* The Abbey DVR Role
The abbey uses AgentDVR to record video from PoE IP HD security
-cameras. It is installed and configured as described here.
+cameras. It runs as user ~agentdvr~ and keeps all of its
+configuration and recordings in =/home/agentdvr/=.
-** AgentDVR Installation
+** Install AgentDVR
-AgentDVR is installed at the abbey according to the iSpy web site's
-latest(?) instructions. The "download" button on iSpy's Download page
+AgentDVR is installed according to the iSpy web site's latest
+instructions. The "download" button on iSpy's Download page
([[https://www.ispyconnect.com/download]]), when "Agent DVR - Linux/
macOS/ RPi" is chosen, suggests the following command lines (the
second of which is broken across three lines).
install.sh")
#+END_SRC
-/Before/ executing these commands, Ansible is enlisted to make certain
-preparations.
+The second command fetches and runs an installation script that
+executes several ~sudo~ commands. These commands can be run by the
+~agentdvr~ account if it has (temporary) authorization.
-*** AgentDVR Installation Preparation
+*** Prepare for AgentDVR Installation
-AgentDVR runs in the abbey as a system user, ~agentdvr~, which
-installs and runs the service. Though a system user, the account gets
-a home directory, =/home/agentdvr/= in which to install AgentDVR, and
-a login shell, =/bin/bash=. This much Ansible can do in preparation.
+The following commands are manually executed to create the ~agentdvr~
+account and authorize it to run a handful of system commands as
+~root~. This small set is sufficient to run the installation script
+/if/ the offer to create the system service is declined.
-: ./abbey config dvrs
-
-After the ~agentdvr~ account is created, it is temporarily authorized
-to run a handful of system commands (as ~root~!). This small set is
-sufficient /if/ the offer to create the system service is declined.
-The following commands create this authorization in =~/01agentdvr=,
-validate and install it in =/etc/sudoers.d/01agentdvr=. Such caution
-is taken because a syntax error anywhere in =/etc/sudoers.d/= can make
-the ~sudo~ command inoperative, cutting off access to all elevated
-privileges until a "rescue" (involving a reboot) is performed.
+The commands validate the config file, =01agentdvr=, before installing
+it because a syntax error can make the ~sudo~ command inoperative,
+cutting off access to all elevated privileges until a "rescue"
+(involving a reboot) is performed.
#+BEGIN_SRC sh
+sudo adduser --disabled-password agentdvr
echo "ALL ALL=(agentdvr) NOPASSWD: /bin/systemctl,/bin/apt-get,\
/sbin/adduser,/sbin/usermod" >~/01agentdvr
sudo chown root:root ~/01agentdvr
sudo mv ~/01agentdvr /etc/sudoers.d/
#+END_SRC
-*** AgentDVR Installation Execution
+*** Execute AgentDVR Installation
With the above preparations, the system administrator can get a shell
-session under the ~agentdvr~ account to run iSpy's installation script
+session under the ~agentdvr~ account to run iSpy's installation script
in the empty =/home/agentdvr/= directory.
#+BEGIN_SRC sh
offers to install a system service. The offer is declined. Instead,
Ansible is run again.
-*** AgentDVR Installation Completion
+*** Complete AgentDVR Installation
When Ansible is run a second time, after the installation script, it
sees the new =/home/agentdvr/AgentDVR/= directory and creates (and
: sudo rm /etc/sudoers.d/01agentdvr
-** Create User ~agentdvr~
+** Configure User ~agentdvr~
-AgentDVR runs as the system user ~agentdvr~, which is created here.
+AgentDVR runs as the system user ~agentdvr~, which is configured here.
+(The account should have been created by the installation or
+restoration of AgentDVR.)
#+CAPTION: [[file:roles_t/abbey-dvr/tasks/main.yml][=roles_t/abbey-dvr/tasks/main.yml=]]
#+BEGIN_SRC conf :tangle roles_t/abbey-dvr/tasks/main.yml :mkdirp yes
become: yes
user:
name: agentdvr
- system: yes
+ password: "!"
home: /home/agentdvr
shell: /bin/bash
append: yes
[Install]
WantedBy=multi-user.target
dest: /etc/systemd/system/AgentDVR.service
- when: agentdvr.stat.exists
- name: Start AgentDVR.service.
become: yes
- Set a password on the administrative account.
- Create an unprivileged user with a short password,
- e.g. ~user:blah~.
+ e.g. ~user:blah~. (Lately, user accounts are not supported!)
- Set the frame rate to 5fps. The abbey prefers HD resolution and
long duration logs, thus fewer frames per second.
+ - Turn /off/ on-screen displays (OSDs), motion detection, object
+ recognition, etc.
+ - Configuring the timezone or the use of NTP (the network time
+ protocol) is nice but optional.
** Configure AgentDVR's Cameras
After Ansible has configured and started the AgentDVR service, its web
UI will be available at ~http://core:8090/~. The initial Live View
will be empty, overlayed with instructions to click the edit button.
-
-
-The wizard will ask for each device's general configuration
-parameters. The abbey uses SV3C IP cameras with a full HD stream as
-well as a standard definition "vice stream". AgentDVR wants both.
+A view must be created before devices can be added? Then the device
+wizard asks for each device's general configuration parameters. The
+abbey uses SV3C IP cameras with a full HD stream as well as a standard
+definition "vice stream". AgentDVR can use both, so the following
+settings are used on each device.
- General:
- + On: yes
- + Name: Outside
+ + Name: Stern
+ Source Type: Network Camera
- Username: user
- Password: blah
- - Live URL: rtsp://new.birchwood.private:554/12
- - Record URL: rtsp://new.birchwood.private:554/11
+ - Live URL: rtsp://camera3.birchwood.private:554/12
+ - Record URL: rtsp://camera3.birchwood.private:554/11
+
+Note that each device's recordings are also configured as described
+below.
Additional cameras are added via the "New Device" item in the Server
Menu. This step is completed when all cameras are streaming to
- Max Size: 0 (unlimited)
- Max Age: 168 (7 days)
+** Restore AgentDVR
+
+When restoring =/home/= from a backup copy, the user accounts are
+presumably restored as well. Thus =/home/agentdvr/AgentDVR/= should
+be owned by ~agentdvr~, a user account with disabled/locked password
+and a ~bash~ shell. Restoration is completed by Ansible when it
+installs the system service configuration file and starts the service.
+
+: ./abbey config dvrs
+
* The Abbey TVR Role
projects / Network.git / commitdiff