mozilla
/
hubs-ops
зеркало из https://github.com/mozilla/hubs-ops.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Update janus config scripts to generate user TOML

This commit is contained in:
Greg Fodor 2018-12-22 00:20:23 +00:00
Родитель acf5dae86e
Коммит 2c3c039923
10 изменённых файлов: 78 добавлений и 49 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
ansible/config_deploy.sh
Просмотреть файл

@ -23,4 +23,4 @@ EC2_INFO=$(aws ec2 --region $REGION describe-instances)
BASTION_IP=$(echo $EC2_INFO | jq -r ".Reservations | map(.Instances) | flatten | map(select(any(.State ; .Name == \"running\"))) | map(select(any(.Tags // [] | from_entries ; .[\"host-type\"] == \"${ENVIRONMENT}-bastion\"))) | .[] | .PublicIpAddress" | shuf | head -n1) BASTION_IP=$(echo $EC2_INFO | jq -r ".Reservations | map(.Instances) | flatten | map(select(any(.State ; .Name == \"running\"))) | map(select(any(.Tags // [] | from_entries ; .[\"host-type\"] == \"${ENVIRONMENT}-bastion\"))) | .[] | .PublicIpAddress" | shuf | head -n1)
TARGET_IP=$(echo $EC2_INFO | jq -r ".Reservations | map(.Instances) | flatten | map(select(any(.State ; .Name == \"running\"))) | map(select(any(.Tags // [] | from_entries ; .[\"host-type\"] == \"${ENVIRONMENT}-hab\"))) | .[] | .PrivateIpAddress" | shuf | head -n1) TARGET_IP=$(echo $EC2_INFO | jq -r ".Reservations | map(.Instances) | flatten | map(select(any(.State ; .Name == \"running\"))) | map(select(any(.Tags // [] | from_entries ; .[\"host-type\"] == \"${ENVIRONMENT}-hab\"))) | .[] | .PrivateIpAddress" | shuf | head -n1)
ansible-playbook --ask-vault-pass -i "${TARGET_IP}," --ssh-common-args="-i ~/.ssh/mozilla_mr_id_rsa -o ProxyCommand=\"ssh -W %h:%p -o StrictHostKeyChecking=no -i ~/.ssh/mozilla_mr_id_rsa ubuntu@${BASTION_IP}\"" --extra-vars "env=${ENVIRONMENT}" -u ubuntu "${HOST_TYPE}-config.yml" ansible-playbook --ask-vault-pass -i "${TARGET_IP}," --ssh-common-args="-i ~/.ssh/mozilla_mr_id_rsa -o ProxyCommand=\"ssh -W %h:%p -o StrictHostKeyChecking=no -i ~/.ssh/mozilla_mr_id_rsa ubuntu@${BASTION_IP}\"" --extra-vars "env=${ENVIRONMENT} connection=ssh" -u ubuntu "${HOST_TYPE}-config.yml"

17
ansible/config_generate.sh Executable file
Просмотреть файл

@ -0,0 +1,17 @@
#!/usr/bin/env bash
if [[ -z "$1" ]]; then
echo -e "
Usage: config_generate.sh <host-type>
Generates config for this host type into /hab/user
"
exit 1
fi
# TODO this should get a lot smarter -- if you are on a branch, disallow. If you have working changes, warn the user and require a flag.
git pull origin master
HOST_TYPE=$1
ansible-playbook -i "127.0.0.1," --extra-vars "env=local connection=local" "${HOST_TYPE}-config.yml"

2
ansible/janus-config.yml
Просмотреть файл

@ -3,5 +3,7 @@
- hosts: all - hosts: all
gather_facts: false gather_facts: false
become: true become: true
become_user: "{{ 'hab' if connection == 'local' else 'root' }}"
connection: "{{ connection }}"
roles: roles:
- role: janus - role: janus

0
ansible/roles/janus/files/reticulum.io.pem → ansible/roles/janus/files/wss.key
Просмотреть файл

0
ansible/roles/janus/files/reticulum.io.crt → ansible/roles/janus/files/wss.pem
Просмотреть файл

72
ansible/roles/janus/tasks/main.yml
Просмотреть файл

@ -1,12 +1,18 @@
--- ---
- block: - block:
- name: Include remote specific vars
include_vars:
file: "roles/janus/vars/remote.yml"
when: env != 'local'
- name: Include environment specific vars - name: Include environment specific vars
include_vars: include_vars:
file: "roles/janus/vars/{{ env }}.yml" file: "roles/janus/vars/{{ env }}.yml"
- name: Install moz hab-butterfly (needed until https://github.com/habitat-sh/habitat/issues/4066 is closed) - name: Install moz hab-butterfly (needed until https://github.com/habitat-sh/habitat/issues/4066 is closed)
shell: "hab pkg install mozillareality/hab-butterfly" shell: "hab pkg install mozillareality/hab-butterfly"
when: env != 'local'
- name: Create work directory - name: Create work directory
tempfile: tempfile:
@ -14,56 +20,42 @@
suffix: deploy suffix: deploy
register: work_dir register: work_dir
- name: Write Janus config file - name: "Write config"
template: template:
src: janus-gateway.toml.j2 src: "{{ item }}.toml.j2"
dest: "{{ work_dir.path }}/janus-gateway.toml" dest: "{{ work_dir.path }}/{{ item }}.toml"
loop: "{{ services }}"
- name: Write DD agent config file - name: "Write local file"
template:
src: dd-agent.toml.j2
dest: "{{ work_dir.path }}/dd-agent.toml"
- name: Write DTLS key
copy: copy:
src: dtls.key src: "{{ item }}"
dest: "{{ work_dir.path }}/dtls.key" dest: "{{ work_dir.path }}/{{ item }}"
when: env != 'local'
loop: "{{ keyfiles }}"
- name: Write DTLS cert - name: "Deploy remote configs"
copy: shell: "cat {{ work_dir.path }}/{{ item }}.toml | /hab/pkgs/mozillareality/hab-butterfly/0.39.1/20171118004554/bin/hab-butterfly config apply --peer $(curl -s http://169.254.169.254/latest/meta-data/local-ipv4) --org mozillareality --ring mr {{ item }}.default $(date +%s)"
src: dtls.pem when: env != 'local'
dest: "{{ work_dir.path }}/dtls.pem" loop: "{{ services }}"
- name: Write WSS key - name: "Make local target dir"
copy: shell: "mkdir -p /hab/user/{{ item }}/config"
src: reticulum.io.pem when: env == 'local'
dest: "{{ work_dir.path }}/wss.key" loop: "{{ services }}"
- name: Write WSS cert - name: "Deploy local config"
copy: shell: "cp {{ work_dir.path }}/{{ item }}.toml /hab/user/{{ item }}/config/user.toml"
src: reticulum.io.crt when: env == 'local'
dest: "{{ work_dir.path }}/wss.pem" loop: "{{ services }}"
- name: Deploy Janus configs - name: "Deploy remote file"
shell: "cat {{ work_dir.path }}/janus-gateway.toml | /hab/pkgs/mozillareality/hab-butterfly/0.39.1/20171118004554/bin/hab-butterfly config apply --peer $(curl -s http://169.254.169.254/latest/meta-data/local-ipv4) --org mozillareality --ring mr janus-gateway.default $(date +%s)" shell: "/hab/pkgs/mozillareality/hab-butterfly/0.39.1/20171118004554/bin/hab-butterfly file upload --peer $(curl -s http://169.254.169.254/latest/meta-data/local-ipv4) --org mozillareality --ring mr janus-gateway.default $(date +%s) {{ work_dir.path }}/{{ item }}"
when: env != 'local'
- name: Deploy Datadog Agent configs loop: "{{ keyfiles }}"
shell: "cat {{ work_dir.path }}/dd-agent.toml | /hab/pkgs/mozillareality/hab-butterfly/0.39.1/20171118004554/bin/hab-butterfly config apply --peer $(curl -s http://169.254.169.254/latest/meta-data/local-ipv4) --org mozillareality --ring mr dd-agent.default $(date +%s)"
- name: Deploy DTLS key
shell: "/hab/pkgs/mozillareality/hab-butterfly/0.39.1/20171118004554/bin/hab-butterfly file upload --peer $(curl -s http://169.254.169.254/latest/meta-data/local-ipv4) --org mozillareality --ring mr janus-gateway.default $(date +%s) {{ work_dir.path }}/dtls.key"
- name: Deploy DTLS pem
shell: "/hab/pkgs/mozillareality/hab-butterfly/0.39.1/20171118004554/bin/hab-butterfly file upload --peer $(curl -s http://169.254.169.254/latest/meta-data/local-ipv4) --org mozillareality --ring mr janus-gateway.default $(date +%s) {{ work_dir.path }}/dtls.pem"
- name: Deploy WSS key
shell: "/hab/pkgs/mozillareality/hab-butterfly/0.39.1/20171118004554/bin/hab-butterfly file upload --peer $(curl -s http://169.254.169.254/latest/meta-data/local-ipv4) --org mozillareality --ring mr janus-gateway.default $(date +%s) {{ work_dir.path }}/wss.key"
- name: Deploy WSS pem
shell: "/hab/pkgs/mozillareality/hab-butterfly/0.39.1/20171118004554/bin/hab-butterfly file upload --peer $(curl -s http://169.254.169.254/latest/meta-data/local-ipv4) --org mozillareality --ring mr janus-gateway.default $(date +%s) {{ work_dir.path }}/wss.pem"
always: always:
- name: Remove work directory - name: Remove work directory
file: file:
path: "{{ work_dir.path }}" path: "{{ work_dir.path }}"
state: absent state: absent
when: env != 'local'

2
ansible/roles/janus/templates/dd-agent.toml.j2
Просмотреть файл

@ -2,4 +2,4 @@
api_key = "{{ dd_api_key }}" api_key = "{{ dd_api_key }}"
[aws] [aws]
collect_ec2_tags = "yes" collect_ec2_tags = "{{ collect_ec2_tags }}"

5
ansible/roles/janus/vars/local.yml Normal file
Просмотреть файл

@ -0,0 +1,5 @@
---
janus_admin_secret: secret
dd_api_key: datadog_api_key
collect_ec2_tags: "no"

18
ansible/roles/janus/vars/main.yml
Просмотреть файл

@ -1,7 +1,11 @@
$ANSIBLE_VAULT;1.1;AES256 ---
30616330313032396463653131643162303633353938373163393531336439613137646436373536
6263353435313932393639626337323936373139313538320a366631386366326337376437613234 services:
31313931376162353134643461383031326261653061303862363639656132626635353938663534 - janus-gateway
6434303732643363350a653338393031646133366561666536373064313036663934623566653662 - dd-agent
31333430623430623766323164356631323866313032306539373964393834386339393261303763
3135363764646234303834393930386232303262643232356537 keyfiles:
- dtls.key
- dtls.pem
- wss.pem # reticulum.io.pem
- wss.key # reticulum.io.crt

9
ansible/roles/janus/vars/remote.yml Normal file
Просмотреть файл

@ -0,0 +1,9 @@
$ANSIBLE_VAULT;1.1;AES256
35666466663239636231326263646239323430306337643939633563343731303838336336333038
3039636137356364383063353930303432316134616437610a613263353032303061313738323835
33313535393735386630356262613033343961376538303935393766306439656332326132353633
3163383663326434630a643237623466363131653561303631633632336431346333613134626331
63353436353631396364633331323932626365323062376634616434636136666530306265376162
34343336646635666534323232363261303331626461396361393133643338363264373464306633
31643034646563333836346265633536366265666632623764336630393739643338643161383130
37383763333365323663