[tor-commits] [metrics-cloud/master] Import Ansible and CloudFormation templates for check

irl at torproject.org irl at torproject.org
Tue Mar 3 10:29:27 UTC 2020


commit 434238b858466709bf4de6f68ebcd4d84a75bfea
Author: Iain R. Learmonth <irl at fsfe.org>
Date:   Tue Mar 3 10:29:12 2020 +0000

    Import Ansible and CloudFormation templates for check
---
 ansible/exit-scanners-aws.yml                      |  3 +-
 ansible/exit-scanners.yml                          | 14 +++++
 ansible/roles/check/tasks/main.yml                 | 63 ++++++++++++++++++++++
 ansible/roles/exit-scanner-sys/tasks/main.yml      | 25 +++++----
 ansible/roles/exit-scanner/files/exitscan.py       |  8 +--
 .../roles/exit-scanner/files/exitscanner.service   |  4 +-
 ansible/roles/exit-scanner/handlers/main.yml       |  8 +++
 ansible/roles/exit-scanner/tasks/main.yml          | 29 +++++-----
 8 files changed, 122 insertions(+), 32 deletions(-)

diff --git a/ansible/exit-scanners-aws.yml b/ansible/exit-scanners-aws.yml
index 72ce0c6..1d79d12 100644
--- a/ansible/exit-scanners-aws.yml
+++ b/ansible/exit-scanners-aws.yml
@@ -1,9 +1,8 @@
 ---
 - hosts: exit-scanners
   user: admin
-  vars:
-    onionoo_version: 7.0-1.21.0
   roles:
     - tor-client
     - exit-scanner-sys
     - exit-scanner
+    - check
diff --git a/ansible/exit-scanners.yml b/ansible/exit-scanners.yml
new file mode 100644
index 0000000..00519c5
--- /dev/null
+++ b/ansible/exit-scanners.yml
@@ -0,0 +1,14 @@
+---
+- hosts: exit-scanners
+  pre_tasks:
+    - name: get sudo password
+      local_action: shell pass Tor/sudo/check
+      register: pass_output
+      changed_when: False
+      when: ansible_user_id == "irl"
+    - name: store as ansible become password
+      set_fact: ansible_become_password="{{ pass_output.stdout_lines[0] }}"
+      when: ansible_user_id == "irl"
+  roles:
+    - exit-scanner
+    - check
diff --git a/ansible/roles/check/tasks/main.yml b/ansible/roles/check/tasks/main.yml
new file mode 100644
index 0000000..bb4d53b
--- /dev/null
+++ b/ansible/roles/check/tasks/main.yml
@@ -0,0 +1,63 @@
+---
+- name: clone the sources
+  git:
+    repo: https://git.torproject.org/check.git
+    dest: /srv/check.torproject.org/check
+  become: true
+  become_user: check
+- name: create a gopath directory
+  file:
+    path: /srv/check.torproject.org/go
+    state: directory
+  become: true
+  become_user: check
+#- name: install the ipscan module
+#  copy:
+#    src: ipscan.py
+#    dest: /srv/tordnsel.torproject.org/exitscanner/exitmap/src/modules/ipscan.py
+#    mode: 0755
+#  become: true
+#  become_user: tordnsel
+- name: create systemd user directory for check
+  file:
+    path: /srv/check.torproject.org/.config/systemd/user
+    state: directory
+  become: true
+  become_user: check
+- name: get sources for go gettext
+  shell:
+    cmd: go get github.com/samuel/go-gettext/gettext
+  become: true
+  become_user: check
+- name: update translations
+  make:
+    chdir: /srv/check.torproject.org/check
+    target: i18n
+  become: true
+  become_user: check
+- name: build
+  make:
+    chdir: /srv/check.torproject.org/check
+    target: build
+  become: true
+  become_user: check
+#- name: install exit scanner service file
+#  copy:
+#    src: exitscanner.service
+#    dest: "/srv/tordnsel.torproject.org/.config/systemd/user/exitscanner.service"
+#  become: true
+#  become_user: tordnsel
+#- name: reload systemd daemon
+#  systemd:
+#    scope: user
+#    daemon_reload: yes
+#  become: true
+#  become_user: tordnsel
+#- name: enable and start exitscanner service
+#  systemd:
+#    scope: user
+#    name: exitscanner
+#    state: started
+#    enabled: yes
+#  become: yes
+#  become_user: tordnsel
diff --git a/ansible/roles/exit-scanner-sys/tasks/main.yml b/ansible/roles/exit-scanner-sys/tasks/main.yml
index 78916d8..19806ea 100644
--- a/ansible/roles/exit-scanner-sys/tasks/main.yml
+++ b/ansible/roles/exit-scanner-sys/tasks/main.yml
@@ -22,33 +22,32 @@
     pkg:
       - git
       - python-dnspython
+      - curl
+      - gettext
+      - golang-go
+      - build-essential
+      - python-dateutil
     update_cache: yes
   become: yes
 - name: create check account
   user:
     name: check
     comment: "Check Service User"
-    #uid: 1547
+    uid: 1507
     state: present
   become: yes
 - name: create tordnsel account
   user:
     name: tordnsel
     comment: "Exit Scanner Service User"
-    #uid: 1547
+    uid: 1532
     state: present
   become: yes
 - name: create service directory
   file:
-    path: /srv/exitscanner.torproject.org
+    path: /srv/tordnsel.torproject.org
     state: directory
   become: yes
-- name: link /home in /srv
-  file:
-    src: /home
-    dest: /srv/home
-    state: link
-  become: yes
 - name: link home directories /home
   file:
     src: "{{ item.src }}"
@@ -56,12 +55,12 @@
     state: link
     force: yes
   with_items:
-    - { src: /home/tordnsel, dest: /srv/exitscanner.torproject.org/home }
-    - { src: /home/check, dest: /srv/exitscanner.torproject.org/check-home }
+    - { src: /home/tordnsel, dest: /srv/tordnsel.torproject.org }
+    - { src: /home/check, dest: /srv/check.torproject.org }
   become: yes
 - name: create exit scanner runtime directory
   file:
-    path: /srv/exitscanner.torproject.org/exitscanner
+    path: /srv/tordnsel.torproject.org/exitscanner
     owner: tordnsel
     group: tordnsel
     mode: 0755
@@ -69,7 +68,7 @@
   become: yes
 - name: create check runtime directory
   file:
-    path: /srv/exitscanner.torproject.org/check
+    path: /srv/tordnsel.torproject.org/check
     owner: check
     group: check
     mode: 0755
diff --git a/ansible/roles/exit-scanner/files/exitscan.py b/ansible/roles/exit-scanner/files/exitscan.py
index 14c0b17..11e9e56 100644
--- a/ansible/roles/exit-scanner/files/exitscan.py
+++ b/ansible/roles/exit-scanner/files/exitscan.py
@@ -54,7 +54,7 @@ def run():
 
     # Import new measurements
     with subprocess.Popen(["./bin/exitmap", "ipscan", "-o", "/dev/stdout"],
-                          cwd="/srv/exitscanner.torproject.org/exitscanner/exitmap",
+                          cwd="/srv/tordnsel.torproject.org/exitscanner/exitmap",
                           stdout=subprocess.PIPE,
                           encoding='utf-8') as p:
         for line in p.stdout:
@@ -63,7 +63,6 @@ def run():
                 r"^([0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}),[0-9]{3} modules\.ipscan \[INFO\] (\{.*\})$",
                 line)
             if result:
-                print(result)
                 check_result = json.loads(result.group(2))
                 desc = stem.descriptor.tordnsel.TorDNSEL("", False)
                 desc.fingerprint = check_result["Fingerprint"]
@@ -94,7 +93,10 @@ def run():
                     out.write(f"ExitAddress {a[0]} {a[1]}\n")
 
     # Provide the snapshot emulation
-    os.unlink("lists/latest")
+    try:
+        os.unlink("lists/latest")
+    except FileNotFoundError:
+        pass # ok maybe this is the first time we run
     os.symlink(os.path.abspath(f"lists/{filename}"), "lists/latest")
 
 if __name__ == "__main__":
diff --git a/ansible/roles/exit-scanner/files/exitscanner.service b/ansible/roles/exit-scanner/files/exitscanner.service
index 012d8b7..920a081 100644
--- a/ansible/roles/exit-scanner/files/exitscanner.service
+++ b/ansible/roles/exit-scanner/files/exitscanner.service
@@ -3,8 +3,8 @@ Description=Exit Scanner
 
 [Service]
 Type=simple
-WorkingDirectory=/srv/exitscanner.torproject.org/exitscanner
-ExecStart=/usr/bin/python3 /srv/exitscanner.torproject.org/exitscanner/exitscan.py
+WorkingDirectory=/srv/tordnsel.torproject.org
+ExecStart=/usr/bin/python3 /srv/tordnsel.torproject.org/exitscanner/exitscan.py
 
 [Install]
 WantedBy=default.target
diff --git a/ansible/roles/exit-scanner/handlers/main.yml b/ansible/roles/exit-scanner/handlers/main.yml
new file mode 100644
index 0000000..3fc7ea0
--- /dev/null
+++ b/ansible/roles/exit-scanner/handlers/main.yml
@@ -0,0 +1,8 @@
+- name: restart exit scanner
+  systemd:
+    scope: user
+    daemon_reload: true
+    name: exitscanner
+    state: restarted
+  become: yes
+  become_user: tordnsel
diff --git a/ansible/roles/exit-scanner/tasks/main.yml b/ansible/roles/exit-scanner/tasks/main.yml
index d80edb5..abbf865 100644
--- a/ansible/roles/exit-scanner/tasks/main.yml
+++ b/ansible/roles/exit-scanner/tasks/main.yml
@@ -1,53 +1,58 @@
 ---
+- name: create exit scanner application directory
+  file:
+    path: /srv/tordnsel.torproject.org/exitscanner
+    state: directory
+  become: true
+  become_user: tordnsel
 - name: clone the sources
   git:
     repo: https://github.com/NullHypothesis/exitmap.git
-    dest: /srv/exitscanner.torproject.org/exitscanner/exitmap
+    dest: /srv/tordnsel.torproject.org/exitscanner/exitmap
   become: true
   become_user: tordnsel
+  notify: restart exit scanner
 - name: install the ipscan module
   copy:
     src: ipscan.py
-    dest: /srv/exitscanner.torproject.org/exitscanner/exitmap/src/modules/ipscan.py
+    dest: /srv/tordnsel.torproject.org/exitscanner/exitmap/src/modules/ipscan.py
     mode: 0755
   become: true
   become_user: tordnsel
+  notify: restart exit scanner
 - name: install the exit scanner script
   copy:
     src: exitscan.py
-    dest: /srv/exitscanner.torproject.org/exitscanner/exitscan.py
+    dest: /srv/tordnsel.torproject.org/exitscanner/exitscan.py
     mode: 0755
   become: true
   become_user: tordnsel
+  notify: restart exit scanner
 - name: create systemd user directory for exitscanner
   file:
-    path: /srv/exitscanner.torproject.org/home/.config/systemd/user
+    path: /srv/tordnsel.torproject.org/.config/systemd/user
     state: directory
   become: true
   become_user: tordnsel
 - name: create exit lists directory
   file:
-    path: /srv/exitscanner.torproject.org/exitscanner/lists
+    path: /srv/tordnsel.torproject.org/lists
     state: directory
   become: true
   become_user: tordnsel
 - name: install exit scanner service file
   copy:
     src: exitscanner.service
-    dest: "/srv/exitscanner.torproject.org/home/.config/systemd/user/exitscanner.service"
-  become: true
-  become_user: tordnsel
-- name: reload systemd daemon
-  systemd:
-    scope: user
-    daemon_reload: yes
+    dest: "/srv/tordnsel.torproject.org/.config/systemd/user/exitscanner.service"
   become: true
   become_user: tordnsel
+  notify: restart exit scanner
 - name: enable and start exitscanner service
   systemd:
     scope: user
     name: exitscanner
     state: started
     enabled: yes
+    daemon_reload: true
   become: yes
   become_user: tordnsel



More information about the tor-commits mailing list