Mercurial > code > home > repos > infra
changeset 282:e10ee3ddadcf
pi changes
| author | drewp@bigasterisk.com |
|---|---|
| date | Mon, 15 Apr 2024 02:27:07 -0700 |
| parents | 957eb07e06e6 |
| children | 0befc8696a07 |
| files | apt.py dns.py inventory.py kube.py templates/sources.list.j2 templates/wireguard/wg0.conf.j2 users.py wireguard_pubkey.py |
| diffstat | 8 files changed, 41 insertions(+), 18 deletions(-) [+] |
line wrap: on
line diff
--- a/apt.py Mon Apr 15 00:04:41 2024 -0700 +++ b/apt.py Mon Apr 15 02:27:07 2024 -0700 @@ -1,3 +1,4 @@ +import io from pathlib import Path import shlex from pyinfra import host @@ -9,6 +10,7 @@ is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux'] + def pkg_keys(): files.directory(path='/etc/apt/keyrings/') # for raspi for url, name in [ @@ -43,7 +45,7 @@ # also these #-rw-r--r-- 1 root root 2794 Mar 26 2021 /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg #-rw-r--r-- 1 root root 1733 Mar 26 2021 /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg - + # raspi needs wget http://archive.raspbian.org/raspbian.public.key -O - | sudo apt-key add - @@ -88,6 +90,13 @@ def flatpak_sources(): server.shell('flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo') + +def correct_dns(): + files.put(src=io.StringIO("nameserver 10.2.0.3\n"), dest='/etc/resolv.conf') + + +if is_pi: + correct_dns() pkg_keys() apt_sources() -flatpak_sources() \ No newline at end of file +flatpak_sources()
--- a/dns.py Mon Apr 15 00:04:41 2024 -0700 +++ b/dns.py Mon Apr 15 02:27:07 2024 -0700 @@ -7,6 +7,7 @@ is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux'] + def dnsmasq_instance(net_name, house_iface, dhcp_range='10.2.0.10,10.2.0.11', @@ -25,7 +26,7 @@ router=listen_address, ) files.template(src='templates/dnsmasq/hosts.j2', dest=f'/opt/dnsmasq/{net_name}/hosts', net=net_name) - + dhcp_hosts = subprocess.check_output(['python3', '/my/serv/lanscape/src/public/make_dhcp_hosts.py'], encoding='utf8') files.put(src=StringIO(dhcp_hosts), dest=f'/opt/dnsmasq/{net_name}/dhcp_hosts') @@ -39,7 +40,8 @@ def standard_host_dns(): files.template(src='templates/hosts.j2', dest='/etc/hosts') if is_pi: - files.put(dest='/etc/resolv.conf', src=StringIO(''' + files.put(dest='/etc/resolv.conf', + src=StringIO(''' # written by pyinfra nameserver 10.2.0.3 search bigasterisk.com @@ -50,26 +52,34 @@ systemd.service(service='systemd-resolved.service', running=True, restarted=True) +pi_serial_hostname = [ +] + + def rpi_net_boot(): files.directory(path='/opt/dnsmasq/tftp') for pi_serial, _ in pi_serial_hostname: files.directory(path=f'/opt/dnsmasq/tftp/{pi_serial}') # then we transfer from pi to here + def rpi_iscsi_volumes(): iscsi_dir = '/d2/rpi-iscsi' for _, pi_hostname in pi_serial_hostname: - out= f'{iscsi_dir}/{pi_hostname}.disk' + out = f'{iscsi_dir}/{pi_hostname}.disk' files.directory(path=iscsi_dir) server.shell(f'dd if=/dev/zero of={out} count=0 bs=1 seek=5G conv=excl || true') - files.put(dest=f"/etc/tgt/conf.d/{pi_hostname}.conf", src=StringIO(f""" + files.put(dest=f"/etc/tgt/conf.d/{pi_hostname}.conf", + src=StringIO(f""" <target iqn.2024-03.com.bigasterisk:{pi_hostname}.target> backing-store {out} initiator-name iqn.2024-03.com.bigasterisk:{pi_hostname}.initiator </target> """)) - systemd.service(service='tgt.service', running=True, restarted=True) - + # restarting is disruptive to connected pis, and they might need to be + # visited: + #systemd.service(service='tgt.service', running=True, restarted=True) + standard_host_dns() @@ -82,7 +92,7 @@ dnsmasq_instance('10.5', house_iface='unused', dhcp_range='unused', listen_address='unused') # only works after wireguard is up elif host.name == 'ditto': - rpi_iscsi_volumes() # move out of this file- it's not dns + rpi_iscsi_volumes() # move out of this file- it's not dns elif host.name == 'pipe': rpi_net_boot() files.directory(path='/opt/dnsmasq')
--- a/inventory.py Mon Apr 15 00:04:41 2024 -0700 +++ b/inventory.py Mon Apr 15 02:27:07 2024 -0700 @@ -12,10 +12,10 @@ ] pi = [ - ('garage', { 'wireguard_address': '10.5.0.14', 'ssh_hostname': 'garage', 'mac': 'b8:27:eb:81:17:92',}), - ('ws-printer', { 'wireguard_address': '10.5.0.31', 'ssh_hostname': '10.2.0.112', }), + # ('garage', { 'wireguard_address': '10.5.0.14', 'ssh_hostname': 'garage', }), ('ws-printer', { 'wireguard_address': '10.5.0.31', 'ssh_hostname': 'ws-printer', }), - ('gn-music', { 'wireguard_address': '10.5.0.32', 'ssh_hostname': 'gn-music', }), + ('gn-music', { 'wireguard_address': '10.5.0.32', 'ssh_hostname': 'gn-music', }), + ('li-drums', { 'wireguard_address': '10.5.0.33', 'ssh_hostname': 'li-drums', }), ] remote = [
--- a/kube.py Mon Apr 15 00:04:41 2024 -0700 +++ b/kube.py Mon Apr 15 02:27:07 2024 -0700 @@ -13,6 +13,8 @@ def download_k3s(k3s_version): tail = 'k3s' if host.get_fact(Arch) == 'x86_64' else 'k3s-armhf' + if host.get_fact(Arch) == 'aarch64': + tail = 'k3s-arm64' files.download( src=f'https://github.com/rancher/k3s/releases/download/{k3s_version}/{tail}', dest='/usr/local/bin/k3s', @@ -169,6 +171,6 @@ make_cluster(server_ip="10.5.0.7", server_node='ditto', - nodes=['bang', 'slash', 'dash', 'ws-printer', 'gn-music'], + nodes=['bang', 'slash', 'dash', 'ws-printer', 'gn-music', 'li-drums'], admin_from=['bang', 'slash', 'dash', 'ditto'], k3s_version='v1.29.1+k3s1')
--- a/templates/sources.list.j2 Mon Apr 15 00:04:41 2024 -0700 +++ b/templates/sources.list.j2 Mon Apr 15 02:27:07 2024 -0700 @@ -51,7 +51,7 @@ deb [signed-by=/etc/apt/trusted.gpg] http://ppa.launchpad.net/hardkernel/ppa/ubuntu jammy main {% endif %} -{% if host.name in ['garage', 'ws-printer', 'gn-music'] %} +{% if host.name in ['garage', 'ws-printer', 'gn-music', 'li-drums'] %} deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware deb http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
--- a/templates/wireguard/wg0.conf.j2 Mon Apr 15 00:04:41 2024 -0700 +++ b/templates/wireguard/wg0.conf.j2 Mon Apr 15 02:27:07 2024 -0700 @@ -19,6 +19,7 @@ {{ peer_block('slash', '10.5.0.6/32') }} {{ peer_block('ws-printer', '10.5.0.31/32') }} {{ peer_block('gn-music', '10.5.0.32/32') }} + {{ peer_block('li-drums', '10.5.0.33/32') }} {% elif host.name == 'prime' %} {{ peer_block('ditto', '10.5.0.0/24') }} {{ peer_block('drew-note10', '10.5.0.112/32') }}
--- a/users.py Mon Apr 15 00:04:41 2024 -0700 +++ b/users.py Mon Apr 15 02:27:07 2024 -0700 @@ -8,9 +8,9 @@ # setups so hopefully it won't matter much that drew group has a # different id. drewp_uid, drewp_gid = 501, 1000 -if host.name in ['pillow', 'ws-printer', 'gn-music']: +if host.name in ['pillow', ]: drewp_uid, drewp_gid = 1000, 1000 -if host.name in ['pipe', 'garage']: +if host.name in ['pipe', 'garage', 'ws-printer', 'gn-music', 'li-drums']: drewp_uid, drewp_gid = 1001, 501 drewp_groups = [ 'lp', 'adm', 'dialout', 'cdrom', 'sudo', 'audio', 'video', 'plugdev',
--- a/wireguard_pubkey.py Mon Apr 15 00:04:41 2024 -0700 +++ b/wireguard_pubkey.py Mon Apr 15 02:27:07 2024 -0700 @@ -11,8 +11,9 @@ 'prime': 'vR9lfsUSOIMxkY/k2gRJ6E8ZudccfPpVhrbE9zuxalU=', 'slash': 'dZSvwUPLKPrBWY66o8GNeWCcol6lK5QG80HLtOnCRko=', 'pillow': 'gi54uHkV3WQWvU7b90oZV9ss69kqyeDerkaRk1dYziU=', - 'ws-printer': 'GtBDnxlkg8NaMFdQ88kJavH4TULad2DhaXjdvIQQuTo=', - 'gn-music': 'l1ogF4o9uymDfrzlY/qjYQnOitGi2Fu7jS5fpRdh/Q0=', + 'ws-printer': 'v3c4gNXtBCRSYn4r2ZwrQouJQ0bfGGz3K7oKcuS3FFk=', + 'li-drums': 'UNfh0qWqBLzYpDMZ3+3K3giAnDth0QWtLPocW8+NxAo=', + 'gn-music': 'XKkjSfdvROkLe0zxp9wal+ObTWqh/o7kJTXL8O9AOSQ=', } pubkey.update({