initial commit

5 years ago · be9792cac1
commit be9792cac1
9 changed files with 320 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1,42 @@
+---
+bird_lg_user: "bird_lg"
+bird_lg_group: "{{ bird_lg_user }}"
+
+bird_lg_install_path: "/opt/bird-lg"
+bird_lg_log_path: "/var/log/bird-lg"
+
+bird_lg_repository: "https://github.com/sesa-me/bird-lg"
+bird_lg_version: "burble-clean"
+
+bird_lg_proxy_enabled: yes
+bird_lg_webservice_enabled: yes
+
+bird_lg_domain: "example.com"
+bird_lg_asn_zone: "asn.cymru.com"
+
+bird_lg_webservice_bind: "0.0.0.0"
+bird_lg_webservice_port: 5000
+
+bird_lg_proxy_bind: "0.0.0.0"
+bird_lg_proxy_port: 5000
+bird_lg_access:
+  - 91.224.149.206
+  - 178.33.111.110
+  - 2a01:6600:8081:ce00::1
+
+bird_lg_unified_daemon: yes
+
+bird_lg_proxys:
+  - name: gw
+    address: gw.some.network:5000
+    as: "197422"
+    ips:
+      - "91.224.148.2"
+      - "2a01:6600:8000::175"
+  - name: h3
+    address: h3.some.network:5000
+    as: "197422"
+    ips:
+      - "91.224.148.3"
+      - "2a01:6600:8000::131"
+
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -0,0 +1,10 @@
+---
+- name: restart webservice
+  service:
+    name: bird-lg-webservice
+    state: restarted
+
+- name: restart proxy
+  service:
+    name: bird-lg-proxy
+    state: restarted
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,79 @@
+---
+- name: Install system dependencies
+  apt:
+    name:
+      - python
+      - python-pip
+      - python-virtualenv
+      - whois
+      - traceroute
+      - graphviz
+      
+- name: Create group
+  group:
+    name: "{{ bird_lg_group }}"
+    state: present
+
+- name: Create user
+  user:
+    name: "{{ bird_lg_user }}"
+    group: "{{ bird_lg_group }}"
+    home: "{{ bird_lg_install_path }}"
+    create_home: no
+    system: yes
+
+- name: Add user to group bird
+  user:
+    name: '{{ bird_lg_user }}'
+    groups: "bird"
+    append: yes
+    
+- name: Create installation Directory
+  file:
+    path: "{{ bird_lg_install_path }}"
+    recurse: yes
+    state: directory
+    owner: "{{ bird_lg_user }}"
+    group: "{{ bird_lg_group }}"
+
+- name: Create log Directory
+  file:
+    path: "{{ bird_lg_log_path }}"
+    recurse: yes
+    state: directory
+    owner: "{{ bird_lg_user }}"
+    group: "{{ bird_lg_group }}"
+    
+- name: Clone bird_lg source
+  git:
+    dest: "{{ bird_lg_install_path }}"
+    repo: "{{ bird_lg_repository }}"
+    version: "{{ bird_lg_version }}"
+    force: yes
+  become_user: "{{ bird_lg_user }}"
+  become: true
+
+- name: fix broken encoding due to change in memcached library
+  lineinfile:
+    path: "{{ bird_lg_install_path }}/lg.py"
+    regexp: 'return "AS\%s \| \%s" \% \(_as, name.*'
+    line: '    return "AS%s | %s" % (_as, name)'
+
+
+- name: Install python-dependencies
+  pip:
+    name:
+      - flask
+      - dnspython
+      - pydot
+      - python-memcached
+    virtualenv: "{{ bird_lg_install_path }}/.venv"
+    state: present
+  become_user: "{{ bird_lg_user }}"
+  become: true
+  
+- include_tasks: proxy.yml
+  when: bird_lg_proxy_enabled
+
+- include_tasks: web.yml
+  when: bird_lg_webservice_enabled
--- a/tasks/proxy.yml
+++ b/tasks/proxy.yml
@ -0,0 +1,18 @@
+---
+- name: Copy proxy config file
+  template:
+    src: "lgproxy.cfg.j2"
+    dest: "{{ bird_lg_install_path }}/lgproxy.cfg"
+  notify: restart proxy
+
+- name: Add systemd service file for bird-lg-proxy
+  template:
+    src: "bird-lg-proxy.service.j2"
+    dest: "/etc/systemd/system/bird-lg-proxy.service"
+
+- name: Ensure bird-lg-proxy systemd service is enabled and running
+  systemd:
+    name: "bird-lg-proxy"
+    daemon_reload: yes
+    enabled: yes
+    state: started
--- a/tasks/web.yml
+++ b/tasks/web.yml
@ -0,0 +1,18 @@
+---
+- name: Copy webservice config file
+  template:
+    src: "lg.cfg.j2"
+    dest: "{{ bird_lg_install_path }}/lg.cfg"
+  notify: restart webservice
+
+- name: Add systemd service file for bird-lg-webservice
+  template:
+    src: "bird-lg-webservice.service.j2"
+    dest: "/etc/systemd/system/bird-lg-webservice.service"
+
+- name: Ensure bird-lg-web systemd service is enabled and running
+  systemd:
+    name: "bird-lg-webservice"
+    daemon_reload: yes
+    enabled: yes
+    state: started
--- a/templates/bird-lg-proxy.service.j2
+++ b/templates/bird-lg-proxy.service.j2
@ -0,0 +1,50 @@
+# Copyright (C) 2015-2018 Alsace Réseau Neutre
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# Debian GNU/Linux: store this in /etc/systemd/system/
+
+[Unit]
+Description=BIRD Looking-Glass proxy
+After=bird.service
+
+[Service]
+Type=simple
+#
+# User and group to run as
+#
+User={{ bird_lg_user }}
+Group={{ bird_lg_group }}
+#
+# Service Hardening
+#
+#ProtectSystem=strict
+#NoNewPrivileges=yes
+#ProtectControlGroups=yes
+#PrivateTmp=yes
+#PrivateDevices=yes
+#DevicePolicy=closed
+#MemoryDenyWriteExecute=yes
+## set this to match LOG_FILE from the .cfg file
+#ReadWritePaths={{ bird_lg_log_path }}
+#ReadWritePaths={{ bird_lg_install_path }}
+## set these to match BIRD{,6}_SOCKET
+#ReadWritePaths=/var/run/bird/bird.ctl
+#ReadWritePaths=/var/run/bird/bird6.ctl
+#
+ExecStart={{ bird_lg_install_path }}/.venv/bin/python {{ bird_lg_install_path }}/lgproxy.py
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
--- a/templates/bird-lg-webservice.service.j2
+++ b/templates/bird-lg-webservice.service.j2
@ -0,0 +1,48 @@
+# Copyright (C) 2015-2018 Alsace Réseau Neutre
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# Debian GNU/Linux: store this in /etc/systemd/system/
+
+[Unit]
+Description=BIRD Looking-Glass service
+
+[Service]
+Type=simple
+#
+# User and group to run as
+#
+User={{ bird_lg_user }}
+Group={{ bird_lg_group }}
+#
+# Service Hardening
+#
+#ProtectSystem=strict
+#NoNewPrivileges=yes
+#ProtectControlGroups=yes
+#PrivateTmp=yes
+#PrivateDevices=yes
+#DevicePolicy=closed
+#MemoryDenyWriteExecute=yes
+#AmbientCapabilities=CAP_NET_BIND_SERVICE
+#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+## Change this to match LOG_FILE from the .cfg file
+#ReadWritePaths={{ bird_lg_log_path }}/lg.log
+#ReadWritePaths={{ bird_lg_install_path }}
+#
+ExecStart={{ bird_lg_install_path }}/.venv/bin/python {{ bird_lg_install_path }}/lg.py
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
--- a/templates/lg.cfg.j2
+++ b/templates/lg.cfg.j2
@ -0,0 +1,45 @@
+
+DEBUG = True
+LOG_FILE="{{ bird_lg_log_path }}/lg.log"
+LOG_LEVEL="WARNING"
+
+DOMAIN = "{{ bird_lg_domain }}"
+
+BIND_IP = "{{ bird_lg_webservice_bind }}"
+BIND_PORT = {{ bird_lg_webservice_port }}
+
+PROXY = {
+{% for proxy in bird_lg_proxys %}
+    "{{ proxy.name }}": "{{ proxy.address }}",
+{% endfor %}
+}
+
+# set a timeout (in seconds) on lgproxy requests
+PROXY_TIMEOUT = {
+    "bird":       10,
+    "traceroute": 60
+}
+
+# If True, queries are always done with the "ipv4" backend,
+# and the distinction between IPv4 and IPv6 is removed from the UI.
+UNIFIED_DAEMON = {{ bird_lg_unified_daemon | ternary("True", "False") }}
+
+# Used for bgpmap
+ROUTER_IP = {
+{% for proxy in bird_lg_proxys %}
+    "{{ proxy.name }}": {{ proxy.ips }},
+{% endfor %}
+}
+
+AS_NUMBER = {
+{% for proxy in bird_lg_proxys %}
+    "{{ proxy.name }}": "{{ proxy.as }}",
+{% endfor %}
+}
+
+#WHOIS_SERVER = "whois.foo.bar"
+
+# DNS zone to query for ASN -> name mapping
+ASN_ZONE = "{{ bird_lg_asn_zone }}"
+
+SESSION_KEY = '\xd77\xf9\xfa\xc2\xb5\xcd\x85)`+H\x9d\xeeW\\%\xbe/\xbaT\x89\xe8\xa7'
--- a/templates/lgproxy.cfg.j2
+++ b/templates/lgproxy.cfg.j2
@ -0,0 +1,10 @@
+DEBUG=False
+LOG_FILE="{{ bird_lg_log_path }}/lg-proxy.log"
+LOG_LEVEL="WARNING"
+BIND_IP = "{{ bird_lg_proxy_bind }}"
+BIND_PORT = {{ bird_lg_proxy_port }}
+ACCESS_LIST = {{ bird_lg_access }}
+IPV4_SOURCE=""
+IPV6_SOURCE=""
+BIRD_SOCKET="/var/run/bird/bird.ctl"
+BIRD6_SOCKET="/var/run/bird/bird6.ctl"