setup - refactored the whole setup process (not yet stable)

setup/ReadMe.md

@@ -1,32 +1,50 @@
 <br>
 <p align="center">
-  <img src="https://www.growautomation.eu/img/svg/ga02c.svg" width="50%"/>
+  <img src="https://raw.githubusercontent.com/superstes/growautomation/dev/docs/source/_static/img/ga02c.svg" width="50%"/>
 </p>
 <br><br>
 
 ## Installation
 
 There are basically two ways of installing the GrowAutomation software:
 
+----
+
+### Image
+
+To install the pre-configured raspberry image you need to:
+
+* Download the image: <a href="https://drive.google.com/file/d/1MIoagaB4rKUwSbUtUW5E5ZUCCDU3k30S/view?usp=sharing">Google Drive</a>
+* Download and install the <a href="https://www.raspberrypi.com/software/">Raspberry Pi Imager</a> software on your computer (_or any other tool to flash images on a sd card_)
+* Flash the image on a sd card or <a href="https://docs.growautomation.eu/en/latest/setup/raspberry.html#ssd">ssd</a>
+* <a href="https://docs.growautomation.eu/en/latest/setup/find.html">Find the device on your network</a> and start using it!
+
+
 ----
 
 ### Setup script
 
+This setup option allows you to modify/configure a lot of custom settings that are pre-set in the image installation!
+
 #### Base setup
 
 First you need to go through the basic setup process as described <a href="https://docs.growautomation.eu/en/latest/setup/raspberry.html">here</a>
 
 #### Software setup
 
-The device will need internet access since the setup will download the code for you.
+For now: the device will need internet access for the setup-process to work.
+
+We might create an offline-setup guide in the future.
 
-You can just copy the 'setup.sh' file to the target system and run it:
+You need to copy the 'setup.sh' file to the target system and run it!
 
 ```bash
-$ sudo bash setup.sh
+sudo bash setup.sh
+# optional parameters:
+#   setup.sh TARGET-RELEASE(default=latest) DESTINATION-HOST(default=localhost)
 ```
 
-This script will prepare your system to run the Ansible setup tasks.
+This script will prepare your system to run the Ansible setup tasks/script.
 
 It will ask you to modify the configuration before continuing as seen here:
 
@@ -37,23 +55,24 @@ It will ask you to modify the configuration before continuing as seen here:
 This is the last time you can modify the config before the installation is started.
   You could:
   -> send this window to the background (Ctrl+Z)
-  -> make your modifications and
-  -> bring it back to the foreground (fg).
+  -> make your modifications
+  -> and bring it back to the foreground (fg).
 
 ###################################### INFO #######################################
 The following config files exist:
-  main: /tmp/ga_2021-04-11/setup/vars/main.yml
-  remote hosts (if needed):
-    - /tmp/ga_2021-04-11/setup/inventories/hosts.yml
-    - /tmp/ga_2021-04-11/setup/inventories/host_vars/$HOSTNAME.yml
+  main: /tmp/ga_2021-12-17/setup/vars/main.yml
+  remote hosts: (optional)
+    - /tmp/ga_2021-12-17/setup/inventories/hosts.yml
+    - /tmp/ga_2021-12-17/setup/inventories/host_vars/${HOSTNAME}.yml
 
-Do you want to continue? (yes/any=no)
+Do you want to continue? (yes/NO)
 ```
 
 Just put it in the background, change what you want and bring the setup back to the foreground.
 
 Type 'yes' and press enter to start the setup tasks.
 
+
 ##### Post install
 
 If you haven't set custom passwords -> you can find the randomly generated ones like this:
@@ -68,15 +87,3 @@ cat /etc/.ga_setup
 Now you can access the web-interface and configure your devices.
 
 More information to the configuration can be found <a href="https://docs.growautomation.eu/en/latest/index.html">here</a>.
-
-----
-
-### Image
-
-**Currently not available**!
-
-Will be provided for later versions.
-
-You just need to flash the image on the sd-card or ssd for the raspberry and plug it in.
-
-GrowAutomation is pre-installed.

setup/pb_restore.yml

@@ -10,7 +10,7 @@
     - './vars/hardcoded.yml'
 
   vars:
-    ga_update_cores: "{{ ansible_processor_cores - 1 }}"
+    ga_update_cores: "{% if ansible_processor_cores - 1 > 0 %}{{ ansible_processor_cores - 1 }}{% else %}1{% endif %}"
 
   vars_prompt:
     - name: ga_update_path_backup

setup/pb_setup.yml

@@ -7,13 +7,19 @@
     - './vars/main.yml'
     - './vars/hardcoded.yml'
   tasks:
+    # pre tasks
+    - name: Installing script dependencies
+      ansible.builtin.apt:
+        name: "{{ ga_script_packages }}"
+        state: present
+
     - name: Checking if password file exists
       ansible.builtin.stat:
         path: "{{ ga_random_pwd_file }}"
       register: random_pwd_file
 
     - name: Generating passwords
-      block:
+      ansible.builtin.block:
         - name: Writing web-user heading to file
           ansible.builtin.lineinfile:
             line: "# database-users:"
@@ -64,7 +70,7 @@
       when: not random_pwd_file.stat.exists
 
     - name: Pulling existing passwords
-      block:
+      ansible.builtin.block:
         - name: Getting sql-core password
           ansible.builtin.shell: "cat {{ ga_random_pwd_file | quote }} | grep {{ ga_sql_user_core | quote }}"
           register: raw_core_pwd
@@ -95,20 +101,170 @@
 
       when: random_pwd_file.stat.exists
 
-    - name: Database
-      ansible.builtin.import_role:
-        name: db
-      when:
-        - ga_sql_server == 'localhost'
-        - ga_core_install or ga_web_install
-        - ga_sql_install
-
+    # installation
     - name: GA Core
       ansible.builtin.import_role:
         name: core
       when: ga_core_install
 
-    - name: GA Web
+    - name: GA Web - Pre tasks
       ansible.builtin.import_role:
         name: web
       when: ga_web_install
+
+    # database setup
+    - name: GA Web - Database
+      ansible.builtin.import_role:
+        name: ansibleguy.infra_django_apache
+      vars:
+        django:
+          sites:
+            ga:
+              python_version: '3.9'
+              path_venv: "{{ ga_web_path_venv }}"
+              path_code: "{{ ga_web_path }}"
+              project: "base"
+              static_url: 'static'
+              serve:
+                path: "{{ ga_web_path_static }}"
+
+              user: "{{ ga_web_service_user }}"
+              group: "{{ ga_service_group }}"
+              admin: "{{ ga_web_ssl_letsencrypt_mail }}"
+              port_plain: "{{ ga_web_port_http }}"
+              port_ssl: "{{ ga_web_port_https }}"
+              domain: "{{ ga_web_dns }}"
+              aliases: "{{ ga_web_alias }}"
+              ssl:
+                mode: "{{ ga_web_ssl_mode }}"
+                cert:
+                  cn: 'GrowAutomation Certificate'
+                  org: 'GrowAutomation'
+                  country: 'AT'
+                  state: 'Styria'
+                ca:
+                  cn: 'GrowAutomation CA'
+                  org: 'GrowAutomation'
+                  country: 'AT'
+                  state: 'Styria'
+              letsencrypt:
+                email: "{{ ga_web_ssl_letsencrypt_mail }}"
+              env_pythonpath: ["{{ ga_core_path }}"]
+              migration_pre_tasks: ['systemctl stop ga_core.service']
+              migration_post_tasks: ['systemctl start ga_core.service']
+              python_modules:
+                present: "{{ ga_django_mods }}"
+              database:
+                manage: "{{ ga_sql_install }}"
+                host: "{{ ga_sql_server }}"
+                db: "{{ ga_sql_db }}"
+                user: "{{ ga_sql_user_web }}"
+                pwd: "{{ ga_sql_pwd_web }}"
+                config: "{{ ga_update_path_web }}/{{ ga_sql_config }}"
+                config_mode: "0640"
+                backup: true
+              sync_code:
+                enabled: true
+                src: "{{ ga_setup_clone_dir }}/code/web/base/"
+                dst: "{{ ga_web_path }}"
+                static_src: "{{ ga_web_path }}/static/"
+                static_dst: "{{ ga_web_path_static }}"
+      when: ga_web_install
+
+    - name: GA Core - Database
+      community.mysql.mysql_user:
+        name: "{{ ga_sql_user_core }}"
+        password: "{{ ga_sql_pwd_core }}"
+        priv: "{{ ga_sql_db + '.*:ALL' }}"
+        login_unix_socket: "{{ ga_sql_socket }}"
+      no_log: true
+      when:
+        - ga_web_install
+        - ga_core_install
+
+    - name: GA Core Database - Preparing config
+      ansible.builtin.set_fact:
+        ga_mariadb_instance: "{{ {
+          'dbs': {
+            ga_sql_db: 'present',
+          },
+          'backup': true,
+          'users': {
+            ga_sql_user_web: {
+              'priv': ga_sql_db + '.*:ALL',
+              'pwd': ga_sql_pwd_web,
+            },ansible.bu
+            ga_sql_user_core: {
+              'priv': ga_sql_db + '.*:ALL',
+              'pwd': ga_sql_pwd_core,
+            },
+          },
+          'settings': {'wait_timeout': 3600},
+          'socket': ga_sql_socket
+        } }}"
+
+    - name: GA Core Database - Setting up
+      ansible.builtin.import_role:
+        name: ansibleguy.infra_mariadb
+        vars:
+          mariadb:
+            instances:
+              ga: "{{ ga_mariadb_instance }}"
+      when:
+        - not ga_web_install
+        - ga_core_install
+        - ga_sql_install
+
+    - name: GA Web - Post tasks
+      ansible.builtin.import_role:
+        name: web
+        tasks_from: 'init_db.yml'
+      when:
+        - ga_web_install
+        - ga_web_init_db
+
+    # firewall management
+    - name: Firewall
+      ansible.builtin.block:
+      - name: GA Web/Core - Firewall
+          ansible.builtin.import_role:
+            name: ansibleguy.infra_ufw
+          vars:
+            ufw_rules:
+              GrowAutomationWeb:
+                port: "{{ ga_web_port_http }},{{ ga_web_port_https }}"
+                proto: 'tcp'
+              GrowAutomationCore:
+                port: "{{ ga_core_port_socket }}"
+                proto: 'tcp'
+                log: true
+          when:
+            - ga_web_install
+            - ga_core_install
+
+      - name: GA Web - Firewall
+        ansible.builtin.import_role:
+          name: ansibleguy.infra_ufw
+        vars:
+          ufw_rules:
+            GrowAutomationWeb:
+              port: "{{ ga_web_port_http }},{{ ga_web_port_https }}"
+              proto: 'tcp'
+        when:
+          - ga_web_install
+          - not ga_core_install
+
+      - name: GA Core - Firewall
+        ansible.builtin.import_role:
+          name: ansibleguy.infra_ufw
+        vars:
+          ufw_rules:
+            GrowAutomationCore:
+              port: "{{ ga_core_port_socket }}"
+              proto: 'tcp'
+              log: true
+        when:
+          - ga_core_install
+          - not ga_web_install
+
+      when: ga_ufw_manage

setup/requirements.yml

@@ -1,11 +1,29 @@
-# galaxy collections
-
 collections:
-  - name: ansible.posix
-    source: https://galaxy.ansible.com
+  - name: 'community.general'
+    source: 'https://galaxy.ansible.com'
+
+  - name: 'ansible.posix'
+    source: 'https://galaxy.ansible.com'
+
+  - name: 'community.mysql'
+    source: 'https://galaxy.ansible.com'
+
+  - name: 'community.crypto'
+    source: 'https://galaxy.ansible.com'
+
+roles:
+  - src: 'https://github.com/ansibleguy/infra_apache.git'
+    version: 'stable'
+    name: 'ansibleguy.infra_apache'
+
+  - src: 'https://github.com/ansibleguy/infra_certs.git'
+    version: 'stable'
+    name: 'ansibleguy.infra_certs'
 
-  - name: community.general
-    source: https://galaxy.ansible.com
+  - src: 'https://github.com/ansibleguy/infra_mariadb.git'
+    version: 'stable'
+    name: 'ansibleguy.infra_mariadb'
 
-  - name: community.mysql
-    source: https://galaxy.ansible.com
+  - src: 'https://github.com/ansibleguy/infra_ufw.git'
+    version: 'stable'
+    name: 'ansibleguy.infra_ufw'

setup/roles/core/defaults/main.yml

@@ -1,3 +1,7 @@
 ---
 
 ga_core_path_log: "{{ ga_path_log }}/core"
+
+ga_core_raspiconfig:
+  - 'nonint do_i2c 0'
+  - 'nonint do_spi 0'