[tor-commits] [metrics-cloud/master] Import Ansible and CloudFormation templates for check
irl at torproject.org
irl at torproject.org
Tue Mar 3 10:29:27 UTC 2020
commit 434238b858466709bf4de6f68ebcd4d84a75bfea
Author: Iain R. Learmonth <irl at fsfe.org>
Date: Tue Mar 3 10:29:12 2020 +0000
Import Ansible and CloudFormation templates for check
---
ansible/exit-scanners-aws.yml | 3 +-
ansible/exit-scanners.yml | 14 +++++
ansible/roles/check/tasks/main.yml | 63 ++++++++++++++++++++++
ansible/roles/exit-scanner-sys/tasks/main.yml | 25 +++++----
ansible/roles/exit-scanner/files/exitscan.py | 8 +--
.../roles/exit-scanner/files/exitscanner.service | 4 +-
ansible/roles/exit-scanner/handlers/main.yml | 8 +++
ansible/roles/exit-scanner/tasks/main.yml | 29 +++++-----
8 files changed, 122 insertions(+), 32 deletions(-)
diff --git a/ansible/exit-scanners-aws.yml b/ansible/exit-scanners-aws.yml
index 72ce0c6..1d79d12 100644
--- a/ansible/exit-scanners-aws.yml
+++ b/ansible/exit-scanners-aws.yml
@@ -1,9 +1,8 @@
---
- hosts: exit-scanners
user: admin
- vars:
- onionoo_version: 7.0-1.21.0
roles:
- tor-client
- exit-scanner-sys
- exit-scanner
+ - check
diff --git a/ansible/exit-scanners.yml b/ansible/exit-scanners.yml
new file mode 100644
index 0000000..00519c5
--- /dev/null
+++ b/ansible/exit-scanners.yml
@@ -0,0 +1,14 @@
+---
+- hosts: exit-scanners
+ pre_tasks:
+ - name: get sudo password
+ local_action: shell pass Tor/sudo/check
+ register: pass_output
+ changed_when: False
+ when: ansible_user_id == "irl"
+ - name: store as ansible become password
+ set_fact: ansible_become_password="{{ pass_output.stdout_lines[0] }}"
+ when: ansible_user_id == "irl"
+ roles:
+ - exit-scanner
+ - check
diff --git a/ansible/roles/check/tasks/main.yml b/ansible/roles/check/tasks/main.yml
new file mode 100644
index 0000000..bb4d53b
--- /dev/null
+++ b/ansible/roles/check/tasks/main.yml
@@ -0,0 +1,63 @@
+---
+- name: clone the sources
+ git:
+ repo: https://git.torproject.org/check.git
+ dest: /srv/check.torproject.org/check
+ become: true
+ become_user: check
+- name: create a gopath directory
+ file:
+ path: /srv/check.torproject.org/go
+ state: directory
+ become: true
+ become_user: check
+#- name: install the ipscan module
+# copy:
+# src: ipscan.py
+# dest: /srv/tordnsel.torproject.org/exitscanner/exitmap/src/modules/ipscan.py
+# mode: 0755
+# become: true
+# become_user: tordnsel
+- name: create systemd user directory for check
+ file:
+ path: /srv/check.torproject.org/.config/systemd/user
+ state: directory
+ become: true
+ become_user: check
+- name: get sources for go gettext
+ shell:
+ cmd: go get github.com/samuel/go-gettext/gettext
+ become: true
+ become_user: check
+- name: update translations
+ make:
+ chdir: /srv/check.torproject.org/check
+ target: i18n
+ become: true
+ become_user: check
+- name: build
+ make:
+ chdir: /srv/check.torproject.org/check
+ target: build
+ become: true
+ become_user: check
+#- name: install exit scanner service file
+# copy:
+# src: exitscanner.service
+# dest: "/srv/tordnsel.torproject.org/.config/systemd/user/exitscanner.service"
+# become: true
+# become_user: tordnsel
+#- name: reload systemd daemon
+# systemd:
+# scope: user
+# daemon_reload: yes
+# become: true
+# become_user: tordnsel
+#- name: enable and start exitscanner service
+# systemd:
+# scope: user
+# name: exitscanner
+# state: started
+# enabled: yes
+# become: yes
+# become_user: tordnsel
diff --git a/ansible/roles/exit-scanner-sys/tasks/main.yml b/ansible/roles/exit-scanner-sys/tasks/main.yml
index 78916d8..19806ea 100644
--- a/ansible/roles/exit-scanner-sys/tasks/main.yml
+++ b/ansible/roles/exit-scanner-sys/tasks/main.yml
@@ -22,33 +22,32 @@
pkg:
- git
- python-dnspython
+ - curl
+ - gettext
+ - golang-go
+ - build-essential
+ - python-dateutil
update_cache: yes
become: yes
- name: create check account
user:
name: check
comment: "Check Service User"
- #uid: 1547
+ uid: 1507
state: present
become: yes
- name: create tordnsel account
user:
name: tordnsel
comment: "Exit Scanner Service User"
- #uid: 1547
+ uid: 1532
state: present
become: yes
- name: create service directory
file:
- path: /srv/exitscanner.torproject.org
+ path: /srv/tordnsel.torproject.org
state: directory
become: yes
-- name: link /home in /srv
- file:
- src: /home
- dest: /srv/home
- state: link
- become: yes
- name: link home directories /home
file:
src: "{{ item.src }}"
@@ -56,12 +55,12 @@
state: link
force: yes
with_items:
- - { src: /home/tordnsel, dest: /srv/exitscanner.torproject.org/home }
- - { src: /home/check, dest: /srv/exitscanner.torproject.org/check-home }
+ - { src: /home/tordnsel, dest: /srv/tordnsel.torproject.org }
+ - { src: /home/check, dest: /srv/check.torproject.org }
become: yes
- name: create exit scanner runtime directory
file:
- path: /srv/exitscanner.torproject.org/exitscanner
+ path: /srv/tordnsel.torproject.org/exitscanner
owner: tordnsel
group: tordnsel
mode: 0755
@@ -69,7 +68,7 @@
become: yes
- name: create check runtime directory
file:
- path: /srv/exitscanner.torproject.org/check
+ path: /srv/tordnsel.torproject.org/check
owner: check
group: check
mode: 0755
diff --git a/ansible/roles/exit-scanner/files/exitscan.py b/ansible/roles/exit-scanner/files/exitscan.py
index 14c0b17..11e9e56 100644
--- a/ansible/roles/exit-scanner/files/exitscan.py
+++ b/ansible/roles/exit-scanner/files/exitscan.py
@@ -54,7 +54,7 @@ def run():
# Import new measurements
with subprocess.Popen(["./bin/exitmap", "ipscan", "-o", "/dev/stdout"],
- cwd="/srv/exitscanner.torproject.org/exitscanner/exitmap",
+ cwd="/srv/tordnsel.torproject.org/exitscanner/exitmap",
stdout=subprocess.PIPE,
encoding='utf-8') as p:
for line in p.stdout:
@@ -63,7 +63,6 @@ def run():
r"^([0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}),[0-9]{3} modules\.ipscan \[INFO\] (\{.*\})$",
line)
if result:
- print(result)
check_result = json.loads(result.group(2))
desc = stem.descriptor.tordnsel.TorDNSEL("", False)
desc.fingerprint = check_result["Fingerprint"]
@@ -94,7 +93,10 @@ def run():
out.write(f"ExitAddress {a[0]} {a[1]}\n")
# Provide the snapshot emulation
- os.unlink("lists/latest")
+ try:
+ os.unlink("lists/latest")
+ except FileNotFoundError:
+ pass # ok maybe this is the first time we run
os.symlink(os.path.abspath(f"lists/{filename}"), "lists/latest")
if __name__ == "__main__":
diff --git a/ansible/roles/exit-scanner/files/exitscanner.service b/ansible/roles/exit-scanner/files/exitscanner.service
index 012d8b7..920a081 100644
--- a/ansible/roles/exit-scanner/files/exitscanner.service
+++ b/ansible/roles/exit-scanner/files/exitscanner.service
@@ -3,8 +3,8 @@ Description=Exit Scanner
[Service]
Type=simple
-WorkingDirectory=/srv/exitscanner.torproject.org/exitscanner
-ExecStart=/usr/bin/python3 /srv/exitscanner.torproject.org/exitscanner/exitscan.py
+WorkingDirectory=/srv/tordnsel.torproject.org
+ExecStart=/usr/bin/python3 /srv/tordnsel.torproject.org/exitscanner/exitscan.py
[Install]
WantedBy=default.target
diff --git a/ansible/roles/exit-scanner/handlers/main.yml b/ansible/roles/exit-scanner/handlers/main.yml
new file mode 100644
index 0000000..3fc7ea0
--- /dev/null
+++ b/ansible/roles/exit-scanner/handlers/main.yml
@@ -0,0 +1,8 @@
+- name: restart exit scanner
+ systemd:
+ scope: user
+ daemon_reload: true
+ name: exitscanner
+ state: restarted
+ become: yes
+ become_user: tordnsel
diff --git a/ansible/roles/exit-scanner/tasks/main.yml b/ansible/roles/exit-scanner/tasks/main.yml
index d80edb5..abbf865 100644
--- a/ansible/roles/exit-scanner/tasks/main.yml
+++ b/ansible/roles/exit-scanner/tasks/main.yml
@@ -1,53 +1,58 @@
---
+- name: create exit scanner application directory
+ file:
+ path: /srv/tordnsel.torproject.org/exitscanner
+ state: directory
+ become: true
+ become_user: tordnsel
- name: clone the sources
git:
repo: https://github.com/NullHypothesis/exitmap.git
- dest: /srv/exitscanner.torproject.org/exitscanner/exitmap
+ dest: /srv/tordnsel.torproject.org/exitscanner/exitmap
become: true
become_user: tordnsel
+ notify: restart exit scanner
- name: install the ipscan module
copy:
src: ipscan.py
- dest: /srv/exitscanner.torproject.org/exitscanner/exitmap/src/modules/ipscan.py
+ dest: /srv/tordnsel.torproject.org/exitscanner/exitmap/src/modules/ipscan.py
mode: 0755
become: true
become_user: tordnsel
+ notify: restart exit scanner
- name: install the exit scanner script
copy:
src: exitscan.py
- dest: /srv/exitscanner.torproject.org/exitscanner/exitscan.py
+ dest: /srv/tordnsel.torproject.org/exitscanner/exitscan.py
mode: 0755
become: true
become_user: tordnsel
+ notify: restart exit scanner
- name: create systemd user directory for exitscanner
file:
- path: /srv/exitscanner.torproject.org/home/.config/systemd/user
+ path: /srv/tordnsel.torproject.org/.config/systemd/user
state: directory
become: true
become_user: tordnsel
- name: create exit lists directory
file:
- path: /srv/exitscanner.torproject.org/exitscanner/lists
+ path: /srv/tordnsel.torproject.org/lists
state: directory
become: true
become_user: tordnsel
- name: install exit scanner service file
copy:
src: exitscanner.service
- dest: "/srv/exitscanner.torproject.org/home/.config/systemd/user/exitscanner.service"
- become: true
- become_user: tordnsel
-- name: reload systemd daemon
- systemd:
- scope: user
- daemon_reload: yes
+ dest: "/srv/tordnsel.torproject.org/.config/systemd/user/exitscanner.service"
become: true
become_user: tordnsel
+ notify: restart exit scanner
- name: enable and start exitscanner service
systemd:
scope: user
name: exitscanner
state: started
enabled: yes
+ daemon_reload: true
become: yes
become_user: tordnsel
More information about the tor-commits
mailing list