diff --git a/.gitignore b/.gitignore index 92e4406..11566cb 100644 --- a/.gitignore +++ b/.gitignore @@ -31,8 +31,11 @@ logs/ ansible/inventory/dynamic_inventory.yaml ansible/inventory/dynamic_inventory.yaml.bak -# Generated playbooks (recreated at runtime) +# Generated playbooks (recreated at runtime) — but keep hand-crafted ones ansible/playbooks/*.yml +!ansible/playbooks/distribute_ssh_keys.yml +!ansible/playbooks/restart_service.yml +!ansible/playbooks/migrate_to_wmt.yml # VS Code .vscode/ diff --git a/ansible/playbooks/distribute_ssh_keys.yml b/ansible/playbooks/distribute_ssh_keys.yml new file mode 100644 index 0000000..bb6fdd2 --- /dev/null +++ b/ansible/playbooks/distribute_ssh_keys.yml @@ -0,0 +1,55 @@ +--- +# Distribute SSH Public Key to All Devices +# ───────────────────────────────────────── +# Purpose : Push the monitoring server's public key to every device so that +# all subsequent Ansible playbooks can use key-based authentication. +# +# Auth : Connects with ansible_password (set via --extra-vars at runtime). +# No SSH key is required on the target to run this playbook. +# +# Run via : Ansible > SSH Setup > "Deploy SSH Keys to All Devices" button, or +# POST /api/ansible/ssh/distribute-keys +# +# After : Disable "Use password authentication" in SSH Settings so all other +# playbooks switch back to key-based auth automatically. + +- name: Distribute SSH Public Key to All Devices + hosts: all + gather_facts: false + become: false + + tasks: + + - name: Ensure .ssh directory exists with correct permissions + file: + path: /home/pi/.ssh + state: directory + mode: '0700' + owner: pi + group: pi + + - name: Deploy controller public key to authorized_keys + authorized_key: + user: pi + key: "{{ lookup('file', playbook_dir + '/../ssh_keys/app_key.pub') }}" + state: present + exclusive: false + + - name: Set correct permissions on authorized_keys + file: + path: /home/pi/.ssh/authorized_keys + mode: '0600' + owner: pi + group: pi + + - name: Count keys in authorized_keys + shell: grep -c "" /home/pi/.ssh/authorized_keys + register: key_count + changed_when: false + + - name: Confirm successful deployment + debug: + msg: >- + SSH key deployed on {{ inventory_hostname }} ({{ ansible_host }}). + authorized_keys now contains {{ key_count.stdout }} key(s). + Key-based authentication is ready. diff --git a/ansible/playbooks/migrate_to_wmt.yml b/ansible/playbooks/migrate_to_wmt.yml new file mode 100644 index 0000000..7c46f7a --- /dev/null +++ b/ansible/playbooks/migrate_to_wmt.yml @@ -0,0 +1,126 @@ +--- +# Migrate devices from Prezenta app to WMT +# ────────────────────────────────────────────────────────────────────────── +# What this playbook does (in order): +# +# 1. Create /home/pi/Desktop/WMT on the target +# 2. Copy /home/pi/Desktop/WMT_project from the CONTROLLER to /home/pi/Desktop/WMT on the target +# 3. Read /home/pi/Desktop/Prezenta/data/idmasa.txt from the target +# 4. Write that value as work_place in WMT/data/config.txt (replaces notconfig) +# 5. Update ~/.config/wayfire.ini [autostart] start_python to launch from WMT +# 6. Rename /home/pi/Desktop/Prezenta → /home/pi/Desktop/Prezenta_Old_Data +# 7. Reboot the host +# +# Run via: Ansible > Playbooks > "Migrate to WMT" or POST /api/ansible/execute +# ────────────────────────────────────────────────────────────────────────── + +- name: Migrate devices from Prezenta to WMT + hosts: all + gather_facts: false + become: false + + tasks: + + # ── 1. Ensure destination directory exists ──────────────────────────── + - name: Create WMT directory on target + file: + path: /home/pi/Desktop/WMT + state: directory + owner: pi + group: pi + mode: '0755' + + # ── 2. Copy WMT_project from controller → target as WMT ────────────── + - name: Copy WMT_project folder to target as /home/pi/Desktop/WMT + copy: + src: /home/pi/Desktop/WMT_project/ + dest: /home/pi/Desktop/WMT/ + owner: pi + group: pi + mode: preserve + force: true + + # ── 3. Ensure WMT data directory exists (in case config.txt is missing) + - name: Ensure WMT/data directory exists + file: + path: /home/pi/Desktop/WMT/data + state: directory + owner: pi + group: pi + mode: '0755' + + # ── 4. Read idmasa.txt from the Prezenta data folder ───────────────── + - name: Read idmasa.txt from Prezenta + slurp: + src: /home/pi/Desktop/Prezenta/data/idmasa.txt + register: idmasa_raw + + - name: Decode idmasa value + set_fact: + work_place_value: "{{ (idmasa_raw.content | b64decode).strip() }}" + + - name: Show detected work_place value + debug: + msg: "work_place will be set to: '{{ work_place_value }}'" + + # ── 5. Ensure config.txt has a [device] section with work_place ─────── + - name: Ensure [device] section exists in config.txt + ini_file: + path: /home/pi/Desktop/WMT/data/config.txt + section: device + option: work_place + value: "{{ work_place_value }}" + backup: true + create: true + owner: pi + group: pi + mode: '0644' + + # ── 6. Update wayfire.ini autostart to launch from WMT ─────────────── + - name: Update wayfire.ini start_python path from Prezenta to WMT + lineinfile: + path: /home/pi/.config/wayfire.ini + regexp: "^start_python\\s*=.*" + line: "start_python = lxterminal -e \"bash -c 'cd /home/pi/Desktop/WMT; python3 app.py; exec bash'\"" + backrefs: false + backup: true + + - name: Confirm wayfire.ini change + command: grep "start_python" /home/pi/.config/wayfire.ini + register: wayfire_check + changed_when: false + + - name: Show wayfire.ini start_python line + debug: + msg: "{{ wayfire_check.stdout }}" + + # ── 7. Rename Prezenta → Prezenta_Old_Data ──────────────────────────── + - name: Check if Prezenta folder exists + stat: + path: /home/pi/Desktop/Prezenta + register: prezenta_stat + + - name: Check if Prezenta_Old_Data already exists + stat: + path: /home/pi/Desktop/Prezenta_Old_Data + register: prezenta_old_stat + + - name: Rename Prezenta to Prezenta_Old_Data + command: mv /home/pi/Desktop/Prezenta /home/pi/Desktop/Prezenta_Old_Data + when: + - prezenta_stat.stat.exists + - not prezenta_old_stat.stat.exists + + - name: Warn if Prezenta_Old_Data already exists (rename skipped) + debug: + msg: "⚠ Prezenta_Old_Data already exists — rename skipped to avoid overwrite." + when: prezenta_old_stat.stat.exists + + # ── 8. Reboot ───────────────────────────────────────────────────────── + - name: Reboot host to apply all changes + become: true + reboot: + msg: "Rebooting after WMT migration" + reboot_timeout: 180 + pre_reboot_delay: 3 + post_reboot_delay: 15 diff --git a/ansible/playbooks/restart_service.yml b/ansible/playbooks/restart_service.yml new file mode 100644 index 0000000..670eb4e --- /dev/null +++ b/ansible/playbooks/restart_service.yml @@ -0,0 +1,29 @@ +- become: true + hosts: all + name: Restart monitoring service + tasks: + - name: Stop prezenta service + systemd: + name: prezenta.service + state: stopped + - name: Wait for service to stop + wait_for: + timeout: 10 + - name: Start prezenta service + systemd: + enabled: true + name: prezenta.service + state: started + - name: Verify service is running + register: service_status + systemd: + name: prezenta.service + - name: Report service restart + uri: + body: + device_ip: '{{ ansible_host }}' + hostname: '{{ inventory_hostname }}' + service_status: '{{ service_status.status.ActiveState }}' + body_format: json + method: POST + url: http://{{ ansible_controller_ip }}/api/service_restarted