Switch to bullseye, fix conn.close(), deploy script

This commit is contained in:
ABelliqueux 2022-10-22 14:22:38 +02:00
parent 29b125725e
commit abb06f9c80
6 changed files with 105 additions and 46 deletions

9
app.py
View File

@ -244,9 +244,14 @@ def sendCommand(host, arg0, arg1, arg2):
conn = http.client.HTTPConnection( host + ":" + str(portl), timeout=3 )
try:
conn.request( "GET", req, headers = headers )
resp = conn.getresponse()
except http.client.HTTPException:
print("Connection to " + host + " timed out")
return "Connection to " + host + " timed out"
except:
return "Connection to " + host + " was refused on port " + str(portl)
resp = conn.getresponse()
return "Error while connecting to " + host + ":" + str(portl)
finally:
conn.close()
# Parse response
data = resp.read()

View File

@ -28,15 +28,15 @@ sha256 : 0fe3fe76d0e56e445124fa20646fa8b3d8c59568786b3ebc8a96d83d92f203e3
* Use nginx reverse proxy + SSL between server and clients ( https://medium.com/@antelle/how-to-generate-a-self-signed-ssl-certificate-for-an-ip-address-f0dd8dddf754 )
* Webgui beautifying
## 0.4 : 2022-10-19-videopi.img.xz
md5 :
sha256 :
## 0.4 : 2022-10-21-videopi.img.xz
md5 : 2a54eb1763060db652c4c5d89c07ef2a
sha256 : 10b65d5260222e4cdc591ad5384247cbc22d515dc55ea6b31b2daf0b6fd01004
* Apt upgrade
* Switch to rpi os Bullseye
* Switch to user 'pil', pw 'pilpoil'
* client config file parsing ( look for 'pilpil-client.toml' in ./, ~/., ~/.config/)
* Add media folder sync (scp, rsync, http upload)
* General filesystem clean up
* Install script ; Wifi setup, generate/install SSH keys/ nginx SSL cert/key fore each host, change hostname, static IPs
# FS checklist
@ -51,14 +51,11 @@ sha256 :
# DOING NEXT :
* Test with several rpis
* ~ Test with several rpis
* Define http auth secret at setup
# DONE :
* media sync (scp, rsync, http)
* Install script ; Wifi setup, generate/install SSH keys/ nginx SSL cert/key fore each host, change hostname, static IPs
* Test static IP ok
# OTHER:
* get_client_rssi.sh on server
@ -68,6 +65,5 @@ sha256 :
* ? Scripts hotspot linux/win/mac
* ? Config sync
* ? Linux Minimal Virtualbox image
* ! Remove git personal details/resolv.conf, remove authorized_keys, ssh config, clean home, re-enable ssh pw login
* ~ Doc

View File

@ -32,8 +32,8 @@ then
exit 0
fi
DD_BS="128K"
DISK_IMAGE="$HOME/niels/imgs/2022-10-19-pilpil.img.xz"
CONFIG_DIR="$HOME/niels/flasktest"
DISK_IMAGE="$HOME/niels/imgs/2022-10-20-pilpil.img.xz"
CONFIG_DIR="$HOME/niels/pilpil-server"
PI_USER="pil"
BOOT_MOUNT="/run/media/$USER/boot"
ROOTFS_MOUNT="/run/media/$USER/rootfs"
@ -185,13 +185,28 @@ network={
sudo cp "$CONFIG_DIR/selfCA.crt" "$ROOTFS_MOUNT/etc/ssl/certs/nginx-selfsigned.crt"
sudo cp "$CONFIG_DIR/selfCA.key" "$ROOTFS_MOUNT/etc/ssl/private/nginx-selfsigned.key"
sync
# 6. Copy medias
#~ # 6. Copy medias
green "Operation 12/13 : Syncing media folder $LOCAL_MEDIA_DIR/ with $REMOTE_MEDIA_DIR/ \n"
USER_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $3}' )
GROUP_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $4}' )
sudo cp "$LOCAL_MEDIA_DIR/*" "$REMOTE_MEDIA_DIR/"
sudo chown $USER_ID:$GROUP_ID "$REMOTE_MEDIA_DIR/*"
sync
# Remove filler file
if [ -f "$REMOTE_MEDIA_DIR/remove_me" ]
then
sudo rm "$REMOTE_MEDIA_DIR/remove_me"
fi
# Get available space on rootfs
ROOTFS_AVAILABLE_SPACE=$(df -t ext4 -P $ROOTFS_MOUNT | tail -1 | awk '{print $4}')
# Get Media folder size
MEDIA_SIZE=$(du -c $LOCAL_MEDIA_DIR | tail -1 | awk '{print $1}')
# Only copy files if enough space available
if [ $MEDIA_SIZE -lt $ROOTFS_AVAILABLE_SPACE ]
then
USER_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $3}' )
GROUP_ID=$( cat "$ROOTFS_MOUNT/etc/passwd" | grep $PI_USER | awk -F: '{print $4}' )
sudo cp "$LOCAL_MEDIA_DIR/*" "$REMOTE_MEDIA_DIR/"
sudo chown $USER_ID:$GROUP_ID "$REMOTE_MEDIA_DIR/*"
sync
else
red "Not enough space on $ROOTFS_MOUNT, skipping..."
fi
# Unmount FS
green "Operation 13/13 : Unmounting filesystems"
umount $BOOT_MOUNT

View File

@ -5,12 +5,12 @@ CAfile = "selfCA.crt"
# scp, rsync, http
sync_facility = "http"
media_folder_local = "../medias"
media_folder_remote = "/home/pi/Videos/"
media_folder_remote = "/home/pil/Videos"
media_exts = ["mp4", "avi", "mkv"]
auth = "secret"
# OnNlY3JldA==
cmd_auth = "secret"
hosts = ["10.42.0.10", "10.42.0.11"]
hosts = ["10.42.0.135", "10.42.0.11"]
# VLC http LUA port
port = 8887
# Clients cmd port

View File

@ -28,6 +28,7 @@ network={
```
4. Insérer la carte dans le RPI et démarrer le système.
5. Se connecter via SSH.
6. Adduser pil
## Modification de config.txt
@ -92,15 +93,16 @@ console=tty3 loglevel=3 vt.global_cursor_default=0 logo.nologo consoleblank=1
### Login silencieux
Lancer les commandes suivantes :
* `echo "" > sudo tee /etc/issue`
* `touch .hushlogin`
* `echo "" | sudo tee /etc/issue`
* `echo "" | sudo tee /etc/motd`
* `touch ~/.hushlogin`
Editer le fichier `/etc/systemd/system/getty@tty1.service.d/autologin.conf` et remplacer le contenu par :
```
[Service]
ExecStart=
ExecStart=-/sbin/agetty --skip-login --noclear --noissue --login-options "-f pi" %I $TERM
ExecStart=-/sbin/agetty --skip-login --noclear --noissue --login-options "-f pil" %I $TERM
```
Editer le fichier `/etc/rc.local` et ajouter la ligne suivante juste avant "exit 0" :
@ -116,7 +118,8 @@ Lancer la commande `raspi-config`, puis aller dans "1 System Options", "S5 Boot
```
sudo apt-get update
# min
sudo apt-get install vlc vlc-plugin-base va-driver-all va-driver vdpau-driver-all python3-minimal python3-flask python3-waitress python3-toml
sudo apt-get install vlc vlc-plugin-base python3-minimal python3-pip nginx file lua5.2
python pip install flask flask-httpauth waitress toml werkzeug
# build
# sudo apt-get install vlc git dkms firmware-realtek firmware-iwlwifi firmware-ipw2x00 firmware-atheros raspberrypi-kernel-headers build-essential va-driver-all va-driver vdpau-driver-all
```
@ -153,21 +156,19 @@ Host 10.42.0.135
```
## VLC : démarrage automatique du serveur http
## Systemd Unit : démarrage automatique des services
### Systemd Unit
## VLC
Créer le fichier `/lib/systemd/system/vlc.service` contenant:
Créer le fichier `.config/systemd/user/vlc.service` contenant:
```
[Unit]
Description=VLC http service
[Service]
User=pi
#Environment="DISPLAY=:0"
WorkingDirectory=/home/pil/
ExecStart=/usr/bin/cvlc --quiet -I http --no-osd --http-password=secret
WorkingDirectory=/home/pi
Restart=always
[Install]
@ -177,11 +178,40 @@ WantedBy=multi-user.target
Puis lancer les commandes :
```
sudo chmod +x /lib/systemd/system/vlc.service
sudo systemctl enable vlc
sudo systemctl start vlc
systemctl --user daemon-reload
systemctl --user enable vlc
systemctl --user start vlc
```
## pilpil
Créer le fichier `.config/systemd/user/pilpil.service` contenant:
```
[Unit]
Description=Pilpil Command Server
After=network.target
[Service]
WorkingDirectory=/home/pil/pilpil-client
ExecStart=/home/pil/pilpil-client/app.py
Restart=always
[Install]
WantedBy=multi-user.target
```
Puis lancer les commandes :
```
systemctl --user daemon-reload
systemctl --user enable pilpil
systemctl --user start pilpil
```
## Configuration du serveur régie
### Linux : network-manager cli
@ -389,22 +419,35 @@ sudo apt-get install nginx
/etc/nginx/sites-available/default :
```
# Cmd server
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
#server_name example.com;
location / {
proxy_pass http://your.ip.adress:5000;
listen 8888 ssl;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
location / {
client_max_body_size 100M; # Max http_upload size
proxy_pass http://127.0.0.1:5000;
proxy_set_header X-Real-IP $remote_addr;
}
}
# VLC server
server {
listen 80;
server_name example.com;
return 302 https://$server_name$request_uri;
listen 8887 ssl;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
location / {
proxy_pass http://127.0.0.1:5001;
proxy_set_header X-Real-IP $remote_addr;
}
}
```
openssl :
```
openssl req -new -newkey rsa:4096 -days 1825 -nodes -x509 -subj "/C=/ST=Denial/L=/O=/CN=10.42.0.135" -addext "subjectAltName=10.42.0.135" -keyout "/etc/ssl/private/nginx-selfsigned.key" -out "/etc/ssl/certs/nginx-selfsigned.crt"
```
#### Fix nginx startup fail if /var/log/nginx doesn't exists

View File

@ -1,3 +1,3 @@
flask
waitress
toml
toml