many improvements to install docs/procedures

* in markdown files, use code fences rather than indented blocks.
    This is harder to screw up (one of them was off by a space so didn't
    render properly) and allows me to add info strings.

  * uniformly use "useradd" to create the user and group in all three
    places (install-manual.md, script-functions.sh, Dockerfile) rather
    than addgroup + adduser. Create a full home dir, which I suspect was
    the problem in #67. Don't allow customizing group name; it's always
    the same as the user.

  * install the sqlite3 package so that the "moonfire-nvr sql" command
    works properly.

  * remove "setup_db" function, which was out of place. Since the
    creation of the "moonfire-nvr init" command, this has to happen
    after installation of the binary. install.md gives instructions on
    this part anyway so remove it from the script.

  * give a proper command to create the db dir. It was creating it
    within the current directory, not within /var/lib/moonfire-nvr.
    Don't bother creating sample directory; "moonfire-nvr config"
    will do this.

  * when setting owners on a newly created directory, use a single
    "install -d" command rather than "mkdir" + "chown".

  * address confusion about whether sample file dirs need to be
    precreated. (Only when Moonfire NVR doesn't have write permissions
    on the parent.)

  * always just install the packaged version of ffmpeg rather than
    building our own. This has been usable since Debian/Raspbian 9
    Stretch; Debian/Raspbian 10 Buster is out now so there's no excuse
    for still running Debian/Raspbian 8 Jessie.

  * don't chown the UI directory; it can be owned by root as with
    the binary.

  * in scripts/install.sh, don't enable/start the service yet. It hasn't
    been configured.
This commit is contained in:
Scott Lamb 2019-07-09 23:48:06 -07:00
parent cb1bb5d810
commit 1c904b925a
7 changed files with 104 additions and 197 deletions

View File

@ -6,13 +6,12 @@ RUN apt-get update && \
apt-get install -y apt-utils && \ apt-get install -y apt-utils && \
apt-get install -y apt-transport-https tzdata git curl sudo vim && \ apt-get install -y apt-transport-https tzdata git curl sudo vim && \
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/*
RUN groupadd -r moonfire-nvr && \ RUN useradd --no-log-init --home-dir /var/lib/moonfire-nvr --system --user-group moonfire-nvr && \
useradd moonfire-nvr --no-log-init -m -r -g moonfire-nvr && \
echo 'moonfire-nvr ALL=(ALL) NOPASSWD: ALL' >>/etc/sudoers echo 'moonfire-nvr ALL=(ALL) NOPASSWD: ALL' >>/etc/sudoers
ENV HOME /home/moonfire-nvr ENV HOME /var/lib/moonfire-nvr
COPY --chown=moonfire-nvr:moonfire-nvr . /home/moonfire-nvr/moonfire-nvr COPY --chown=moonfire-nvr:moonfire-nvr . /home/moonfire-nvr/moonfire-nvr
USER moonfire-nvr USER moonfire-nvr
WORKDIR /home/moonfire-nvr/moonfire-nvr WORKDIR /var/lib/moonfire-nvr/moonfire-nvr
RUN whoami && ls -l && \ RUN whoami && ls -l && \
./scripts/setup-ubuntu.sh && \ ./scripts/setup-ubuntu.sh && \
./scripts/setup-ubuntu.sh && \ ./scripts/setup-ubuntu.sh && \

View File

@ -33,6 +33,7 @@ You will need the following C libraries installed:
On recent Ubuntu or Raspbian, the following command will install On recent Ubuntu or Raspbian, the following command will install
all non-Rust dependencies: all non-Rust dependencies:
```
$ sudo apt-get install \ $ sudo apt-get install \
build-essential \ build-essential \
libavcodec-dev \ libavcodec-dev \
@ -43,7 +44,9 @@ all non-Rust dependencies:
libsqlite3-dev \ libsqlite3-dev \
libssl-dev \ libssl-dev \
pkgconf \ pkgconf \
sqlite3 \
tzdata tzdata
```
Next, you need Rust 1.33+ and Cargo. The easiest way to install them is by Next, you need Rust 1.33+ and Cargo. The easiest way to install them is by
following the instructions at [rustup.rs](https://www.rustup.rs/). following the instructions at [rustup.rs](https://www.rustup.rs/).
@ -52,6 +55,7 @@ Finally, building the UI requires [yarn](https://yarnpkg.com/en/).
Once prerequisites are installed, Moonfire NVR can be built as follows: Once prerequisites are installed, Moonfire NVR can be built as follows:
```
$ yarn $ yarn
$ yarn build $ yarn build
$ cargo test $ cargo test
@ -59,24 +63,25 @@ Once prerequisites are installed, Moonfire NVR can be built as follows:
$ sudo install -m 755 target/release/moonfire-nvr /usr/local/bin $ sudo install -m 755 target/release/moonfire-nvr /usr/local/bin
$ sudo mkdir /usr/local/lib/moonfire-nvr $ sudo mkdir /usr/local/lib/moonfire-nvr
$ sudo cp -R ui-dist /usr/local/lib/moonfire-nvr/ui $ sudo cp -R ui-dist /usr/local/lib/moonfire-nvr/ui
```
## Creating the user and database ## Creating the user and database
You can create Moonfire NVR's dedicated user and SQLite database with the You can create Moonfire NVR's dedicated user and SQLite database with the
following commands: following commands:
$ sudo addgroup --system moonfire-nvr ```
$ sudo adduser --system moonfire-nvr --home /var/lib/moonfire-nvr $ sudo useradd --system --user-group --create-home --home /var/lib/moonfire-nvr moonfire-nvr
$ sudo mkdir /var/lib/moonfire-nvr $ sudo -u moonfire-nvr -H sh -c 'cd && mkdir --mode=700 db'
$ sudo chown moonfire-nvr:moonfire-nvr /var/lib/moonfire-nvr
$ sudo -u moonfire-nvr -H mkdir db sample
$ sudo -u moonfire-nvr moonfire-nvr init $ sudo -u moonfire-nvr moonfire-nvr init
```
## System Service ## System Service
Moonfire NVR can be run as a systemd service. Create Moonfire NVR can be run as a systemd service. Create
`/etc/systemd/system/moonfire-nvr.service`: `/etc/systemd/system/moonfire-nvr.service`:
```
[Unit] [Unit]
Description=Moonfire NVR Description=Moonfire NVR
After=network-online.target After=network-online.target
@ -92,20 +97,23 @@ Moonfire NVR can be run as a systemd service. Create
Type=simple Type=simple
User=moonfire-nvr User=moonfire-nvr
Nice=-20 Nice=-20
Restart=on-abnormal Restart=on-failure
CPUAccounting=true CPUAccounting=true
MemoryAccounting=true MemoryAccounting=true
BlockIOAccounting=true BlockIOAccounting=true
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
```
Note that the HTTP port currently has no authentication, encryption, or Note that the HTTP port currently has no authentication, encryption, or
logging; it should not be directly exposed to the Internet. logging; it should not be directly exposed to the Internet.
Tell `systemd` to look for the new file: Tell `systemd` to look for the new file:
```
$ sudo systemctl daemon-reload $ sudo systemctl daemon-reload
```
See the [systemd](http://www.freedesktop.org/wiki/Software/systemd/) See the [systemd](http://www.freedesktop.org/wiki/Software/systemd/)
documentation for more information. The [manual documentation for more information. The [manual

View File

@ -89,7 +89,6 @@ Although not all listed in the default `prep.config` file, these are the
available configuration variable and their defaults. available configuration variable and their defaults.
NVR_USER=moonfire-nvr NVR_USER=moonfire-nvr
NVR_GROUP=$NVR_USER
NVR_PORT=8080 NVR_PORT=8080
NVR_HOME_BASE=/var/lib NVR_HOME_BASE=/var/lib
DB_NAME=db DB_NAME=db

View File

@ -13,7 +13,9 @@ See the [github page](https://github.com/scottlamb/moonfire-nvr) (in case
you're not reading this text there already). You can download the you're not reading this text there already). You can download the
bleeding-edge version from the commandline via git: bleeding-edge version from the commandline via git:
```
$ git clone https://github.com/scottlamb/moonfire-nvr.git $ git clone https://github.com/scottlamb/moonfire-nvr.git
```
## Building and installing from source ## Building and installing from source
@ -39,26 +41,29 @@ Moonfire NVR keeps two kinds of state:
By now Moonfire NVR's dedicated user and database should have been created for By now Moonfire NVR's dedicated user and database should have been created for
you. Next you need to create a sample file directory. you. Next you need to create a sample file directory.
## Creating a sample file directory ## Dedicated hard drive seutp
### ...on a dedicated hard drive
If a dedicated hard drive is available, set up the mount point: If a dedicated hard drive is available, set up the mount point:
```
$ sudo vim /etc/fstab $ sudo vim /etc/fstab
$ sudo mkdir /media/nvr $ sudo mkdir /media/nvr
$ sudo mount /media/nvr $ sudo mount /media/nvr
$ sudo mkdir /media/nvr/sample $ sudo install -d -o moonfire-nvr -g moonfire-nvr -m 700 /media/nvr/sample
$ sudo chown moonfire-nvr:moonfire-nvr /media/nvr/sample ```
In the fstab you'd add a line similar to this: In `/etc/fstab`, add a line similar to this:
```
/dev/disk/by-uuid/23d550bc-0e38-4825-acac-1cac8a7e091f /media/nvr ext4 defaults,noatime,nofail 0 2 /dev/disk/by-uuid/23d550bc-0e38-4825-acac-1cac8a7e091f /media/nvr ext4 defaults,noatime,nofail 0 2
```
You'll have to lookup the correct uuid for your disk. One way to do that is You'll have to lookup the correct uuid for your disk. One way to do that is
via the following command: via the following command:
```
$ ls -l /dev/disk/by-uuid $ ls -l /dev/disk/by-uuid
```
If you use the `nofail` attribute in `/etc/fstab` as described above, your If you use the `nofail` attribute in `/etc/fstab` as described above, your
system will boot successfully even when the hard drive is unavailable (such as system will boot successfully even when the hard drive is unavailable (such as
@ -66,19 +71,18 @@ when your external USB storage is unmounted). This is convenient, but you
likely want to ensure the `moonfire-nvr` service only starts when the mounting likely want to ensure the `moonfire-nvr` service only starts when the mounting
is successful. Edit the systemd configuration to do so: is successful. Edit the systemd configuration to do so:
```
$ sudo vim /etc/systemd/system/moonfire-nvr.service $ sudo vim /etc/systemd/system/moonfire-nvr.service
$ sudo systemctl daemon-reload $ sudo systemctl daemon-reload
```
You'll want to add a line like `Requires=media-nvr.mount` to the `[Unit]` You'll want to add lines similar to the following to the `[Unit]` section of
section of the file. the file:
### ...without a dedicated hard drive ```
After=media.nvr.mount
If you don't have a dedicated hard drive available, simply create a directory Requires=media-mvr.mount
owned by the dedicated user. It's convenient to place it within the ```
installation's directory (typically `/var/lib/moonfire-nvr`):
$ sudo -u moonfire-nvr -H mkdir sample
## Completing configuration through the UI ## Completing configuration through the UI
@ -87,11 +91,18 @@ configurations to the database.
You can configure the system's database through a text-based user interface: You can configure the system's database through a text-based user interface:
```
$ sudo -u moonfire-nvr moonfire-nvr config 2>debug-log $ sudo -u moonfire-nvr moonfire-nvr config 2>debug-log
```
In the user interface, In the user interface,
1. add your sample file dir(s) under "Directories and retention". 1. add your sample file dir(s) under "Directories and retention".
If you used a dedicated hard drive, use the directory you precreated
(`/media/surveillance/sample`). Otherwise, try
`/var/lib/moonfire-nvr/sample`. Moonfire NVR will create the directory as
long as it has the required permissions on the parent directory.
2. add cameras under "Cameras and streams". 2. add cameras under "Cameras and streams".
* There's a "Test" button to verify your settings directly from the add/edit * There's a "Test" button to verify your settings directly from the add/edit
@ -135,8 +146,10 @@ system](secure.md) first.
The following commands will start Moonfire NVR and enable it for following The following commands will start Moonfire NVR and enable it for following
boots, respectively: boots, respectively:
```
$ sudo systemctl start moonfire-nvr $ sudo systemctl start moonfire-nvr
$ sudo systemctl enable moonfire-nvr $ sudo systemctl enable moonfire-nvr
```
The HTTP interface is accessible on port 8080; if your web browser is running The HTTP interface is accessible on port 8080; if your web browser is running
on the same machine, you can access it at on the same machine, you can access it at

View File

@ -67,7 +67,6 @@ fi
if [ -d "ui-dist" ]; then if [ -d "ui-dist" ]; then
sudo mkdir -p "${LIB_DIR}/ui" sudo mkdir -p "${LIB_DIR}/ui"
sudo cp -R ui-dist/. "${LIB_DIR}/ui/" sudo cp -R ui-dist/. "${LIB_DIR}/ui/"
sudo chown -R ${NVR_USER}:${NVR_GROUP} "${LIB_DIR}/ui/"
echo_info -x "Server UI installed..." echo_info -x "Server UI installed..."
else else
echo_fatal -x "Server UI failed to build or install..." echo_fatal -x "Server UI failed to build or install..."
@ -114,7 +113,7 @@ Environment=RUST_BACKTRACE=1
Type=simple Type=simple
User=${NVR_USER} User=${NVR_USER}
Nice=-20 Nice=-20
Restart=on-abnormal Restart=on-failure
CPUAccounting=true CPUAccounting=true
MemoryAccounting=true MemoryAccounting=true
BlockIOAccounting=true BlockIOAccounting=true
@ -123,13 +122,4 @@ BlockIOAccounting=true
WantedBy=multi-user.target WantedBy=multi-user.target
NVR_EOF NVR_EOF
# Configure and start service
#
if [ -f "${SERVICE_PATH}" ]; then
echo_info -x 'Configuring system daemon...'
sudo systemctl daemon-reload sudo systemctl daemon-reload
sudo systemctl enable ${SERVICE_NAME}
sudo systemctl restart ${SERVICE_NAME}
echo_info -x 'Getting system daemon status...'
sudo systemctl status ${SERVICE_NAME}
fi

View File

@ -41,8 +41,6 @@ NODE_MIN_VERSION="8"
YARN_MIN_VERSION="1.0" YARN_MIN_VERSION="1.0"
CARGO_MIN_VERSION="0.2" CARGO_MIN_VERSION="0.2"
RUSTC_MIN_VERSION="1.33" RUSTC_MIN_VERSION="1.33"
FFMPEG_MIN_VERSION="55.1.101"
FFMPEG_RELEASE_VERSION="3.4"
normalizeDirPath() normalizeDirPath()
{ {
@ -80,11 +78,6 @@ catPrefix()
sed -e "s/^/$2/" < "$1" sed -e "s/^/$2/" < "$1"
} }
mkdir_moonfire()
{
sudo -u "${NVR_USER}" -H mkdir "$@"
}
echo_multi() echo_multi()
{ {
local prefix='' local prefix=''
@ -151,7 +144,6 @@ initEnvironmentVars()
. "${MOONFIRE_DIR}/prep.config" . "${MOONFIRE_DIR}/prep.config"
fi fi
NVR_USER="${NVR_USER:-moonfire-nvr}" NVR_USER="${NVR_USER:-moonfire-nvr}"
NVR_GROUP="${NVR_GROUP:-$NVR_USER}"
NVR_PORT="${NVR_PORT:-8080}" NVR_PORT="${NVR_PORT:-8080}"
NVR_HOME_BASE="${NVR_HOME_BASE:-/var/lib}" NVR_HOME_BASE="${NVR_HOME_BASE:-/var/lib}"
NVR_HOME="${NVR_HOME_BASE}/${NVR_USER}" NVR_HOME="${NVR_HOME_BASE}/${NVR_USER}"
@ -244,23 +236,6 @@ userExists()
return $(id -u "$1" >/dev/null 2>&1) return $(id -u "$1" >/dev/null 2>&1)
} }
groupExists()
{
return $(id -g "$1" >/dev/null 2>&1)
}
moonfire()
{
case "$1" in
start)
sudo systemctl start "$2"
;;
stop)
sudo systemctl stop "$2"
;;
esac
}
sudo_warn() sudo_warn()
{ {
echo_warn -x -p '!!!!! ' \ echo_warn -x -p '!!!!! ' \
@ -271,48 +246,18 @@ sudo_warn()
'------------------------------------------------------------------------------' '------------------------------------------------------------------------------'
} }
# Create user, group, and database directory if not there
# Prepare for sqlite directory and set schema into db
#
setup_db()
{
if [ ! -d "${DB_DIR}" ]; then
echo_info -x 'Create database directory...'
mkdir_moonfire -p "${DB_DIR}"
fi
echo_info -x 'Ensure database is initialized...'
sudo -u "${NVR_USER}" -H -- "${SERVICE_BIN}" init --db-dir="${DB_DIR}"
}
# Make sure all sample directories and files owned by moonfire
#
fix_ownership()
{
sudo chown -R ${NVR_USER}:${NVR_USER} "$1"
echo_info -x "Fix ownership of files in \"$1\"..."
}
# Create user and groups if not there
# #
prep_moonfire_user() prep_moonfire_user()
{ {
echo_info -x "Create user/group and directories we need..." echo_info -x "Create user/group and directories we need..."
if ! groupExists "${NVR_GROUP}"; then
sudo addgroup --quiet --system ${NVR_GROUP}
fi
if ! userExists "${NVR_USER}"; then if ! userExists "${NVR_USER}"; then
sudo adduser --quiet --system ${NVR_USER} \ sudo useradd --system ${NVR_USER} --user-group --create-home --home-dir "${NVR_HOME}"
--ingroup "${NVR_GROUP}" --home "${NVR_HOME}"
fi fi
if [ ! -d "${NVR_HOME}" ]; then sudo -u ${NVR_USER} -H sh -c 'cd && test -d db || mkdir --mode=700 db'
sudo mkdir "${NVR_HOME}"
sudo chown "${NVR_USER}:${NVR_GROUP}" "${NVR_HOME}"
fi
sudo chown ${NVR_USER}:${NVR_GROUP} "${NVR_HOME}"
} }
pre_install_prep() pre_install_prep()
{ {
prep_moonfire_user prep_moonfire_user
setup_db
} }

View File

@ -38,32 +38,21 @@ makePrepConfig
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
# Process command line options
#
while getopts ":f" opt; do
case $opt in
f) DONT_BUILD_FFMPEG=1
;;
:)
echo_fatal "Option -$OPTARG requires an argument."
;;
\?)
echo_fatal -x "Invalid option: -$OPTARG"
;;
esac
done
sudo_warn sudo_warn
# Setup all apt packages we need # Setup all apt packages we need
# #
echo_info -x 'Preparing and downloading packages we need...' echo_info -x 'Preparing and downloading packages we need...'
PKGS="build-essential \ PKGS="build-essential \
libavcodec-dev \
libavformat-dev \
libavutil-dev \
libncurses5-dev \ libncurses5-dev \
libncursesw5-dev \ libncursesw5-dev \
libsqlite3-dev \ libsqlite3-dev \
libssl-dev \ libssl-dev \
pkgconf \ pkgconf \
sqlite3 \
tzdata" tzdata"
# Add yarn before NodeSource so it can all go in one update # Add yarn before NodeSource so it can all go in one update
@ -102,42 +91,6 @@ sudo apt-get install -y $PKGS
sudo apt-get autoremove -y sudo apt-get autoremove -y
echo_info -x echo_info -x
# Check for ffmpeg and install by building if necessary
# This needs to be done before building moonfire so it can
# find the right versions of the libraries.
#
ffv=`ffmpeg -version 2>/dev/null | extractVersion libavutil`
ffv=${ffv:-0}
if ! versionAtLeast "$ffv" "$FFMPEG_MIN_VERSION"; then
if [ "${DONT_BUILD_FFMPEG:-0}" -ne 0 ]; then
echo_warn -x "ffmpeg version (${ffv}) installed is too old for moonfire." \
"Suggest you manually install at least version $FFMPEG_MIN_VERSION of libavutil." \
"ffmpeg versions 2.x and 3.x all should work."
else
OLDDIR=`pwd`
cd ..
if [ -d FFmpeg ]; then
echo_info -x "Removing older FFmpeg directory..."
rm -fr FFmpeg
fi
echo_info -x "Fetching FFmpeg source..."
git clone --depth 1 -b "release/${FFMPEG_RELEASE_VERSION}" https://github.com/FFmpeg/FFmpeg.git
cd FFmpeg
pt=`uname -p 2>/dev/null`
if [ -z "${pt##*86*}" ]; then
DEBIAN_FRONTEND=noninteractive sudo apt-get install -y yasm
fi
./configure --enable-shared
make
sudo make install
sudo ldconfig
cd "$OLDDIR"
OLDDIR=
fi
else
echo_info -x "FFmpeg is already usable..."
fi
# If cargo appears installed, initialize for using it so rustc can be found # If cargo appears installed, initialize for using it so rustc can be found
# #
initCargo initCargo