commit be9792cac1d080b9313bda1a5be4efb90af21963
Author: Simeon Keske <git@n0emis.eu>
Date: Mon May 25 13:36:51 2020 +0200
initial commit
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..3931cde
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,42 @@
+---
+bird_lg_user: "bird_lg"
+bird_lg_group: "{{ bird_lg_user }}"
+
+bird_lg_install_path: "/opt/bird-lg"
+bird_lg_log_path: "/var/log/bird-lg"
+
+bird_lg_repository: "https://github.com/sesa-me/bird-lg"
+bird_lg_version: "burble-clean"
+
+bird_lg_proxy_enabled: yes
+bird_lg_webservice_enabled: yes
+
+bird_lg_domain: "example.com"
+bird_lg_asn_zone: "asn.cymru.com"
+
+bird_lg_webservice_bind: "0.0.0.0"
+bird_lg_webservice_port: 5000
+
+bird_lg_proxy_bind: "0.0.0.0"
+bird_lg_proxy_port: 5000
+bird_lg_access:
+ - 91.224.149.206
+ - 178.33.111.110
+ - 2a01:6600:8081:ce00::1
+
+bird_lg_unified_daemon: yes
+
+bird_lg_proxys:
+ - name: gw
+ address: gw.some.network:5000
+ as: "197422"
+ ips:
+ - "91.224.148.2"
+ - "2a01:6600:8000::175"
+ - name: h3
+ address: h3.some.network:5000
+ as: "197422"
+ ips:
+ - "91.224.148.3"
+ - "2a01:6600:8000::131"
+
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..3aa6363
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,10 @@
+---
+- name: restart webservice
+ service:
+ name: bird-lg-webservice
+ state: restarted
+
+- name: restart proxy
+ service:
+ name: bird-lg-proxy
+ state: restarted
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..d3be4d7
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,79 @@
+---
+- name: Install system dependencies
+ apt:
+ name:
+ - python
+ - python-pip
+ - python-virtualenv
+ - whois
+ - traceroute
+ - graphviz
+
+- name: Create group
+ group:
+ name: "{{ bird_lg_group }}"
+ state: present
+
+- name: Create user
+ user:
+ name: "{{ bird_lg_user }}"
+ group: "{{ bird_lg_group }}"
+ home: "{{ bird_lg_install_path }}"
+ create_home: no
+ system: yes
+
+- name: Add user to group bird
+ user:
+ name: '{{ bird_lg_user }}'
+ groups: "bird"
+ append: yes
+
+- name: Create installation Directory
+ file:
+ path: "{{ bird_lg_install_path }}"
+ recurse: yes
+ state: directory
+ owner: "{{ bird_lg_user }}"
+ group: "{{ bird_lg_group }}"
+
+- name: Create log Directory
+ file:
+ path: "{{ bird_lg_log_path }}"
+ recurse: yes
+ state: directory
+ owner: "{{ bird_lg_user }}"
+ group: "{{ bird_lg_group }}"
+
+- name: Clone bird_lg source
+ git:
+ dest: "{{ bird_lg_install_path }}"
+ repo: "{{ bird_lg_repository }}"
+ version: "{{ bird_lg_version }}"
+ force: yes
+ become_user: "{{ bird_lg_user }}"
+ become: true
+
+- name: fix broken encoding due to change in memcached library
+ lineinfile:
+ path: "{{ bird_lg_install_path }}/lg.py"
+ regexp: 'return "AS\%s \| \%s" \% \(_as, name.*'
+ line: ' return "AS%s | %s" % (_as, name)'
+
+
+- name: Install python-dependencies
+ pip:
+ name:
+ - flask
+ - dnspython
+ - pydot
+ - python-memcached
+ virtualenv: "{{ bird_lg_install_path }}/.venv"
+ state: present
+ become_user: "{{ bird_lg_user }}"
+ become: true
+
+- include_tasks: proxy.yml
+ when: bird_lg_proxy_enabled
+
+- include_tasks: web.yml
+ when: bird_lg_webservice_enabled
diff --git a/tasks/proxy.yml b/tasks/proxy.yml
new file mode 100644
index 0000000..eed4185
--- /dev/null
+++ b/tasks/proxy.yml
@@ -0,0 +1,18 @@
+---
+- name: Copy proxy config file
+ template:
+ src: "lgproxy.cfg.j2"
+ dest: "{{ bird_lg_install_path }}/lgproxy.cfg"
+ notify: restart proxy
+
+- name: Add systemd service file for bird-lg-proxy
+ template:
+ src: "bird-lg-proxy.service.j2"
+ dest: "/etc/systemd/system/bird-lg-proxy.service"
+
+- name: Ensure bird-lg-proxy systemd service is enabled and running
+ systemd:
+ name: "bird-lg-proxy"
+ daemon_reload: yes
+ enabled: yes
+ state: started
\ No newline at end of file
diff --git a/tasks/web.yml b/tasks/web.yml
new file mode 100644
index 0000000..1aa1b99
--- /dev/null
+++ b/tasks/web.yml
@@ -0,0 +1,18 @@
+---
+- name: Copy webservice config file
+ template:
+ src: "lg.cfg.j2"
+ dest: "{{ bird_lg_install_path }}/lg.cfg"
+ notify: restart webservice
+
+- name: Add systemd service file for bird-lg-webservice
+ template:
+ src: "bird-lg-webservice.service.j2"
+ dest: "/etc/systemd/system/bird-lg-webservice.service"
+
+- name: Ensure bird-lg-web systemd service is enabled and running
+ systemd:
+ name: "bird-lg-webservice"
+ daemon_reload: yes
+ enabled: yes
+ state: started
diff --git a/templates/bird-lg-proxy.service.j2 b/templates/bird-lg-proxy.service.j2
new file mode 100644
index 0000000..42fd3a1
--- /dev/null
+++ b/templates/bird-lg-proxy.service.j2
@@ -0,0 +1,50 @@
+# Copyright (C) 2015-2018 Alsace Réseau Neutre
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# Debian GNU/Linux: store this in /etc/systemd/system/
+
+[Unit]
+Description=BIRD Looking-Glass proxy
+After=bird.service
+
+[Service]
+Type=simple
+#
+# User and group to run as
+#
+User={{ bird_lg_user }}
+Group={{ bird_lg_group }}
+#
+# Service Hardening
+#
+#ProtectSystem=strict
+#NoNewPrivileges=yes
+#ProtectControlGroups=yes
+#PrivateTmp=yes
+#PrivateDevices=yes
+#DevicePolicy=closed
+#MemoryDenyWriteExecute=yes
+## set this to match LOG_FILE from the .cfg file
+#ReadWritePaths={{ bird_lg_log_path }}
+#ReadWritePaths={{ bird_lg_install_path }}
+## set these to match BIRD{,6}_SOCKET
+#ReadWritePaths=/var/run/bird/bird.ctl
+#ReadWritePaths=/var/run/bird/bird6.ctl
+#
+ExecStart={{ bird_lg_install_path }}/.venv/bin/python {{ bird_lg_install_path }}/lgproxy.py
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/templates/bird-lg-webservice.service.j2 b/templates/bird-lg-webservice.service.j2
new file mode 100644
index 0000000..5cb1f6e
--- /dev/null
+++ b/templates/bird-lg-webservice.service.j2
@@ -0,0 +1,48 @@
+# Copyright (C) 2015-2018 Alsace Réseau Neutre
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# Debian GNU/Linux: store this in /etc/systemd/system/
+
+[Unit]
+Description=BIRD Looking-Glass service
+
+[Service]
+Type=simple
+#
+# User and group to run as
+#
+User={{ bird_lg_user }}
+Group={{ bird_lg_group }}
+#
+# Service Hardening
+#
+#ProtectSystem=strict
+#NoNewPrivileges=yes
+#ProtectControlGroups=yes
+#PrivateTmp=yes
+#PrivateDevices=yes
+#DevicePolicy=closed
+#MemoryDenyWriteExecute=yes
+#AmbientCapabilities=CAP_NET_BIND_SERVICE
+#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+## Change this to match LOG_FILE from the .cfg file
+#ReadWritePaths={{ bird_lg_log_path }}/lg.log
+#ReadWritePaths={{ bird_lg_install_path }}
+#
+ExecStart={{ bird_lg_install_path }}/.venv/bin/python {{ bird_lg_install_path }}/lg.py
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/templates/lg.cfg.j2 b/templates/lg.cfg.j2
new file mode 100644
index 0000000..f73f1c1
--- /dev/null
+++ b/templates/lg.cfg.j2
@@ -0,0 +1,45 @@
+
+DEBUG = True
+LOG_FILE="{{ bird_lg_log_path }}/lg.log"
+LOG_LEVEL="WARNING"
+
+DOMAIN = "{{ bird_lg_domain }}"
+
+BIND_IP = "{{ bird_lg_webservice_bind }}"
+BIND_PORT = {{ bird_lg_webservice_port }}
+
+PROXY = {
+{% for proxy in bird_lg_proxys %}
+ "{{ proxy.name }}": "{{ proxy.address }}",
+{% endfor %}
+}
+
+# set a timeout (in seconds) on lgproxy requests
+PROXY_TIMEOUT = {
+ "bird": 10,
+ "traceroute": 60
+}
+
+# If True, queries are always done with the "ipv4" backend,
+# and the distinction between IPv4 and IPv6 is removed from the UI.
+UNIFIED_DAEMON = {{ bird_lg_unified_daemon | ternary("True", "False") }}
+
+# Used for bgpmap
+ROUTER_IP = {
+{% for proxy in bird_lg_proxys %}
+ "{{ proxy.name }}": {{ proxy.ips }},
+{% endfor %}
+}
+
+AS_NUMBER = {
+{% for proxy in bird_lg_proxys %}
+ "{{ proxy.name }}": "{{ proxy.as }}",
+{% endfor %}
+}
+
+#WHOIS_SERVER = "whois.foo.bar"
+
+# DNS zone to query for ASN -> name mapping
+ASN_ZONE = "{{ bird_lg_asn_zone }}"
+
+SESSION_KEY = '\xd77\xf9\xfa\xc2\xb5\xcd\x85)`+H\x9d\xeeW\\%\xbe/\xbaT\x89\xe8\xa7'
\ No newline at end of file
diff --git a/templates/lgproxy.cfg.j2 b/templates/lgproxy.cfg.j2
new file mode 100644
index 0000000..9f592b0
--- /dev/null
+++ b/templates/lgproxy.cfg.j2
@@ -0,0 +1,10 @@
+DEBUG=False
+LOG_FILE="{{ bird_lg_log_path }}/lg-proxy.log"
+LOG_LEVEL="WARNING"
+BIND_IP = "{{ bird_lg_proxy_bind }}"
+BIND_PORT = {{ bird_lg_proxy_port }}
+ACCESS_LIST = {{ bird_lg_access }}
+IPV4_SOURCE=""
+IPV6_SOURCE=""
+BIRD_SOCKET="/var/run/bird/bird.ctl"
+BIRD6_SOCKET="/var/run/bird/bird6.ctl"