Access Control AC Node Master: verschil tussen versies
(19 tussenliggende versies door 2 gebruikers niet weergegeven) | |||
Regel 1: | Regel 1: | ||
− | [[Category: | + | [[Category:Nodes & network devices]][[Category:Servers network & websites]] |
− | |||
= Configuratie van de master node = | = Configuratie van de master node = | ||
− | Configured on the [[ | + | Configured on the [[Server setup|server]]. Requisite packages: |
sudo apt install git sudo screen python3 | sudo apt install git sudo screen python3 | ||
Regel 16: | Regel 15: | ||
git clone https://github.com/MakerSpaceLeiden/AccesSystem.git | git clone https://github.com/MakerSpaceLeiden/AccesSystem.git | ||
− | Initiele uitrollen configuratie | + | Initiele uitrollen configuratie (mid 2023 verhuist naar /etc/master) |
sudo mkdir /usr/local/master | sudo mkdir /usr/local/master | ||
... change to some neutered user .... | ... change to some neutered user .... | ||
− | cp acnode.ini | + | cp acnode.ini /etc/master |
− | cp sample-keydb.txt | + | cp sample-keydb.txt /etc/master/keydb.txt |
− | chown master:master -R | + | chown master:master -R /etc/master |
− | chmod -R go-rwx | + | chmod -R go-rwx /etc/master |
Create a systemd config file: | Create a systemd config file: | ||
Regel 55: | Regel 54: | ||
Stop the sever; and edit | Stop the sever; and edit | ||
− | vi / | + | vi /etc/master/trustdb.txt |
+ | |||
+ | and remove the line for that node; then restart the server. When in doubt - check that '''/etc/master/acnode.ini''' contains the name of the node (only known names are added (once) to the list). | ||
+ | |||
+ | == typical process in small steps == | ||
+ | |||
+ | Het process om een geheel nieuwe te laten herkennen is (XXXX is de naam van de node) | ||
+ | |||
+ | # log in op de msl server | ||
+ | # cd /etc/master | ||
+ | # check that XXXX voorkomt in acnode.ini | ||
+ | # edit trustdb.txt | ||
+ | # haal de regel met XXXXX .... weg | ||
+ | # herstart de Service: sudo systemctl restart master-access.service | ||
+ | # check of het goed ging: sudo systemctl status master-access.service | ||
+ | # of voor meer detail -- dingen als sudo journalctl -a -u master-access.service | ||
+ | |||
+ | En ondertussen kun je met | ||
+ | |||
+ | mosquitto_sub -v -h space.makerspaceleiden.nl -t 'ac/log/#' -t 'test/log/#' -t 'log/#' -v | ||
+ | |||
+ | of | ||
+ | |||
+ | mosquitto_sub -v -h space.makerspaceleiden.nl -t 'ac/log/#' -t 'test/log/#' -t 'log/#' -v | grep -i deur | ||
− | + | alles zien. | |
= Adding a new node = | = Adding a new node = | ||
Regel 63: | Regel 85: | ||
A new node won't be recognised (And allowed to (re)key) if it is not in acnode-prod.ini. So add it there | A new node won't be recognised (And allowed to (re)key) if it is not in acnode-prod.ini. So add it there | ||
− | vi / | + | vi /etc/master/acnode.ini |
− | And edit the line | + | And edit the line in acnode.ino in /etc/master |
secrets = [ woodlathe, lintzaag, tablesaw, planer, jointer, lights, compressor, tussendeur, voordeur, spacedeur, byebye, XXXX ] | secrets = [ woodlathe, lintzaag, tablesaw, planer, jointer, lights, compressor, tussendeur, voordeur, spacedeur, byebye, XXXX ] | ||
− | where XXXX is the name of the node you are adding. Then restart the server; and it should repair (power cycle the node to speed this up) | + | where XXXX is the name of the node you are adding. Then restart the server; and it should repair (power cycle the node to speed this up). |
+ | Check '''trustdb.txt''' to see it getdding added. It needs write permissions for the user that python runs as. | ||
= Debugging = | = Debugging = | ||
− | Watch the MQTT log to see what is going on. | + | Watch the MQTT log to see what is going on. Or watch |
+ | |||
+ | |||
+ | tail -F /var/log/master/master.log | ||
+ | |||
+ | Note the '-F' - as the log rotates every 24 hours; only a month is kept. |
Huidige versie van 11 nov 2024 om 22:25
Inhoud
Configuratie van de master node
Configured on the server. Requisite packages:
sudo apt install git sudo screen python3 python3 -m ensure pip pip3 install configargparse pip3 install paho-mqtt pip3 install pidfile daemon setproctitle
Installatie:
cd /usr/local git clone https://github.com/MakerSpaceLeiden/AccesSystem.git
Initiele uitrollen configuratie (mid 2023 verhuist naar /etc/master)
sudo mkdir /usr/local/master ... change to some neutered user .... cp acnode.ini /etc/master cp sample-keydb.txt /etc/master/keydb.txt chown master:master -R /etc/master chmod -R go-rwx /etc/master
Create a systemd config file:
[Unit] Description=Makerspace ACL/Node system After=network.target
[Service] Type=simple Restart=always RestartSec=2 User=XX-NEUTERED-USER-YOU-INSTALLED-IT-AS-XXX PIDFile=/var/db/master/master-prod.pid ExecStart=/usr/local/AccesSystem/Master/master.sh
[Install] WantedBy=multi-user.target
Starten, restart, stop, etc
Usual systemd:
sudo sudo systemctl restart master-access
Rekeying an upgraded/replaced existing node
After an upgrade or replacement - the node may need to re-generate its private key. In that case the master will no longer recognise/accept it. So you need to rekey the master.
Stop the sever; and edit
vi /etc/master/trustdb.txt
and remove the line for that node; then restart the server. When in doubt - check that /etc/master/acnode.ini contains the name of the node (only known names are added (once) to the list).
typical process in small steps
Het process om een geheel nieuwe te laten herkennen is (XXXX is de naam van de node)
- log in op de msl server
- cd /etc/master
- check that XXXX voorkomt in acnode.ini
- edit trustdb.txt
- haal de regel met XXXXX .... weg
- herstart de Service: sudo systemctl restart master-access.service
- check of het goed ging: sudo systemctl status master-access.service
- of voor meer detail -- dingen als sudo journalctl -a -u master-access.service
En ondertussen kun je met
mosquitto_sub -v -h space.makerspaceleiden.nl -t 'ac/log/#' -t 'test/log/#' -t 'log/#' -v
of
mosquitto_sub -v -h space.makerspaceleiden.nl -t 'ac/log/#' -t 'test/log/#' -t 'log/#' -v | grep -i deur
alles zien.
Adding a new node
A new node won't be recognised (And allowed to (re)key) if it is not in acnode-prod.ini. So add it there
vi /etc/master/acnode.ini
And edit the line in acnode.ino in /etc/master
secrets = [ woodlathe, lintzaag, tablesaw, planer, jointer, lights, compressor, tussendeur, voordeur, spacedeur, byebye, XXXX ]
where XXXX is the name of the node you are adding. Then restart the server; and it should repair (power cycle the node to speed this up).
Check trustdb.txt to see it getdding added. It needs write permissions for the user that python runs as.
Debugging
Watch the MQTT log to see what is going on. Or watch
tail -F /var/log/master/master.log
Note the '-F' - as the log rotates every 24 hours; only a month is kept.