From 4981050dad02dce3327f7ce02f8ccaad11b0c437 Mon Sep 17 00:00:00 2001 From: Zachary Lentz Date: Mon, 12 Feb 2024 18:19:26 -0800 Subject: [PATCH 1/9] WIP: more steps needed for prod use, not tested yet --- group_vars/tcbsd_plcs/vars.yml | 8 +++++ group_vars/tcbsd_vms/vars.yml | 8 +++++ tcbsd-plc.yaml.template | 8 +++++ tcbsd-provision-playbook.yaml | 53 ++++++++++++++++++++++++++++++++++ 4 files changed, 77 insertions(+) diff --git a/group_vars/tcbsd_plcs/vars.yml b/group_vars/tcbsd_plcs/vars.yml index 8975fab..aceff63 100644 --- a/group_vars/tcbsd_plcs/vars.yml +++ b/group_vars/tcbsd_plcs/vars.yml @@ -10,6 +10,14 @@ ansible_python_interpreter: /usr/local/bin/python3 # point. enable_freebsd_packages: true +# psproxy and psntp are currently needed to get bsd and package updates while on the lcls cds networks +use_psproxy: true +use_psntp: true + +# We can set the PLC's timezone, which is largely cosmetic +# See /usr/share/zoneinfo/ on the PLC for options +plc_timezone: America/Los_Angeles + # This is the default of 32MB. Set to 67108864 for 64MB of router memory. tc_locked_memory_size_bytes: 33554432 diff --git a/group_vars/tcbsd_vms/vars.yml b/group_vars/tcbsd_vms/vars.yml index 05ddb34..eeaab02 100644 --- a/group_vars/tcbsd_vms/vars.yml +++ b/group_vars/tcbsd_vms/vars.yml @@ -10,6 +10,14 @@ ansible_python_interpreter: /usr/local/bin/python3 # point. enable_freebsd_packages: true +# psproxy and psntp are currently needed to get bsd and package updates while on the lcls cds networks +use_psproxy: false +use_psntp: false + +# We can set the PLC's timezone, which is largely cosmetic +# See /usr/share/zoneinfo/ on the PLC for options +plc_timezone: + # This is the default of 32MB. Set to 67108864 for 64MB of router memory. tc_locked_memory_size_bytes: 33554432 diff --git a/tcbsd-plc.yaml.template b/tcbsd-plc.yaml.template index 04605ae..8394da2 100644 --- a/tcbsd-plc.yaml.template +++ b/tcbsd-plc.yaml.template @@ -14,6 +14,14 @@ tc_ams_net_id: ${PLC_NET_ID} ## point. #enable_freebsd_packages: true # +## psproxy and psntp are currently needed to get bsd and package updates while on the lcls cds networks +#use_psproxy: true +#use_psntp: true +# +## We can set the PLC's timezone, which is largely cosmetic +## See /usr/share/zoneinfo/ on the PLC for options +#plc_timezone: America/Los_Angeles +# ## This is the default of 32MB. Set to 67108864 for 64MB of router memory. #tc_locked_memory_size_bytes: 33554432 # diff --git a/tcbsd-provision-playbook.yaml b/tcbsd-provision-playbook.yaml index c0248b7..7c64733 100644 --- a/tcbsd-provision-playbook.yaml +++ b/tcbsd-provision-playbook.yaml @@ -13,6 +13,48 @@ path: /usr/local/etc/pkg/repos/FreeBSD.conf state: absent + - name: Setup psproxy + when: use_psproxy + ansible.builtin.blockinfile: + dest: /usr/local/etc/pkg.conf + block: | + PKG_ENV { + http_proxy: "http://psproxy:3128", + https_proxy: "http://psproxy:3128", + } + register: psproxy_setup + + - name: Setup psntp + when: use_psntp + ansible.builtin.blockinfile: + dest: /etc/ntp.conf + block: | + disable monitor + + # Permit time synchronization with our time source, but do not + # permit the source to query or modify the service on this system. + restrict default kod nomodify notrap nopeer noquery + restrict 127.0.0.1 + + server psntp1.pcdsn iburst + server psntp2.pcdsn iburst + server psntp3.pcdsn iburst + register: psntp_setup + + - name: Set timezone + when: plc_timezone != "" + ansible.builtin.copy: + remote_src: true + src: "/usr/share/zoneinfo/{{ plc_timezone }}" + dest: /etc/localtime + + - name: Restart NTP Service + ansible.builtin.service: + name: ntpd + enabled: yes + state: restarted + when: psntp_setup.changed + - name: Install helpful system packages ansible.builtin.package: name: @@ -188,3 +230,14 @@ enabled: yes state: restarted when: ams_net_id.changed or locked_memory_size.changed or heap_memory_size.changed + + - name: Set static IP on X001 (192.168.1.10 netmask 255.255.255.0) + community.general.sysrc: + name: ifconfig_igb1 + value: inet 192.168.1.10 netmask 255.255.255.0 + register: static_ip_x001_set + + - name: Reset X001 + ansible.builtin.command: /etc/rc.d/netif restart igb1 + when: static_ip_x001_set.changed + changed_when: true From 261272be866a171df673dfa6fec99931212c757a Mon Sep 17 00:00:00 2001 From: Zachary Lentz Date: Tue, 13 Feb 2024 13:07:50 -0800 Subject: [PATCH 2/9] DOC: fix instruction order --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index a09f844..93c87a2 100644 --- a/README.md +++ b/README.md @@ -5,9 +5,9 @@ A repository for trying out Ansible provisioning of TwinCAT BSD PLCs. ### Quick start: set up a new plc in prod 1. clone the repo -2. run ``./scripts/first_time_setup.sh your-plc-name`` -3. Edit ``./inventory/plcs.yaml`` to add your plc (and possibly an appropriate group) -4. Edit ``./host_vars/your-plc-name/vars.yaml`` if you'd like to change settings +2. Edit ``./inventory/plcs.yaml`` to add your plc (and possibly an appropriate group) +3. run ``./scripts/first_time_setup.sh your-plc-name`` +4. Optionally edit ``./host_vars/your-plc-name/vars.yaml`` if you'd like to change settings 3. run ``./scripts/provision_plcs.sh your-plc-name`` 4. commit and submit the file edits as a PR From 877e66062c4a0fff08f04c4eb68159c18585f3f2 Mon Sep 17 00:00:00 2001 From: Zachary Lentz Date: Tue, 13 Feb 2024 13:08:06 -0800 Subject: [PATCH 3/9] MAINT: add vim swp files to gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 653d800..ff66cd1 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ TCBSD*.vdi TCBSD*.iso venv +*.swp From 2b564602331b4f93cefbb1e1bd8089f5e5ea251f Mon Sep 17 00:00:00 2001 From: Zachary Lentz Date: Tue, 13 Feb 2024 13:08:29 -0800 Subject: [PATCH 4/9] BUG: fix various typos/errors in playbook --- tcbsd-provision-playbook.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tcbsd-provision-playbook.yaml b/tcbsd-provision-playbook.yaml index 7c64733..c41daaf 100644 --- a/tcbsd-provision-playbook.yaml +++ b/tcbsd-provision-playbook.yaml @@ -15,6 +15,7 @@ - name: Setup psproxy when: use_psproxy + register: psproxy_setup ansible.builtin.blockinfile: dest: /usr/local/etc/pkg.conf block: | @@ -22,10 +23,10 @@ http_proxy: "http://psproxy:3128", https_proxy: "http://psproxy:3128", } - register: psproxy_setup - name: Setup psntp when: use_psntp + register: psntp_setup ansible.builtin.blockinfile: dest: /etc/ntp.conf block: | @@ -39,7 +40,6 @@ server psntp1.pcdsn iburst server psntp2.pcdsn iburst server psntp3.pcdsn iburst - register: psntp_setup - name: Set timezone when: plc_timezone != "" @@ -49,11 +49,11 @@ dest: /etc/localtime - name: Restart NTP Service + when: psntp_setup.changed ansible.builtin.service: name: ntpd enabled: yes state: restarted - when: psntp_setup.changed - name: Install helpful system packages ansible.builtin.package: @@ -86,8 +86,8 @@ ansible.builtin.pip: name: "{{ tc_install_pip_packages }}" - - name: Install pip - # Packages only available via pip will be installed after this + - name: Unstall pip + # Packages only available via pip will be installed before this # As far as the security implications go: well, that's up to you! when: tc_uninstall_pip ansible.builtin.package: @@ -232,10 +232,10 @@ when: ams_net_id.changed or locked_memory_size.changed or heap_memory_size.changed - name: Set static IP on X001 (192.168.1.10 netmask 255.255.255.0) + register: static_ip_x001_set community.general.sysrc: name: ifconfig_igb1 value: inet 192.168.1.10 netmask 255.255.255.0 - register: static_ip_x001_set - name: Reset X001 ansible.builtin.command: /etc/rc.d/netif restart igb1 From 3d48ef866febfb44087955b4cbf1f8d8d1666664 Mon Sep 17 00:00:00 2001 From: Zachary Lentz Date: Tue, 13 Feb 2024 14:03:35 -0800 Subject: [PATCH 5/9] ENH: figure out how to force a timely ntp sync --- tcbsd-provision-playbook.yaml | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/tcbsd-provision-playbook.yaml b/tcbsd-provision-playbook.yaml index c41daaf..596e209 100644 --- a/tcbsd-provision-playbook.yaml +++ b/tcbsd-provision-playbook.yaml @@ -17,6 +17,8 @@ when: use_psproxy register: psproxy_setup ansible.builtin.blockinfile: + # Appending to this file lets us install packages from Beckhoff, etc. + # By using psproxy as our http/https proxy dest: /usr/local/etc/pkg.conf block: | PKG_ENV { @@ -24,6 +26,8 @@ https_proxy: "http://psproxy:3128", } + # We need NTP sync in order to install packages. + # Use internal ntp servers - name: Setup psntp when: use_psntp register: psntp_setup @@ -44,16 +48,32 @@ - name: Set timezone when: plc_timezone != "" ansible.builtin.copy: + # Strangely, copying a file is the designated way to set timezones. remote_src: true src: "/usr/share/zoneinfo/{{ plc_timezone }}" dest: /etc/localtime - - name: Restart NTP Service + # ntpd does not necessarily re-sync promptly after start or reconfig + # stop the service, sync manually, then start it again + # (cannot run sync manually if the service is running) + - name: Stop NTP Service when: psntp_setup.changed ansible.builtin.service: name: ntpd enabled: yes - state: restarted + state: stopped + + - name: Force NTP Sync Now + when: psntp_setup.changed + ansible.builtin.command: ntpd -g -q + changed_when: true + + - name: (Re) Start NTP Service + when: psntp_setup.changed + ansible.builtin.service: + name: ntpd + enabled: yes + state: started - name: Install helpful system packages ansible.builtin.package: @@ -231,6 +251,8 @@ state: restarted when: ams_net_id.changed or locked_memory_size.changed or heap_memory_size.changed + # We use the second port as a LAN port with a known static IP + # This makes it easy to use if we need it for e.g. doing service - name: Set static IP on X001 (192.168.1.10 netmask 255.255.255.0) register: static_ip_x001_set community.general.sysrc: @@ -238,6 +260,6 @@ value: inet 192.168.1.10 netmask 255.255.255.0 - name: Reset X001 - ansible.builtin.command: /etc/rc.d/netif restart igb1 when: static_ip_x001_set.changed + ansible.builtin.command: /etc/rc.d/netif restart igb1 changed_when: true From 91f4496517c0576ddbcdeaa92bafef6ecb1a3e3c Mon Sep 17 00:00:00 2001 From: Zachary Lentz Date: Tue, 13 Feb 2024 14:50:26 -0800 Subject: [PATCH 6/9] MAINT: somehow this is needed again, I don't understand --- ansible.cfg | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ansible.cfg b/ansible.cfg index 560c134..faaf123 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -2,3 +2,6 @@ inventory = ./inventory/ deprecation_warnings = True role_path = ./roles + +[ssh_connection] +ssh_args = From 8536122c8cb2f796382d306219c59149444c1ee9 Mon Sep 17 00:00:00 2001 From: Zachary Lentz Date: Tue, 13 Feb 2024 14:52:04 -0800 Subject: [PATCH 7/9] ENH: make the static ip optional and configurable --- group_vars/tcbsd_plcs/vars.yml | 3 +++ group_vars/tcbsd_vms/vars.yml | 3 +++ host_vars/plc-tst-bsd/vars.yml | 11 +++++++++++ tcbsd-plc.yaml.template | 3 +++ tcbsd-provision-playbook.yaml | 11 ++++++----- 5 files changed, 26 insertions(+), 5 deletions(-) diff --git a/group_vars/tcbsd_plcs/vars.yml b/group_vars/tcbsd_plcs/vars.yml index aceff63..c739f73 100644 --- a/group_vars/tcbsd_plcs/vars.yml +++ b/group_vars/tcbsd_plcs/vars.yml @@ -14,6 +14,9 @@ enable_freebsd_packages: true use_psproxy: true use_psntp: true +# set static IP on x000 (mac id 2) +x000_static: 192.168.1.10 + # We can set the PLC's timezone, which is largely cosmetic # See /usr/share/zoneinfo/ on the PLC for options plc_timezone: America/Los_Angeles diff --git a/group_vars/tcbsd_vms/vars.yml b/group_vars/tcbsd_vms/vars.yml index eeaab02..69df468 100644 --- a/group_vars/tcbsd_vms/vars.yml +++ b/group_vars/tcbsd_vms/vars.yml @@ -14,6 +14,9 @@ enable_freebsd_packages: true use_psproxy: false use_psntp: false +# set static IP on x000 (mac id 2) +x000_static: + # We can set the PLC's timezone, which is largely cosmetic # See /usr/share/zoneinfo/ on the PLC for options plc_timezone: diff --git a/host_vars/plc-tst-bsd/vars.yml b/host_vars/plc-tst-bsd/vars.yml index 78b864e..e76084d 100644 --- a/host_vars/plc-tst-bsd/vars.yml +++ b/host_vars/plc-tst-bsd/vars.yml @@ -14,6 +14,17 @@ tc_ams_net_id: 172.21.148.81.1.1 ## point. #enable_freebsd_packages: true # +## psproxy and psntp are currently needed to get bsd and package updates while on the lcls cds networks +#use_psproxy: true +#use_psntp: true +# +# set static IP on x000 (mac id 2) +#x000_static: 192.168.1.10 +# +## We can set the PLC's timezone, which is largely cosmetic +## See /usr/share/zoneinfo/ on the PLC for options +#plc_timezone: America/Los_Angeles +# ## This is the default of 32MB. Set to 67108864 for 64MB of router memory. #tc_locked_memory_size_bytes: 33554432 # diff --git a/tcbsd-plc.yaml.template b/tcbsd-plc.yaml.template index 8394da2..26821e4 100644 --- a/tcbsd-plc.yaml.template +++ b/tcbsd-plc.yaml.template @@ -18,6 +18,9 @@ tc_ams_net_id: ${PLC_NET_ID} #use_psproxy: true #use_psntp: true # +## set static IP on x000 (mac id 2) +#x000_static: 192.168.1.10 +# ## We can set the PLC's timezone, which is largely cosmetic ## See /usr/share/zoneinfo/ on the PLC for options #plc_timezone: America/Los_Angeles diff --git a/tcbsd-provision-playbook.yaml b/tcbsd-provision-playbook.yaml index 596e209..4e7ffe8 100644 --- a/tcbsd-provision-playbook.yaml +++ b/tcbsd-provision-playbook.yaml @@ -253,13 +253,14 @@ # We use the second port as a LAN port with a known static IP # This makes it easy to use if we need it for e.g. doing service - - name: Set static IP on X001 (192.168.1.10 netmask 255.255.255.0) - register: static_ip_x001_set + - name: Set static IP on X000 + when: x000_static != "" + register: static_ip_x000_set community.general.sysrc: name: ifconfig_igb1 - value: inet 192.168.1.10 netmask 255.255.255.0 + value: "inet {{ x000_static }} netmask 255.255.255.0" - - name: Reset X001 - when: static_ip_x001_set.changed + - name: Reset X000 + when: static_ip_x000_set.changed ansible.builtin.command: /etc/rc.d/netif restart igb1 changed_when: true From 1089f3a82e4f97549b1f1337dacc803f72aecd1d Mon Sep 17 00:00:00 2001 From: Zachary Lentz Date: Tue, 13 Feb 2024 16:01:21 -0800 Subject: [PATCH 8/9] MAINT: typos --- tcbsd-provision-playbook.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tcbsd-provision-playbook.yaml b/tcbsd-provision-playbook.yaml index 4e7ffe8..91df071 100644 --- a/tcbsd-provision-playbook.yaml +++ b/tcbsd-provision-playbook.yaml @@ -106,7 +106,7 @@ ansible.builtin.pip: name: "{{ tc_install_pip_packages }}" - - name: Unstall pip + - name: Uninstall pip # Packages only available via pip will be installed before this # As far as the security implications go: well, that's up to you! when: tc_uninstall_pip From bda1126ff1d88ef3bd9123a8942681a8a817509b Mon Sep 17 00:00:00 2001 From: Zachary Lentz Date: Tue, 13 Feb 2024 17:33:59 -0800 Subject: [PATCH 9/9] ENH: use boolean switches instead of checking for empty strings --- group_vars/tcbsd_plcs/vars.yml | 4 +++- group_vars/tcbsd_vms/vars.yml | 6 ++++-- host_vars/plc-tst-bsd/vars.yml | 4 +++- tcbsd-plc.yaml.template | 3 ++- tcbsd-provision-playbook.yaml | 6 +++--- 5 files changed, 15 insertions(+), 8 deletions(-) diff --git a/group_vars/tcbsd_plcs/vars.yml b/group_vars/tcbsd_plcs/vars.yml index c739f73..65ce6de 100644 --- a/group_vars/tcbsd_plcs/vars.yml +++ b/group_vars/tcbsd_plcs/vars.yml @@ -15,10 +15,12 @@ use_psproxy: true use_psntp: true # set static IP on x000 (mac id 2) -x000_static: 192.168.1.10 +x000_set_static_ip: true +x000_static_ip: 192.168.1.10 # We can set the PLC's timezone, which is largely cosmetic # See /usr/share/zoneinfo/ on the PLC for options +set_plc_timezone: true plc_timezone: America/Los_Angeles # This is the default of 32MB. Set to 67108864 for 64MB of router memory. diff --git a/group_vars/tcbsd_vms/vars.yml b/group_vars/tcbsd_vms/vars.yml index 69df468..a1feeae 100644 --- a/group_vars/tcbsd_vms/vars.yml +++ b/group_vars/tcbsd_vms/vars.yml @@ -15,11 +15,13 @@ use_psproxy: false use_psntp: false # set static IP on x000 (mac id 2) -x000_static: +x000_set_static_ip: false +x000_static_ip: 192.168.1.10 # We can set the PLC's timezone, which is largely cosmetic # See /usr/share/zoneinfo/ on the PLC for options -plc_timezone: +set_plc_timezone: false +plc_timezone: America/Los_Angeles # This is the default of 32MB. Set to 67108864 for 64MB of router memory. tc_locked_memory_size_bytes: 33554432 diff --git a/host_vars/plc-tst-bsd/vars.yml b/host_vars/plc-tst-bsd/vars.yml index e76084d..e6c1233 100644 --- a/host_vars/plc-tst-bsd/vars.yml +++ b/host_vars/plc-tst-bsd/vars.yml @@ -19,10 +19,12 @@ tc_ams_net_id: 172.21.148.81.1.1 #use_psntp: true # # set static IP on x000 (mac id 2) -#x000_static: 192.168.1.10 +#x000_set_static_ip: true +#x000_static_ip: 192.168.1.10 # ## We can set the PLC's timezone, which is largely cosmetic ## See /usr/share/zoneinfo/ on the PLC for options +#set_plc_timezone: true #plc_timezone: America/Los_Angeles # ## This is the default of 32MB. Set to 67108864 for 64MB of router memory. diff --git a/tcbsd-plc.yaml.template b/tcbsd-plc.yaml.template index 26821e4..2279404 100644 --- a/tcbsd-plc.yaml.template +++ b/tcbsd-plc.yaml.template @@ -19,7 +19,8 @@ tc_ams_net_id: ${PLC_NET_ID} #use_psntp: true # ## set static IP on x000 (mac id 2) -#x000_static: 192.168.1.10 +#x000_set_static_ip: true +#x000_static_ip: 192.168.1.10 # ## We can set the PLC's timezone, which is largely cosmetic ## See /usr/share/zoneinfo/ on the PLC for options diff --git a/tcbsd-provision-playbook.yaml b/tcbsd-provision-playbook.yaml index 91df071..1679100 100644 --- a/tcbsd-provision-playbook.yaml +++ b/tcbsd-provision-playbook.yaml @@ -46,7 +46,7 @@ server psntp3.pcdsn iburst - name: Set timezone - when: plc_timezone != "" + when: set_plc_timezone ansible.builtin.copy: # Strangely, copying a file is the designated way to set timezones. remote_src: true @@ -254,11 +254,11 @@ # We use the second port as a LAN port with a known static IP # This makes it easy to use if we need it for e.g. doing service - name: Set static IP on X000 - when: x000_static != "" + when: x000_set_static_ip register: static_ip_x000_set community.general.sysrc: name: ifconfig_igb1 - value: "inet {{ x000_static }} netmask 255.255.255.0" + value: "inet {{ x000_static_ip }} netmask 255.255.255.0" - name: Reset X000 when: static_ip_x000_set.changed