"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
-<!-- 2025-09-18 Thu 20:56 -->
+<!-- 2025-11-23 Sun 13:07 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Birchwood Abbey Networks</title>
the <code>abbey-</code> prefix on their names. These roles are applied <i>after</i>
the generic institutional roles (again, documented <a href="Institute/README.html">here</a>).
</p>
-<div id="outline-container-org4473dd2" class="outline-2">
-<h2 id="org4473dd2"><span class="section-number-2">1.</span> Overview</h2>
+<div id="outline-container-orgf3ea803" class="outline-2">
+<h2 id="orgf3ea803"><span class="section-number-2">1.</span> Overview</h2>
<div class="outline-text-2" id="text-1">
<p>
A Small Institute makes security and privacy top priorities but
philosophy, attitude.
</p>
-<pre class="example" id="orgd31059d">
+<pre class="example" id="org4276841">
|
=
_|||_
</pre>
</div>
</div>
-<div id="outline-container-org554a74c" class="outline-2">
-<h2 id="org554a74c"><span class="section-number-2">2.</span> The Abbey Particulars</h2>
+<div id="outline-container-org02a341b" class="outline-2">
+<h2 id="org02a341b"><span class="section-number-2">2.</span> The Abbey Particulars</h2>
<div class="outline-text-2" id="text-2">
<p>
The abbey's public particulars are included below. They are the
</p>
</div>
</div>
-<div id="outline-container-org8cce038" class="outline-2">
-<h2 id="org8cce038"><span class="section-number-2">3.</span> The Abbey Front Role</h2>
+<div id="outline-container-orgbfc625e" class="outline-2">
+<h2 id="orgbfc625e"><span class="section-number-2">3.</span> The Abbey Front Role</h2>
<div class="outline-text-2" id="text-3">
<p>
Birchwood Abbey's front door is a Digital Ocean Droplet configured as
Dovecot-IMAPd, and hosting a VPN with WireGuard™.
</p>
</div>
-<div id="outline-container-orgcbc817f" class="outline-3">
-<h3 id="orgcbc817f"><span class="section-number-3">3.1.</span> Install Emacs</h3>
+<div id="outline-container-org5e99273" class="outline-3">
+<h3 id="org5e99273"><span class="section-number-3">3.1.</span> Install Emacs</h3>
<div class="outline-text-3" id="text-3-1">
<p>
The monks of the abbey are masters of the staff (bo) and Emacs.
</div>
</div>
</div>
-<div id="outline-container-org4fe639d" class="outline-3">
-<h3 id="org4fe639d"><span class="section-number-3">3.2.</span> Configure Public Email Aliases</h3>
+<div id="outline-container-orgb7a2cfb" class="outline-3">
+<h3 id="orgb7a2cfb"><span class="section-number-3">3.2.</span> Configure Public Email Aliases</h3>
<div class="outline-text-3" id="text-3-2">
<p>
The abbey uses several additional email aliases. These are the public
</div>
</div>
</div>
-<div id="outline-container-org7b066ef" class="outline-3">
-<h3 id="org7b066ef"><span class="section-number-3">3.3.</span> Configure Git Daemon on Front</h3>
+<div id="outline-container-org267af54" class="outline-3">
+<h3 id="org267af54"><span class="section-number-3">3.3.</span> Configure Git Daemon on Front</h3>
<div class="outline-text-3" id="text-3-3">
<p>
The abbey publishes member Git repositories with <code>git-daemon</code>. If
</div>
<div class="org-src-container">
-<code>git-tasks</code><pre class="src src-conf" id="org4a1e541"><code>- name: Install git daemon.
+<code>git-tasks</code><pre class="src src-conf" id="org762b923"><code>- name: Install git daemon.
become: yes
<span class="org-variable-name">apt: pkg</span>=git-daemon-sysvinit
</div>
<div class="org-src-container">
-<code>git-handlers</code><pre class="src src-conf" id="orga6c05f5"><code>
+<code>git-handlers</code><pre class="src src-conf" id="org78c8daa"><code>
- name: Restart git daemon.
become: yes
command: systemctl restart git-daemon
</div>
</div>
</div>
-<div id="outline-container-orgea99651" class="outline-3">
-<h3 id="orgea99651"><span class="section-number-3">3.4.</span> Configure Gitweb on Front</h3>
+<div id="outline-container-org699d236" class="outline-3">
+<h3 id="org699d236"><span class="section-number-3">3.4.</span> Configure Gitweb on Front</h3>
<div class="outline-text-3" id="text-3-4">
<p>
The abbey provides an HTML interface to members' public Git
</p>
<div class="org-src-container">
-<code>apache-gitweb</code><pre class="src src-conf" id="org502a184"><code>
+<code>apache-gitweb</code><pre class="src src-conf" id="org087507e"><code>
Alias /gitweb-static/ /usr/share/gitweb/static/
<Directory <span class="org-string">"/usr/share/gitweb/static/"</span>>
Options MultiViews
</p>
<div class="org-src-container">
-<code>apache-gitweb-tasks</code><pre class="src src-conf" id="org169cd13"><code>- name: Enable Apache2 rewrite module for Gitweb.
+<code>apache-gitweb-tasks</code><pre class="src src-conf" id="org5d6da49"><code>- name: Enable Apache2 rewrite module for Gitweb.
become: yes
<span class="org-variable-name">apache2_module: name</span>=rewrite
notify: Restart Apache2.
</div>
<div class="org-src-container">
-<code>apache-gitweb-handlers</code><pre class="src src-conf" id="org58e3352"><code>- name: Restart Apache2.
+<code>apache-gitweb-handlers</code><pre class="src src-conf" id="org0a16216"><code>- name: Restart Apache2.
become: yes
systemd:
service: apache2
</div>
</div>
</div>
-<div id="outline-container-orge66ade9" class="outline-3">
-<h3 id="orge66ade9"><span class="section-number-3">3.5.</span> Configure Apache for Abbey Documentation</h3>
+<div id="outline-container-orged32002" class="outline-3">
+<h3 id="orged32002"><span class="section-number-3">3.5.</span> Configure Apache for Abbey Documentation</h3>
<div class="outline-text-3" id="text-3-5">
<p>
Some of the directives added to the <q>-vhost.conf</q> file are needed by
</p>
<div class="org-src-container">
-<code>apache-abbey</code><pre class="src src-conf" id="org97325b1"><code><Directory {{ docroot }}/Abbey/>
+<code>apache-abbey</code><pre class="src src-conf" id="org729ab6e"><code><Directory {{ docroot }}/Abbey/>
AllowOverride Indexes FileInfo
Options +Indexes +FollowSymLinks
</Directory>
</div>
</div>
</div>
-<div id="outline-container-orgec18b5a" class="outline-3">
-<h3 id="orgec18b5a"><span class="section-number-3">3.6.</span> Configure Photos URLs on Front</h3>
+<div id="outline-container-orgdd6d40b" class="outline-3">
+<h3 id="orgdd6d40b"><span class="section-number-3">3.6.</span> Configure Photos URLs on Front</h3>
<div class="outline-text-3" id="text-3-6">
<p>
Some of the directives added to the <q>-vhost.conf</q> file map the abbey's
</p>
<div class="org-src-container">
-<code>apache-photos</code><pre class="src src-conf" id="org188aee2"><code>
+<code>apache-photos</code><pre class="src src-conf" id="orgee7659b"><code>
RedirectMatch /Photos$ /Photos/
RedirectMatch /Photos/(20[0-9][0-9])_([0-9][0-9])_([0-9][0-9])$ \
/Photos/$1_$2_$3/
</div>
</div>
</div>
-<div id="outline-container-orgc5a33b8" class="outline-3">
-<h3 id="orgc5a33b8"><span class="section-number-3">3.7.</span> Configure Apache on Front</h3>
+<div id="outline-container-org4c832e7" class="outline-3">
+<h3 id="org4c832e7"><span class="section-number-3">3.7.</span> Configure Apache on Front</h3>
<div class="outline-text-3" id="text-3-7">
<p>
The abbey needs to add some Apache2 configuration directives to the
</p>
<p>
-The following task adds the <a href="#org97325b1"><code>apache-abbey</code></a>, <a href="#org188aee2"><code>apache-photos</code></a>, and
-<a href="#org502a184"><code>apache-gitweb</code></a> directives described above to the <q>-vhost.conf</q> file,
+The following task adds the <a href="#org729ab6e"><code>apache-abbey</code></a>, <a href="#orgee7659b"><code>apache-photos</code></a>, and
+<a href="#org087507e"><code>apache-gitweb</code></a> directives described above to the <q>-vhost.conf</q> file,
and includes <q>options-ssl-apache.conf</q> from <q>/etc/letsencrypt/</q>. The
rest of the Let's Encrypt configuration is discussed in the following
-<a href="#org9d599a6">Install Let's Encrypt</a> section.
+<a href="#org19b0c76">Install Let's Encrypt</a> section.
</p>
<div class="org-src-container">
</div>
</div>
</div>
-<div id="outline-container-orgc297912" class="outline-3">
-<h3 id="orgc297912"><span class="section-number-3">3.8.</span> Configure Apache Log Archival</h3>
+<div id="outline-container-org8b56a72" class="outline-3">
+<h3 id="org8b56a72"><span class="section-number-3">3.8.</span> Configure Apache Log Archival</h3>
<div class="outline-text-3" id="text-3-8">
<p>
These tasks hack Apache's <code>logrotate(8)</code> configuration to rotate
</div>
</div>
</div>
-<div id="outline-container-org9d599a6" class="outline-3">
-<h3 id="org9d599a6"><span class="section-number-3">3.9.</span> Install Let's Encrypt</h3>
+<div id="outline-container-org19b0c76" class="outline-3">
+<h3 id="org19b0c76"><span class="section-number-3">3.9.</span> Install Let's Encrypt</h3>
<div class="outline-text-3" id="text-3-9">
<p>
The abbey uses a Let's Encrypt certificate to authenticate its public
entered as shown below).
</p>
-<pre class="example" id="orge66af71">
+<pre class="example" id="org633b789">
$ sudo apt install python3-certbot-apache
$ sudo certbot --apache -d birchwood-abbey.net
...
</div>
</div>
</div>
-<div id="outline-container-org61fc32d" class="outline-3">
-<h3 id="org61fc32d"><span class="section-number-3">3.10.</span> Rotate Let's Encrypt Log</h3>
+<div id="outline-container-orgbbc57f8" class="outline-3">
+<h3 id="orgbbc57f8"><span class="section-number-3">3.10.</span> Rotate Let's Encrypt Log</h3>
<div class="outline-text-3" id="text-3-10">
<p>
The following task arranges to rotate Certbot's logs files.
</div>
</div>
</div>
-<div id="outline-container-org4ba9bf2" class="outline-3">
-<h3 id="org4ba9bf2"><span class="section-number-3">3.11.</span> Archive Let's Encrypt Data</h3>
+<div id="outline-container-org8dd4061" class="outline-3">
+<h3 id="org8dd4061"><span class="section-number-3">3.11.</span> Archive Let's Encrypt Data</h3>
<div class="outline-text-3" id="text-3-11">
<p>
A backup copy of Let's Encrypt's data (<q>/etc/letsencrypt/</q>) is sent to
</div>
</div>
</div>
-<div id="outline-container-orge1ede26" class="outline-2">
-<h2 id="orge1ede26"><span class="section-number-2">4.</span> The Abbey Core Role</h2>
+<div id="outline-container-orge7c63b8" class="outline-2">
+<h2 id="orge7c63b8"><span class="section-number-2">4.</span> The Abbey Core Role</h2>
<div class="outline-text-2" id="text-4">
<p>
Birchwood Abbey's core is a mini-PC (System76 Meerkat) configured as A
NTP, DNS and DHCP.
</p>
</div>
-<div id="outline-container-org4370ec9" class="outline-3">
-<h3 id="org4370ec9"><span class="section-number-3">4.1.</span> Include Abbey Variables</h3>
+<div id="outline-container-org527c528" class="outline-3">
+<h3 id="org527c528"><span class="section-number-3">4.1.</span> Include Abbey Variables</h3>
<div class="outline-text-3" id="text-4-1">
<p>
In this abbey specific document, most abbey particulars are not
</div>
</div>
</div>
-<div id="outline-container-org5f355b2" class="outline-3">
-<h3 id="org5f355b2"><span class="section-number-3">4.2.</span> Install Additional Packages</h3>
+<div id="outline-container-orgb98fbad" class="outline-3">
+<h3 id="orgb98fbad"><span class="section-number-3">4.2.</span> Install Additional Packages</h3>
<div class="outline-text-3" id="text-4-2">
<p>
The scripts that maintain the abbey's web site use a number of
</div>
</div>
</div>
-<div id="outline-container-org165df37" class="outline-3">
-<h3 id="org165df37"><span class="section-number-3">4.3.</span> Configure Private Email Aliases</h3>
+<div id="outline-container-orgb220438" class="outline-3">
+<h3 id="orgb220438"><span class="section-number-3">4.3.</span> Configure Private Email Aliases</h3>
<div class="outline-text-3" id="text-4-3">
<p>
The abbey uses several additional email aliases. These are the campus
</div>
</div>
</div>
-<div id="outline-container-org45227f9" class="outline-3">
-<h3 id="org45227f9"><span class="section-number-3">4.4.</span> Configure Git Daemon on Core</h3>
+<div id="outline-container-org6c3e11d" class="outline-3">
+<h3 id="org6c3e11d"><span class="section-number-3">4.4.</span> Configure Git Daemon on Core</h3>
<div class="outline-text-3" id="text-4-4">
<p>
These tasks are identical to those executed on Front, for similar Git
-services on Front and Core. See <a href="#org7b066ef">3.3</a> and
-<a href="#orgea99651">Configure Gitweb on Front</a> for more information.
+services on Front and Core. See <a href="#org267af54">3.3</a> and
+<a href="#org699d236">Configure Gitweb on Front</a> for more information.
</p>
<div class="org-src-container">
</div>
</div>
</div>
-<div id="outline-container-orga4b2945" class="outline-3">
-<h3 id="orga4b2945"><span class="section-number-3">4.5.</span> Configure Apache on Core</h3>
+<div id="outline-container-orgb749be4" class="outline-3">
+<h3 id="orgb749be4"><span class="section-number-3">4.5.</span> Configure Apache on Core</h3>
<div class="outline-text-3" id="text-4-5">
<p>
The Apache2 configuration on Core specifies three web sites (live,
test, and campus). The live and test sites must operate just like the
-site on Front. Their configurations include the same <a href="#org97325b1"><code>apache-abbey</code></a>,
-<a href="#org188aee2"><code>apache-photos</code></a>, and <a href="#org502a184"><code>apache-gitweb</code></a> used on Front.
+site on Front. Their configurations include the same <a href="#org729ab6e"><code>apache-abbey</code></a>,
+<a href="#orgee7659b"><code>apache-photos</code></a>, and <a href="#org087507e"><code>apache-gitweb</code></a> used on Front.
</p>
<div class="org-src-container">
</div>
</div>
</div>
-<div id="outline-container-org24b30a1" class="outline-3">
-<h3 id="org24b30a1"><span class="section-number-3">4.6.</span> Configure Documentation URLs</h3>
+<div id="outline-container-org838f2e2" class="outline-3">
+<h3 id="org838f2e2"><span class="section-number-3">4.6.</span> Configure Documentation URLs</h3>
<div class="outline-text-3" id="text-4-6">
<p>
The institute serves its <q>/usr/share/doc/</q> on the house (campus) web
site. This is a debugging convenience, making some HTML documentation
more accessible, especially the documentation of software installed on
Core and not on typical desktop clients. Also included: the Apache2
-directives that enable user Git publishing with Gitweb (defined <a href="#org502a184">here</a>).
+directives that enable user Git publishing with Gitweb (defined <a href="#org087507e">here</a>).
</p>
<div class="org-src-container">
</div>
</div>
</div>
-<div id="outline-container-org6ab2686" class="outline-3">
-<h3 id="org6ab2686"><span class="section-number-3">4.7.</span> Install Apt Cacher</h3>
+<div id="outline-container-org5b4621f" class="outline-3">
+<h3 id="org5b4621f"><span class="section-number-3">4.7.</span> Install Apt Cacher</h3>
<div class="outline-text-3" id="text-4-7">
<p>
The abbey uses the Apt-Cacher:TNG package cache on Core. The
</div>
</div>
</div>
-<div id="outline-container-orgd892afd" class="outline-3">
-<h3 id="orgd892afd"><span class="section-number-3">4.8.</span> Use Cloister Apt Cache</h3>
+<div id="outline-container-orgbc620cb" class="outline-3">
+<h3 id="orgbc620cb"><span class="section-number-3">4.8.</span> Use Cloister Apt Cache</h3>
<div class="outline-text-3" id="text-4-8">
<p>
Core itself will benefit from using the package cache, but should
</div>
</div>
</div>
-<div id="outline-container-orgba0ee47" class="outline-3">
-<h3 id="orgba0ee47"><span class="section-number-3">4.9.</span> Configure NAGIOS</h3>
+<div id="outline-container-org314a1e2" class="outline-3">
+<h3 id="org314a1e2"><span class="section-number-3">4.9.</span> Configure NAGIOS</h3>
<div class="outline-text-3" id="text-4-9">
<p>
A small institute uses <code>nagios4</code> to monitor the health of its network,
<code>monitoring-plugins</code> package. Thus a NAGIOS4 server on the abbey's
Core monitors core network services, and uses <code>nagios-nrpe-server</code> to
monitor Gate. The abbey adds several more monitors, installing
-additional configuration files in <q>/etc/nagios4/conf.d/</q>, and another
-customized <code>check_sensors</code> plugin (<code>abbey_pisensors</code>) in
-<q>/usr/local/sbin/</q> on the Raspberry Pis.
+additional configuration files in <q>/etc/nagios4/conf.d/</q>, a
+<code>check_mdstat</code> plugin from <code>https://exchange.nagios.org/</code> on Core, and
+another customized <code>check_sensors</code> plugin (<code>abbey_pisensors</code>) on the
+Raspberry Pis.
</p>
</div>
-<div id="outline-container-orge29fb41" class="outline-4">
-<h4 id="orge29fb41"><span class="section-number-4">4.9.1.</span> Monitoring The Home Disk</h4>
+<div id="outline-container-org0cd3e32" class="outline-4">
+<h4 id="org0cd3e32"><span class="section-number-4">4.9.1.</span> Monitoring The Home Disk</h4>
<div class="outline-text-4" id="text-4-9-1">
<p>
The abbey adds monitoring of the space remaining on the volume at
<q>/home/</q> on Core. (The small institute only monitors the space
-remaining on roots.)
+remaining on roots.) The abbey also monitors of the state of the
+RAID-5 array under <q>/home/</q>.
</p>
<div class="org-src-container">
service_description Home Partition
check_command check_local_disk!20%!10%!/home
}
+ <span class="org-type">define service</span> {
+ use local-service
+ host_name core
+ service_description Home RAID
+ check_command check_mdstat!md0!3
+ }
+ <span class="org-type">define command</span> {
+ command_name check_mdstat
+ command_line /usr/local/sbin/check_mdstat $ARG1$ $ARG2$
+ }
dest: /etc/nagios4/conf.d/abbey.cfg
notify: Reload NAGIOS4.
+
+- name: Install NAGIOS monitor check_mdstat.
+ become: yes
+ copy:
+ src: ../abbey-core/files/check_mdstat
+ dest: /usr/local/sbin/check_mdstat
+ <span class="org-variable-name">mode: u</span>=rwx,g=rx,o=rx
</code></pre>
</div>
</div>
</div>
</div>
-<div id="outline-container-org586cf48" class="outline-4">
-<h4 id="org586cf48"><span class="section-number-4">4.9.2.</span> Custom NAGIOS Monitor <code>abbey_pisensors</code></h4>
+<div id="outline-container-org793bf62" class="outline-4">
+<h4 id="org793bf62"><span class="section-number-4">4.9.2.</span> Custom NAGIOS Monitor <code>abbey_pisensors</code></h4>
<div class="outline-text-4" id="text-4-9-2">
<p>
The <code>check_sensors</code> plugin is included in the package
</div>
</div>
</div>
-<div id="outline-container-org5b4b9d5" class="outline-4">
-<h4 id="org5b4b9d5"><span class="section-number-4">4.9.3.</span> Configure NAGIOS Monitoring of The Cloister</h4>
+<div id="outline-container-orgc83910e" class="outline-4">
+<h4 id="orgc83910e"><span class="section-number-4">4.9.3.</span> Stolen NAGIOS Monitor <code>check_mdstat</code></h4>
<div class="outline-text-4" id="text-4-9-3">
<p>
+This <code>check_mdstat</code> plugin was copied from the NAGIOS Exchange (<a href="https://exchange.nagios.org/directory/plugins/operating-systems/linux/check_mdstat/details/">here</a>).
+It detects a failing disk in a multi-disk array.
+</p>
+
+<div class="org-src-container">
+<a href="roles_t/abbey-core/files/check_mdstat"><q>roles_t/abbey-core/files/check_mdstat</q></a><pre class="src src-sh"><code><span class="org-comment-delimiter">#</span><span class="org-comment">!/usr/bin/</span><span class="org-keyword">env</span><span class="org-comment"> bash
+</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">nagios script checks for failed raid device
+</span><span class="org-comment-delimiter"># </span><span class="org-comment">linux software raid /proc/mdstat
+</span><span class="org-comment-delimiter"># </span><span class="org-comment">karl@webmedianow.com 2013-10-01
+</span>
+<span class="org-variable-name">STATE_OK</span>=0
+<span class="org-variable-name">STATE_WARNING</span>=1
+<span class="org-variable-name">STATE_CRITICAL</span>=2
+<span class="org-variable-name">STATE_UNKNOWN</span>=3
+<span class="org-variable-name">STATE_DEPENDENT</span>=4
+
+<span class="org-variable-name">PATH</span>=/bin:/usr/bin:/sbin:/usr/sbin
+<span class="org-builtin">export</span> PATH
+
+<span class="org-function-name">usage</span>() {
+cat <<-EOE<span class="org-sh-heredoc">
+Usage: $0 mdadm_device total_drives
+
+ mdadm_device is md0, md1, etc...
+ total_drives is 2 for mirror, or 3, 4 etc...
+
+Nagios script to check if failed drive in /proc/mdstat
+
+Example: raid 2 (2 disk mirror)
+ /opt/nagios/libexec/check_mdstat.sh md0 2
+
+Example: raid 5 with 8 disks
+ /opt/nagios/libexec/check_mdstat.sh md0 8
+
+EOE
+</span><span class="org-keyword">exit</span> $<span class="org-variable-name">STATE_UNKNOWN</span>
+}
+
+<span class="org-keyword">if</span> [ $<span class="org-variable-name">#</span> -lt 2 ]; <span class="org-keyword">then</span>
+ usage
+<span class="org-keyword">fi</span>
+
+<span class="org-variable-name">cmd_device</span>=<span class="org-string">"$1"</span>
+<span class="org-variable-name">drive_num</span>=<span class="org-string">"$2"</span>
+
+<span class="org-variable-name">U</span>=<span class="org-string">""</span>
+<span class="org-keyword">for</span> i<span class="org-keyword"> in</span> $(<span class="org-sh-quoted-exec">seq 1 $drive_num</span>);
+<span class="org-keyword">do</span>
+ <span class="org-variable-name">U</span>=<span class="org-string">"${U}U"</span>
+<span class="org-keyword">done</span>
+
+<span class="org-variable-name">uu</span>=<span class="org-string">"[${U}]"</span>
+<span class="org-variable-name">nn</span>=<span class="org-string">"[${drive_num}/${drive_num}]"</span>
+
+<span class="org-comment-delimiter">#</span><span class="org-comment">cat /proc/mdstat | grep -A 1 ^md1 | tail -1 | awk '{print ($(</span><span class="org-sh-quoted-exec">NF</span><span class="org-comment">))}'
+</span><span class="org-comment-delimiter"># </span><span class="org-comment">[UUUUUUUU] is OK raid
+</span><span class="org-comment-delimiter"># </span><span class="org-comment">[_U] is Failed Drive
+</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">check if we have correct device...
+</span><span class="org-keyword">if</span> cat /proc/mdstat | grep ^${<span class="org-variable-name">cmd_device</span>} | awk <span class="org-string">'{print $1}'</span> | grep ^${<span class="org-variable-name">cmd_device</span>}$ >/dev/null 2>&1
+<span class="org-keyword">then</span>
+ <span class="org-variable-name">device</span>=$<span class="org-variable-name">cmd_device</span>
+<span class="org-keyword">else</span>
+ <span class="org-builtin">echo</span> <span class="org-string">"Couldn't match $cmd_device"</span>
+ <span class="org-keyword">exit</span> $<span class="org-variable-name">STATE_UNKNOWN</span>
+<span class="org-keyword">fi</span>
+
+<span class="org-variable-name">u_status</span>=$(<span class="org-sh-quoted-exec">cat /proc/mdstat | grep -A 1 ^${device} | tail -1 | awk '{print ($(NF</span><span class="org-string">))}'</span>)
+<span class="org-variable-name">n_status</span>=$(<span class="org-sh-quoted-exec">cat /proc/mdstat | grep -A 1 ^${device} | tail -1 | awk '{print ($(NF-1</span><span class="org-string">))}'</span>)
+
+<span class="org-keyword">if</span> [ $<span class="org-variable-name">uu</span> = $<span class="org-variable-name">u_status</span> ] && [ $<span class="org-variable-name">nn</span> = $<span class="org-variable-name">n_status</span> ]; <span class="org-keyword">then</span>
+ <span class="org-builtin">echo</span> <span class="org-string">"OK: $device $n_status $u_status"</span>
+ <span class="org-keyword">exit</span> $<span class="org-variable-name">STATE_OK</span>
+<span class="org-keyword">else</span>
+ <span class="org-builtin">echo</span> <span class="org-string">"FAIL: $device $n_status $u_status"</span>
+ <span class="org-keyword">exit</span> $<span class="org-variable-name">STATE_CRITICAL</span>
+<span class="org-keyword">fi</span>
+
+
+</code></pre>
+</div>
+</div>
+</div>
+<div id="outline-container-org884a7fd" class="outline-4">
+<h4 id="org884a7fd"><span class="section-number-4">4.9.4.</span> Configure NAGIOS Monitoring of The Cloister</h4>
+<div class="outline-text-4" id="text-4-9-4">
+<p>
The abbey adds monitoring for more servers: Dantooine and Kessel.
They are <code>abbey-cloister</code> servers, so they are configured as small
institute <code>campus</code> servers, like Gate, with an NRPE (a NAGIOS Remote
are idiosyncratically in flux.
</p>
</div>
-<div id="outline-container-orge36ebf2" class="outline-5">
-<h5 id="orge36ebf2"><span class="section-number-5">4.9.3.1.</span> Cloister Network Addresses</h5>
-<div class="outline-text-5" id="text-4-9-3-1">
+<div id="outline-container-org1748c6a" class="outline-5">
+<h5 id="org1748c6a"><span class="section-number-5">4.9.4.1.</span> Cloister Network Addresses</h5>
+<div class="outline-text-5" id="text-4-9-4-1">
<p>
The IP addresses of all three hosts are nice to use in the NAGIOS
configuration (to avoid depending on name service) and so are
</div>
</div>
</div>
-<div id="outline-container-orgafba9a0" class="outline-5">
-<h5 id="orgafba9a0"><span class="section-number-5">4.9.3.2.</span> Install NAGIOS Configurations</h5>
-<div class="outline-text-5" id="text-4-9-3-2">
+<div id="outline-container-orgf516f5f" class="outline-5">
+<h5 id="orgf516f5f"><span class="section-number-5">4.9.4.2.</span> Install NAGIOS Configurations</h5>
+<div class="outline-text-5" id="text-4-9-4-2">
<p>
The following task installs each host's NAGIOS configuration.
</p>
</div>
</div>
</div>
-<div id="outline-container-org33bcf60" class="outline-5">
-<h5 id="org33bcf60"><span class="section-number-5">4.9.3.3.</span> NAGIOS Monitoring of Dantooine</h5>
-<div class="outline-text-5" id="text-4-9-3-3">
+<div id="outline-container-orge146107" class="outline-5">
+<h5 id="orge146107"><span class="section-number-5">4.9.4.3.</span> NAGIOS Monitoring of Dantooine</h5>
+<div class="outline-text-5" id="text-4-9-4-3">
<div class="org-src-container">
<a href="roles_t/abbey-core/templates/nagios-dantooine.cfg"><q>roles_t/abbey-core/templates/nagios-dantooine.cfg</q></a><pre class="src src-conf"><code><span class="org-type">define host</span> {
use linux-server
</div>
</div>
</div>
-<div id="outline-container-org62eb731" class="outline-5">
-<h5 id="org62eb731"><span class="section-number-5">4.9.3.4.</span> NAGIOS Monitoring of Kessel</h5>
-<div class="outline-text-5" id="text-4-9-3-4">
+<div id="outline-container-org29612d8" class="outline-5">
+<h5 id="org29612d8"><span class="section-number-5">4.9.4.4.</span> NAGIOS Monitoring of Kessel</h5>
+<div class="outline-text-5" id="text-4-9-4-4">
<div class="org-src-container">
<a href="roles_t/abbey-core/templates/nagios-kessel.cfg"><q>roles_t/abbey-core/templates/nagios-kessel.cfg</q></a><pre class="src src-conf"><code><span class="org-type">define host</span> {
use linux-server
</div>
</div>
</div>
-<div id="outline-container-org892c641" class="outline-3">
-<h3 id="org892c641"><span class="section-number-3">4.10.</span> Install Munin</h3>
+<div id="outline-container-orga71a03b" class="outline-3">
+<h3 id="orga71a03b"><span class="section-number-3">4.10.</span> Install Munin</h3>
<div class="outline-text-3" id="text-4-10">
<p>
The abbey is experimenting with Munin. NAGIOS is all about notifying
- name: Punt default Munin node.
become: yes
ini_file:
- section: <span class="org-string">"[localhost.localdomain]"</span>
+ section: <span class="org-string">"localhost.localdomain"</span>
state: absent
+ backup: true
path: /etc/munin/munin.conf
+ notify: Restart Munin.
- name: Configure actual Munin nodes.
become: yes
</div>
</div>
</div>
-<div id="outline-container-org28d886b" class="outline-3">
-<h3 id="org28d886b"><span class="section-number-3">4.11.</span> Install Analog</h3>
+<div id="outline-container-org1b82bb0" class="outline-3">
+<h3 id="org1b82bb0"><span class="section-number-3">4.11.</span> Install Analog</h3>
<div class="outline-text-3" id="text-4-11">
<p>
The abbey's public web site's access and error logs are emailed
regularly to <code>webmaster</code>, who saves them in <q>/Logs/apache2-public/</q>
-and runs <code>analog</code> to generate <q>/WWW/campus/analog.html</q>, available to
-the campus as <code>http://www/analog.html</code>.
+and runs <code>analog</code> as <code>monkey</code> to generate <q>/WWW/campus/analog.html</q>,
+available to the campus as <code>http://www/analog.html</code>.
+</p>
+
+<pre class="example">
+sudo -u monkey analog
+</pre>
+
+<p>
+The <code>analog</code> package includes a manual, how-to's and examples in
+<q>/usr/share/doc/analog/</q>. The HTML portions can be viewed on campus
+at <code>http://www/doc/analog/</code>.
</p>
<div class="org-src-container">
become: yes
<span class="org-variable-name">apt: pkg</span>=analog
-- name: Configure Analog (removing old /var/log/apache/ LOGFILEs).
- become: yes
- lineinfile:
- path: /etc/analog.cfg
- regexp: <span class="org-string">'^LOGFILE /var/log/apache/'</span>
- state: absent
-
-- name: Configure Analog (adding new configuration lines).
+- name: Configure Analog.
become: yes
+ vars:
+ dir: /Logs/apache2-public
lineinfile:
path: /etc/analog.cfg
- line: <span class="org-string">"{{ item }}"</span>
+ regexp: <span class="org-string">"{{ item.regx }}"</span>
+ line: <span class="org-string">"{{ item.line }}"</span>
insertafter: EOF
loop:
- - <span class="org-string">"LOGFILE /Logs/apache2-public/*-access.log.gz"</span>
- - <span class="org-string">"ALLCHART OFF"</span>
- - <span class="org-string">"DNS WRITE"</span>
- - <span class="org-string">"HOSTNAME \"{{ full_name }}\""</span>
- - <span class="org-string">"OUTFILE /WWW/campus/analog.html"</span>
+ - { regx: <span class="org-string">"^LOGFILE "</span>, line: <span class="org-string">"LOGFILE {{ dir }}/202?????.log.gz"</span> }
+ - { regx: <span class="org-string">"^OUTFILE "</span>, line: <span class="org-string">"OUTFILE /WWW/campus/analog.html"</span> }
+ - { regx: <span class="org-string">"HOSTNAME "</span>, line: <span class="org-string">"HOSTNAME \"{{ full_name }}\""</span> }
+ - { regx: <span class="org-string">"^ALLCHART "</span>, line: <span class="org-string">"ALLCHART OFF"</span> }
+ - { regx: <span class="org-string">"^DNS "</span>, line: <span class="org-string">"DNS WRITE"</span> }
+ - { regx: <span class="org-string">"^DNSFILE "</span>, line: <span class="org-string">"DNSFILE /Logs/dnscache"</span> }
- name: Create /Logs/.
become: yes
state: directory
<span class="org-variable-name">mode: u</span>=rwx,g=rx,o=rx
+- name: Create /Logs/dnscache.
+ become: yes
+ file:
+ path: /Logs/dnscache
+ owner: monkey
+ group: monkey
+ <span class="org-variable-name">mode: u</span>=rw,g=r,o=r
+
- name: Create /Logs/apache2-public/.
become: yes
file:
owner: monkey
group: staff
<span class="org-variable-name">mode: u</span>=rwx,g=srwx,o=rx
+
+- name: Create /WWW/campus/analog/.
+ become: yes
+ file:
+ state: link
+ path: /WWW/campus/analog
+ src: /usr/share/analog/images
</code></pre>
</div>
</div>
</div>
-<div id="outline-container-org5b6e9e5" class="outline-3">
-<h3 id="org5b6e9e5"><span class="section-number-3">4.12.</span> Add Monkey to Web Server Group</h3>
+<div id="outline-container-orgcad9c9a" class="outline-3">
+<h3 id="orgcad9c9a"><span class="section-number-3">4.12.</span> Add Monkey to Web Server Group</h3>
<div class="outline-text-3" id="text-4-12">
<p>
Monkey needs to be in <code>www-data</code> so that it can run
</div>
</div>
</div>
-<div id="outline-container-org7a65f75" class="outline-3">
-<h3 id="org7a65f75"><span class="section-number-3">4.13.</span> Install netpbm For Photo Processing</h3>
+<div id="outline-container-orgdd37bf0" class="outline-3">
+<h3 id="orgdd37bf0"><span class="section-number-3">4.13.</span> Install netpbm For Photo Processing</h3>
<div class="outline-text-3" id="text-4-13">
<p>
Monkey's photo processing scripts use <code>netpbm</code> commands like
</div>
</div>
</div>
-<div id="outline-container-orgb50e66e" class="outline-2">
-<h2 id="orgb50e66e"><span class="section-number-2">5.</span> The Abbey Gate Role</h2>
+<div id="outline-container-org9f5451b" class="outline-2">
+<h2 id="org9f5451b"><span class="section-number-2">5.</span> The Abbey Gate Role</h2>
<div class="outline-text-2" id="text-5">
<p>
Birchwood Abbey's gate is a $110 µPC configured as A Small Institute
Ecowitt hub.
</p>
</div>
-<div id="outline-container-org3879c4d" class="outline-3">
-<h3 id="org3879c4d"><span class="section-number-3">5.1.</span> The Abbey Gate's Network Interfaces</h3>
+<div id="outline-container-orge60f0dc" class="outline-3">
+<h3 id="orge60f0dc"><span class="section-number-3">5.1.</span> The Abbey Gate's Network Interfaces</h3>
<div class="outline-text-3" id="text-5-1">
<p>
The abbey gate's <code>lan</code> interface is the PC's built-in Ethernet
</p>
</div>
</div>
-<div id="outline-container-org0940619" class="outline-3">
-<h3 id="org0940619"><span class="section-number-3">5.2.</span> The Abbey's IoT Network</h3>
+<div id="outline-container-org2fae425" class="outline-3">
+<h3 id="org2fae425"><span class="section-number-3">5.2.</span> The Abbey's IoT Network</h3>
<div class="outline-text-3" id="text-5-2">
<p>
To allow masquerading between the private subnets and <code>wild</code>, the
following <code>iptables(8)</code> rules are added. They are very similar to the
<code>nat</code> and <code>filter</code> table rules used by a small institute to masquerade
-its <code>lan</code> to its <code>isp</code> (see the <a href="Institute/README.html#orgfca1bef">UFW Rules</a> of a Small Institute).
+its <code>lan</code> to its <code>isp</code> (see the <a href="Institute/README.html#org81016c5">UFW Rules</a> of a Small Institute).
The campus WireGuard™ subnet is not included because the campus Wi-Fi
hosts should be routing to the wild subnet directly and are assumed to
be masquerading as their access point(s).
</p>
<div class="org-src-container">
-<code>iot-nat</code><pre class="src src-conf" id="orgff7c718"><code>-A POSTROUTING -s {{ private_net_cidr }} -o wild -j MASQUERADE
+<code>iot-nat</code><pre class="src src-conf" id="org3d90360"><code>-A POSTROUTING -s {{ private_net_cidr }} -o wild -j MASQUERADE
-A POSTROUTING -s {{ public_wg_net_cidr }} -o wild -j MASQUERADE
</code></pre>
</div>
<div class="org-src-container">
-<code>iot-forward</code><pre class="src src-conf" id="org83064bf"><code>-A ufw-user-forward -i lan -o wild -j ACCEPT
+<code>iot-forward</code><pre class="src src-conf" id="org0c68876"><code>-A ufw-user-forward -i lan -o wild -j ACCEPT
-A ufw-user-forward -i wg0 -o wild -j ACCEPT
</code></pre>
</div>
</p>
</div>
</div>
-<div id="outline-container-orgda52587" class="outline-3">
-<h3 id="orgda52587"><span class="section-number-3">5.3.</span> Configure UFW for IoT</h3>
+<div id="outline-container-orgfd30ddd" class="outline-3">
+<h3 id="orgfd30ddd"><span class="section-number-3">5.3.</span> Configure UFW for IoT</h3>
<div class="outline-text-3" id="text-5-3">
<p>
The following tasks install the additional rules in <q>before.rules</q>
-and <q>user.rules</q> (as in <a href="Institute/README.html#orga4b4df7">Configure UFW</a>).
+and <q>user.rules</q> (as in <a href="Institute/README.html#orgf0f7295">Configure UFW</a>).
</p>
<div class="org-src-container">
</div>
</div>
</div>
-<div id="outline-container-orgea29914" class="outline-3">
-<h3 id="orgea29914"><span class="section-number-3">5.4.</span> The Abbey's Starlink Configuration</h3>
+<div id="outline-container-orgc6db098" class="outline-3">
+<h3 id="orgc6db098"><span class="section-number-3">5.4.</span> The Abbey's Starlink Configuration</h3>
<div class="outline-text-3" id="text-5-4">
<p>
The abbey connects to Starlink via Ethernet, and disables Starlink's
</p>
</div>
</div>
-<div id="outline-container-org87c6981" class="outline-3">
-<h3 id="org87c6981"><span class="section-number-3">5.5.</span> Alternate ISPs</h3>
+<div id="outline-container-org34154b7" class="outline-3">
+<h3 id="org34154b7"><span class="section-number-3">5.5.</span> Alternate ISPs</h3>
<div class="outline-text-3" id="text-5-5">
<p>
The abbey used to use a cell phone on a USB tether to get Internet
</div>
</div>
</div>
-<div id="outline-container-org4335d7a" class="outline-2">
-<h2 id="org4335d7a"><span class="section-number-2">6.</span> The Abbey Cloister Role</h2>
+<div id="outline-container-orgc01bde6" class="outline-2">
+<h2 id="orgc01bde6"><span class="section-number-2">6.</span> The Abbey Cloister Role</h2>
<div class="outline-text-2" id="text-6">
<p>
Birchwood Abbey's cloister is a small institute campus. The <code>campus</code>
<p>
Wireless clients are issued keys for the cloister VPN by the <code>./abbey
client</code> command which is currently identical to the <code>./inst client</code>
-command (described in <a href="Institute/README.html#org6edab5b">The Client Command</a>). The wireless, cloistered
+command (described in <a href="Institute/README.html#org4c26e9f">The Client Command</a>). The wireless, cloistered
hosts never roam, are not associated with a member, and so are
"campus" clients, issued keys with commands like this:
</p>
<pre class="example">
-./abbey client campus new-host-name
+./abbey client campus new-host-name \
+ S+6HaTnOwwhWgUGXjSBcPAvifKw+j8BDTRfq534gNW4=
</pre>
</div>
-<div id="outline-container-org9bf6fd6" class="outline-3">
-<h3 id="org9bf6fd6"><span class="section-number-3">6.1.</span> Use Cloister Apt Cache</h3>
+<div id="outline-container-org4b22e16" class="outline-3">
+<h3 id="org4b22e16"><span class="section-number-3">6.1.</span> Use Cloister Apt Cache</h3>
<div class="outline-text-3" id="text-6-1">
<p>
The Apt-Cacher:TNG program does not work well on the frontier, so is
</div>
</div>
</div>
-<div id="outline-container-org28079e1" class="outline-3">
-<h3 id="org28079e1"><span class="section-number-3">6.2.</span> Configure Cloister NRPE</h3>
+<div id="outline-container-org07b9f6b" class="outline-3">
+<h3 id="org07b9f6b"><span class="section-number-3">6.2.</span> Configure Cloister NRPE</h3>
<div class="outline-text-3" id="text-6-2">
<p>
Each cloistered host is a small institute campus host and thus is
already running an NRPE server (a NAGIOS Remote Plugin Executor
-server) with a custom <code>inst_sensors</code> monitor (described in <a href="Institute/README.html#org8fbeb2b">Configure
+server) with a custom <code>inst_sensors</code> monitor (described in <a href="Institute/README.html#org75dd85d">Configure
NRPE</a> of <a href="Institute/README.html">A Small Institute</a>). The abbey adds one complication: yet
another <code>check_sensors</code> variant, <code>abbey_pisensors</code>, installed on
Raspberry Pis (architecture <code>aarch64</code>) only.
</div>
</div>
</div>
-<div id="outline-container-org172cb77" class="outline-3">
-<h3 id="org172cb77"><span class="section-number-3">6.3.</span> Install Munin Node</h3>
+<div id="outline-container-org2fb1171" class="outline-3">
+<h3 id="org2fb1171"><span class="section-number-3">6.3.</span> Install Munin Node</h3>
<div class="outline-text-3" id="text-6-3">
<p>
Each cloistered host is a Munin node.
</div>
</div>
</div>
-<div id="outline-container-orgf3ab1a5" class="outline-3">
-<h3 id="orgf3ab1a5"><span class="section-number-3">6.4.</span> Install Emacs</h3>
+<div id="outline-container-orge084336" class="outline-3">
+<h3 id="orge084336"><span class="section-number-3">6.4.</span> Install Emacs</h3>
<div class="outline-text-3" id="text-6-4">
<p>
The monks of the abbey are masters of the staff and Emacs.
</div>
</div>
</div>
-<div id="outline-container-orgb872534" class="outline-2">
-<h2 id="orgb872534"><span class="section-number-2">7.</span> The Abbey Weather Role</h2>
+<div id="outline-container-orga4545a2" class="outline-2">
+<h2 id="orga4545a2"><span class="section-number-2">7.</span> The Abbey Weather Role</h2>
<div class="outline-text-2" id="text-7">
<p>
Birchwood Abbey now uses Home Assistant to record and display weather
</p>
</div>
</div>
-<div id="outline-container-orgc7793ee" class="outline-2">
-<h2 id="orgc7793ee"><span class="section-number-2">8.</span> The Abbey DVR Role</h2>
+<div id="outline-container-orge47adfe" class="outline-2">
+<h2 id="orge47adfe"><span class="section-number-2">8.</span> The Abbey DVR Role</h2>
<div class="outline-text-2" id="text-8">
<p>
The abbey uses AgentDVR to record video from PoE IP HD security
configuration and recordings in <q>/home/agentdvr/</q>.
</p>
</div>
-<div id="outline-container-org9ef33fa" class="outline-3">
-<h3 id="org9ef33fa"><span class="section-number-3">8.1.</span> Install AgentDVR</h3>
+<div id="outline-container-org32af853" class="outline-3">
+<h3 id="org32af853"><span class="section-number-3">8.1.</span> Install AgentDVR</h3>
<div class="outline-text-3" id="text-8-1">
<p>
AgentDVR is installed according to the iSpy web site's latest
<code>agentdvr</code> account if it has (temporary) authorization.
</p>
</div>
-<div id="outline-container-org413a17c" class="outline-4">
-<h4 id="org413a17c"><span class="section-number-4">8.1.1.</span> Prepare for AgentDVR Installation</h4>
+<div id="outline-container-orge165e78" class="outline-4">
+<h4 id="orge165e78"><span class="section-number-4">8.1.1.</span> Prepare for AgentDVR Installation</h4>
<div class="outline-text-4" id="text-8-1-1">
<p>
The following commands are manually executed to create the <code>agentdvr</code>
</div>
</div>
</div>
-<div id="outline-container-org55a4b35" class="outline-4">
-<h4 id="org55a4b35"><span class="section-number-4">8.1.2.</span> Execute AgentDVR Installation</h4>
+<div id="outline-container-orgefe9eb8" class="outline-4">
+<h4 id="orgefe9eb8"><span class="section-number-4">8.1.2.</span> Execute AgentDVR Installation</h4>
<div class="outline-text-4" id="text-8-1-2">
<p>
With the above preparations, the system administrator can get a shell
</p>
</div>
</div>
-<div id="outline-container-org3b07882" class="outline-4">
-<h4 id="org3b07882"><span class="section-number-4">8.1.3.</span> Complete AgentDVR Installation</h4>
+<div id="outline-container-orgefc95f3" class="outline-4">
+<h4 id="orgefc95f3"><span class="section-number-4">8.1.3.</span> Complete AgentDVR Installation</h4>
<div class="outline-text-4" id="text-8-1-3">
<p>
When Ansible is run a second time, after the installation script, it
</div>
</div>
</div>
-<div id="outline-container-orgec75086" class="outline-3">
-<h3 id="orgec75086"><span class="section-number-3">8.2.</span> Configure User <code>agentdvr</code></h3>
+<div id="outline-container-org234a2e1" class="outline-3">
+<h3 id="org234a2e1"><span class="section-number-3">8.2.</span> Configure User <code>agentdvr</code></h3>
<div class="outline-text-3" id="text-8-2">
<p>
AgentDVR runs as the system user <code>agentdvr</code>, which is configured here.
</div>
</div>
</div>
-<div id="outline-container-org65ff904" class="outline-3">
-<h3 id="org65ff904"><span class="section-number-3">8.3.</span> Test For <q>AgentDVR/</q></h3>
+<div id="outline-container-orga791f26" class="outline-3">
+<h3 id="orga791f26"><span class="section-number-3">8.3.</span> Test For <q>AgentDVR/</q></h3>
<div class="outline-text-3" id="text-8-3">
<p>
The following task probes for the <q>/home/agentdvr/AgentDVR/</q>
</div>
</div>
</div>
-<div id="outline-container-org7d9bbf8" class="outline-3">
-<h3 id="org7d9bbf8"><span class="section-number-3">8.4.</span> Create AgentDVR Service</h3>
+<div id="outline-container-org039773e" class="outline-3">
+<h3 id="org039773e"><span class="section-number-3">8.4.</span> Create AgentDVR Service</h3>
<div class="outline-text-3" id="text-8-4">
<p>
This service definition came from the template downloaded (from <a href="https://raw.githubusercontent.com/ispysoftware/agent-install-scripts/main/v2/AgentDVR.service">here</a>)
</div>
</div>
</div>
-<div id="outline-container-org4fe5188" class="outline-3">
-<h3 id="org4fe5188"><span class="section-number-3">8.5.</span> Create AgentDVR Storage</h3>
+<div id="outline-container-orgdf1974b" class="outline-3">
+<h3 id="orgdf1974b"><span class="section-number-3">8.5.</span> Create AgentDVR Storage</h3>
<div class="outline-text-3" id="text-8-5">
<p>
The abbey uses a separate volume to store surveillance recordings,
</div>
</div>
</div>
-<div id="outline-container-orgb30d809" class="outline-3">
-<h3 id="orgb30d809"><span class="section-number-3">8.6.</span> Install Custom NAGIOS Monitor <code>abbey_dvr</code></h3>
+<div id="outline-container-orgda7ae1e" class="outline-3">
+<h3 id="orgda7ae1e"><span class="section-number-3">8.6.</span> Install Custom NAGIOS Monitor <code>abbey_dvr</code></h3>
<div class="outline-text-3" id="text-8-6">
<p>
DVR hosts install a custom NRPE plugin named <code>abbey_dvr</code> to monitor
</div>
</div>
</div>
-<div id="outline-container-org4605d83" class="outline-3">
-<h3 id="org4605d83"><span class="section-number-3">8.7.</span> Configure IP Cameras</h3>
+<div id="outline-container-orgedf7836" class="outline-3">
+<h3 id="orgedf7836"><span class="section-number-3">8.7.</span> Configure IP Cameras</h3>
<div class="outline-text-3" id="text-8-7">
<p>
-A new security camera is setup as described in <a href="#org5297011">Cloistering</a>, after
+A new security camera is setup as described in <a href="#org8f8c5fa">Cloistering</a>, after
which the camera should be accessible by name on the abbey networks.
Assuming <code>ping -c1 new</code> works, the camera's web interface will be
accessible at <code>http://new/</code>.
</ul>
</div>
</div>
-<div id="outline-container-org1e82e38" class="outline-3">
-<h3 id="org1e82e38"><span class="section-number-3">8.8.</span> Configure AgentDVR's Cameras</h3>
+<div id="outline-container-org5174d9b" class="outline-3">
+<h3 id="org5174d9b"><span class="section-number-3">8.8.</span> Configure AgentDVR's Cameras</h3>
<div class="outline-text-3" id="text-8-8">
<p>
After Ansible has configured and started the AgentDVR service, its web
</p>
</div>
</div>
-<div id="outline-container-org0600d67" class="outline-3">
-<h3 id="org0600d67"><span class="section-number-3">8.9.</span> Configure AgentDVR's Default Storage</h3>
+<div id="outline-container-org4634264" class="outline-3">
+<h3 id="org4634264"><span class="section-number-3">8.9.</span> Configure AgentDVR's Default Storage</h3>
<div class="outline-text-3" id="text-8-9">
<p>
AgentDVR's web interface is also used to configure a default storage
</p>
</div>
</div>
-<div id="outline-container-org8e4dbf1" class="outline-3">
-<h3 id="org8e4dbf1"><span class="section-number-3">8.10.</span> Configure AgentDVR's Recordings</h3>
+<div id="outline-container-org509d777" class="outline-3">
+<h3 id="org509d777"><span class="section-number-3">8.10.</span> Configure AgentDVR's Recordings</h3>
<div class="outline-text-3" id="text-8-10">
<p>
After a default storage location has been configured, AgentDVR's
</ul>
</div>
</div>
-<div id="outline-container-org7593f68" class="outline-3">
-<h3 id="org7593f68"><span class="section-number-3">8.11.</span> Restore AgentDVR</h3>
+<div id="outline-container-orgec04b1d" class="outline-3">
+<h3 id="orgec04b1d"><span class="section-number-3">8.11.</span> Restore AgentDVR</h3>
<div class="outline-text-3" id="text-8-11">
<p>
When restoring <q>/home/</q> from a backup copy, the user accounts are
</div>
</div>
</div>
-<div id="outline-container-org0063979" class="outline-2">
-<h2 id="org0063979"><span class="section-number-2">9.</span> The Abbey TVR Role</h2>
+<div id="outline-container-org800724f" class="outline-2">
+<h2 id="org800724f"><span class="section-number-2">9.</span> The Abbey TVR Role</h2>
<div class="outline-text-2" id="text-9">
<p>
The abbey has a few TV tuners and a subscription to <a href="https://schedulesdirect.org/">Schedules Direct</a>
</p>
<p>
-A new TVR machine needs only <a href="#org5297011">Cloistering</a> to prepare it for
+A new TVR machine needs only <a href="#org8f8c5fa">Cloistering</a> to prepare it for
Ansible. As part of that process, it should be added to the <code>tvrs</code>
group in the <q>hosts</q> file. An existing server can become a TVR
machine by adding it to the <code>tvrs</code> group.
</p>
</div>
-<div id="outline-container-org2c4b2b7" class="outline-3">
-<h3 id="org2c4b2b7"><span class="section-number-3">9.1.</span> Include Abbey Variables</h3>
+<div id="outline-container-org9d82305" class="outline-3">
+<h3 id="org9d82305"><span class="section-number-3">9.1.</span> Include Abbey Variables</h3>
<div class="outline-text-3" id="text-9-1">
<p>
Private variables in <q>private/vars-abbey.yml</q> are needed, as in the
</div>
</div>
</div>
-<div id="outline-container-org3ac7ce4" class="outline-3">
-<h3 id="org3ac7ce4"><span class="section-number-3">9.2.</span> Manually Build and Install MythTV</h3>
+<div id="outline-container-org4003f1d" class="outline-3">
+<h3 id="org4003f1d"><span class="section-number-3">9.2.</span> Manually Build and Install MythTV</h3>
<div class="outline-text-3" id="text-9-2">
<p>
Neither Debian nor the MythTV project provide binary packages of
</div>
</div>
</div>
-<div id="outline-container-org6627b70" class="outline-3">
-<h3 id="org6627b70"><span class="section-number-3">9.3.</span> Restore MythTV</h3>
+<div id="outline-container-org57498c9" class="outline-3">
+<h3 id="org57498c9"><span class="section-number-3">9.3.</span> Restore MythTV</h3>
<div class="outline-text-3" id="text-9-3">
<p>
Restoring MythTV from a backup copy to a fresh TVR host:
</ul>
</div>
</div>
-<div id="outline-container-orgd13e910" class="outline-3">
-<h3 id="orgd13e910"><span class="section-number-3">9.4.</span> Manually Load DB Timezone Info</h3>
+<div id="outline-container-org0642dda" class="outline-3">
+<h3 id="org0642dda"><span class="section-number-3">9.4.</span> Manually Load DB Timezone Info</h3>
<div class="outline-text-3" id="text-9-4">
<p>
Starting with MythTV version 0.26, the time zone tables must be loaded
</div>
</div>
</div>
-<div id="outline-container-org037826b" class="outline-3">
-<h3 id="org037826b"><span class="section-number-3">9.5.</span> Create MythTV Storage Area</h3>
+<div id="outline-container-orgbcb3462" class="outline-3">
+<h3 id="orgbcb3462"><span class="section-number-3">9.5.</span> Create MythTV Storage Area</h3>
<div class="outline-text-3" id="text-9-5">
<p>
The backend does not have a default storage area for its recordings.
</div>
</div>
</div>
-<div id="outline-container-org88336ba" class="outline-3">
-<h3 id="org88336ba"><span class="section-number-3">9.6.</span> Configure MythTV Backend</h3>
+<div id="outline-container-orgce84d45" class="outline-3">
+<h3 id="orgce84d45"><span class="section-number-3">9.6.</span> Configure MythTV Backend</h3>
<div class="outline-text-3" id="text-9-6">
<p>
With MythTV built and installed, the post-installation tasks
addressed, and <code>mythtv-backend.service</code> started, go to the web page
-at <a href="http://new:6544">http://new:6544</a> and make the following selections.
+at <code>http://new:6544</code> and make the following selections.
</p>
<ul class="org-ul">
</ul>
</div>
</div>
-<div id="outline-container-org6fa95dc" class="outline-3">
-<h3 id="org6fa95dc"><span class="section-number-3">9.7.</span> Configure Tuner</h3>
+<div id="outline-container-org0938d33" class="outline-3">
+<h3 id="org0938d33"><span class="section-number-3">9.7.</span> Configure Tuner</h3>
<div class="outline-text-3" id="text-9-7">
<p>
The abbey has a Silicon Dust Homerun HDTV Duo (with two tuners). It
-is setup as described in <a href="#org5297011">Cloistering</a>, after which the tuner is
+is setup as described in <a href="#org8f8c5fa">Cloistering</a>, after which the tuner is
accessible by name (e.g. <code>new</code>) on the cloister network. Assuming
<code>ping -c1 new</code> works, the tuner should be accessible via the
<code>hdhomerun_config_gui</code> command, a graphical interface contributed to
</p>
</div>
</div>
-<div id="outline-container-orgd83888e" class="outline-3">
-<h3 id="orgd83888e"><span class="section-number-3">9.8.</span> Add HDHomerun and Mr.Antenna</h3>
+<div id="outline-container-org1ef9aa1" class="outline-3">
+<h3 id="org1ef9aa1"><span class="section-number-3">9.8.</span> Add HDHomerun and Mr.Antenna</h3>
<div class="outline-text-3" id="text-9-8">
<p>
In MythTV Setup:
</ul>
</div>
</div>
-<div id="outline-container-org5f4e693" class="outline-3">
-<h3 id="org5f4e693"><span class="section-number-3">9.9.</span> Scan for New Channels</h3>
+<div id="outline-container-org84f12cd" class="outline-3">
+<h3 id="org84f12cd"><span class="section-number-3">9.9.</span> Scan for New Channels</h3>
<div class="outline-text-3" id="text-9-9">
<p>
-In MythTV Setup:
+In MythTV Backend, the website on Core's port 6544, e.g.
+<code>http://malastare.birchwood.private:6544/</code>:
</p>
+
<ul class="org-ul">
-<li>Choose "Channel Editor".
-<ul class="org-ul">
-<li>Navigate to the "Delete" button, leaving Video Source All (right
-and down and down, or left six times, or sump'n). Confirm
-deletion of all channels.</li>
-<li>Choose video source Mr.Antenna, then Channel Scan. Scroll down to
-the "scan" button and choose it (select and Enter).</li>
-<li>Choose "Insert All" when the scan is complete and the count of
-channels is presented. Delete All unused transports.</li>
-<li>Save and Exit from the scan. Exit from the channel editor.</li>
-</ul></li>
-<li>Exit MythTV Setup. Do <i>not</i> run <code>mythfilldatabase</code>.</li>
+<li>Choose "MythTV Setup" (the gear) from the left sidebar.</li>
+<li>Choose "Enable Updates" (at the top of the page).</li>
+<li>Choose "Channel Editor" from the top tab bar.</li>
+<li>Press "Delete".</li>
+<li>Choose "Input Connections" from the top tab bar.</li>
+<li>Choose (unfold) "HDHomeRun => Mr.Antenna".</li>
+<li>Press "+ Scan for Channels".</li>
+<li>Choose options? Eventually press "Scan"? And wait.</li>
+<li>Choose to import all.</li>
+<li>Choose "Restart Backend Full Operation".</li>
</ul>
</div>
</div>
-<div id="outline-container-orgc401691" class="outline-3">
-<h3 id="orgc401691"><span class="section-number-3">9.10.</span> Configure XMLTV</h3>
+<div id="outline-container-orgba70a88" class="outline-3">
+<h3 id="orgba70a88"><span class="section-number-3">9.10.</span> Configure XMLTV</h3>
<div class="outline-text-3" id="text-9-10">
<p>
The <code>xmltv</code> package, specifically its <code>tv_grab_zz_sdjson</code> program, is
the OTA (over the air) broadcasts.
</p>
-<pre class="example" id="orgea06bb9">
+<pre class="example" id="orgbb39bf5">
$ tv_grab_zz_sdjson --configure --config-file .mythtv/Mr.Antenna.xml
Cache file for lineups, schedules and programs.
Cache file: [/home/mythtv/.xmltv/tv_grab_zz_sdjson.cache]
</p>
</div>
</div>
-<div id="outline-container-org0bd4e50" class="outline-3">
-<h3 id="org0bd4e50"><span class="section-number-3">9.11.</span> Debug XMLTV</h3>
+<div id="outline-container-orgeeeaf00" class="outline-3">
+<h3 id="orgeeeaf00"><span class="section-number-3">9.11.</span> Debug XMLTV</h3>
<div class="outline-text-3" id="text-9-11">
<p>
If the <code>mythfilldatabase</code> command fails or expected listings do not
</div>
</div>
</div>
-<div id="outline-container-orgce0b621" class="outline-3">
-<h3 id="orgce0b621"><span class="section-number-3">9.12.</span> Change Broadcast Area</h3>
+<div id="outline-container-orge42a939" class="outline-3">
+<h3 id="orge42a939"><span class="section-number-3">9.12.</span> Change Broadcast Area</h3>
<div class="outline-text-3" id="text-9-12">
<p>
The abbey changes location almost weekly, so its HDTV broadcast area
changes frequently. At the start of a long stay the administrator
uses the MythTV Setup program to scan for the new area's channels, as
-described in <a href="#org5f4e693">Scan for New Channels</a>.
+described in <a href="#org84f12cd">Scan for New Channels</a>.
</p>
<p>
<p>
The program will prompt for the zip code and offer a list of "inputs"
-available in that area, as described in <a href="#orgc401691">Configure XMLTV</a>.
+available in that area, as described in <a href="#orgba70a88">Configure XMLTV</a>.
</p>
<p>
-Then the administrator can re-start the backend.
+Lastly, the administrator runs an immediate update (again as the
+<code>mythtv</code> user).
</p>
<div class="org-src-container">
-<pre class="src src-sh"><code>sudo systemctl start mythtv-backend
+<pre class="src src-sh"><code>mythfilldatabase
</code></pre>
</div>
<p>
-And the <code>mythtv</code> account can run <code>mythfilldatabase</code>.
+If the command fails, consult <a href="#orgeeeaf00">Debug XMLTV</a>. Else, the listings appear
+in MythTV Backend's "Program Guide" page.
</p>
-
-<div class="org-src-container">
-<pre class="src src-sh"><code>mythfilldatabase
-</code></pre>
</div>
</div>
</div>
-</div>
-<div id="outline-container-orgbf39a8b" class="outline-2">
-<h2 id="orgbf39a8b"><span class="section-number-2">10.</span> The Ansible Configuration</h2>
+<div id="outline-container-orgaa3d276" class="outline-2">
+<h2 id="orgaa3d276"><span class="section-number-2">10.</span> The Ansible Configuration</h2>
<div class="outline-text-2" id="text-10">
<p>
The abbey's Ansible configuration, like that of <a href="Institute/README.html">A Small Institute</a>, is
</p>
<p>
-NOTE: if you have not read at least the <a href="Institute/README.html#org
05da664">Overview</a> of <a href="Institute/README.html">A Small Institute</a>
+NOTE: if you have not read at least the <a href="Institute/README.html#org
a71113c">Overview</a> of <a href="Institute/README.html">A Small Institute</a>
you are lost.
</p>
<q>README.org</q>, and <a href="Institute/README.html"><q>Institute/README.org</q></a>.
</p>
</div>
-<div id="outline-container-org3f1039b" class="outline-3">
-<h3 id="org3f1039b"><span class="section-number-3">10.1.</span> <q>ansible.cfg</q></h3>
+<div id="outline-container-org1bde724" class="outline-3">
+<h3 id="org1bde724"><span class="section-number-3">10.1.</span> <q>ansible.cfg</q></h3>
<div class="outline-text-3" id="text-10-1">
<p>
This is much like the example (test) institutional configuration file,
</div>
</div>
</div>
-<div id="outline-container-org779a328" class="outline-3">
-<h3 id="org779a328"><span class="section-number-3">10.2.</span> <q>hosts</q></h3>
+<div id="outline-container-org35abcea" class="outline-3">
+<h3 id="org35abcea"><span class="section-number-3">10.2.</span> <q>hosts</q></h3>
<div class="outline-text-3" id="text-10-2">
<div class="org-src-container">
-<a href="hosts"><q>hosts</q></a><pre class="src src-conf" id="org6aada87"><code>all:
+<a href="hosts"><q>hosts</q></a><pre class="src src-conf" id="org51b692b"><code>all:
vars:
ansible_user: sysadm
ansible_ssh_extra_args: -i Secret/ssh_admin/id_rsa
ansible_host: 159.65.75.60
ansible_become_password: <span class="org-string">"{{ become_droplet }}"</span>
anoat:
+ ansible_host: anoat.birchwood.private
ansible_become_password: <span class="org-string">"{{ become_anoat }}"</span>
malastare:
+ ansible_host: malastare.birchwood.private
ansible_become_password: <span class="org-string">"{{ become_malastare }}"</span>
<span class="org-comment-delimiter"># </span><span class="org-comment">Campus
</span> kessel:
+ ansible_host: kessel.birchwood.private
ansible_become_password: <span class="org-string">"{{ become_kessel }}"</span>
dantooine:
+ ansible_host: dantooine.birchwood.private
ansible_become_password: <span class="org-string">"{{ become_dantooine }}"</span>
<span class="org-comment-delimiter"># </span><span class="org-comment">Notebooks
</span> endor:
+ ansible_host: endor.birchwood.private
ansible_become_password: <span class="org-string">"{{ become_endor }}"</span>
sullust:
ansible_host: 127.0.0.1
</div>
</div>
</div>
-<div id="outline-container-orgf01c3f7" class="outline-3">
-<h3 id="orgf01c3f7"><span class="section-number-3">10.3.</span> <q>playbooks/site.yml</q></h3>
+<div id="outline-container-org2fb08a9" class="outline-3">
+<h3 id="org2fb08a9"><span class="section-number-3">10.3.</span> <q>playbooks/site.yml</q></h3>
<div class="outline-text-3" id="text-10-3">
<p>
This playbook provisions the entire network by applying first the
</div>
</div>
</div>
-<div id="outline-container-org587ce56" class="outline-2">
-<h2 id="org587ce56"><span class="section-number-2">11.</span> The Abbey Commands</h2>
+<div id="outline-container-orgdea09a3" class="outline-2">
+<h2 id="orgdea09a3"><span class="section-number-2">11.</span> The Abbey Commands</h2>
<div class="outline-text-2" id="text-11">
<p>
The <code>./abbey</code> script encodes the abbey's canonical procedures. It
-includes <a href="Institute/README.html#org79b145a">The Institute Commands</a> and adds a few abbey-specific
+includes <a href="Institute/README.html#org342bdb6">The Institute Commands</a> and adds a few abbey-specific
sub-commands.
</p>
</div>
-<div id="outline-container-org9244ae2" class="outline-3">
-<h3 id="org9244ae2"><span class="section-number-3">11.1.</span> Abbey Command Overview</h3>
+<div id="outline-container-org446c5a5" class="outline-3">
+<h3 id="org446c5a5"><span class="section-number-3">11.1.</span> Abbey Command Overview</h3>
<div class="outline-text-3" id="text-11-1">
<p>
Institutional sub-commands:
<dt>reboots</dt><dd>Look for <q>/run/reboot*</q> on all hosts.</dd>
<dt>versions</dt><dd>Report <code>ansible_distribution</code>, <code>_distribution_version</code>,
and <code>_architecture</code> for all hosts.</dd>
+<dt>facts</dt><dd>Update (clobber!) <a href="facts"><q>facts</q></a>.</dd>
</dl>
</div>
</div>
-<div id="outline-container-org980a95e" class="outline-3">
-<h3 id="org980a95e"><span class="section-number-3">11.2.</span> Abbey Command Script</h3>
+<div id="outline-container-orgf6c367b" class="outline-3">
+<h3 id="orgf6c367b"><span class="section-number-3">11.2.</span> Abbey Command Script</h3>
<div class="outline-text-3" id="text-11-2">
<p>
The script begins with the following prefix and trampolines.
The small institute's <code>./inst</code> command expects to be running in
<q>Institute/</q>, not <q>./</q>, but it only references <q>public/</q>, <q>private/</q>,
<q>Secret/</q> and <q>playbooks/check-inst-vars.yml</q>, and will find the abbey
-specific versions of these. The <code>roles_path</code> setting in <a href="#org3f1039b"><q>ansible.cfg</q></a>
+specific versions of these. The <code>roles_path</code> setting in <a href="#org1bde724"><q>ansible.cfg</q></a>
effectively merges the institutional roles into the distinctly named
abbey specific roles. The roles likewise reference files with
relative names, and will find the abbey specific <q>private/</q>
</div>
</div>
</div>
-<div id="outline-container-org9830ed9" class="outline-3">
-<h3 id="org9830ed9"><span class="section-number-3">11.3.</span> The Upgrade Command</h3>
+<div id="outline-container-org617c88e" class="outline-3">
+<h3 id="org617c88e"><span class="section-number-3">11.3.</span> The Upgrade Command</h3>
<div class="outline-text-3" id="text-11-3">
<p>
The script implements an <code>upgrade</code> sub-command that runs <code>apt update</code>
</div>
</div>
</div>
-<div id="outline-container-orgcd9de7d" class="outline-3">
-<h3 id="orgcd9de7d"><span class="section-number-3">11.4.</span> The Reboots Command</h3>
+<div id="outline-container-orgd4568a6" class="outline-3">
+<h3 id="orgd4568a6"><span class="section-number-3">11.4.</span> The Reboots Command</h3>
<div class="outline-text-3" id="text-11-4">
<p>
The script implements a <code>reboots</code> sub-command that looks for
</div>
</div>
</div>
-<div id="outline-container-org34c512a" class="outline-3">
-<h3 id="org34c512a"><span class="section-number-3">11.5.</span> The Versions Command</h3>
+<div id="outline-container-orgace0a9c" class="outline-3">
+<h3 id="orgace0a9c"><span class="section-number-3">11.5.</span> The Versions Command</h3>
<div class="outline-text-3" id="text-11-5">
<p>
The script implements a <code>versions</code> sub-command that reports the
</div>
</div>
</div>
-<div id="outline-container-org53987be" class="outline-3">
-<h3 id="org53987be"><span class="section-number-3">11.6.</span> The TZ Command</h3>
+<div id="outline-container-org4db8014" class="outline-3">
+<h3 id="org4db8014"><span class="section-number-3">11.6.</span> The Facts Command</h3>
<div class="outline-text-3" id="text-11-6">
<p>
+The script implements a <code>facts</code> sub-command to collect the Ansible
+"facts" from <code>all</code> and output them to the JSON format <q>facts</q> file.
+</p>
+
+<div class="org-src-container">
+<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><code><span class="org-keyword">if</span> ($<span class="org-variable-name">ARGV</span>[0] eq <span class="org-string">"facts"</span>) {
+ <span class="org-keyword">my</span> $<span class="org-variable-name">line</span> = (<span class="org-string">"ansible all -m gather_facts -e \@Secret/become.yml"</span>
+ . <span class="org-string">" >facts"</span>);
+ print <span class="org-string">"$line\n"</span>;
+ <span class="org-keyword">my</span> $<span class="org-variable-name">status</span> = system $<span class="org-variable-name">line</span>;
+ <span class="org-keyword">die</span> <span class="org-string">"status: $status\nCould not run $line: $!\n"</span> <span class="org-keyword">if</span> $<span class="org-variable-name">status</span> != 0;
+ <span class="org-keyword">exit</span>;
+}
+</code></pre>
+</div>
+</div>
+</div>
+<div id="outline-container-orgacf6398" class="outline-3">
+<h3 id="orgacf6398"><span class="section-number-3">11.7.</span> The TZ Command</h3>
+<div class="outline-text-3" id="text-11-7">
+<p>
The abbey changes location almost weekly, so its timezone changes
occasionally. Droplet does not move. Gate and other simple servers
are kept in UTC. Core, the DVRs, TVRs, Home Assistant and the
</div>
</div>
</div>
-<div id="outline-container-org9ba0ebf" class="outline-3">
-<h3 id="org9ba0ebf"><span class="section-number-3">11.7.</span> Abbey Command Help</h3>
-<div class="outline-text-3" id="text-11-7">
+<div id="outline-container-org2cdf302" class="outline-3">
+<h3 id="org2cdf302"><span class="section-number-3">11.8.</span> Abbey Command Help</h3>
+<div class="outline-text-3" id="text-11-8">
<div class="org-src-container">
-<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><code><span class="org-keyword">my</span> $<span class="org-variable-name">ops</span> = <span class="org-string">"config,new,old,pass,client,upgrade,reboots,versions,tz"</span>;
+<a href="abbey"><q>abbey</q></a><pre class="src src-perl"><code><span class="org-keyword">my</span> $<span class="org-variable-name">ops</span> = (<span class="org-string">"config,new,old,pass,client,"</span>
+ .<span class="org-string">"upgrade,reboots,versions,facts,tz"</span>);
<span class="org-keyword">die</span> <span class="org-string">"usage: $0 [$ops]\n"</span>;
</code></pre>
</div>
</div>
</div>
</div>
-<div id="outline-container-org5297011" class="outline-2">
-<h2 id="org5297011"><span class="section-number-2">12.</span> Cloistering</h2>
+<div id="outline-container-org8f8c5fa" class="outline-2">
+<h2 id="org8f8c5fa"><span class="section-number-2">12.</span> Cloistering</h2>
<div class="outline-text-2" id="text-12">
<p>
This is how a new machine is brought into the cloister. The process
Ansible.
</p>
</div>
-<div id="outline-container-orge22ab7b" class="outline-3">
-<h3 id="orge22ab7b"><span class="section-number-3">12.1.</span> IoT Devices</h3>
+<div id="outline-container-orgceca1ac" class="outline-3">
+<h3 id="orgceca1ac"><span class="section-number-3">12.1.</span> IoT Devices</h3>
<div class="outline-text-3" id="text-12-1">
<p>
A wireless IoT device (smart TV, Blu-ray deck, etc.) cannot install
</p>
<ul class="org-ul">
-<li><a href="#org2687b52">Add to Core DHCP</a></li>
-<li><a href="#org7794ee2">Create Wired Domain Name</a></li>
+<li><a href="#orge0e82e4">Add to Core DHCP</a></li>
+<li><a href="#org546f3ac">Create Wired Domain Name</a></li>
</ul>
<p>
</p>
<ul class="org-ul">
-<li><a href="#orgdb2cd50">Create Wireless Domain Name</a></li>
+<li><a href="#org7cdfa7a">Create Wireless Domain Name</a></li>
</ul>
</div>
</div>
-<div id="outline-container-org5d1a88f" class="outline-3">
-<h3 id="org5d1a88f"><span class="section-number-3">12.2.</span> Raspberry Pis</h3>
+<div id="outline-container-org1e5d2b6" class="outline-3">
+<h3 id="org1e5d2b6"><span class="section-number-3">12.2.</span> Raspberry Pis</h3>
<div class="outline-text-3" id="text-12-2">
<p>
The abbey's Raspberry Pi runs the Raspberry Pi OS desktop off an NVMe
<li>new username: sysadm</li>
<li>new password: <password></li>
</ul></li>
-<li><a href="#org2687b52">Add to Core DHCP</a></li>
-<li><a href="#org7794ee2">Create Wired Domain Name</a></li>
+<li><a href="#orge0e82e4">Add to Core DHCP</a></li>
+<li><a href="#org546f3ac">Create Wired Domain Name</a></li>
<li>Log in as <code>sysadm</code> on the console.</li>
<li>Run <code>sudo raspi-config</code> and use the following menu items.
<ul class="org-ul">
<li>I1 SSH (Enable/disable remote command line access using SSH): enable</li>
<li>A1 Expand Filesystem (Ensures that all of the SD card is available)</li>
</ul></li>
-<li><a href="#orgb191a58">Update From Cloister Apt Cache</a></li>
-<li><a href="#org1c1c621">Authorize Remote Administration</a></li>
-<li><a href="#org05d8cf2">Configure with Ansible</a></li>
+<li><a href="#org3648a3e">Update From Cloister Apt Cache</a></li>
+<li><a href="#org0a0b514">Authorize Remote Administration</a></li>
+<li><a href="#org2c82833">Configure with Ansible</a></li>
</ul>
<p>
</p>
<ul class="org-ul">
-<li><a href="#org189c049">Connect to Cloister Wi-Fi</a></li>
-<li><a href="#org3383af2">Connect to Cloister VPN</a></li>
-<li><a href="#orgdb2cd50">Create Wireless Domain Name</a></li>
+<li><a href="#orgf9b93eb">Connect to Cloister Wi-Fi</a></li>
+<li><a href="#orgac2ff07">Connect to Cloister VPN</a></li>
+<li><a href="#org7cdfa7a">Create Wireless Domain Name</a></li>
</ul>
</div>
</div>
-<div id="outline-container-org9453201" class="outline-3">
-<h3 id="org9453201"><span class="section-number-3">12.3.</span> PCs</h3>
+<div id="outline-container-org6696a14" class="outline-3">
+<h3 id="org6696a14"><span class="section-number-3">12.3.</span> PCs</h3>
<div class="outline-text-3" id="text-12-3">
<p>
Most of the abbey's machines, like Core and Gate, are general-purpose
Ethernet, and power up. Choose to boot from the USB drive.</li>
<li>Answer first-boot installation questions as detailed in the
preparation of <a href="Institute/README.org*A Test Machine">A Test Machine</a> for a Small Institute.</li>
-<li><a href="#org2687b52">Add to Core DHCP</a></li>
-<li><a href="#org7794ee2">Create Wired Domain Name</a></li>
+<li><a href="#orge0e82e4">Add to Core DHCP</a></li>
+<li><a href="#org546f3ac">Create Wired Domain Name</a></li>
<li>Log in as <code>sysadm</code> on the console.</li>
-<li><a href="#orgb191a58">Update From Cloister Apt Cache</a></li>
+<li><a href="#org3648a3e">Update From Cloister Apt Cache</a></li>
<li><p>
Install OpenSSH, unless it already was when included in the initial
Software selection during the Debian installation. Run the
<pre class="example">
sudo apt install openssh-server
</pre></li>
-<li><a href="#org1c1c621">Authorize Remote Administration</a></li>
-<li><a href="#org05d8cf2">Configure with Ansible</a></li>
+<li><a href="#org0a0b514">Authorize Remote Administration</a></li>
+<li><a href="#org2c82833">Configure with Ansible</a></li>
</ul>
<p>
</p>
<ul class="org-ul">
-<li><a href="#org189c049">Connect to Cloister Wi-Fi</a></li>
-<li><a href="#org3383af2">Connect to Cloister VPN</a></li>
-<li><a href="#orgdb2cd50">Create Wireless Domain Name</a></li>
+<li><a href="#orgf9b93eb">Connect to Cloister Wi-Fi</a></li>
+<li><a href="#orgac2ff07">Connect to Cloister VPN</a></li>
+<li><a href="#org7cdfa7a">Create Wireless Domain Name</a></li>
</ul>
</div>
</div>
-<div id="outline-container-org2687b52" class="outline-3">
-<h3 id="org2687b52"><span class="section-number-3">12.4.</span> Add to Core DHCP</h3>
+<div id="outline-container-orge0e82e4" class="outline-3">
+<h3 id="orge0e82e4"><span class="section-number-3">12.4.</span> Add to Core DHCP</h3>
<div class="outline-text-3" id="text-12-4">
<p>
When a new machine is connected to the cloister Ethernet, its MAC
</div>
</div>
</div>
-<div id="outline-container-org7794ee2" class="outline-3">
-<h3 id="org7794ee2"><span class="section-number-3">12.5.</span> Create Wired Domain Name</h3>
+<div id="outline-container-org546f3ac" class="outline-3">
+<h3 id="org546f3ac"><span class="section-number-3">12.5.</span> Create Wired Domain Name</h3>
<div class="outline-text-3" id="text-12-5">
<p>
A wired device is assigned an IP address when it is added to Core's
-DHCP configuration (as in <a href="#org2687b52">Add to Core DHCP</a>). A private domain name is
+DHCP configuration (as in <a href="#orge0e82e4">Add to Core DHCP</a>). A private domain name is
then associated with this address. If the device is intended to
operate wirelessly, the name for its address is modified with a <code>-w</code>
suffix. Thus <code>new-w.small.private</code> would be the name of the new
</div>
</div>
</div>
-<div id="outline-container-orgb191a58" class="outline-3">
-<h3 id="orgb191a58"><span class="section-number-3">12.6.</span> Update From Cloister Apt Cache</h3>
+<div id="outline-container-org3648a3e" class="outline-3">
+<h3 id="org3648a3e"><span class="section-number-3">12.6.</span> Update From Cloister Apt Cache</h3>
<div class="outline-text-3" id="text-12-6">
<ul class="org-ul">
<li>Log in as <code>sysadm</code> on the console.</li>
</ul>
</div>
</div>
-<div id="outline-container-org1c1c621" class="outline-3">
-<h3 id="org1c1c621"><span class="section-number-3">12.7.</span> Authorize Remote Administration</h3>
+<div id="outline-container-org0a0b514" class="outline-3">
+<h3 id="org0a0b514"><span class="section-number-3">12.7.</span> Authorize Remote Administration</h3>
<div class="outline-text-3" id="text-12-7">
<p>
To remotely administer <code>new-w</code>, Ansible must be authorized to login as
</div>
</div>
</div>
-<div id="outline-container-org05d8cf2" class="outline-3">
-<h3 id="org05d8cf2"><span class="section-number-3">12.8.</span> Configure with Ansible</h3>
+<div id="outline-container-org2c82833" class="outline-3">
+<h3 id="org2c82833"><span class="section-number-3">12.8.</span> Configure with Ansible</h3>
<div class="outline-text-3" id="text-12-8">
<p>
-With remote administration authorized and tested (as in <a href="#org1c1c621">Authorize
+With remote administration authorized and tested (as in <a href="#org0a0b514">Authorize
Remote Administration</a>), and the machine connected to the cloister
Ethernet, the configuration of <code>new-w</code> can be completed by Ansible.
Note that if the machine is staying on the cloister Ethernet, its
</p>
<p>
-First <code>new-w</code> is added to Ansible's inventory in <a href="#org779a328"><q>hosts</q></a>. A <code>new-w</code>
+First <code>new-w</code> is added to Ansible's inventory in <a href="#org35abcea"><q>hosts</q></a>. A <code>new-w</code>
section is added to the list of all hosts, and an empty section of the
same name is added to the list of <code>campus</code> hosts. If the machine uses
the usual privileged account name, <code>sysadm</code>, the <code>ansible_user</code> key is
</div>
</div>
</div>
-<div id="outline-container-org189c049" class="outline-3">
-<h3 id="org189c049"><span class="section-number-3">12.9.</span> Connect to Cloister Wi-Fi</h3>
+<div id="outline-container-orgf9b93eb" class="outline-3">
+<h3 id="orgf9b93eb"><span class="section-number-3">12.9.</span> Connect to Cloister Wi-Fi</h3>
<div class="outline-text-3" id="text-12-9">
<p>
On an IoT device, or a Debian or Android "desktop", the cloister Wi-Fi
</div>
</div>
</div>
-<div id="outline-container-org3383af2" class="outline-3">
-<h3 id="org3383af2"><span class="section-number-3">12.10.</span> Connect to Cloister VPN</h3>
+<div id="outline-container-orgac2ff07" class="outline-3">
+<h3 id="orgac2ff07"><span class="section-number-3">12.10.</span> Connect to Cloister VPN</h3>
<div class="outline-text-3" id="text-12-10">
<p>
Wireless devices (with the cloister Wi-Fi password) can get an IP
<p>
Connections to the cloister VPN are authorized by the <code>./abbey
-client...</code> command (aka <a href="Institute/README.html#org6edab5b">The Client Command</a>), which registers a new
+client...</code> command (aka <a href="Institute/README.html#org4c26e9f">The Client Command</a>), which registers a new
client's public key and installs new WireGuard™ configurations on the
servers. Private keys are kept on the clients (e.g. in
<q>/etc/wireguard/private-key</q>).
</p>
</div>
-<div id="outline-container-org1dcb630" class="outline-4">
-<h4 id="org1dcb630"><span class="section-number-4">12.10.1.</span> Campus Desktops and Servers</h4>
+<div id="outline-container-org5c70c2a" class="outline-4">
+<h4 id="org5c70c2a"><span class="section-number-4">12.10.1.</span> Campus Desktops and Servers</h4>
<div class="outline-text-4" id="text-12-10-1">
<p>
Wireless Debian desktops (with NetworkManager) as well as servers
</ul>
</div>
</div>
-<div id="outline-container-org9fbf37c" class="outline-4">
-<h4 id="org9fbf37c"><span class="section-number-4">12.10.2.</span> Private Desktops</h4>
+<div id="outline-container-org8fc3f18" class="outline-4">
+<h4 id="org8fc3f18"><span class="section-number-4">12.10.2.</span> Private Desktops</h4>
<div class="outline-text-4" id="text-12-10-2">
<p>
Member notebooks are private machines not remotely administered by the
</p>
</div>
</div>
-<div id="outline-container-org0df72d4" class="outline-4">
-<h4 id="org0df72d4"><span class="section-number-4">12.10.3.</span> Android</h4>
+<div id="outline-container-orgae5f81f" class="outline-4">
+<h4 id="orgae5f81f"><span class="section-number-4">12.10.3.</span> Android</h4>
<div class="outline-text-4" id="text-12-10-3">
<p>
Android phones and tablets are authorized to connect to the cloister
</div>
</div>
</div>
-<div id="outline-container-orgdb2cd50" class="outline-3">
-<h3 id="orgdb2cd50"><span class="section-number-3">12.11.</span> Create Wireless Domain Name</h3>
+<div id="outline-container-org7cdfa7a" class="outline-3">
+<h3 id="org7cdfa7a"><span class="section-number-3">12.11.</span> Create Wireless Domain Name</h3>
<div class="outline-text-3" id="text-12-11">
<p>
A wireless machine is assigned a Wi-Fi address when it connects to the
</div>
<div id="postamble" class="status">
<p class="author">Author: Matt Birkholz</p>
-<p class="date">Created: 2025-09-18 Thu 20:56</p>
+<p class="date">Created: 2025-11-23 Sun 13:07</p>
<p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
</div>
</body>
projects / Network.git / commitdiff