commit 434238b858466709bf4de6f68ebcd4d84a75bfea Author: Iain R. Learmonth <irl@fsfe.org> Date: Tue Mar 3 10:29:12 2020 +0000 Import Ansible and CloudFormation templates for check --- ansible/exit-scanners-aws.yml | 3 +- ansible/exit-scanners.yml | 14 +++++ ansible/roles/check/tasks/main.yml | 63 ++++++++++++++++++++++ ansible/roles/exit-scanner-sys/tasks/main.yml | 25 +++++---- ansible/roles/exit-scanner/files/exitscan.py | 8 +-- .../roles/exit-scanner/files/exitscanner.service | 4 +- ansible/roles/exit-scanner/handlers/main.yml | 8 +++ ansible/roles/exit-scanner/tasks/main.yml | 29 +++++----- 8 files changed, 122 insertions(+), 32 deletions(-) diff --git a/ansible/exit-scanners-aws.yml b/ansible/exit-scanners-aws.yml index 72ce0c6..1d79d12 100644 --- a/ansible/exit-scanners-aws.yml +++ b/ansible/exit-scanners-aws.yml @@ -1,9 +1,8 @@ --- - hosts: exit-scanners user: admin - vars: - onionoo_version: 7.0-1.21.0 roles: - tor-client - exit-scanner-sys - exit-scanner + - check diff --git a/ansible/exit-scanners.yml b/ansible/exit-scanners.yml new file mode 100644 index 0000000..00519c5 --- /dev/null +++ b/ansible/exit-scanners.yml @@ -0,0 +1,14 @@ +--- +- hosts: exit-scanners + pre_tasks: + - name: get sudo password + local_action: shell pass Tor/sudo/check + register: pass_output + changed_when: False + when: ansible_user_id == "irl" + - name: store as ansible become password + set_fact: ansible_become_password="{{ pass_output.stdout_lines[0] }}" + when: ansible_user_id == "irl" + roles: + - exit-scanner + - check diff --git a/ansible/roles/check/tasks/main.yml b/ansible/roles/check/tasks/main.yml new file mode 100644 index 0000000..bb4d53b --- /dev/null +++ b/ansible/roles/check/tasks/main.yml @@ -0,0 +1,63 @@ +--- +- name: clone the sources + git: + repo: https://git.torproject.org/check.git + dest: /srv/check.torproject.org/check + become: true + become_user: check +- name: create a gopath directory + file: + path: /srv/check.torproject.org/go + state: directory + become: true + become_user: check +#- name: install the ipscan module +# copy: +# src: ipscan.py +# dest: /srv/tordnsel.torproject.org/exitscanner/exitmap/src/modules/ipscan.py +# mode: 0755 +# become: true +# become_user: tordnsel +- name: create systemd user directory for check + file: + path: /srv/check.torproject.org/.config/systemd/user + state: directory + become: true + become_user: check +- name: get sources for go gettext + shell: + cmd: go get github.com/samuel/go-gettext/gettext + become: true + become_user: check +- name: update translations + make: + chdir: /srv/check.torproject.org/check + target: i18n + become: true + become_user: check +- name: build + make: + chdir: /srv/check.torproject.org/check + target: build + become: true + become_user: check +#- name: install exit scanner service file +# copy: +# src: exitscanner.service +# dest: "/srv/tordnsel.torproject.org/.config/systemd/user/exitscanner.service" +# become: true +# become_user: tordnsel +#- name: reload systemd daemon +# systemd: +# scope: user +# daemon_reload: yes +# become: true +# become_user: tordnsel +#- name: enable and start exitscanner service +# systemd: +# scope: user +# name: exitscanner +# state: started +# enabled: yes +# become: yes +# become_user: tordnsel diff --git a/ansible/roles/exit-scanner-sys/tasks/main.yml b/ansible/roles/exit-scanner-sys/tasks/main.yml index 78916d8..19806ea 100644 --- a/ansible/roles/exit-scanner-sys/tasks/main.yml +++ b/ansible/roles/exit-scanner-sys/tasks/main.yml @@ -22,33 +22,32 @@ pkg: - git - python-dnspython + - curl + - gettext + - golang-go + - build-essential + - python-dateutil update_cache: yes become: yes - name: create check account user: name: check comment: "Check Service User" - #uid: 1547 + uid: 1507 state: present become: yes - name: create tordnsel account user: name: tordnsel comment: "Exit Scanner Service User" - #uid: 1547 + uid: 1532 state: present become: yes - name: create service directory file: - path: /srv/exitscanner.torproject.org + path: /srv/tordnsel.torproject.org state: directory become: yes -- name: link /home in /srv - file: - src: /home - dest: /srv/home - state: link - become: yes - name: link home directories /home file: src: "{{ item.src }}" @@ -56,12 +55,12 @@ state: link force: yes with_items: - - { src: /home/tordnsel, dest: /srv/exitscanner.torproject.org/home } - - { src: /home/check, dest: /srv/exitscanner.torproject.org/check-home } + - { src: /home/tordnsel, dest: /srv/tordnsel.torproject.org } + - { src: /home/check, dest: /srv/check.torproject.org } become: yes - name: create exit scanner runtime directory file: - path: /srv/exitscanner.torproject.org/exitscanner + path: /srv/tordnsel.torproject.org/exitscanner owner: tordnsel group: tordnsel mode: 0755 @@ -69,7 +68,7 @@ become: yes - name: create check runtime directory file: - path: /srv/exitscanner.torproject.org/check + path: /srv/tordnsel.torproject.org/check owner: check group: check mode: 0755 diff --git a/ansible/roles/exit-scanner/files/exitscan.py b/ansible/roles/exit-scanner/files/exitscan.py index 14c0b17..11e9e56 100644 --- a/ansible/roles/exit-scanner/files/exitscan.py +++ b/ansible/roles/exit-scanner/files/exitscan.py @@ -54,7 +54,7 @@ def run(): # Import new measurements with subprocess.Popen(["./bin/exitmap", "ipscan", "-o", "/dev/stdout"], - cwd="/srv/exitscanner.torproject.org/exitscanner/exitmap", + cwd="/srv/tordnsel.torproject.org/exitscanner/exitmap", stdout=subprocess.PIPE, encoding='utf-8') as p: for line in p.stdout: @@ -63,7 +63,6 @@ def run(): r"^([0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}),[0-9]{3} modules\.ipscan \[INFO\] (\{.*\})$", line) if result: - print(result) check_result = json.loads(result.group(2)) desc = stem.descriptor.tordnsel.TorDNSEL("", False) desc.fingerprint = check_result["Fingerprint"] @@ -94,7 +93,10 @@ def run(): out.write(f"ExitAddress {a[0]} {a[1]}\n") # Provide the snapshot emulation - os.unlink("lists/latest") + try: + os.unlink("lists/latest") + except FileNotFoundError: + pass # ok maybe this is the first time we run os.symlink(os.path.abspath(f"lists/{filename}"), "lists/latest") if __name__ == "__main__": diff --git a/ansible/roles/exit-scanner/files/exitscanner.service b/ansible/roles/exit-scanner/files/exitscanner.service index 012d8b7..920a081 100644 --- a/ansible/roles/exit-scanner/files/exitscanner.service +++ b/ansible/roles/exit-scanner/files/exitscanner.service @@ -3,8 +3,8 @@ Description=Exit Scanner [Service] Type=simple -WorkingDirectory=/srv/exitscanner.torproject.org/exitscanner -ExecStart=/usr/bin/python3 /srv/exitscanner.torproject.org/exitscanner/exitscan.py +WorkingDirectory=/srv/tordnsel.torproject.org +ExecStart=/usr/bin/python3 /srv/tordnsel.torproject.org/exitscanner/exitscan.py [Install] WantedBy=default.target diff --git a/ansible/roles/exit-scanner/handlers/main.yml b/ansible/roles/exit-scanner/handlers/main.yml new file mode 100644 index 0000000..3fc7ea0 --- /dev/null +++ b/ansible/roles/exit-scanner/handlers/main.yml @@ -0,0 +1,8 @@ +- name: restart exit scanner + systemd: + scope: user + daemon_reload: true + name: exitscanner + state: restarted + become: yes + become_user: tordnsel diff --git a/ansible/roles/exit-scanner/tasks/main.yml b/ansible/roles/exit-scanner/tasks/main.yml index d80edb5..abbf865 100644 --- a/ansible/roles/exit-scanner/tasks/main.yml +++ b/ansible/roles/exit-scanner/tasks/main.yml @@ -1,53 +1,58 @@ --- +- name: create exit scanner application directory + file: + path: /srv/tordnsel.torproject.org/exitscanner + state: directory + become: true + become_user: tordnsel - name: clone the sources git: repo: https://github.com/NullHypothesis/exitmap.git - dest: /srv/exitscanner.torproject.org/exitscanner/exitmap + dest: /srv/tordnsel.torproject.org/exitscanner/exitmap become: true become_user: tordnsel + notify: restart exit scanner - name: install the ipscan module copy: src: ipscan.py - dest: /srv/exitscanner.torproject.org/exitscanner/exitmap/src/modules/ipscan.py + dest: /srv/tordnsel.torproject.org/exitscanner/exitmap/src/modules/ipscan.py mode: 0755 become: true become_user: tordnsel + notify: restart exit scanner - name: install the exit scanner script copy: src: exitscan.py - dest: /srv/exitscanner.torproject.org/exitscanner/exitscan.py + dest: /srv/tordnsel.torproject.org/exitscanner/exitscan.py mode: 0755 become: true become_user: tordnsel + notify: restart exit scanner - name: create systemd user directory for exitscanner file: - path: /srv/exitscanner.torproject.org/home/.config/systemd/user + path: /srv/tordnsel.torproject.org/.config/systemd/user state: directory become: true become_user: tordnsel - name: create exit lists directory file: - path: /srv/exitscanner.torproject.org/exitscanner/lists + path: /srv/tordnsel.torproject.org/lists state: directory become: true become_user: tordnsel - name: install exit scanner service file copy: src: exitscanner.service - dest: "/srv/exitscanner.torproject.org/home/.config/systemd/user/exitscanner.service" - become: true - become_user: tordnsel -- name: reload systemd daemon - systemd: - scope: user - daemon_reload: yes + dest: "/srv/tordnsel.torproject.org/.config/systemd/user/exitscanner.service" become: true become_user: tordnsel + notify: restart exit scanner - name: enable and start exitscanner service systemd: scope: user name: exitscanner state: started enabled: yes + daemon_reload: true become: yes become_user: tordnsel