From: Matt Birkholz Date: Thu, 18 Sep 2025 23:50:12 +0000 (-0600) Subject: Update AgentDVR instructions. X-Git-Url: https://birchwood-abbey.net/git?a=commitdiff_plain;h=d35216dfb9de2471c2d1b043e37eb729729b85c2;p=Network.git Update AgentDVR instructions. --- diff --git a/README.org b/README.org index 7653c70..0e92216 100644 --- a/README.org +++ b/README.org @@ -1793,12 +1793,13 @@ entities. These were labeled and organized on an "Abbey" dashboard. * The Abbey DVR Role The abbey uses AgentDVR to record video from PoE IP HD security -cameras. It is installed and configured as described here. +cameras. It runs as user ~agentdvr~ and keeps all of its +configuration and recordings in =/home/agentdvr/=. -** AgentDVR Installation +** Install AgentDVR -AgentDVR is installed at the abbey according to the iSpy web site's -latest(?) instructions. The "download" button on iSpy's Download page +AgentDVR is installed according to the iSpy web site's latest +instructions. The "download" button on iSpy's Download page ([[https://www.ispyconnect.com/download]]), when "Agent DVR - Linux/ macOS/ RPi" is chosen, suggests the following command lines (the second of which is broken across three lines). @@ -1810,28 +1811,24 @@ ispysoftware/agent-install-scripts/main/v2/\ install.sh") #+END_SRC -/Before/ executing these commands, Ansible is enlisted to make certain -preparations. +The second command fetches and runs an installation script that +executes several ~sudo~ commands. These commands can be run by the +~agentdvr~ account if it has (temporary) authorization. -*** AgentDVR Installation Preparation +*** Prepare for AgentDVR Installation -AgentDVR runs in the abbey as a system user, ~agentdvr~, which -installs and runs the service. Though a system user, the account gets -a home directory, =/home/agentdvr/= in which to install AgentDVR, and -a login shell, =/bin/bash=. This much Ansible can do in preparation. +The following commands are manually executed to create the ~agentdvr~ +account and authorize it to run a handful of system commands as +~root~. This small set is sufficient to run the installation script +/if/ the offer to create the system service is declined. -: ./abbey config dvrs - -After the ~agentdvr~ account is created, it is temporarily authorized -to run a handful of system commands (as ~root~!). This small set is -sufficient /if/ the offer to create the system service is declined. -The following commands create this authorization in =~/01agentdvr=, -validate and install it in =/etc/sudoers.d/01agentdvr=. Such caution -is taken because a syntax error anywhere in =/etc/sudoers.d/= can make -the ~sudo~ command inoperative, cutting off access to all elevated -privileges until a "rescue" (involving a reboot) is performed. +The commands validate the config file, =01agentdvr=, before installing +it because a syntax error can make the ~sudo~ command inoperative, +cutting off access to all elevated privileges until a "rescue" +(involving a reboot) is performed. #+BEGIN_SRC sh +sudo adduser --disabled-password agentdvr echo "ALL ALL=(agentdvr) NOPASSWD: /bin/systemctl,/bin/apt-get,\ /sbin/adduser,/sbin/usermod" >~/01agentdvr sudo chown root:root ~/01agentdvr @@ -1840,10 +1837,10 @@ visudo --check --owner --perms ~/01agentdvr sudo mv ~/01agentdvr /etc/sudoers.d/ #+END_SRC -*** AgentDVR Installation Execution +*** Execute AgentDVR Installation With the above preparations, the system administrator can get a shell -session under the ~agentdvr~ account to run iSpy's installation script +session under the ~agentdvr~ account to run iSpy's installation script in the empty =/home/agentdvr/= directory. #+BEGIN_SRC sh @@ -1855,7 +1852,7 @@ The script creates the =/home/agentdvr/AgentDVR/= directory, and offers to install a system service. The offer is declined. Instead, Ansible is run again. -*** AgentDVR Installation Completion +*** Complete AgentDVR Installation When Ansible is run a second time, after the installation script, it sees the new =/home/agentdvr/AgentDVR/= directory and creates (and @@ -1868,9 +1865,11 @@ Also after the installation, the system administrator revokes the : sudo rm /etc/sudoers.d/01agentdvr -** Create User ~agentdvr~ +** Configure User ~agentdvr~ -AgentDVR runs as the system user ~agentdvr~, which is created here. +AgentDVR runs as the system user ~agentdvr~, which is configured here. +(The account should have been created by the installation or +restoration of AgentDVR.) #+CAPTION: [[file:roles_t/abbey-dvr/tasks/main.yml][=roles_t/abbey-dvr/tasks/main.yml=]] #+BEGIN_SRC conf :tangle roles_t/abbey-dvr/tasks/main.yml :mkdirp yes @@ -1879,7 +1878,7 @@ AgentDVR runs as the system user ~agentdvr~, which is created here. become: yes user: name: agentdvr - system: yes + password: "!" home: /home/agentdvr shell: /bin/bash append: yes @@ -1958,7 +1957,6 @@ by =install.sh=. [Install] WantedBy=multi-user.target dest: /etc/systemd/system/AgentDVR.service - when: agentdvr.stat.exists - name: Start AgentDVR.service. become: yes @@ -2048,29 +2046,35 @@ The administrator uses this to make the following changes. - Set a password on the administrative account. - Create an unprivileged user with a short password, - e.g. ~user:blah~. + e.g. ~user:blah~. (Lately, user accounts are not supported!) - Set the frame rate to 5fps. The abbey prefers HD resolution and long duration logs, thus fewer frames per second. + - Turn /off/ on-screen displays (OSDs), motion detection, object + recognition, etc. + - Configuring the timezone or the use of NTP (the network time + protocol) is nice but optional. ** Configure AgentDVR's Cameras After Ansible has configured and started the AgentDVR service, its web UI will be available at ~http://core:8090/~. The initial Live View will be empty, overlayed with instructions to click the edit button. - - -The wizard will ask for each device's general configuration -parameters. The abbey uses SV3C IP cameras with a full HD stream as -well as a standard definition "vice stream". AgentDVR wants both. +A view must be created before devices can be added? Then the device +wizard asks for each device's general configuration parameters. The +abbey uses SV3C IP cameras with a full HD stream as well as a standard +definition "vice stream". AgentDVR can use both, so the following +settings are used on each device. - General: - + On: yes - + Name: Outside + + Name: Stern + Source Type: Network Camera - Username: user - Password: blah - - Live URL: rtsp://new.birchwood.private:554/12 - - Record URL: rtsp://new.birchwood.private:554/11 + - Live URL: rtsp://camera3.birchwood.private:554/12 + - Record URL: rtsp://camera3.birchwood.private:554/11 + +Note that each device's recordings are also configured as described +below. Additional cameras are added via the "New Device" item in the Server Menu. This step is completed when all cameras are streaming to @@ -2105,6 +2109,16 @@ parameters are set (in the Recording and Storage tabs). - Max Size: 0 (unlimited) - Max Age: 168 (7 days) +** Restore AgentDVR + +When restoring =/home/= from a backup copy, the user accounts are +presumably restored as well. Thus =/home/agentdvr/AgentDVR/= should +be owned by ~agentdvr~, a user account with disabled/locked password +and a ~bash~ shell. Restoration is completed by Ansible when it +installs the system service configuration file and starts the service. + +: ./abbey config dvrs + * The Abbey TVR Role diff --git a/roles_t/abbey-dvr/tasks/main.yml b/roles_t/abbey-dvr/tasks/main.yml index a8a1d9a..b7736c9 100644 --- a/roles_t/abbey-dvr/tasks/main.yml +++ b/roles_t/abbey-dvr/tasks/main.yml @@ -3,7 +3,7 @@ become: yes user: name: agentdvr - system: yes + password: "!" home: /home/agentdvr shell: /bin/bash append: yes @@ -60,7 +60,6 @@ [Install] WantedBy=multi-user.target dest: /etc/systemd/system/AgentDVR.service - when: agentdvr.stat.exists - name: Start AgentDVR.service. become: yes