commit
be9792cac1
9 changed files with 320 additions and 0 deletions
-
42defaults/main.yml
-
10handlers/main.yml
-
79tasks/main.yml
-
18tasks/proxy.yml
-
18tasks/web.yml
-
50templates/bird-lg-proxy.service.j2
-
48templates/bird-lg-webservice.service.j2
-
45templates/lg.cfg.j2
-
10templates/lgproxy.cfg.j2
@ -0,0 +1,42 @@ |
|||
--- |
|||
bird_lg_user: "bird_lg" |
|||
bird_lg_group: "{{ bird_lg_user }}" |
|||
|
|||
bird_lg_install_path: "/opt/bird-lg" |
|||
bird_lg_log_path: "/var/log/bird-lg" |
|||
|
|||
bird_lg_repository: "https://github.com/sesa-me/bird-lg" |
|||
bird_lg_version: "burble-clean" |
|||
|
|||
bird_lg_proxy_enabled: yes |
|||
bird_lg_webservice_enabled: yes |
|||
|
|||
bird_lg_domain: "example.com" |
|||
bird_lg_asn_zone: "asn.cymru.com" |
|||
|
|||
bird_lg_webservice_bind: "0.0.0.0" |
|||
bird_lg_webservice_port: 5000 |
|||
|
|||
bird_lg_proxy_bind: "0.0.0.0" |
|||
bird_lg_proxy_port: 5000 |
|||
bird_lg_access: |
|||
- 91.224.149.206 |
|||
- 178.33.111.110 |
|||
- 2a01:6600:8081:ce00::1 |
|||
|
|||
bird_lg_unified_daemon: yes |
|||
|
|||
bird_lg_proxys: |
|||
- name: gw |
|||
address: gw.some.network:5000 |
|||
as: "197422" |
|||
ips: |
|||
- "91.224.148.2" |
|||
- "2a01:6600:8000::175" |
|||
- name: h3 |
|||
address: h3.some.network:5000 |
|||
as: "197422" |
|||
ips: |
|||
- "91.224.148.3" |
|||
- "2a01:6600:8000::131" |
|||
|
@ -0,0 +1,10 @@ |
|||
--- |
|||
- name: restart webservice |
|||
service: |
|||
name: bird-lg-webservice |
|||
state: restarted |
|||
|
|||
- name: restart proxy |
|||
service: |
|||
name: bird-lg-proxy |
|||
state: restarted |
@ -0,0 +1,79 @@ |
|||
--- |
|||
- name: Install system dependencies |
|||
apt: |
|||
name: |
|||
- python |
|||
- python-pip |
|||
- python-virtualenv |
|||
- whois |
|||
- traceroute |
|||
- graphviz |
|||
|
|||
- name: Create group |
|||
group: |
|||
name: "{{ bird_lg_group }}" |
|||
state: present |
|||
|
|||
- name: Create user |
|||
user: |
|||
name: "{{ bird_lg_user }}" |
|||
group: "{{ bird_lg_group }}" |
|||
home: "{{ bird_lg_install_path }}" |
|||
create_home: no |
|||
system: yes |
|||
|
|||
- name: Add user to group bird |
|||
user: |
|||
name: '{{ bird_lg_user }}' |
|||
groups: "bird" |
|||
append: yes |
|||
|
|||
- name: Create installation Directory |
|||
file: |
|||
path: "{{ bird_lg_install_path }}" |
|||
recurse: yes |
|||
state: directory |
|||
owner: "{{ bird_lg_user }}" |
|||
group: "{{ bird_lg_group }}" |
|||
|
|||
- name: Create log Directory |
|||
file: |
|||
path: "{{ bird_lg_log_path }}" |
|||
recurse: yes |
|||
state: directory |
|||
owner: "{{ bird_lg_user }}" |
|||
group: "{{ bird_lg_group }}" |
|||
|
|||
- name: Clone bird_lg source |
|||
git: |
|||
dest: "{{ bird_lg_install_path }}" |
|||
repo: "{{ bird_lg_repository }}" |
|||
version: "{{ bird_lg_version }}" |
|||
force: yes |
|||
become_user: "{{ bird_lg_user }}" |
|||
become: true |
|||
|
|||
- name: fix broken encoding due to change in memcached library |
|||
lineinfile: |
|||
path: "{{ bird_lg_install_path }}/lg.py" |
|||
regexp: 'return "AS\%s \| \%s" \% \(_as, name.*' |
|||
line: ' return "AS%s | %s" % (_as, name)' |
|||
|
|||
|
|||
- name: Install python-dependencies |
|||
pip: |
|||
name: |
|||
- flask |
|||
- dnspython |
|||
- pydot |
|||
- python-memcached |
|||
virtualenv: "{{ bird_lg_install_path }}/.venv" |
|||
state: present |
|||
become_user: "{{ bird_lg_user }}" |
|||
become: true |
|||
|
|||
- include_tasks: proxy.yml |
|||
when: bird_lg_proxy_enabled |
|||
|
|||
- include_tasks: web.yml |
|||
when: bird_lg_webservice_enabled |
@ -0,0 +1,18 @@ |
|||
--- |
|||
- name: Copy proxy config file |
|||
template: |
|||
src: "lgproxy.cfg.j2" |
|||
dest: "{{ bird_lg_install_path }}/lgproxy.cfg" |
|||
notify: restart proxy |
|||
|
|||
- name: Add systemd service file for bird-lg-proxy |
|||
template: |
|||
src: "bird-lg-proxy.service.j2" |
|||
dest: "/etc/systemd/system/bird-lg-proxy.service" |
|||
|
|||
- name: Ensure bird-lg-proxy systemd service is enabled and running |
|||
systemd: |
|||
name: "bird-lg-proxy" |
|||
daemon_reload: yes |
|||
enabled: yes |
|||
state: started |
@ -0,0 +1,18 @@ |
|||
--- |
|||
- name: Copy webservice config file |
|||
template: |
|||
src: "lg.cfg.j2" |
|||
dest: "{{ bird_lg_install_path }}/lg.cfg" |
|||
notify: restart webservice |
|||
|
|||
- name: Add systemd service file for bird-lg-webservice |
|||
template: |
|||
src: "bird-lg-webservice.service.j2" |
|||
dest: "/etc/systemd/system/bird-lg-webservice.service" |
|||
|
|||
- name: Ensure bird-lg-web systemd service is enabled and running |
|||
systemd: |
|||
name: "bird-lg-webservice" |
|||
daemon_reload: yes |
|||
enabled: yes |
|||
state: started |
@ -0,0 +1,50 @@ |
|||
# Copyright (C) 2015-2018 Alsace Réseau Neutre |
|||
# |
|||
# This program is free software: you can redistribute it and/or modify |
|||
# it under the terms of the GNU General Public License as published by |
|||
# the Free Software Foundation, either version 3 of the License, or |
|||
# (at your option) any later version. |
|||
# |
|||
# This program is distributed in the hope that it will be useful, |
|||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
# GNU General Public License for more details. |
|||
# |
|||
# You should have received a copy of the GNU General Public License |
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|||
|
|||
# Debian GNU/Linux: store this in /etc/systemd/system/ |
|||
|
|||
[Unit] |
|||
Description=BIRD Looking-Glass proxy |
|||
After=bird.service |
|||
|
|||
[Service] |
|||
Type=simple |
|||
# |
|||
# User and group to run as |
|||
# |
|||
User={{ bird_lg_user }} |
|||
Group={{ bird_lg_group }} |
|||
# |
|||
# Service Hardening |
|||
# |
|||
#ProtectSystem=strict |
|||
#NoNewPrivileges=yes |
|||
#ProtectControlGroups=yes |
|||
#PrivateTmp=yes |
|||
#PrivateDevices=yes |
|||
#DevicePolicy=closed |
|||
#MemoryDenyWriteExecute=yes |
|||
## set this to match LOG_FILE from the .cfg file |
|||
#ReadWritePaths={{ bird_lg_log_path }} |
|||
#ReadWritePaths={{ bird_lg_install_path }} |
|||
## set these to match BIRD{,6}_SOCKET |
|||
#ReadWritePaths=/var/run/bird/bird.ctl |
|||
#ReadWritePaths=/var/run/bird/bird6.ctl |
|||
# |
|||
ExecStart={{ bird_lg_install_path }}/.venv/bin/python {{ bird_lg_install_path }}/lgproxy.py |
|||
Restart=on-failure |
|||
|
|||
[Install] |
|||
WantedBy=multi-user.target |
@ -0,0 +1,48 @@ |
|||
# Copyright (C) 2015-2018 Alsace Réseau Neutre |
|||
# |
|||
# This program is free software: you can redistribute it and/or modify |
|||
# it under the terms of the GNU General Public License as published by |
|||
# the Free Software Foundation, either version 3 of the License, or |
|||
# (at your option) any later version. |
|||
# |
|||
# This program is distributed in the hope that it will be useful, |
|||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
# GNU General Public License for more details. |
|||
# |
|||
# You should have received a copy of the GNU General Public License |
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|||
|
|||
# Debian GNU/Linux: store this in /etc/systemd/system/ |
|||
|
|||
[Unit] |
|||
Description=BIRD Looking-Glass service |
|||
|
|||
[Service] |
|||
Type=simple |
|||
# |
|||
# User and group to run as |
|||
# |
|||
User={{ bird_lg_user }} |
|||
Group={{ bird_lg_group }} |
|||
# |
|||
# Service Hardening |
|||
# |
|||
#ProtectSystem=strict |
|||
#NoNewPrivileges=yes |
|||
#ProtectControlGroups=yes |
|||
#PrivateTmp=yes |
|||
#PrivateDevices=yes |
|||
#DevicePolicy=closed |
|||
#MemoryDenyWriteExecute=yes |
|||
#AmbientCapabilities=CAP_NET_BIND_SERVICE |
|||
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE |
|||
## Change this to match LOG_FILE from the .cfg file |
|||
#ReadWritePaths={{ bird_lg_log_path }}/lg.log |
|||
#ReadWritePaths={{ bird_lg_install_path }} |
|||
# |
|||
ExecStart={{ bird_lg_install_path }}/.venv/bin/python {{ bird_lg_install_path }}/lg.py |
|||
Restart=on-failure |
|||
|
|||
[Install] |
|||
WantedBy=multi-user.target |
@ -0,0 +1,45 @@ |
|||
|
|||
DEBUG = True |
|||
LOG_FILE="{{ bird_lg_log_path }}/lg.log" |
|||
LOG_LEVEL="WARNING" |
|||
|
|||
DOMAIN = "{{ bird_lg_domain }}" |
|||
|
|||
BIND_IP = "{{ bird_lg_webservice_bind }}" |
|||
BIND_PORT = {{ bird_lg_webservice_port }} |
|||
|
|||
PROXY = { |
|||
{% for proxy in bird_lg_proxys %} |
|||
"{{ proxy.name }}": "{{ proxy.address }}", |
|||
{% endfor %} |
|||
} |
|||
|
|||
# set a timeout (in seconds) on lgproxy requests |
|||
PROXY_TIMEOUT = { |
|||
"bird": 10, |
|||
"traceroute": 60 |
|||
} |
|||
|
|||
# If True, queries are always done with the "ipv4" backend, |
|||
# and the distinction between IPv4 and IPv6 is removed from the UI. |
|||
UNIFIED_DAEMON = {{ bird_lg_unified_daemon | ternary("True", "False") }} |
|||
|
|||
# Used for bgpmap |
|||
ROUTER_IP = { |
|||
{% for proxy in bird_lg_proxys %} |
|||
"{{ proxy.name }}": {{ proxy.ips }}, |
|||
{% endfor %} |
|||
} |
|||
|
|||
AS_NUMBER = { |
|||
{% for proxy in bird_lg_proxys %} |
|||
"{{ proxy.name }}": "{{ proxy.as }}", |
|||
{% endfor %} |
|||
} |
|||
|
|||
#WHOIS_SERVER = "whois.foo.bar" |
|||
|
|||
# DNS zone to query for ASN -> name mapping |
|||
ASN_ZONE = "{{ bird_lg_asn_zone }}" |
|||
|
|||
SESSION_KEY = '\xd77\xf9\xfa\xc2\xb5\xcd\x85)`+H\x9d\xeeW\\%\xbe/\xbaT\x89\xe8\xa7' |
@ -0,0 +1,10 @@ |
|||
DEBUG=False |
|||
LOG_FILE="{{ bird_lg_log_path }}/lg-proxy.log" |
|||
LOG_LEVEL="WARNING" |
|||
BIND_IP = "{{ bird_lg_proxy_bind }}" |
|||
BIND_PORT = {{ bird_lg_proxy_port }} |
|||
ACCESS_LIST = {{ bird_lg_access }} |
|||
IPV4_SOURCE="" |
|||
IPV6_SOURCE="" |
|||
BIRD_SOCKET="/var/run/bird/bird.ctl" |
|||
BIRD6_SOCKET="/var/run/bird/bird6.ctl" |
Write
Preview
Loading…
Cancel
Save
Reference in new issue