Rebuild Raspbery PI - First repave with new ansible automation

[scottmuc]

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing all the previous repave issues. Have fun!

Things to do with the existing build

• [x] Create SD card with the latest Raspberry Pi OS

  Instructions

  Preferrably with a secondary SD Card to keep the current Pi running.

  installer download

• [x] Shut down the PI (to prevent DHCP conflicts)

• [x] Enable DHCP on the router and remove port mapping

Post OS install steps on the PI

• [x] Enable SSHD via rasp-config

• [x] Obtain machine IP via ip a

Post OS install steps on desktop

• [x] Ensure a working ansible enviroment

  Instructions

  Not much to say except use virtualenv. I don't have a consistent way to set this up because my macbook might be my controller, or my windows WSL host will be.

• [x] Copy ssh key using ssh-copy-id pi@<pi ip>

• [x] Bootstrap with Ansible

  Instructions

  ansible-playbook -i 192.168.2.10, --become --ask-become-pass ./bootstrap-playbook.yml

• [x] Complete full configuration

  Instructions

  ./ansible.sh <pi ip>

• [x] Disable DHCP on the router

• [x] Reboot PI

• [x] Add port mapping on the router

• [x] Make this template slightly better

[scottmuc]

Need step to change default pi user password.

Also think I can create a bootstrap and apply subcommand of the ./ansible.sh script to remove code from this issue template.

[scottmuc]

First run of ansible stopped with a failure to launch unbound. I was able top stop/start the service manually though.

[scottmuc]

Second run of ansible stopped at acquiring certificates. Need to re-add port forwarding to the random DHCP address.

[scottmuc]

Third run of ansible stopped at starting nginx. I forgot that I've been updating the server_names_hash_bucket_size manually each time. It's not automated yet as I'm uncertain how to make this change (though I think ansible has a useful line change feature).

[scottmuc]

Fourth run of ansible succeeded! Re-added the port mapping and deployed goodenoughmoney and it's live.

[scottmuc]

Manually ran the navidrome.sh script on the pi and now https://home.scottmuc.com/music/ is working.

[scottmuc]

Manually ran sudo smbpasswd -a pi with the same password as before and my Z: drive on Windows can still access the files.

[scottmuc]

Manually enabled the dhpcd on the PI.

Seeing messages in /var/log/syslog:

Mar 13 08:48:50 raspberrypi kea-dhcp4[1727]: Unable to use interprocess sync lockfile (No such file or directory): /var/run/kea/isc_kea_logger_lockfile

ipconfig /renew on my Windows PC isn't working so I've stopped the service and re-enabled DHCP on my router for now.

[scottmuc]

Something I realised is that I should not have overlapping DHCP IP address pools configured in my PI and my Telekom router.

Now my network looks like the following:

192.168.2.0/24

• Gateway: 192.168.2.1
• Static Range: 192.168.2.2-192.168.2.99
• Router DHCP pool: 192.168.2.100-192.168.2.149
• KEA DHCP pool: 192.168.2.150-192.168.2.199
• Unallocated: 192.168.2.200-192.168.2.254
• Broadcast: 192.168.2.255

[scottmuc]

Looks like I can remove all bootstrapping terminal access to the PI if I follow some of the directions here: https://kenfallon.com/safely-enabling-ssh-in-the-default-raspbian-image/.

I'll definitely try that in the next repave.

[scottmuc]

I need to learn how setup and notify handlers in Ansible. It might add a bit of complexity, but I believe it would make re-runs more reliable in their outcomes (e.g.: signal a restart of a service when the resource is observed as changed).

Also, need to stick with a consistent syntax for package resource specifications. Some places the inline style is used, and in other places, the yaml syntax is used.

[scottmuc]

Repave Complete!

Notes for the next repave:

• try enabling sshd by adding an empty file ssh into the /boot path of the installer
• add smbpasswd running to the automation and use a word stored in the encrypted ./secrets path
• send the navidrome.sh script to the PI or redo it via ansible
• extend ansible.sh to use subcommands
• consider deleting the pi user from the system once ansible is successfully bootstrapped
• look into fixing errors related to KEA
• look into python discovery warning of each ansible run
• add some over-explaining to the ansible files