# Clients cmd port
|
||||
|
|
|
@ -28,6 +28,7 @@ network={
|
|||
```
|
||||
4. Insérer la carte dans le RPI et démarrer le système.
|
||||
5. Se connecter via SSH.
|
||||
6. Adduser pil
|
||||
|
||||
## Modification de config.txt
|
||||
|
||||
|
@ -92,15 +93,16 @@ console=tty3 loglevel=3 vt.global_cursor_default=0 logo.nologo consoleblank=1
|
|||
### Login silencieux
|
||||
|
||||
Lancer les commandes suivantes :
|
||||
* `echo "" > sudo tee /etc/issue`
|
||||
* `touch .hushlogin`
|
||||
* `echo "" | sudo tee /etc/issue`
|
||||
* `echo "" | sudo tee /etc/motd`
|
||||
* `touch ~/.hushlogin`
|
||||
|
||||
Editer le fichier `/etc/systemd/system/getty@tty1.service.d/autologin.conf` et remplacer le contenu par :
|
||||
|
||||
```
|
||||
[Service]
|
||||
ExecStart=
|
||||
ExecStart=-/sbin/agetty --skip-login --noclear --noissue --login-options "-f pi" %I $TERM
|
||||
ExecStart=-/sbin/agetty --skip-login --noclear --noissue --login-options "-f pil" %I $TERM
|
||||
```
|
||||
|
||||
Editer le fichier `/etc/rc.local` et ajouter la ligne suivante juste avant "exit 0" :
|
||||
|
@ -116,7 +118,8 @@ Lancer la commande `raspi-config`, puis aller dans "1 System Options", "S5 Boot
|
|||
```
|
||||
sudo apt-get update
|
||||
# min
|
||||
sudo apt-get install vlc vlc-plugin-base va-driver-all va-driver vdpau-driver-all python3-minimal python3-flask python3-waitress python3-toml
|
||||
sudo apt-get install vlc vlc-plugin-base python3-minimal python3-pip nginx file lua5.2
|
||||
python pip install flask flask-httpauth waitress toml werkzeug
|
||||
# build
|
||||
# sudo apt-get install vlc git dkms firmware-realtek firmware-iwlwifi firmware-ipw2x00 firmware-atheros raspberrypi-kernel-headers build-essential va-driver-all va-driver vdpau-driver-all
|
||||
```
|
||||
|
@ -153,21 +156,19 @@ Host 10.42.0.135
|
|||
```
|
||||
|
||||
|
||||
## VLC : démarrage automatique du serveur http
|
||||
## Systemd Unit : démarrage automatique des services
|
||||
|
||||
### Systemd Unit
|
||||
## VLC
|
||||
|
||||
Créer le fichier `/lib/systemd/system/vlc.service` contenant:
|
||||
Créer le fichier `.config/systemd/user/vlc.service` contenant:
|
||||
|
||||
```
|
||||
[Unit]
|
||||
Description=VLC http service
|
||||
|
||||
[Service]
|
||||
User=pi
|
||||
#Environment="DISPLAY=:0"
|
||||
WorkingDirectory=/home/pil/
|
||||
ExecStart=/usr/bin/cvlc --quiet -I http --no-osd --http-password=secret
|
||||
WorkingDirectory=/home/pi
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
|
@ -177,11 +178,40 @@ WantedBy=multi-user.target
|
|||
Puis lancer les commandes :
|
||||
|
||||
```
|
||||
sudo chmod +x /lib/systemd/system/vlc.service
|
||||
sudo systemctl enable vlc
|
||||
sudo systemctl start vlc
|
||||
systemctl --user daemon-reload
|
||||
systemctl --user enable vlc
|
||||
systemctl --user start vlc
|
||||
```
|
||||
|
||||
## pilpil
|
||||
|
||||
Créer le fichier `.config/systemd/user/pilpil.service` contenant:
|
||||
|
||||
```
|
||||
[Unit]
|
||||
Description=Pilpil Command Server
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
WorkingDirectory=/home/pil/pilpil-client
|
||||
ExecStart=/home/pil/pilpil-client/app.py
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
```
|
||||
|
||||
Puis lancer les commandes :
|
||||
|
||||
```
|
||||
systemctl --user daemon-reload
|
||||
systemctl --user enable pilpil
|
||||
systemctl --user start pilpil
|
||||
```
|
||||
|
||||
|
||||
|
||||
## Configuration du serveur régie
|
||||
|
||||
### Linux : network-manager cli
|
||||
|
@ -389,22 +419,35 @@ sudo apt-get install nginx
|
|||
|
||||
/etc/nginx/sites-available/default :
|
||||
```
|
||||
# Cmd server
|
||||
server {
|
||||
listen 443 ssl;
|
||||
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
|
||||
#server_name example.com;
|
||||
location / {
|
||||
proxy_pass http://your.ip.adress:5000;
|
||||
listen 8888 ssl;
|
||||
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
|
||||
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
|
||||
location / {
|
||||
client_max_body_size 100M; # Max http_upload size
|
||||
proxy_pass http://127.0.0.1:5000;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
}
|
||||
}
|
||||
# VLC server
|
||||
server {
|
||||
listen 80;
|
||||
server_name example.com;
|
||||
return 302 https://$server_name$request_uri;
|
||||
listen 8887 ssl;
|
||||
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
|
||||
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:5001;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
```
|
||||
|
||||
openssl :
|
||||
|
||||
```
|
||||
openssl req -new -newkey rsa:4096 -days 1825 -nodes -x509 -subj "/C=/ST=Denial/L=/O=/CN=10.42.0.135" -addext "subjectAltName=10.42.0.135" -keyout "/etc/ssl/private/nginx-selfsigned.key" -out "/etc/ssl/certs/nginx-selfsigned.crt"
|
||||
```
|
||||
|
||||
#### Fix nginx startup fail if /var/log/nginx doesn't exists
|
||||
|
|
Loading…
Reference in New Issue