Access Control AC Node Master: verschil tussen versies

Uit MakerSpace Leiden
Ga naar: navigatie, zoeken
Regel 1: Regel 1:
[[Category:ACNode]][[Category:RunningTheSpaceDocs]]{{OldPage}}[[Categorie:Notes]][[Categorie:Docu]]
+
[[Category:ACNode]][[Category:RunningTheSpaceDocs]][[Categorie:Notes]][[Categorie:Docu]]
...
 
  
= Configuratie van de master node.
+
= Configuratie van de master node =
  
Requisite packages:
+
Configured on the [[MTA-Setup|MSL server]]. Requisite packages:
  
   sudo pkg install git sudo screen python34
+
   sudo apt install git sudo screen python3
   python3.4 -m ensure pip
+
   python3 -m ensure pip
   pip3.4 install configargparse
+
   pip3 install configargparse
   pip3.4 install paho-mqtt
+
   pip3 install paho-mqtt
   pip3.4 install pidfile daemon setproctitle
+
   pip3 install pidfile daemon setproctitle
  
 
Installatie:
 
Installatie:
Regel 25: Regel 24:
 
   chown master:master -R /usr/local/etc/master
 
   chown master:master -R /usr/local/etc/master
 
   chmod -R go-rwx /usr/local/etc/master
 
   chmod -R go-rwx /usr/local/etc/master
  cp master.sh /usr/local/etc/rc.d
 
  echo master_enable=YES >> /etc/rc.conf
 
  
Starten
+
Create a systemd config file:
  
/usr/local/etc/rc.d/master.sh start
+
'''
 +
[Unit]
 +
Description=Makerspace ACL/Node system
 +
After=network.target
 +
 
 +
[Service]
 +
Type=simple
 +
Restart=always
 +
RestartSec=2
 +
User=dirkx
 +
PIDFile=/var/db/master/master-prod.pid
 +
ExecStart=/usr/local/AccesSystem/Master/master.sh
 +
 
 +
[Install]
 +
WantedBy=multi-user.target
 +
'''
 +
 
 +
= Starten, restart, stop, etc =
 +
 
 +
Usual systemd:
 +
 
 +
  sudo sudo systemctl restart master-access
 +
 
 +
= Rekeying an upgraded/replaced existing node =
 +
 
 +
After an upgrade or replacement - the node may need to re-generate its private key. In that case the master will no longer recognise/accept it. So you need to rekey the master.
 +
 
 +
Stop the sever; and edit
 +
 
 +
    vi /usr/local/AccesSystem/Master/trustdb.txt
 +
 
 +
and remove the line for that node; then restart the server.
 +
 
 +
= Adding a new node =
 +
 
 +
A new node won't be recognised (And allowed to (re)key) if it is not in acnode-prod.ini. So add it there
 +
 
 +
    vi /usr/local/AccesSystem/Master/trustdb.txt
 +
 
 +
And edit the line
 +
 
 +
    secrets = [ woodlathe, lintzaag, tablesaw, planer, jointer, lights, compressor, tussendeur, voordeur, spacedeur, byebye, XXXX ]
 +
 
 +
where XXXX is the name of the node you are adding. Then restart the server; and it should repair (power cycle the node to speed this up). Check '''trustdb.txt''' to see it getdding added.
 +
 
 +
 
 +
= Debugging =
 +
 
 +
Watch the MQTT log to see what is going on.

Versie van 26 jan 2020 om 21:52


Configuratie van de master node

Configured on the MSL server. Requisite packages:

 sudo apt install git sudo screen python3
 python3 -m ensure pip
 pip3 install configargparse
 pip3 install paho-mqtt
 pip3 install pidfile daemon setproctitle

Installatie:

 cd /usr/local
 git clone https://github.com/MakerSpaceLeiden/AccesSystem.git

Initiele uitrollen configuratie (Not yet given its own UID):

 mkdir /usr/local/master
 # Als root
 cp acnode.ini /usr/local/etc/master
 cp sample-keydb.txt /usr/local/etc/master/keydb.txt
 chown master:master -R /usr/local/etc/master
 chmod -R go-rwx /usr/local/etc/master

Create a systemd config file:

[Unit] Description=Makerspace ACL/Node system After=network.target

[Service] Type=simple Restart=always RestartSec=2 User=dirkx PIDFile=/var/db/master/master-prod.pid ExecStart=/usr/local/AccesSystem/Master/master.sh

[Install] WantedBy=multi-user.target

Starten, restart, stop, etc

Usual systemd:

 sudo sudo systemctl restart master-access

Rekeying an upgraded/replaced existing node

After an upgrade or replacement - the node may need to re-generate its private key. In that case the master will no longer recognise/accept it. So you need to rekey the master.

Stop the sever; and edit

   vi /usr/local/AccesSystem/Master/trustdb.txt

and remove the line for that node; then restart the server.

Adding a new node

A new node won't be recognised (And allowed to (re)key) if it is not in acnode-prod.ini. So add it there

   vi /usr/local/AccesSystem/Master/trustdb.txt

And edit the line

   secrets = [ woodlathe, lintzaag, tablesaw, planer, jointer, lights, compressor, tussendeur, voordeur, spacedeur, byebye, XXXX ]

where XXXX is the name of the node you are adding. Then restart the server; and it should repair (power cycle the node to speed this up). Check trustdb.txt to see it getdding added.


Debugging

Watch the MQTT log to see what is going on.