add role service-bird-lg

This commit is contained in:
Julian Labus 2018-09-21 15:59:10 +02:00
parent 1b6953bda9
commit 7f042e1292
No known key found for this signature in database
GPG key ID: 8AF209F2C6B3572A
15 changed files with 279 additions and 0 deletions

View file

@ -10,6 +10,7 @@ common_repos:
http_meshviewer_prefix: map http_meshviewer_prefix: map
http_grafana_prefix: stats http_grafana_prefix: stats
http_lookingglass_prefix: lg
prometheus_conf_main: prometheus/prometheus.yml.j2 prometheus_conf_main: prometheus/prometheus.yml.j2
prometheus_opts: "--web.listen-address=localhost:9090" prometheus_opts: "--web.listen-address=localhost:9090"

View file

@ -31,6 +31,7 @@
- service-bird - service-bird
- service-bird-icvpn - service-bird-icvpn
- service-bird-ffrl - service-bird-ffrl
- service-bird-lg
- service-bind-slave - service-bind-slave
- service-respondd - service-respondd
- service-nullmailer - service-nullmailer

View file

@ -29,5 +29,6 @@
- service-fastd - service-fastd
- service-fastd-backbone - service-fastd-backbone
- service-bird - service-bird
- service-bird-lg
- service-respondd - service-respondd
- service-nullmailer - service-nullmailer

View file

@ -0,0 +1,13 @@
# Ansible role service-bird-lg
Diese Ansible role installiert und konfiguriert bird-lg.
## Benötigte Variablen
- Variable `http_lookingglass_prefix`
- Variable `git_path`
- Liste `meshes`
- Variable `lg_path` (Rollen-Variable)
- Variable `lg_user `(Rollen-Variable)
- Variable `lg_url_external` (Rollen-Variable)
- Variable `lg_url_internal `(Rollen-Variable)

View file

@ -0,0 +1,19 @@
---
- name: reload systemd
systemd:
daemon_reload: yes
- name: restart bird-lg-proxy
systemd:
name: bird-lg-proxy
state: restarted
- name: restart bird-lg-webservice
systemd:
name: bird-lg-webservice
state: restarted
- name: restart nginx
systemd:
name: nginx
state: restarted

View file

@ -0,0 +1,4 @@
---
dependencies:
- { role: service-bird }
- { role: service-nginx }

View file

@ -0,0 +1,24 @@
---
- name: write lgproxy.cfg
template:
src: lgproxy.cfg.j2
dest: "{{ lg_path }}/lgproxy.cfg"
notify:
- restart bird-lg-proxy
- name: write systemd unit
template:
src: bird-lg-proxy.service.j2
dest: "/etc/systemd/system/bird-lg-proxy.service"
owner: root
group: root
mode: 0644
notify:
- reload systemd
- restart bird-lg-proxy
- name: configure systemd unit
systemd:
name: bird-lg-proxy
enabled: yes
state: started

View file

@ -0,0 +1,33 @@
---
- name: write lg.cfg
template:
src: lg.cfg.j2
dest: "{{ lg_path }}/lg.cfg"
notify:
- restart bird-lg-webservice
- name: write vhost lookingglass.conf
template:
src: lookingglass_vhost.conf.j2
dest: /etc/nginx/conf.d/lookingglass.conf
owner: root
group: root
mode: 0644
notify: restart nginx
- name: write systemd unit
template:
src: bird-lg-webservice.service.j2
dest: "/etc/systemd/system/bird-lg-webservice.service"
owner: root
group: root
mode: 0644
notify:
- reload systemd
- restart bird-lg-webservice
- name: configure systemd unit
systemd:
name: bird-lg-webservice
enabled: yes
state: started

View file

@ -0,0 +1,42 @@
---
- name: clone repo
git:
repo: "https://github.com/sileht/bird-lg.git"
dest: "{{ lg_path }}"
version: master
force: yes
- name: install dependencies
package:
name: "{{ item }}"
state: present
loop:
- python-flask
- python-dnspython
- python-pydot
- python-memcache
- graphviz
- whois
- traceroute
- name: create system user
user:
name: "{{ lg_user }}"
home: "{{ lg_path }}"
groups: bird
shell: /bin/false
- name: create log dir
file:
path: "/var/log/bird-lg"
state: directory
owner: "{{ lg_user }}"
group: "{{ lg_user }}"
- name: configure lg-proxy
when: ffmwu_server_type == "gateway"
include_tasks: lg-proxy.yml
- name: configure lg-webservice
when: ffmwu_server_type == "monitoring"
include_tasks: lg-webservice.yml

View file

@ -0,0 +1,31 @@
# Copyright (C) 2015-2018 Alsace Réseau Neutre
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Debian GNU/Linux: store this in /etc/systemd/system/
[Unit]
Description=BIRD Looking-Glass proxy
After=bird.service bird6.service
[Service]
Type=simple
ExecStart=/usr/bin/python {{ lg_path }}/lgproxy.py
User={{ lg_user }}
Restart=on-failure
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,31 @@
# Copyright (C) 2015-2018 Alsace Réseau Neutre
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Debian GNU/Linux: store this in /etc/systemd/system/
[Unit]
Description=BIRD Looking-Glass service
After=nginx.service
[Service]
Type=simple
User={{ lg_user }}
ExecStart=/usr/bin/python {{ lg_path }}/lg.py
Restart=on-failure
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,34 @@
DEBUG = False
LOG_FILE="/var/log/bird-lg/lg-webservice.log"
LOG_LEVEL="WARNING"
DOMAIN = "ffmwu.org"
BIND_IP = "127.0.0.1"
BIND_PORT = 5001
PROXY = {
{% for host in groups["ffmwu-gateways"] %}
"{{ host.rsplit('.freifunk-mwu.de')[0] }}" : 5000,
{% endfor %}
}
# Used for bgpmap
ROUTER_IP = {
{% for host in groups["ffmwu-gateways"] %}
"{{ host.rsplit('.freifunk-mwu.de')[0] }}" : [ "{{ bgp_ipv4_transfer_net | ipaddr('net') | ipaddr(hostvars[host]['magic']) | ipaddr('ip') }}", "{{ bgp_ipv6_transfer_net | ipaddr('net') | ipsubnet(64, 0) | ipaddr(hostvars[host]['magic']) | ipaddr('ip') }}" ],
{% endfor %}
}
AS_NUMBER = {
{% for host in groups["ffmwu-gateways"] %}
"{{ host.rsplit('.freifunk-mwu.de')[0] }}" : "65037",
{% endfor %}
}
#WHOIS_SERVER = "whois.foo.bar"
# DNS zone to query for ASN -> name mapping
ASN_ZONE = "asn.cymru.com"
SESSION_KEY = '\xd77\xf9\xfa\xc2\xb5\xcd\x85)`+H\x9d\xeeW\\%\xbe/\xbaT\x89\xe8\xa7'

View file

@ -0,0 +1,16 @@
DEBUG=False
LOG_FILE="/var/log/bird-lg/lg-proxy.log"
LOG_LEVEL="WARNING"
BIND_IP = "{{ bgp_ipv4_transfer_net | ipaddr('net') | ipaddr(magic) | ipaddr('ip') }}"
BIND_PORT = 5000
ACCESS_LIST = [ {% for host in groups["ffmwu-monitoring"] %}"{{ bgp_ipv4_transfer_net | ipaddr('net') | ipaddr(hostvars[host]['magic']) | ipaddr('ip') }}"{% if not loop.last %}, {% endif %}{% endfor %} ]
# ???
IPV4_SOURCE = "10.207.0.37"
IPV6_SOURCE = "fec0::a:cf:0:25"
BIRD_SOCKET="/var/run/bird/bird.ctl"
BIRD6_SOCKET="/var/run/bird/bird6.ctl"

View file

@ -0,0 +1,23 @@
server {
listen 80;
listen [::]:80;
server_name {{ lg_url_external }} {{ lg_url_internal }};
include /etc/nginx/snippets/redirect-to-ssl.conf;
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name {{ lg_url_external }} {{ lg_url_internal }};
ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
location / {
proxy_pass http://127.0.0.1:5001;
}
}

View file

@ -0,0 +1,6 @@
---
lg_path: "{{ git_path }}/bird-lg"
lg_user: "lookingglass"
lg_url_external: "{{ http_lookingglass_prefix }}.{{ http_domain_external }}"
lg_url_internal: "{{ http_lookingglass_prefix }}.{{ http_domain_internal }}"