Mercurial > code > home > repos > infra

changeset 278:4e424a144183

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
for netboot pi
author drewp@bigasterisk.com
date Sat, 30 Mar 2024 00:15:46 -0700
parents ce823a167641
children 1cb4aeec8fc6
files apt.py dns.py inventory.py kube.py net.py package_lists.py ssh.py system.py templates/dnsmasq/dnsmasq.conf.j2 templates/sources.list.j2 templates/wireguard/wg0.conf.j2 users.py wireguard_pubkey.py
diffstat 13 files changed, 78 insertions(+), 30 deletions(-) [+]
line wrap: on
line diff
--- a/apt.py	Sat Mar 23 14:22:20 2024 -0700
+++ b/apt.py	Sat Mar 30 00:15:46 2024 -0700
@@ -6,6 +6,7 @@
 
 TZ = 'America/Los_Angeles'
 
+is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux']
 
 def pkg_keys():
     files.directory(path='/etc/apt/keyrings/')  # for raspi
@@ -34,7 +35,7 @@
             ('https://nvidia.github.io/libnvidia-container/gpgkey', 'nvidia.gpg'),
         ]
     ])
-    if host.get_fact(Arch) == 'armv7l' or host.name == 'bang':  # I mean raspbian/debian
+    if is_pi or host.name == 'bang':  # I mean raspbian/debian
         # this contaminates the apt-update
         files.file(path="/etc/apt/trusted.gpg.d/podman.asc", present=False)
 
--- a/dns.py	Sat Mar 23 14:22:20 2024 -0700
+++ b/dns.py	Sat Mar 30 00:15:46 2024 -0700
@@ -1,9 +1,11 @@
 from io import StringIO
 import subprocess
-from tempfile import NamedTemporaryFile
+
 from pyinfra import host
-from pyinfra.operations import files, systemd
+from pyinfra.operations import files, systemd, server
+from pyinfra.facts.server import Arch, LinuxDistribution
 
+is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux']
 
 def dnsmasq_instance(net_name,
                      house_iface,
@@ -36,10 +38,38 @@
 
 def standard_host_dns():
     files.template(src='templates/hosts.j2', dest='/etc/hosts')
-    files.link(path='/etc/resolv.conf', target='/run/systemd/resolve/resolv.conf', force=True)
-    files.template(src='templates/resolved.conf.j2', dest='/etc/systemd/resolved.conf')
-    systemd.service(service='systemd-resolved.service', running=True, restarted=True)
+    if is_pi:
+        files.put(dest='/etc/resolv.conf', src=StringIO('''
+# written by pyinfra
+nameserver 10.2.0.3
+search bigasterisk.com
+                  '''))
+    else:
+        files.link(path='/etc/resolv.conf', target='/run/systemd/resolve/resolv.conf', force=True)
+        files.template(src='templates/resolved.conf.j2', dest='/etc/systemd/resolved.conf')
+        systemd.service(service='systemd-resolved.service', running=True, restarted=True)
+
 
+def rpi_net_boot():
+    files.directory(path='/opt/dnsmasq/tftp')
+    for pi_serial, _ in pi_serial_hostname:
+        files.directory(path=f'/opt/dnsmasq/tftp/{pi_serial}')
+        # then we transfer from pi to here
+
+def rpi_iscsi_volumes():
+    iscsi_dir = '/d2/rpi-iscsi'
+    for _, pi_hostname in pi_serial_hostname:
+        out= f'{iscsi_dir}/{pi_hostname}.disk'
+        files.directory(path=iscsi_dir)
+        server.shell(f'dd if=/dev/zero of={out} count=0 bs=1 seek=4G conv=excl || true')
+        files.put(dest=f"/etc/tgt/conf.d/{pi_hostname}.conf", src=StringIO(f"""
+<target iqn.2024-03.com.bigasterisk:{pi_hostname}.target>
+    backing-store {out}
+    initiator-name iqn.2024-03.com.bigasterisk:{pi_hostname}.initiator
+</target> 
+                            """))
+    systemd.service(service='tgt.service', running=True, restarted=True)
+    
 
 standard_host_dns()
 
@@ -51,8 +81,10 @@
 
     dnsmasq_instance('10.5', house_iface='unused', dhcp_range='unused',
                      listen_address='unused')  # only works after wireguard is up
-
+elif host.name == 'ditto':
+    rpi_iscsi_volumes() # move out of this file- it's not dns
 elif host.name == 'pipe':
+    rpi_net_boot()
     files.directory(path='/opt/dnsmasq')
     dnsmasq_instance('10.2',
                      house_iface='eth1',
--- a/inventory.py	Sat Mar 23 14:22:20 2024 -0700
+++ b/inventory.py	Sat Mar 30 00:15:46 2024 -0700
@@ -13,6 +13,7 @@
 
 pi = [
     ('garage', { 'wireguard_address': '10.5.0.14', 'ssh_hostname': 'garage',         'mac': 'b8:27:eb:81:17:92',}),
+    ('ws-printer', { 'wireguard_address': '10.5.0.31', 'ssh_hostname': '10.2.0.112',   }),
 ]
 
 remote = [
--- a/kube.py	Sat Mar 23 14:22:20 2024 -0700
+++ b/kube.py	Sat Mar 30 00:15:46 2024 -0700
@@ -36,6 +36,12 @@
 
 
 def pi_cgroup_setup():
+    '''
+    fixes this:
+
+    Mar 29 23:47:11 ws-printer k3s[5999]: time="2024-03-29T23:47:11-07:00" level=fatal msg="failed to find memory cgroup (v2)"
+    '''
+    return 'cmdline.txt lives on pipe now, not on the pi host'
     old_cmdline = host.get_fact(FindInFile, path='/boot/cmdline.txt', pattern=r'.*')[0]
     if 'cgroup' not in old_cmdline:
         cmdline = old_cmdline + ' cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory'
@@ -163,6 +169,6 @@
 
 make_cluster(server_ip="10.5.0.7",
              server_node='ditto',
-             nodes=['slash', 'dash', 'bang'],
+             nodes=['bang', 'slash', 'dash', 'ws-printer'],
              admin_from=['bang', 'slash', 'dash', 'ditto'],
              k3s_version='v1.29.1+k3s1')
--- a/net.py	Sat Mar 23 14:22:20 2024 -0700
+++ b/net.py	Sat Mar 30 00:15:46 2024 -0700
@@ -1,8 +1,9 @@
 from pyinfra import host
 from pyinfra.operations import apt, files, server, systemd
+from pyinfra.facts.server import Arch, LinuxDistribution
 
-is_wifi = host.name in ['living', 'plus']
-
+is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux']
+is_wifi = False
 
 def cleanup():
     # past attempts
@@ -39,9 +40,7 @@
 ])
 # needs reboot if this changed
 
-if host.name in ['slash', 'dash', 'dot', 'squib', 'pillow']:
-    pass  # don't break k3s networking! the else-part really breaks it
-else:
+if host.name in ['prime', 'bang', 'pipe', 'ditto']:
     server.sysctl(key='net.ipv6.conf.all.disable_ipv6', value=1, persist=True)
 
     # if is_wifi_pi:
@@ -100,6 +99,9 @@
     
     systemd.service(service='systemd-networkd.service', enabled=True, running=True, restarted=True)
 
-    # TODO this breaks wg on garage, i think. workaround:
-    if host.name == 'garage':
-        server.shell('ip -4 address add 10.5.0.14/24 dev wg0')
+    # delete?
+    # # TODO this breaks wg on garage, i think. workaround:
+    # if host.name == 'garage':
+    #     server.shell('ip -4 address add 10.5.0.14/24 dev wg0')
+else:
+    pass  # don't break working networking!
--- a/package_lists.py	Sat Mar 23 14:22:20 2024 -0700
+++ b/package_lists.py	Sat Mar 30 00:15:46 2024 -0700
@@ -100,12 +100,14 @@
     'zfsutils-linux',
     'libsubid4',  # for podman
     'buildah',  # for podman
+    'tgt',
     #'libedgetpu1-std',  # for coral? not working on bang
 ]
 
 for_pipe = [
     'dnsmasq',
     'python3-iptables',
+    'open-iscsi',
 ]
 
 for_prime = [
--- a/ssh.py	Sat Mar 23 14:22:20 2024 -0700
+++ b/ssh.py	Sat Mar 30 00:15:46 2024 -0700
@@ -12,15 +12,6 @@
 
 files.line(path='/etc/ssh/ssh_config', line="HashKnownHosts", replace="HashKnownHosts no")
 
-if is_pi:
-    auth_keys = '/home/pi/.ssh/authorized_keys'
-    files.file(path=auth_keys, user='pi', group='pi', mode=600)
-    for pubkey in [
-            'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNlR7hereUHqw/RHQau0F7+vQZKAxduM+SD4R76FhC+4Zi078Pv04ZLe9qdM/NBlB/grLGhG58vaGmnWPpJ3QJs= drewp@plus',
-            'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOR+iV8Qm/rAfmq0epXYfnp5ZTfBl8eidFzw1GmyZ3fPUFAshWn839fQ5DPj9xDPtMy9kTtrB5bK1SnynFzDqzQ= drewp@bang',
-    ]:
-        files.line(path=auth_keys, line=pubkey, replace=pubkey)
-
 if not is_pi:
     files.line(path='/etc/ssh/sshd_config', line="^UseDNS\b", replace="UseDNS no")
     # MAYBE plus needs this fix: adding ListenAddress 0.0.0.0 to /etc/ssh/sshd_config
--- a/system.py	Sat Mar 23 14:22:20 2024 -0700
+++ b/system.py	Sat Mar 30 00:15:46 2024 -0700
@@ -57,7 +57,9 @@
 
 if is_pi and host.name != 'pipe':
     pi_tmpfs()
-    files.template(src='templates/boot_config.txt.j2', dest='/boot/config.txt')
+
+    # this now lives on pipe in /opt/dnsmasq/tftp/f63f14b6/config.txt
+    #files.template(src='templates/boot_config.txt.j2', dest='/boot/config.txt')
 
 if host.name in ['bang', 'pipe', 'ditto']:
     no_sleep()
--- a/templates/dnsmasq/dnsmasq.conf.j2	Sat Mar 23 14:22:20 2024 -0700
+++ b/templates/dnsmasq/dnsmasq.conf.j2	Sat Mar 30 00:15:46 2024 -0700
@@ -41,6 +41,12 @@
 dhcp-option={{ house_iface }},option:router,{{ router }}
 # hosts are tagged in ./dhcp_hosts.j2
 dhcp-option=tag:filtereddns,option:dns-server,10.2.0.4
+
+enable-tftp
+tftp-root=/opt/dnsmasq/tftp
+pxe-service=0,"Raspberry Pi Boot"
+ dhcp-mac=set:net-booting-rpi,b8:27:eb:*:*:*
+ dhcp-reply-delay=tag:net-booting-rpi,2
 {% endif %}
 
 local=/bigasterisk.com/
--- a/templates/sources.list.j2	Sat Mar 23 14:22:20 2024 -0700
+++ b/templates/sources.list.j2	Sat Mar 30 00:15:46 2024 -0700
@@ -51,7 +51,7 @@
 deb [signed-by=/etc/apt/trusted.gpg] http://ppa.launchpad.net/hardkernel/ppa/ubuntu jammy main
 {% endif %}
 
-{% if host.name in ['garage'] %}
+{% if host.name in ['garage', 'ws-printer'] %}
 deb http://archive.raspberrypi.org/debian/ bookworm main
 deb http://raspbian.raspberrypi.org/raspbian/ bookworm main contrib non-free rpi
 {% endif %}
--- a/templates/wireguard/wg0.conf.j2	Sat Mar 23 14:22:20 2024 -0700
+++ b/templates/wireguard/wg0.conf.j2	Sat Mar 30 00:15:46 2024 -0700
@@ -17,6 +17,7 @@
     {{ peer_block('pipe',        '10.5.0.3/32') }}
     {{ peer_block('prime',       '10.5.0.0/24', 'public.bigasterisk.com:1195', 50) }}
     {{ peer_block('slash',       '10.5.0.6/32') }}
+    {{ peer_block('ws-printer',  '10.5.0.31/32') }}
 {% elif host.name == 'prime' %}
     {{ peer_block('ditto',       '10.5.0.0/24') }}
     {{ peer_block('drew-note10', '10.5.0.112/32') }}
--- a/users.py	Sat Mar 23 14:22:20 2024 -0700
+++ b/users.py	Sat Mar 30 00:15:46 2024 -0700
@@ -7,8 +7,11 @@
 # raspbian took 1000 for 'pi' group, but drewp is rarely used on pi
 # setups so hopefully it won't matter much that drew group has a
 # different id.
-drewp_gid = 1000 if (not is_pi and host.name != 'pipe') else 501
-drewp_uid = 501 if host.name != 'pillow' else 1000
+drewp_uid, drewp_gid = 501, 1000
+if host.name in ['pillow', 'ws-printer']:
+    drewp_uid, drewp_gid = 1000, 1000
+if host.name in ['pipe', 'garage']:
+    drewp_uid, drewp_gid = 1001, 501
 drewp_groups = [
     'lp', 'adm', 'dialout', 'cdrom', 'sudo', 'audio', 'video', 'plugdev',
     'games', 'users', 'netdev', 'i2c', 'input', 'spi', 'gpio', 'fuse',
@@ -93,7 +96,7 @@
         server.group(group='prometheus', gid=1010)
         server.user(user='prometheus', uid=1010)
 
-if is_pi:
+if host.name == 'garage':
     server.group(group='fuse')
     server.user(user='pi',
                 uid=1000,
--- a/wireguard_pubkey.py	Sat Mar 23 14:22:20 2024 -0700
+++ b/wireguard_pubkey.py	Sat Mar 30 00:15:46 2024 -0700
@@ -11,6 +11,7 @@
     'prime': 'vR9lfsUSOIMxkY/k2gRJ6E8ZudccfPpVhrbE9zuxalU=',
     'slash': 'dZSvwUPLKPrBWY66o8GNeWCcol6lK5QG80HLtOnCRko=',
     'pillow': 'gi54uHkV3WQWvU7b90oZV9ss69kqyeDerkaRk1dYziU=',
+    'ws-printer': 'paTi1ui+1UeR2ZiOC8xymdzbs8M1L8r02B9jn3vfRRE=',
 }
 
 pubkey.update({