vinceskahan / home-pi-rebuild Goto Github PK

This suite of ansible playbooks lets me do a full rebuild of my home Raspberry Pi (plural) as well as the Seagate Dockstar running Debian which serves as my current weewx host.

It's good enough to do a one-command provisioning of the various raspberry pi, which is the current intent.

ansible-playbook -i hosts site.yml  [--check]

* add "-l [hostname|groupname]" to limit to one host or group
* add "-t ntp" to run just the ntp role (for example)
* add "--check" to run in 'dry run' mode, making no actual changes

Multiple -l and -t blocks are supported by ansible-playbook at this writing.

Some roles are set to run no-op by default, but you can enable them individually by adding --extra-vars to the ansible-playbook command

--extravars="optionX=True optionY=True" 

Example: ansible-playbook ./site.yml -i hosts -l pi4jr --tags=localization [--check]

# for initial setup of the ssh
# - copy the image over using Etcher
# - make sure the /boot is mounted on the host (/Volumes/boot on a mac)
# - copy the ssh file to the mounted /boot tree
# - copy the wpa_supplicant.conf file to the mounted /boot tree
# - do an orderly umount of the disk
# - plug it into the pi and boot the pi, it should come up on wifi

# authorize my passwordless ssh key
ssh-copy-id -i ~/.ssh/id_rsa_nopass pi@HOST_NAME_HERE

# verify it works
ssh -i ~/.ssh/id_rsa_nopass pi@HOST_NAME_HERE hostname

# check the initial playbook works
ansible-playbook ./playbook.yml -i hosts -l HOST_NAME_HERE --check

# run the playbook for real (takes a while due to apt updates)

export HOST_NAME_HERE="myhostname"
ansible-playbook site.yml -i hosts -l ${HOST_NAME_HERE} --extra-vars="firstboot=True"

• a number of these roles have defaults/main.yml settings for default usernames and associated passwords.

  THESE ARE EXAMPLES ONLY. DO NOT USE THEM ON YOUR REAL SYSTEMS...

• you can supersede any defaults by passing --extra-vars parameters to use your own variable settings.

The various roles here have hard-coded or default targets matching where I have services running on my network. They also assume certain DNS resolution magic (ie, an alias 'mqtt' for the mqtt server) which is done by the pi-hole software running on the LAN. In general, I tried to alias services to the host acting as that server.

The ansible hosts file matches my ssh setup's ~/.ssh/config file, which sometimes differs from the actual hostname we want to set for that remote computer. An example ~/.ssh/config snippet is below:

# these are all raspbian pi
Host system1 system2 system3 system4
  IdentityFile ~/.ssh/id_rsa_nopass
  user pi

# this system uses a different name for ssh access 
# than it does for DNS resolving its address
Host systemXYZ-ansible
  hostname systemXYZ
  user ansible
 IdentityFile ~/.ssh/id_rsa_nopass

Obviously, the account used requires sudo access so 'become' works, which is true by default on a pi. I manually set up sudoers.d on other systems so this works there since those systems never change.

At last audit, this uses the following ansible modules:

• apt
• copy
• cron
• get_url
• hostname
• hosts
• influxdb
• influxdb_database
• influxdb_user
• iptables
• service
• setup
• shell
• template

• pi3jr = pi3 running off SSD as essentially the pi 'server' so to speak - runs influxdb, grafana
• pi3 = pi3 running pi-hole and mqtt server
• pi = model-B timelapse USB cam via motion
• r = model-B outside temperature sensors, makes data available via nginx for other systems
• g = usually off model-B
• b = usually off model-B
• zero = usually off play pi-zero
• zerow = usually off play pi-zero-w
• dockstar = Seagate Dockstar running weewx connected to the Davis VP2 weather station