Access Control AC Node Master

Uit MakerSpace Leiden
Versie door DirkWillem (overleg | bijdragen) op 16 mei 2023 om 14:55 (Adding a new node)
Ga naar: navigatie, zoeken


Configuratie van de master node

Configured on the MSL server. Requisite packages:

 sudo apt install git sudo screen python3
 python3 -m ensure pip
 pip3 install configargparse
 pip3 install paho-mqtt
 pip3 install pidfile daemon setproctitle

Installatie:

 cd /usr/local
 git clone https://github.com/MakerSpaceLeiden/AccesSystem.git

Initiele uitrollen configuratie:

 sudo mkdir /usr/local/master
 ... change to some neutered user ....
 cp acnode.ini /usr/local/etc/master
 cp sample-keydb.txt /usr/local/etc/master/keydb.txt
 chown master:master -R /usr/local/etc/master
 chmod -R go-rwx /usr/local/etc/master

Create a systemd config file:

 [Unit]
 Description=Makerspace ACL/Node system
 After=network.target
 [Service]
 Type=simple
 Restart=always
 RestartSec=2
 User=XX-NEUTERED-USER-YOU-INSTALLED-IT-AS-XXX
 PIDFile=/var/db/master/master-prod.pid
 ExecStart=/usr/local/AccesSystem/Master/master.sh
 [Install]
 WantedBy=multi-user.target

Starten, restart, stop, etc

Usual systemd:

 sudo sudo systemctl restart master-access

Rekeying an upgraded/replaced existing node

After an upgrade or replacement - the node may need to re-generate its private key. In that case the master will no longer recognise/accept it. So you need to rekey the master.

Stop the sever; and edit

   vi /etc/master/trustdb.txt

and remove the line for that node; then restart the server.

Adding a new node

A new node won't be recognised (And allowed to (re)key) if it is not in acnode-prod.ini. So add it there

   vi /etc/master/trustdb.txt

And edit the line in acnode.ino in /etc/master

   secrets = [ woodlathe, lintzaag, tablesaw, planer, jointer, lights, compressor, tussendeur, voordeur, spacedeur, byebye, XXXX ]

where XXXX is the name of the node you are adding. Then restart the server; and it should repair (power cycle the node to speed this up). Check trustdb.txt to see it getdding added. It needs write permissions for the user that python runs as.

Debugging

Watch the MQTT log to see what is going on.