diff --git a/.gitignore b/.gitignore index 2728222..d2019f5 100644 --- a/.gitignore +++ b/.gitignore @@ -10,6 +10,7 @@ venv/** **/pkg/** **/src/** **pkg.tar.zst +wiki/** # ---> Python # Byte-compiled / optimized / DLL files diff --git a/Makefile b/Makefile index bde3c2a..8d716de 100644 --- a/Makefile +++ b/Makefile @@ -9,23 +9,23 @@ install: clean compile for opt in ${optlist}; do cp -pr $$opt ${pkgdir}/opt/aninix/${pkgdirname}/${opt}; done make checkperm -test: compile - #python3 -m pytest - clean: git clean -fdX uninstall: rm -Rf ${pkgdir}/opt/aninix/${pkgdirname}/ +test: compile + #python3 -m pytest + +checkperm: + chown -R root: ${pkgdir}/opt/aninix/${pkgdirname}/ + chmod 0755 ${pkgdir}/opt/aninix/${pkgdirname}/ + chmod -R a+r ${pkgdir}/opt/aninix/${pkgdirname}/ + diff: @echo Nothing to do. for opt in ${optlist}; do diff -r ${pkgdir}/opt/aninix/${pkgdirname}/${opt} $$opt; done reverse: for opt in ${optlist}; do rsync -avzlp ${pkgdir}/opt/aninix/${pkgdirname}/${opt}/ $$opt; done - -checkperm: - chown -R root: ${pkgdir}/opt/aninix/${pkgdirname}/ - chmod 0755 ${pkgdir}/opt/aninix/${pkgdirname}/ - chmod -R a+r ${pkgdir}/opt/aninix/${pkgdirname}/ diff --git a/README.md b/README.md index bc8d587..62e4325 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,12 @@ -This project will discover and provide inventory intelligence to Sora, Shadowfeed, Geth, and Sharingan. It is named after the fictional Star Wars Imperial Intelligence organization that oversaw the various divisions of Intelligence and orchestrated their operations. +This project will discover and provide inventory intelligence to Sora, Shadowfeed, Geth, and Sharingan. *Note*: This project is in progress -- former Makefiles from [ConfigPackages](/AniNIX/ConfigPackages) are being upgraded into Ansible playbooks here. -# How to use +# Etymology + +It is named after the fictional Star Wars Imperial Intelligence organization that oversaw the various divisions of Intelligence and orchestrated their operations. Like its namesake, this project oversees the various tools within our ecosystem and enforces compliance with standards. + +# Relevant Files and Software This project expects that you use an Ansible vault for credentials. Create one and add this to your `.bashrc`. ``` @@ -14,7 +18,7 @@ Take a look at `examples/msn0.yml` as an example inventory -- make sure you popu Once you have your vault and inventory, use [AniNIX/ShadowArch](/AniNIX/ShadowArch) with your hypervisor to provision the base image for your machines, or [Raspbian](https://www.raspberrypi.org/). -Then, use the SSHkey playbook to copy your key and the deploy playbook to set things up. +Then, use the SSH key playbook to copy your key and the deploy playbook to set things up. ``` ansible-playbook -i your-inventory.yml playbooks/sshkey.yml ansible-playbook -i your-inventory.yml playbooks/deploy.yml @@ -26,7 +30,14 @@ We've also added two scripts in `./bin` to make your life easier: Happy hacking! -# Exceptions +## Exceptions Some services, such as AniNIX/Sharingan and AniNIX/Geth, store their configuration in internal datastructures and databases such that we cannot easily export our build for others to use. We will document what we have done for each of these as best we can in the README.md files for others to replicate. Backups of these services into AniNIX/Aether are therefore dumps of these databases and not available to share. +# Available Clients + +This service is a management tool -- its files get used by the Ansible toolset. There are no clients to connect directly to this service, as we have chosen a serverless approach. + +# Equivalents or Competition + +This service is our elected Infrastructure-as-Code solution -- many professional tools like Ansible Tower, Terraform, etc. do the same thing. Some apps ship OVA's, or prebuilt images, of their software. Docker registries also serve as similar way to document the means by which services are built. diff --git a/bin/generate-monitoring.py b/bin/generate-monitoring.py index 1761e0f..589e78a 100755 --- a/bin/generate-monitoring.py +++ b/bin/generate-monitoring.py @@ -69,7 +69,7 @@ def GenerateFiles(file): # Add DNS entries for each host hosttype = 'managed' for hostclass in ['physical','virtual','geth_hubs']: - WriteMonitoringEntry(content,hosttype,hostclass) + #WriteMonitoringEntry(content,hosttype,hostclass) WriteSSHMonitoringEntry(content,hosttype,hostclass) hosttype = 'unmanaged' for hostclass in ['ovas','appliances']: diff --git a/examples/msn0.yml b/examples/msn0.yml index 14e3db6..f08688f 100644 --- a/examples/msn0.yml +++ b/examples/msn0.yml @@ -51,11 +51,27 @@ all: sslidentity: aninix.net-0001 secdetection: true iptv_location: "Milwaukee|Madison" + aether_source: true Node0: ipinterface: enp1s0f0 ip: 10.0.1.4 mac: DE:8B:9E:19:55:1D tap: true + Node1: + ipinterface: enp1s0f0 + ip: 10.0.1.5 + mac: B0:41:6F:0D:47:E1 + tap: true + Node2: + ipinterface: enp1s0f0 + ip: 10.0.1.7 + mac: B0:41:6F:0D:41:D1 + tap: true + Node3: + ipinterface: enp1s0f0 + ip: 10.0.1.8 + mac: B0:41:6F:0D:51:0E + tap: true virtual: # 10.0.1.16/28 vars: hosts: @@ -101,15 +117,18 @@ all: ip: 10.0.1.32 mac: 84:16:F9:14:15:C5 rotate: 0 + remote: NS-RC4NA-14 Geth-Hub-2: ip: 10.0.1.33 mac: 84:16:F9:13:B6:E6 motion_enabled: no rotate: 180 + remote: NS-RC4NA-14 Geth-Hub-3: ip: 10.0.1.34 mac: b8:27:eb:60:73:68 rotate: 90 + remote: LG-AKB73715608 unmanaged: children: # Both OVA groups are in the same subnet -- test_ovas aren't monitored diff --git a/playbooks/disable-archlinux-keyring-wkd-sync.yml b/playbooks/disable-archlinux-keyring-wkd-sync.yml new file mode 100644 index 0000000..3f7b959 --- /dev/null +++ b/playbooks/disable-archlinux-keyring-wkd-sync.yml @@ -0,0 +1,27 @@ +# This playbook disables the archlinux-keyring-wkd-sync.service and timer, because they tend to fail for bad reasons. +# +--- + + - hosts: managed + ignore_errors: true + gather_facts: true + become: yes + + tasks: + + - name: Disable services & timers + when: ansible_os_family == "Archlinux" + service: + name: "{{ item }}" + state: stopped + enabled: no + loop: + - archlinux-keyring-wkd-sync.timer + - archlinux-keyring-wkd-sync.service + + - name: Reset failed + when: ansible_os_family == "Archlinux" + command: "systemctl reset-failed {{ item }}" + loop: + - archlinux-keyring-wkd-sync.timer + - archlinux-keyring-wkd-sync.service diff --git a/playbooks/patching.yml b/playbooks/patching.yml index e0a73ac..df5230b 100644 --- a/playbooks/patching.yml +++ b/playbooks/patching.yml @@ -7,6 +7,18 @@ # - target: the host grouper in the inventory -- default: all # # Patch then restart a node +# +# +- hosts: physical,virtual + order: sorted + serial: 4 + vars: + ansible_become: yes + ansible_become_method: sudo + tasks: + - package: + name: archlinux-keyring + state: latest - hosts: virtual,geth-hubs order: sorted