Commit 144a23ef authored by Alexander Withers's avatar Alexander Withers

removed tinc role

parent c64180d0
......@@ -11,3 +11,5 @@ Ansible roles found in site.yml. Comment out roles not needed.
You can run `install.sh`, which requires and runs Ansible locally. Or deploy using your own Ansible instance via SSH. Install requires root.
Deploys SDAIA software on Ubuntu 16 and CentOS 7 (beta).
Report bugs to alexw1@illinois.edu
No preview for this file type
......@@ -6,8 +6,8 @@ app_user: prism
app_group: "{{ app_user }}"
app_user_home: "/home/{{ app_user }}"
#bro_interface: "ens3"
bro_interface: "eth0"
bro_interface: "ens3"
#bro_interface: "eth0"
bro_ver: 2.4.1
......
Transport Component
===================
Deploys tinc.
---
# tinc's network/vpn name and host tinc should ConnectTo.
vpn_name: zyre
vpn_start: cabana
# user and group
app_user: prism
app_group: "{{ app_user }}"
app_user_home: "/home/{{ app_user }}"
# interface created by tinc/avahi, don't change!
zsys_interface: "zyre:avahi"
---
- name: determine tinc service name
set_fact:
tincservice: "@{{ vpn_name }}"
when: (ansible_distribution == "CentOS")
- name: determine tinc service name
set_fact:
tincservice: ""
when: (ansible_distribution == "Ubuntu")
- name: reload systemd
command: systemctl daemon-reload
- name: restart tinc
service: name=tinc{{ tincservice }} state=restarted
---
- ufw: rule=allow from_ip=169.254.0.0/16 state=enabled
tags: ufw
when: (ansible_distribution == "Ubuntu")
- firewalld: source=169.254.0.0/16 permanent=true state=enabled immediate=yes
when: (ansible_distribution == "CentOS")
---
- name: run yum install epel-release
package: name=epel-release state=present
when: (ansible_distribution == "CentOS")
- name: Add apt HTTPS support
package: name=apt-transport-https state=present
when: (ansible_distribution == "Ubuntu")
- name: Add HTTPS support
package: name=ca-certificates state=present
- name: Update apt cache if needed.
apt: update_cache=yes upgrade=yes
when: (ansible_distribution == "Ubuntu")
- name: install ubuntu deps
package:
state: latest
pkg: "{{ item }}"
with_items:
- linux-image-extra-virtual
- aptitude
- tinc
when: (ansible_distribution == "Ubuntu")
- name: install centos deps
package:
state: latest
pkg: "{{ item }}"
with_items:
- tinc
when: (ansible_distribution == "CentOS")
- include: users.yml
tags: users
- include: firewall.yml
tags: firewall
- include: tinc.yml
tags: tinc
---
- name: find our public IP
shell: wget -qO- http://ipecho.net/plain ; echo
register: host_ip
- name: reload ansible_local
setup: filter=ansible_local
- name: install tinc
package: name=tinc state=present
- name: install avahi-autoipd
package: name=avahi-autoipd state=present
- name: ensure tinc vpn name directory exists
file: path=/etc/tinc/{{ vpn_name }}/hosts recurse=True state=directory
- name: ensure tinc.conf exists for vpn name
template: >
src=tinc.conf.j2
dest=/etc/tinc/{{ vpn_name }}/tinc.conf
# -------
- name: ensure tinc address/key is properly set in tinc host file
template: >
src={{ vpn_start }}.j2
dest=/etc/tinc/{{ vpn_name }}/hosts/{{ vpn_start }}
notify:
- restart tinc
# OR ----
#
#- name: ensure tinc address is properly set in tinc host file
# lineinfile: >
# dest=/etc/tinc/{{ vpn_name }}/hosts/{{ ansible_hostname }}
# line="Address = {{ vpn_host }}"
# create=yes
# notify:
# - restart tinc
#
# -------
- name: create /etc/tinc/nets.boot file from template
template: >
src=nets.boot.j2
dest=/etc/tinc/nets.boot
notify:
- restart tinc
- name: create tinc private key
shell: tincd -n {{ vpn_name }} -K4096
args:
creates: /etc/tinc/{{ vpn_name }}/rsa_key.priv
#- name: copy public key to hosts dir
# shell: cp /etc/tinc/{{ vpn_name }}/rsa_key.pub /etc/tinc/{{ vpn_name }}/hosts/{{ ansible_hostname }}
# args:
# creates: /etc/tinc/{{ vpn_name }}/hosts/{{ ansible_hostname }}
- name: create tinc-up file
template: src=tinc-up.j2 dest=/etc/tinc/{{ vpn_name }}/tinc-up mode=0755
- name: create tinc-down file
template: src=tinc-down.j2 dest=/etc/tinc/{{ vpn_name }}/tinc-down mode=0755
notify:
- restart tinc
# These three go together
- name: fetch tinc hosts file after private key creation
fetch: >
src=/etc/tinc/{{ vpn_name }}/hosts/{{ ansible_hostname }}
dest=fetch/{{ ansible_hostname }}
flat=yes
notify:
- restart tinc
#- name: ensure the fetched tinc hosts file are place on each server
# file: >
# src={{ item }}
# dest=/etc/tinc/{{vpn_name }}/hosts/{{ item }}
# with_fileglob:
# - fetch/*
# notify:
# - restart tinc
#
#- name: sync the fetched hosts files on each host
# synchronize: >
# src=fetch/
# dest=/etc/tinc/{{ vpn_name }}/hosts/
# notify:
# - restart tinc
- name: determine tinc service name
set_fact:
tincservice: "@{{ vpn_name }}"
when: (ansible_distribution == "CentOS")
- name: determine tinc service name
set_fact:
tincservice: ""
when: (ansible_distribution == "Ubuntu")
- name: start tinc
service: name=tinc{{ tincservice }} state=started
- name: enable tinc
service: name=tinc{{ tincservice }} enabled=yes state=started
notify:
- reload systemd
---
- user: name="{{ app_user }}" shell=/bin/bash append=yes groups=adm
- name: Ensure path has correct permissions
file: path={{ app_user_home }} owner={{ app_user }} group={{ app_group }} mode=0750
- user: name="{{ ansible_env.SUDO_USER }}" groups={{ app_group }} append=yes
- name: add docker group
group: name=docker state=present system=yes
- name: add "{{ app_user }}" to docker group
user: name="{{ app_user }}" groups=docker append=yes
Address 141.142.236.24
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxL7WJj55fW4u5wMpj3laBYd+sUr8a0lzashxXhHM3kq/3LBLfmBi
klDmb3C8/vvZNGYPYLcnK9/GzfZTSNKGAUS3fE8hgpgEZGtRth7mIK6qGkJiqAa/
13Nqd7bm5kLLwOdvB90ulgVy1owLTrCSkX75cVg6NGtnN01CqAgQ+FhTZXpDPvwf
dBXe/hKVVTvK0AFH/z//Q5g+mRTi3U8adR65/Uu2/x+Bpmiqx4hVBlrhvAj+FlUl
ZvI9UALp7kBtZSlTz8II4rOc7KhwyoDOQ6RUEVNnCaBLannC35fKUu0hGx3PUTO9
7Qhl98AU0EFmI1+9CWzP06hEnJP0Q6LG40JUaEBMF3J3EpwFRTEbyGnDexQfm4dp
aCnHti3Ix8ZPvlXnZ8cOUK8B5S0+QiSdEGBIsscd7Yz2hU8W2zW5ZqM29JiBp9oo
2Xwv+SE4kKAXcQBs6uFODBpWhBOfee8zEMl/9zOc4s7+ZR2TarwPe9wtsht8NfJD
UgL8oIIUon/dJIM1BWoJG1NQ0w69Rc1Sn75bIeQIXLuSx19Y9boRV7vZE+OFhG1l
4BE/iue7/I6u8jdE2R0MCSUtg2WAeUoulE4XP+YNk5wyJbBn/QtE7v9kh42N9vD7
gIM7H6vlZXLTHNJu30YzytrxsgWU0KYZGw+0G37wdbPAuODzgWlxNEECAwEAAQ==
-----END RSA PUBLIC KEY-----
Address 143.219.0.250
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA4RQH/XdyMogHJ0mzsQnBIpemwfM9ot9hy3xO7vIqnDbuBtuyNB6s
caQNLfL/uj20EsfyxP7JXiibBpdSZUIugr61QIiy5YgmNPly6n4cHnqOiu6N5ZaP
Kf65v3YcImF2Q68Dh9ctvuyR+suKrKkpzfgegE1yiJJRcQbMHC0AO38NsL5pWLnW
C6O8XcQOaB/niE6ZgtOgykZURIFnF43WSmyoUEooHqOucVVokE5lPtrs3nq1tvfl
MsAbd6LzP7h+m/3UApp0h7cqkYxwWlYM3MMls2vnxPPs9Dlmq8JLIpKxARWAOzs8
jiDFBqkdDEqFExAsGPGrj95CsyYWk0FogPmdQdbu4dwNqJUFHZwF4PVbU4dqerRg
BPJDL53HTKBqGK3uAwWc/Vdgh9tyTNXsbP50njjS0btbRjY8IH+cpUv02QXnaVQO
KfijNeM2sNZciNfC1e/ga4Wu1zyKYm03UNfjHlogRbfJ0mwDz4XhupdXqCFPtk5U
81uXLThYYDWL7bDcFc9sH2UtmSPW/jP6HPSDFI5pvlEh7nJp3fqpGu5hrztMfhmT
IFeQZ8JodnhAD069C8zlhl5DlydBfOrDZQd19IIDjDxvtMCY1mVzR0ixzqhR3aS6
y5/nvDXyJzXfDEyu80DygUWhnRghDznHJ6fu+8GLiPYItfAnIn3r/e0CAwEAAQ==
-----END RSA PUBLIC KEY-----
#!/bin/sh
ifconfig $INTERFACE down
#!/bin/sh
ifconfig $INTERFACE up
avahi-autoipd -s -k $INTERFACE
avahi-autoipd -s -D $INTERFACE
Name = {{ ansible_hostname }}
Mode = switch
PrivateKeyFile = /etc/tinc/{{ vpn_name }}/rsa_key.priv
AddressFamily = ipv4
#Interface = tun0
ConnectTo = {{ vpn_start }}
[Unit]
Description=tinc service
[Service]
Type=simple
User={{ app_user }}
Group={{ app_user }}
PIDFile=/run/tinc.pid
ExecStart=/usr/local/bin/zyre-gateway -i {{ zsys_interface }} --group {{ zyre_group }} -d
KillMode=process
Restart=on-failure
KillSignal=SIGINT
TimeoutStopSec=5
PrivateTmp=true
[Install]
WantedBy=multi-user.target
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment