Mercurial > code > home > repos > infra
annotate system/system.py @ 332:d4893670f888 default tip
WIP: use watchdog reboot timer on pi
| author | drewp@bigasterisk.com |
|---|---|
| date | Thu, 27 Feb 2025 11:09:29 -0800 |
| parents | 50a8b6c39b38 |
| children |
| rev | line source |
|---|---|
| 1 | 1 import os |
|
289
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
2 from io import StringIO |
|
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
3 from typing import cast |
|
10
1fec9fe18a4e
more system.py cleanup; add pi /boot/config.txt
drewp@bigasterisk.com
parents:
6
diff
changeset
|
4 |
|
289
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
5 import pyinfra |
|
326
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
6 from pyinfra.context import host |
|
12
15c5ce7c74b5
refactor, cleanup, split large deploys
drewp@bigasterisk.com
parents:
10
diff
changeset
|
7 from pyinfra.operations import apt, files, server, systemd |
| 1 | 8 |
| 9 TZ = 'America/Los_Angeles' | |
| 10 | |
|
12
15c5ce7c74b5
refactor, cleanup, split large deploys
drewp@bigasterisk.com
parents:
10
diff
changeset
|
11 |
|
326
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
12 def sshServer(): |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
13 systemd.service( |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
14 service='ssh', |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
15 running=True, |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
16 enabled=True, |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
17 ) |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
18 |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
19 files.line(path='/etc/ssh/ssh_config', line="HashKnownHosts", replace="HashKnownHosts no") |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
20 |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
21 if 'pi' not in host.groups: |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
22 files.line(path='/etc/ssh/sshd_config', line="^UseDNS\b", replace="UseDNS no") |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
23 # MAYBE plus needs this fix: adding ListenAddress 0.0.0.0 to /etc/ssh/sshd_config |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
24 systemd.service(service='sshd', reloaded=True) |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
25 |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
26 |
| 91 | 27 def timezone(): |
| 28 files.link(path='/etc/localtime', target=f'/usr/share/zoneinfo/{TZ}') | |
| 29 files.replace(path='/etc/timezone', text='.*', replace=TZ) | |
| 138 | 30 |
| 1 | 31 |
| 91 | 32 def fstab(): |
|
326
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
33 fstab_file = f'system/fstabs/{host.name}' |
| 91 | 34 if os.path.exists(fstab_file): |
| 35 files.put(src=fstab_file, dest='/etc/fstab') | |
| 1 | 36 |
|
289
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
37 |
| 91 | 38 def pi_tmpfs(): |
|
326
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
39 if 'pi' not in host.groups: |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
40 return |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
41 |
| 1 | 42 for line in [ |
| 43 'tmpfs /var/log tmpfs defaults,noatime,mode=0755 0 0', | |
| 44 'tmpfs /tmp tmpfs defaults,noatime 0 0', | |
| 45 ]: | |
| 46 files.line(path="/etc/fstab", line=line, replace=line) | |
| 47 | |
| 48 # stop SD card corruption (along with some mounts in fstab) | |
| 49 apt.packages(packages=['dphys-swapfile'], present=False) | |
| 50 | |
| 51 | |
| 91 | 52 def no_sleep(): |
|
326
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
53 if host.name not in ['bang', 'pipe', 'ditto']: |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
54 return |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
55 |
|
34
d4fb38f13c79
refactor dns and some other non-net setup
drewp@bigasterisk.com
parents:
12
diff
changeset
|
56 server.shell(commands=['systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target']) |
|
d4fb38f13c79
refactor dns and some other non-net setup
drewp@bigasterisk.com
parents:
12
diff
changeset
|
57 |
| 288 | 58 |
| 91 | 59 def nfs_server(): |
|
326
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
60 if host.name != 'ditto': |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
61 return |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
62 |
| 288 | 63 # remove when we're on longhorn |
|
34
d4fb38f13c79
refactor dns and some other non-net setup
drewp@bigasterisk.com
parents:
12
diff
changeset
|
64 apt.packages(packages=['nfs-kernel-server']) |
|
326
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
65 files.put(src='system/files/ditto_exports', dest='/etc/exports') |
|
37
fbd0849dfdbd
redo networking to be much simpler. Uses systemd-networkd
drewp@bigasterisk.com
parents:
34
diff
changeset
|
66 |
| 288 | 67 |
| 91 | 68 def smaller_journals(): |
|
326
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
69 if host.name not in ['prime', 'ditto', 'pipe']: |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
70 return |
|
37
fbd0849dfdbd
redo networking to be much simpler. Uses systemd-networkd
drewp@bigasterisk.com
parents:
34
diff
changeset
|
71 files.line(name='shorter systemctl log window, for disk space', |
|
fbd0849dfdbd
redo networking to be much simpler. Uses systemd-networkd
drewp@bigasterisk.com
parents:
34
diff
changeset
|
72 path='/etc/systemd/journald.conf', |
|
fbd0849dfdbd
redo networking to be much simpler. Uses systemd-networkd
drewp@bigasterisk.com
parents:
34
diff
changeset
|
73 line='MaxFileSec', |
|
fbd0849dfdbd
redo networking to be much simpler. Uses systemd-networkd
drewp@bigasterisk.com
parents:
34
diff
changeset
|
74 replace="MaxFileSec=7day") |
|
fbd0849dfdbd
redo networking to be much simpler. Uses systemd-networkd
drewp@bigasterisk.com
parents:
34
diff
changeset
|
75 |
| 288 | 76 |
| 203 | 77 def web_forward(): |
|
326
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
78 if host.name != 'prime': |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
79 return |
|
37
fbd0849dfdbd
redo networking to be much simpler. Uses systemd-networkd
drewp@bigasterisk.com
parents:
34
diff
changeset
|
80 for port in [80, 443]: |
| 288 | 81 svc = f'web_forward_{port}' |
|
326
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
82 files.template(src="system/templates/webforward.service.j2", |
| 288 | 83 dest=f"/etc/systemd/system/{svc}.service", |
| 84 serv_host='bang', | |
| 85 port=port, | |
| 86 name='web', | |
| 87 fam='tcp') | |
| 88 systemd.service(service=svc, enabled=True, restarted=True) | |
| 91 | 89 |
|
289
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
90 |
| 284 | 91 def minecraft_forward(): |
|
326
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
92 if host.name != 'prime': |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
93 return |
| 284 | 94 port = 25765 |
| 95 for fam in ['tcp', 'udp']: | |
| 288 | 96 svc = f'mc_smp_{fam}_forward_{port}' |
|
326
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
97 files.template(src="system/templates/webforward.service.j2", |
| 288 | 98 dest=f"/etc/systemd/system/{svc}.service", |
| 99 serv_host='ditto', | |
| 100 port=port, | |
| 101 name='mc_smp', | |
| 102 fam=fam) | |
| 103 systemd.service(service=svc, enabled=True, restarted=True) | |
| 284 | 104 |
|
289
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
105 |
|
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
106 def pigpiod(): |
|
326
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
107 if 'pi' not in host.groups: |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
108 return |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
109 files.put(src="system/files/pigpiod.service", dest="/etc/systemd/system/pigpiod.service") |
|
289
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
110 systemd.service(service='pigpiod', daemon_reload=True, enabled=True) |
|
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
111 |
|
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
112 |
|
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
113 def rpi_iscsi_volumes(): |
|
326
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
114 if host.name != 'ditto': |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
115 return |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
116 |
|
289
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
117 iscsi_dir = '/d2/rpi-iscsi' |
|
331
50a8b6c39b38
don't err if all pis are commented out of inventory
drewp@bigasterisk.com
parents:
329
diff
changeset
|
118 |
|
50a8b6c39b38
don't err if all pis are commented out of inventory
drewp@bigasterisk.com
parents:
329
diff
changeset
|
119 try: |
|
50a8b6c39b38
don't err if all pis are commented out of inventory
drewp@bigasterisk.com
parents:
329
diff
changeset
|
120 pis=pyinfra.inventory.get_group(name='pi') |
|
50a8b6c39b38
don't err if all pis are commented out of inventory
drewp@bigasterisk.com
parents:
329
diff
changeset
|
121 except Exception as e: |
|
50a8b6c39b38
don't err if all pis are commented out of inventory
drewp@bigasterisk.com
parents:
329
diff
changeset
|
122 print(f"no pi group, skipping {e!r}") |
|
50a8b6c39b38
don't err if all pis are commented out of inventory
drewp@bigasterisk.com
parents:
329
diff
changeset
|
123 return |
|
50a8b6c39b38
don't err if all pis are commented out of inventory
drewp@bigasterisk.com
parents:
329
diff
changeset
|
124 for pi_hostname in cast(list, pis): |
|
289
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
125 out = f'{iscsi_dir}/{pi_hostname}.disk' |
|
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
126 files.directory(path=iscsi_dir) |
|
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
127 server.shell(commands=f'dd if=/dev/zero of={out} count=0 bs=1 seek=10G conv=excl || true') |
|
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
128 files.put(dest=f"/etc/tgt/conf.d/{pi_hostname}.conf", |
|
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
129 src=StringIO(f""" |
|
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
130 <target iqn.2024-03.com.bigasterisk:{pi_hostname}.target> |
|
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
131 backing-store {out} |
|
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
132 initiator-name iqn.2024-03.com.bigasterisk:{pi_hostname}.initiator |
| 329 | 133 </target> |
|
289
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
134 """)) |
|
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
135 # restarting is disruptive to connected pis, and they might need to be |
|
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
136 # visited: |
|
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
137 #systemd.service(service='tgt.service', running=True, restarted=True) |
|
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
138 |
|
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
139 |
|
326
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
140 def hostname(): |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
141 server.hostname(hostname=host.name) |
| 91 | 142 |
|
289
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
143 |
| 278 | 144 |
|
326
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
145 operations = [ |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
146 hostname, |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
147 timezone, |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
148 fstab, |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
149 rpi_iscsi_volumes, |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
150 pi_tmpfs, |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
151 no_sleep, |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
152 nfs_server, |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
153 smaller_journals, |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
154 web_forward, |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
155 minecraft_forward, |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
156 pigpiod, |
|
5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
drewp@bigasterisk.com
parents:
303
diff
changeset
|
157 ] |
| 247 | 158 # for space, consider: |
| 159 # k3s crictl rmi --prune | |
| 160 # snap list --all | while read snapname ver rev trk pub notes; do if [[ $notes = *disabled* ]]; then snap remove "$snapname" --revision="$rev"; fi; done | |
| 161 # podman system reset |