From: Matt Birkholz Date: Fri, 20 Sep 2024 19:28:32 +0000 (-0600) Subject: Update README.html. X-Git-Url: https://birchwood-abbey.net/git?a=commitdiff_plain;h=0c24ea37318cf339d2a657878e821b4f602d4e60;p=Network Update README.html. --- diff --git a/README.html b/README.html index e7eabb9..2def347 100644 --- a/README.html +++ b/README.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + Birchwood Abbey Networks @@ -64,7 +64,7 @@ map is very similar, with differences mainly in terminology, philosophy, attitude.

-
+
                 |                                                   
                 =                                                   
               _|||_                                                 
@@ -144,8 +144,8 @@ with Apache2, spooling email with Postfix and serving it with
 Dovecot-IMAPd, and hosting a VPN with OpenVPN.
 

-
-

3.1. Install Emacs

+
+

3.1. Install Emacs

The monks of the abbey are masters of the staff (bo) and Emacs. @@ -711,7 +711,7 @@ certificate is a terminal session affair (with prompts and lines entered as shown below).

-
+
 $ sudo apt install python3-certbot-apache
 $ sudo certbot --apache -d birchwood-abbey.net
 ...
@@ -930,8 +930,8 @@ with Postfix and Dovecot, and providing essential localnet services:
 NTP, DNS and DHCP.
 

-
-

4.1. Include Abbey Variables

+
+

4.1. Include Abbey Variables

In this abbey specific document, most abbey particulars are not @@ -954,12 +954,10 @@ directory, playbooks/.

4.2. Install Additional Packages

-The scripts that maintain the abbey's web site and run the Weather -project use a number of additional software packages. The -/WWW/live/Private/make-top-index script uses HTML::TreeBuilder in -the libhtml-tree-perl package. The house task list uses JQuery. -Weather scripts use mit-scheme and gnuplot (in pseudonymous -packages). +The scripts that maintain the abbey's web site use a number of +additional software packages. The /WWW/live/Private/make-top-index +script uses HTML::TreeBuilder in the libhtml-tree-perl package. +The house task list uses JQuery.

@@ -1129,11 +1127,13 @@ The abbey uses the Apt-Cacher:TNG package cache on Core. The
-
-

4.8. Use Cloister Apt Cache

+
+

4.8. Use Cloister Apt Cache

-Core itself will benefit from using the package cache. +Core itself will benefit from using the package cache, but should +contact https repositories directly. (There are few such cretins +so caching their packages is not a priority.)

@@ -1144,6 +1144,8 @@ Core itself will benefit from using the package cache. content: > Acquire::http::Proxy "http://apt-cacher.birchwood.private.:3142"; + + Acquire::https::Proxy "DIRECT"; dest: /etc/apt/apt.conf.d/01proxy mode: u=rw,g=r,o=r
@@ -1535,10 +1537,9 @@ trends in resource usage. roles_t/abbey-core/tasks/main.yml
 - name: Install Munin.
   become: yes
-  apt:
-    pkg: munin
+  apt: pkg=munin
 
-- name: Add {{ ansible_user }} to Munin group.
+- name: Add {{ ansible_user }} to munin group.
   become: yes
   user:
     name: "{{ ansible_user }}"
@@ -1706,24 +1707,80 @@ Monkey's photo processing scripts use netpbm commands like
 
 
 
-
-

4.17. Configure Weather Updates

+
+

4.17. Install Samba

-Monkey on Core runs /WWW/campus/Weather/Private/cronjob every 5 -minutes and cronjob-midnight at midnight. +The abbey core provides NAS (Network Attached Storage) service to the +cloister network. It also provides writable shares for a Home +Assistant appliance (Raspberry Pi).

+
    +
  • Install samba.
  • +
  • Create system user hass.
  • +
  • Create /home/hass/{media,backup,share}/ with appropriate +permissions.
  • +
+
-roles_t/abbey-core/tasks/main.yml
-- name: Create Monkey's weather job.
+roles_t/abbey-core/tasks/main.yml
+- name: Install Samba.
+  become: yes
+  apt: pkg=samba
+
+- name: Add system user hass.
+  become: yes
+  user:
+    name: hass
+    system: yes
+
+- name: Add {{ ansible_user }} to hass group.
+  become: yes
+  user:
+    name: "{{ ansible_user }}"
+    append: yes
+    groups: hass
+
+- name: Configure shares.
   become: yes
-  cron:
-    name: weather
-    hour: "*"
-    minute: "*/5"
-    job: "[ -d /WWW/house ] && /WWW/house/Weather/Private/cronjob"
-    user: monkey
+  blockinfile:
+    block: |
+      [Shared]
+      path = /Shared
+      guest ok = yes
+      read only = yes
+
+      [HASS-backup]
+      comment = Home Assistant backup
+      path = /home/hass/backup
+      valid users = hass
+      read only = no
+
+      [HASS-media]
+      comment = Home Assistant media
+      path = /home/hass/media
+      valid users = hass
+      read only = yes
+
+      [HASS-share]
+      comment = Home Assistant share
+      path = /home/hass/share
+      valid users = hass
+      read only = no
+    dest: /etc/samba/smb.conf
+    marker: "# {mark} ABBEY MANAGED BLOCK"
+  notify: New shares.
+
+
+ +
+roles_t/abbey-core/handlers/main.yml
+- name: New shares.
+  become: yes
+  systemd:
+    service: smbd
+    state: reloaded
 
@@ -1881,8 +1938,8 @@ hosts never roam, are not associated with a member, and so are ./abbey client campus new-host-name
-
-

6.1. Use Cloister Apt Cache

+
+

6.1. Use Cloister Apt Cache

The Apt-Cacher:TNG program does not work well on the frontier, so is @@ -1895,6 +1952,11 @@ Depending on the quality of the Internet connection, this may take a while.

+

+Again, https repositories are contacted directly, cached only on the +local host. +

+
roles_t/abbey-cloister/tasks/main.yml
---
 - name: Use the local Apt package cache.
@@ -1903,6 +1965,8 @@ while.
     content: >
       Acquire::http::Proxy
       "http://apt-cacher.birchwood.private.:3142";
+
+      Acquire::https::Proxy "DIRECT";
     dest: /etc/apt/apt.conf.d/01proxy
     mode: u=rw,g=r,o=r
 
@@ -1964,10 +2028,9 @@ Each cloistered host is a Munin node. roles_t/abbey-cloister/tasks/main.yml
 - name: Install Munin Node.
   become: yes
-  apt:
-    pkg: munin-node
+  apt: pkg=munin-node
 
-- name: Add {{ ansible_user }} to Munin group.
+- name: Add {{ ansible_user }} to munin group.
   become: yes
   user:
     name: "{{ ansible_user }}"
@@ -1998,8 +2061,8 @@ them.
 
-
-

6.4. Install Emacs

+
+

6.4. Install Emacs

The monks of the abbey are masters of the staff and Emacs. @@ -2019,852 +2082,342 @@ The monks of the abbey are masters of the staff and Emacs.

7. The Abbey Weather Role

-Birchwood Abbey's weather hosts use the 1-Wire server (from the -owserver package) and a 1-Wire USB adapter. They use an -unprivileged account (monkey) to run a SystemD service named -weatherd (aka "the daemon"). The daemon is a Perl script that runs -owread and logs the new measurements once per minute. -

- -

-The log files are collected by Monkey on Core (via rsync), then -processed and published in campus web pages by The Weather Project's -code (old, using gnuplot(1), and so… unpublished). -

-
-
-

7.1. The Abbey Weather Hardware

-
-

-The abbey currently has one weather host, Gate, and a couple 1-Wire -sensor modules. The modules measure inside and outside temperature -and humidity. Their desired locations are 7-8m from the core servers -so they are plugged into a custom Y cable, with the inside sensor -cable spliced into the middle of the outside/main cable. The proximal -end's RJ11 plugs into a 1-Wire USB adapter (a DS9490R) plugged into -Gate. The outside end goes out the window with the Starlink cable. -

-
-
-
-

7.2. The Abbey Weather Host Setup

-
-

-The Ansible code in the abbey-weather role assumes it is working -with a cloistered host (as described in Cloistering) and proceeds in -two phases. The first installs the ow-server package and configures -it to use a DS9490 (USB adapter) rather than a debugging fake. After -the first ./abbey config new, the new weather host seems to need a -reboot before the 1-Wire bus becomes visible via owdir. +Birchwood Abbey now uses Home Assistant to record and display weather +data from an Ecowitt GW2001 IoT gateway connecting wirelessly to a +WS90 (7 function weather station) and a couple WN31s (temp/humidity +sensors).

-After a reboot owdir should list one or more type 26 device IDs. -Listing them (e.g. running owdir /26.nnnnnnnn or owdir -/26.nnnnnnnn/HIH) should reveal "files" named temperature and -HIH/humidity. These pseudo-file paths are used in the daemon script -below. A test session is shown below. +The configuration of the GW2001 IoT hub involved turning off the Wi-Fi +access point, and disabling unused channels. The hub reports the data +from all sensors in range, anyone's sensors. These new data sources +are noticed and recorded by Home Assistant automatically as similarly +equipped campers come and go. Disabling unused channels helps avoid +these distractions.

-
-monkey@new$ owdir
-...
-    /26.2153B6000000/
-...
-monkey@new$ owdir /26.2153B6000000
-...
-    /26.2153B6000000/temperature
-...
-monkey@new$ owread /26.2153B6000000/temperature; echo
-26.125
-monkey@new$ 
-
-

-The second phase of weather host configuration waits for the host- -specific weather daemon script to appear in the role's files/. +The configuration of Home Assistant involved installing the Ecowitt +"integration". This was accomplished by choosing "Settings", then +"Devices & services", then "Add Integration", and searching for +"Ecowitt". Once installed, the integration created dozens of weather +entities which were organized into an "Abbey" dashboard.

-
-

7.3. The Abbey Weather Daemons

-
+
+

8. The Abbey DVR Role

+

-Different weather hosts, with different 1-Wire devices, need different -daemon scripts, to call owread with different paths (containing the -IDs of each host's devices). At the moment there is just the -one weather host, anoat. +The abbey uses AgentDVR to record video from PoE IP HD security +cameras. The "download" button on iSpy's Download page +(https://www.ispyconnect.com/download), when "Agent DVR - Linux/ +macOS/ RPi" is chosen, suggests the following command lines (the +second of which is broken across three lines).

-roles_t/abbey-weather/files/daemon-anoat
#!/usr/bin/perl -w
-# -*- CPerl -*-
-#
-# Weather/daemon
-#
-# Fetches data from the local owserver once per minute.  Appends to
-# Log/{In,Out}side/YEAR/MONTH/DAY.txt.
-
-use strict;
-use IO::File;
-use Date::Format;
-
-my $ILOG;
-my $OLOG;
-my $ymd = "";
-sub mymkdir ($);
-sub reopen_logs ()
-{
-  my $time = time;
-  my $datime = time2str ("%Y-%m-%d %H:%M:%S", $time, "UTC");
-  my ($year, $month, $day) = $datime =~ /^(\d{4})-(\d\d)-(\d\d) /;
-  my $new_ymd = "$year/$month/$day";
-  return if $new_ymd eq $ymd;
-  close $ILOG if defined $ILOG;
-  close $OLOG if defined $OLOG;
-  umask 07;
-  mymkdir "Inside/$year/$month";
-  mymkdir "Outside/$year/$month";
-  umask 027;
-  my $filename = "Inside/$new_ymd.txt";
-  $ILOG = new IO::File;
-  open $ILOG, ">>$filename" or die "Could not open $filename: $!\n";
-  $filename = "Outside/$new_ymd.txt";
-  $OLOG = new IO::File;
-  open $OLOG, ">>$filename" or die "Could not open $filename: $!\n";
-  $ymd = $new_ymd;
-}
-
-sub logit ($$$);
-sub main () {
-  die "usage: $0\n" if @ARGV != 0;
-  $0 = "weatherd";
-  chdir "/home/monkey/Weather/Log" or die;
-  umask 027;
-  my $start = time;
-  {
-    my $secs = 60 - $start % 60;
-    $start += $secs;
-    sleep ($secs);
-  }
-  while (1) {
-    reopen_logs;
-    logit $OLOG, "T", "/26.2153B6000000/temperature";
-    logit $OLOG, "H", "/26.2153B6000000/HIH4000/humidity";
-    logit $ILOG, "T", "/26.8859B6000000/temperature";
-    logit $ILOG, "H", "/26.8859B6000000/HIH4000/humidity";
-    $start += 60;
-    my $now = time;
-    while ($start < $now) { $start += 60; }
-    my $secs = $start - $now;
-    sleep  ($secs);
-  }
-}
-
-sub logit ($$$)
-{
-  my ($log, $name, $query) = @_;
-
-  my $tries = 0;
-  while ($tries < 3) {
-    my $time = time;
-    my $datime = time2str ("%Y-%m-%d %H:%M:%S", $time, "UTC");
-    $tries += 1;
-    my @lines = `/usr/bin/owread $query`;
-    chomp @lines;
-    my $status = $?;
-    my $sig = $status & 127;
-    $status >>= 8;
-    if ($status != 0) {
-      my $L = join "\\n", @lines;
-      print $log "$datime\t$name\terror: status $status: $L\n";
-      $log->flush;
-    } elsif (@lines != 1) {
-      my $L = join "\\n", @lines;
-      print $log "$datime\t$name\terror: multiple lines: $L\n";
-      $log->flush;
-    } elsif ($lines[0] !~ /^ *(-?\d+(\.\d+)?)$/) {
-      my $L = $lines[0];
-      print $log "$datime\t$name\terror: bogus line: $L\n";
-      $log->flush;
-    } else {
-      my $datum = $1;
-      print $log "$datime\t$name\t$datum\n";
-      $log->flush;
-      return;
-    }
-  }
-}
-
-sub mymkdir ($)
-{
-  my ($dirpath) = @_;
-
-  my @path_names = split /\//, $dirpath;
-  my $path;
-  if (!$path_names[0]) {
-    $path = "/";
-    shift @path_names;
-  } else {
-    $path = ".";
-  }
-  my @created;
-  while (@path_names) {
-    $path .= "/" . shift @path_names;
-    if (! -d $path) {
-      if (-e $path) {
-        die "mkdir $dirpath: already exists; not a directory!\n";
-      }
-      if (! mkdir $path) {
-        die "mkdir $path: $!\n";
-      } else {
-        chmod 02775, $path;
-        push @created, $path;
-      }
-    }
-  }
-  return @created;
-}
-
-main;
+
sudo apt-get install curl
+bash <(curl -s "https://raw.githubusercontent.com/\
+ispysoftware/agent-install-scripts/main/v2/\
+install.sh")
 

-The above Perl script uses the Date::Format module, which is -installed by the following task. +Ansible assists by creating the system user agentdvr and granting it +enough sudo latitude to run the installer as instructed above. +Though a system user, the account gets a home directory, +/home/agentdvr/ in which to do the installation. The rest of the +DVR role, "phase two", waits until AgentDVR is installed.

-
-roles_t/abbey-weather/tasks/main.yml
---
-- name: Install weather daemon packages.
-  become: yes
-  apt: pkg=libtimedate-perl
-
-
-
-
-
-

7.4. Install 1-Wire Server

-

-This next task installs the 1-Wire server and shell commands. The -abbey uses the Dallas Semiconductor DS9490R, a USB to 1-Wire adapter, -on all its weather hosts, so it also configures the server to use the -USB adapter (rather than a test "fake" adapter). +AgentDVR is installed, after Ansible has set things up, by running the +command lines prescribed by iSpy while logged in as agentdvr with +the current default directory /home/agentdvr/. The installer should +create the /home/agentdvr/AgentDVR/ directory. Its offer to install +a system service is declined.

-
-roles_t/abbey-weather/tasks/main.yml
-- name: Install 1-Wire server.
-  become: yes
-  apt:
-    pkg: [ owserver, ow-shell ]
-
-- name: Configure 1-Wire server.
-  become: yes
-  lineinfile:
-    path: /etc/owfs.conf
-    regexp: "{{ item.regexp }}"
-    line: "{{ item.line }}"
-    backrefs: yes
-  loop:
-  - { regexp: '^[# ]*server: *FAKE(.*)$', line: '#server: FAKE\1' }
-  - { regexp: '^[# ]*server: *usb(.*)$', line: 'server: usb\1' }
-
-
-
-
-
-

7.5. Install Rsync

-

-Monkey on Core will want to download log records (files) using -rsync(1). +After AgentDVR is installed, when the /home/agentdvr/AgentDVR/ +directory exists, Ansible is run again to install the system service.

- -
-roles_t/abbey-weather/tasks/main.yml
-- name: Install Rsync.
-  become: yes
-  apt: pkg=rsync
-
-
-
-
-

7.6. Create Monkey

-
+
+

8.1. Create User agentdvr

+

-The weather daemon is run by an unprivileged monkey account (not -sysadm) which allows monkey on Core shell access. This is also -executed during the initial phase of configuration, allowing the -administrator to login on the new weather host as monkey and thus to -test access to the 1-Wire adapter and devices. To facilitate -debugging, the sysadm account is included in the monkey group. +AgentDVR runs as the system user agentdvr, which is created here.

-roles_t/abbey-weather/tasks/main.yml
-- name: Create monkey.
+roles_t/abbey-dvr/tasks/main.yml
---
+- name: Create agentdvr.
   become: yes
   user:
-    name: monkey
+    name: agentdvr
     system: yes
+    home: /home/agentdvr
+    shell: /bin/bash
+    append: yes
+    groups: video
 
-- name: Authorize monkey@core.
-  become: yes
-  vars:
-    pubkeyfile: ../Secret/ssh_monkey/id_rsa.pub
-  authorized_key:
-    user: monkey
-    key: "{{ lookup('file', pubkeyfile) }}"
-    manage_dir: yes
-
-- name: Add {{ ansible_user }} to monkey group.
+- name: Add {{ ansible_user }} to agentdvr group.
   become: yes
   user:
     name: "{{ ansible_user }}"
     append: yes
-    groups: monkey
-
-
-
-
-
-

7.7. Install Weather Daemon

-
-

-The weather daemon is kept alive as a Systemd service unit. This task -creates and starts that service after the host-specific -files/daemon-HOST file becomes available. -

- -

-The ExecStartPre=/bin/sleep 30 is intended to avoid recent hangs in -owread. -

+ groups: agentdvr -
-roles_t/abbey-weather/tasks/main.yml
-- name: Install weather directory.
+- name: Create /home/agentdvr/.
   become: yes
   file:
-    path: /home/monkey/Weather/Log
+    path: /home/agentdvr
     state: directory
-    owner: monkey
-    group: monkey
-    mode: u=rwx,g=rx,o=rx
-
-- name: Test for weather daemon script.
-  vars:
-    dir: ../roles/abbey-weather/files
-    file: "{{ dir }}/daemon-{{ inventory_hostname }}"
-  stat: path="{{ file }}"
-  delegate_to: localhost
-  register: weather
-
-- name: Note missing weather daemon script.
-  vars:
-    dir: ../roles/abbey-weather/files
-    script: "{{ dir }}/daemon-{{ inventory_hostname }}"
-  debug:
-    msg: "{{ script }}: not found"
-  when: not weather.stat.exists
-
-- name: Install weather daemon.
-  become: yes
-  vars:
-    dir: ../roles/abbey-weather/files
-    script: "{{ dir }}/daemon-{{ inventory_hostname }}"
-  copy:
-    src: "{{ script }}"
-    dest: /home/monkey/Weather/daemon
-    owner: monkey
-    group: monkey
-    mode: u=rwx,g=rx,o=
-  when: weather.stat.exists
-
-- name: Install weatherd service.
-  become: yes
-  copy:
-    content: |
-      [Unit]
-      Description=Weather Logger
-      After=owserver.service
-
-      [Service]
-      User=monkey
-      ExecStartPre=/bin/sleep 30
-      ExecStart=/home/monkey/Weather/daemon
-      Restart=always
-
-      [Install]
-      WantedBy=multi-user.target
-    dest: /etc/systemd/system/weatherd.service
-  when: weather.stat.exists
-  notify:
-  - Reload Systemd.
-  - Restart weather daemon.
-
-- name: Enable/Start weather daemon.
-  become: yes
-  systemd:
-    service: weatherd
-    enabled: yes
-    state: started
-  when: weather.stat.exists
+    owner: agentdvr
+    group: agentdvr
+    mode: u=rwx,g=rwxs,o=rx
 
- -
-roles_t/abbey-weather/handlers/main.yml
---
-- name: Reload Systemd.
-  become: yes
-  command: systemctl daemon-reload
-
-- name: Restart weather daemon.
-  become: yes
-  systemd:
-    service: weatherd
-    state: restarted
-
-
-
-
-

8. The Abbey DVR Role

-
-

-The abbey uses Zoneminder to record video from PoE IP HD security -cameras. The Abbey DVR Role installs Zoneminder and configures it to -record to /Zoneminder/, the mount point for a separate, large -storage volume. It follows the instructions in Zoneminder's -README.Debian (in /usr/share/doc/zoneminder/) to create the zm -database and configure Apache. -

-
-
-

8.1. DVR Machine Setup

-
+
+

8.2. Authorize User agentdvr

+

-The installation process involves some manual intervention. The first -time a host is enrolled, Ansible will install the necessary packages, -but it cannot create the database, nor the database user (yet, in the -first pass). After adding the new machine to the dvrs group in -10.2, run Ansible to get the Zoneminder software installed. +The AgentDVR installer is also run by agentdvr, which is authorized +to run a handful of system commands. This small set is sufficient +if the offer to create the system service is declined. In that +case, the installer will run the program in the terminal.

-
-./abbey config HOST
+
+roles_t/abbey-dvr/tasks/main.yml
+- name: Authorize agentdvr.
+  copy:
+    content: |
+      ALL ALL=(agentdvr) NOPASSWD: /bin/systemctl,/bin/apt-get,\
+          /sbin/adduser,/sbin/usermod
+    dest: /etc/sudoers.d/agentdvr
 
- - -

-Several configuration steps will be skipped because /Zoneminder/ has -not been created yet. To proceed, first create the database and -database user manually, as described in section Manually Create -Zoneminder DB and User. -

-
-

8.2. Create /Zoneminder/

-
-

-/Zoneminder/ should be a separate, large volume lest Zoneminder fill -the root file system. For acceptable performance, /Zoneminder/ -should also be the mount point of a solid-state disk (SSD). A -symbolic link at /var/cache/zoneminder/events targets /Zoneminder -to make it Zoneminder's "default" storage area. (The PurgeWhenFull -filter only works with the default storage area in v1.34.) -

-
-
-

8.3. Continue Zoneminder Configuration

+
+

8.3. Test For AgentDVR/

-Once the zm database (and zmuser database user) are created, and a -large volume mounted at /Zoneminder/, Ansible can continue with the -Zoneminder configuration. -

- -
-./abbey configure HOST
-
- - -

-Configuring Zoneminder's cameras is still a manual process as -described in the final section, Configure Cameras, below. -

-
-
-
-

8.4. Include Abbey Variables

-
-

-Private variables in private/vars-abbey.yml are needed, and included -here, as in the abbey-core role. The file path is relative to the -playbook's directory, playbooks/. +The following task probes for the /home/agentdvr/AgentDVR/ +directory, to detect that the build/install process has completed. It +registers the results in the agentdvr variable. Several of the +remaining installation steps are skipped unless +agentdvr.stat.exists.

-roles_t/abbey-dvr/tasks/main.yml
---
-- name: Include private abbey variables.
-  include_vars: ../private/vars-abbey.yml
+roles_t/abbey-dvr/tasks/main.yml
+- name: Test for AgentDVR directory.
+  stat:
+    path: /home/agentdvr/AgentDVR
+  register: agentdvr
+- debug:
+    msg: "/home/agentdvr/AgentDVR/ does not yet exist"
+  when: not agentdvr.stat.exists
 
-
-

8.5. Install Zoneminder v1.34

-
-

-The latest version of Zoneminder (1.36) was manually downloaded, built -and installed, but it immediately had problems, randomly producing -short events, dropping "problem" cameras entirely, etc. Version 1.34 -did not have those problems, but could still melt down (thrash?) when -/Zoneminder/ was a Seagate Barracuda in a USB3.1gen2 external drive -enclosure. A Western Digital Passport Ultra seemed to work much -better, for a short while. Ultimately a solid-state drive (a 2TB -USB3.2 Gen2 Samsung T7 Shield) mounted at /Zoneminder/ got -Zoneminder 1.34 to work reliably. -

- +
+

8.4. Create AgentDVR Service

+

-After uninstalling 1.36, the Debian 11 package (1.34) was installed -and configured per the instructions in sections "Web server set-up" -and "Time Zone" in /usr/share/doc/zoneminder/README.Debian.gz. +This service definition came from the template downloaded (from here) +by the installer, specifically the linux_setup2.sh script downloaded +by install.sh.

roles_t/abbey-dvr/tasks/main.yml
-- name: Install Zoneminder.
+- name: Install AgentDVR.service.
   become: yes
-  apt: pkg=zoneminder
+  copy:
+    content: |
+      [Unit]
+      Description=AgentDVR
 
-- name: Enable Apache modules for Zoneminder.
-  become: yes
-  apache2_module:
-    name: "{{ item }}"
-  loop: [ cgid, rewrite, expires, headers ]
-  notify: Restart Apache2.
+      [Service]
+      WorkingDirectory=/home/agentdvr/AgentDVR
+      ExecStart=/home/agentdvr/AgentDVR/Agent
 
-- name: Enable Zoneminder Apache configuration.
-  become: yes
-  command:
-    cmd: a2enconf zoneminder
-    creates: /etc/apache2/conf-enabled/zoneminder.conf
-  notify: Restart Apache2.
+      # fix memory management issue with dotnet core
+      Environment="MALLOC_TRIM_THRESHOLD_=100000"
 
-- name: Configure MySQL for Zoneminder.
-  become: yes
-  copy:
-    content: |
-      [mysqld]
-      sql_mode = NO_ENGINE_SUBSTITUTION
-    dest: /etc/mysql/conf.d/zoneminder.cnf
-  notify: Restart MySQL.
+      # to query logs using journalctl, set a logical name here
+      SyslogIdentifier=AgentDVR
 
-- name: Configure PHP date.timezone.
-  become: yes
-  lineinfile:
-    regexp: date.timezone ?=
-    line: date.timezone = {{ lookup('file', '/etc/timezone') }}
-    path: "{{ item }}"
-  loop:
-  - /etc/php/8.2/cli/php.ini
-  - /etc/php/8.2/apache2/php.ini
-  notify: Restart Apache2.
+      User=agentdvr
+
+      # ensure the service automatically restarts
+      Restart=always
+      # amount of time to wait before restarting the service
+      RestartSec=5
 
-- name: Enable/Start Apache2.
+      [Install]
+      WantedBy=multi-user.target
+    dest: /etc/systemd/system/AgentDVR.service
+  when: agentdvr.stat.exists
+
+- name: Enable/Start AgentDVR.service.
   become: yes
   systemd:
-    service: apache2
+    service: AgentDVR
     enabled: yes
     state: started
+  when: agentdvr.stat.exists
 
- -
-roles_t/abbey-dvr/handlers/main.yml
---
-- name: Restart MySQL.
-  become: yes
-  systemd:
-    service: mysql
-    state: restarted
-
-- name: Restart Apache2.
-  become: yes
-  systemd:
-    service: apache2
-    state: restarted
-
- +
+
+

8.5. Create AgentDVR Storage

+

-The following Rsyslog configuration drop-in gets Zoneminder's natter -out of /var/log/syslog. +The abbey uses a separate volume to store surveillance recordings, +lest the DVR program fill the root file system. The volume is mounted +at /DVR/. The following tasks create /DVR/AgentDVR/video/ +(whether a large volume is mounted there or not!) with appropriate +permissions so that the instructions for configuring a default storage +location do not fail.

roles_t/abbey-dvr/tasks/main.yml
-- name: Use /var/log/zoneminder.log
+- name: Create /DVR/AgentDVR/.
   become: yes
-  copy:
-    content: |
-      :programname,startswith,"zm" -/var/log/zoneminder.log
-      & stop
-    dest: /etc/rsyslog.d/40-zoneminder.conf
-
-
-
-
-
-

8.6. Create Zoneminder Database

-
-

-Zoneminder's MariaDB database is created by the following task, when -the mysql_db Ansible module supports check_implicit_admin. -

+ file: + state: directory + path: /DVR/AgentDVR + owner: agentdvr + group: agentdvr + mode: u=rwx,g=rxs,o= -
-
-- name: Create Zoneminder DB.
+- name: Create /DVR/AgentDVR/video/.
   become: yes
-  mysql_db:
-    check_implicit_admin: yes
-    name: zm
-    collation: utf8mb4_general_ci
-    encoding: utf8mb4
+  file:
+    state: directory
+    path: /DVR/AgentDVR/video
+    owner: agentdvr
+    group: agentdvr
+    mode: u=rwx,g=rxs,o=
 
- -

-Unfortunately it does not currently, yet the institute prefers the -more secure Unix socket authentication method. Rather than create a -privileged DB user, the zm database is created manually (below). -

-
-

8.7. Create Zoneminder DB User

-
+
+

8.6. Configure IP Cameras

+

-The following task would create the DB user (mysql_user supports -check_implicit_admin) but the zm database was not created above. +A new security camera is setup as described in Cloistering, after +which the camera should be accessible by name on the abbey networks. +Assuming ping -c1 new works, the camera's web interface will be +accessible at http://new/.

-The DB user's password is taken from the zoneminder_dbpass -variable, kept in private/vars-abbey.yml, and generated e.g. with -the apg -n 1 -x 12 -m 12 command. +The administrator uses this to make the following changes.

-
-private_ex/vars-abbey.yml
zoneminder_dbpass:           gakJopbikJadsEdd
-
-
- -
-
-- name: Create Zoneminder DB user.
-  become: yes
-  mysql_user:
-    check_implicit_admin: yes
-    name: zmuser
-    password: "{{ zoneminder_dbpass }}"
-    priv: >-
-      zm.*:
-      lock tables,alter,create,index,select,insert,update,delete
-
-
+
    +
  • Set a password on the administrative account.
  • +
  • Create an unprivileged user with a short password, +e.g. user:blah.
  • +
  • Set the frame rate to 5fps. The abbey prefers HD resolution and +long duration logs, thus fewer frames per second.
  • +
-
-

8.8. Manually Create Zoneminder DB and User

-
+
+

8.7. Configure AgentDVR's Cameras

+

-The Zoneminder database and database user are created manually with -the following SQL (with the zoneminder_dbpass spliced in). The SQL -commands are entered at the SQL prompt of the sudo mysql command, or -perhaps piped into the command. +After Ansible has configured and started the AgentDVR service, its web +UI will be available at http://core:8090/. The initial Live View +will be empty, overlayed with instructions to click the edit button.

-
-
create database zm
-    character set utf8mb4
-    collate utf8mb4_general_ci;
-grant lock tables,alter,create,index,select,insert,update,delete
-    on zm.*
-    to 'zmuser'@'localhost'
-    identified by '{{ zoneminder_dbpass }}';
-flush privileges;
-exit;
-
-

-Finally, zm's tables are created, completing the database setup, +The wizard will ask for each device's general configuration +parameters. The abbey uses SV3C IP cameras with a full HD stream as +well as a standard definition "vice stream". AgentDVR wants both.

-
-
sudo mysql < /usr/share/zoneminder/db/zm_create.sql
-
-
-
-
-
-

8.9. Use /Zoneminder/

-
-

-The following tasks start with a test for the existence of -/Zoneminder. Configuration tasks that require /Zoneminder/ or the -zm database are executed only when zoneminder.stat.exists. The -last "Link…" task below "forces" the link, whether the target exists -or not (yet). -

- -
-roles_t/abbey-dvr/tasks/main.yml
-- name: Test for /Zoneminder/.
-  stat:
-    path: /Zoneminder
-  register: zoneminder
-- debug:
-    msg: "/Zoneminder/ does not yet exist"
-  when: not zoneminder.stat.exists
-
-- name: Check /Zoneminder/.
-  become: yes
-  file:
-    state: directory
-    path: /Zoneminder
-    owner: www-data
-    group: www-data
-    mode: u=rwx,g=rx,o=rx
-  when: zoneminder.stat.exists
+
    +
  • General: +
      +
    • On: yes
    • +
    • Name: Outside
    • +
    • Source Type: Network Camera +
        +
      • Username: user
      • +
      • Password: blah
      • +
      • Live URL: rtsp://new.birchwood.private:554/12
      • +
      • Record URL: rtsp://new.birchwood.private:554/11
      • +
    • +
  • +
-- name: Link to /Zoneminder/. - become: yes - file: - state: link - src: /Zoneminder - path: /var/cache/zoneminder/events - force: yes - follow: no -
-
-
-
-
-

8.10. Configure Zoneminder

-

-The remaining tasks ensure that the /etc/zm/zm.conf file has the -proper permissions and contains the correct password. +Additional cameras are added via the "New Device" item in the Server +Menu. This step is completed when all cameras are streaming to +AgentDVR's Live View.

- -
-roles_t/abbey-dvr/tasks/main.yml
-- name: Set /etc/zm/zm.conf permissions.
-  become: yes
-  file:
-    path: /etc/zm/zm.conf
-    owner: root
-    group: www-data
-    mode: u=rw,g=r,o=
-
-- name: Set Zoneminder passphrase.
-  become: yes
-  lineinfile:
-    regexp: '^ *ZM_DB_PASS *='
-    line: ZM_DB_PASS={{ zoneminder_dbpass }}
-    path: /etc/zm/zm.conf
-
- +
+
+

8.8. Configure AgentDVR's Default Storage

+

-Finally, Zoneminder's service unit can be enabled (and started) if -/Zoneminder/ exists. It is assumed that, if /Zoneminder/ exists, -the zm database has also been created, and the service is ready to -run. +AgentDVR's web interface is also used to configure a default storage +location. From the Server Menu (upper left), the administrator chooses +Configuration Settings, the Storage tab, the Configure button, and the +add (plus) button. The storage location is set to /DVR/AgentDVR/ +and the "default" toggle is set. Several OK buttons then need to be +pressed before the task is complete.

- -
-roles_t/abbey-dvr/tasks/main.yml
-- name: Enable/Start Zoneminder.
-  become: yes
-  systemd:
-    service: zoneminder
-    enabled: yes
-    state: started
-  when: zoneminder.stat.exists
-
-
-
-

8.11. Configure Cameras

-
-

-A new security camera is setup as described in Cloistering, after -which the camera should be accessible by name on the abbey networks. -Assuming ping -c1 new works, the camera's web interface will be -accessible at http://new/. -

- -

-The abbey's administrator logs into http://new/ and turns off any -OSD (on-screen display). Zoneminder will add its own timestamp, for -the best accuracy and reliability. The administrator also turns down -the frame rate to 5fps. The abbey prefers HD resolution (e.g. 1080p) -and long duration logs, thus fewer frames per second. The -administrator also creates an unprivileged user with a short password -e.g. user:gobbledygook. -

- +
+

8.9. Configure AgentDVR's Recordings

+

-After Ansible has configured and started Zoneminder, a camera can be -created by clicking on "Add" in the Zoneminder console. (If the -Zoneminder host was named "security", the Zoneminder console can be -found at http://security/zm/.) In the Add dialog, the following -settings should be changed. (The parenthesized settings are default -settings that should be checked but are probably already correctly -set.) +After a default storage location has been configured, AgentDVR's +cameras can begin recording. The "Edit Devices" dialog lists (via the +"Edit Devices" item in the Server Menu) the configured cameras. The +edit buttons lead to the device settings where the following +parameters are set (in the Recording and Storage tabs).

    -
  • In the "General" tab, specify: +
  • Recording:
      -
    • Name: Front
    • -
    • (Server: None)
    • -
    • (Source type: Ffmpeg)
    • -
    • Function: Record
    • -
    • Enabled: yes
    • -
    • (Analysis FPS: <blank>)
    • -
    • (Maximum FPS: <blank>)
    • -
    • (Alarm Maximum FPS: <blank>)
    • +
    • Mode: Constant
    • +
    • Encoder: Raw Record Stream
    • +
    • Max record time: 900 (15 minutes)
  • -
  • In the "Source" tab, specify: +
  • Storage:
      -
    • Src path: rtsp://user:gobbledygook@new.small.private.:554/11
    • -
    • (Method: TCP)
    • -
    • (Target colorspace: 32 bit colour)
    • -
    • Capture Resolution: 1920x1080 1080p
    • -
  • -
  • In the "Timestamp" tab, specify: +
  • Location: DVR/AgentDVR
  • +
  • Folder: Outside
  • +
  • Storage Management:
      -
    • Timestamp Label X: 10
    • -
    • Timestamp Label Y: 10
    • -
    • Font Size: Large
    • +
    • On: yes
    • +
    • Max Size: 0 (unlimited)
    • +
    • Max Age: 168 (7 days)
  • -
  • In the "Buffers" tab, specify: -
      -
    • Image Buffer Size (frames): 40
@@ -2929,8 +2482,8 @@ machine simply by adding it to the tvrs group.

-
-

9.3. Include Abbey Variables

+
+

9.3. Include Abbey Variables

Private variables in private/vars-abbey.yml are needed, as in the @@ -3476,7 +3029,7 @@ the list of "inputs" available in a postal code typically ends with the OTA (over the air) broadcasts.

-
+
 $ tv_grab_zz_sdjson --configure --config-file .mythtv/Mr.Antenna.xml
 Cache file for lineups, schedules and programs.
 Cache file: [/home/mythtv/.xmltv/tv_grab_zz_sdjson.cache]
@@ -3897,9 +3450,6 @@ except the roles are found in Institute/roles/ as well as roles/.
         kamino:
         kessel:
         ord-mantell:
-    weather:
-      hosts:
-        anoat:
     dvrs:
       hosts:
         dantooine:
@@ -3953,10 +3503,6 @@ institutional roles, then the liturgical roles.
   hosts: campus
   roles: [ campus, abbey-cloister ]
 
-- name: Configure Weather
-  hosts: weather
-  roles: [ abbey-weather ]
-
 - name: Configure DVRs
   hosts: dvrs
   roles: [ abbey-dvr ]
@@ -4184,10 +3730,10 @@ operating system version of all abbey managed machines.
 

The abbey changes location almost weekly, so its timezone changes occasionally. Droplet does not move. Gate and other simple servers -(the weather monitors) are kept in UTC. Core, the DVRs, TVRs, and the -desktops all want updating to the current local timezone. The -desktops are managed maually, but the rest can all be updated using -Ansible. +are kept in UTC. Core, the DVRs, TVRs, Home Assistant and the +desktops all want updating to the current local timezone. Home +Assistant and the desktops are managed maually, but the rest can all +be updated using Ansible.

@@ -4228,12 +3774,11 @@ last host in the previous play. - hosts: dvrs tasks: - - name: Restart Zoneminder. + - name: Restart AgentDVR. become: yes systemd: - service: "{{ item }}" + service: AgentDVR state: restarted - loop: [ mysql, zoneminder ] when: new_tz.changed - hosts: tvrs @@ -4986,7 +4531,7 @@ to private/db.campus_vpn.)

Author: Matt Birkholz

-

Created: 2024-09-03 Tue 08:46

+

Created: 2024-09-20 Fri 13:28

Validate