Hooks catch-up

This commit is contained in:
DarkFeather 2023-11-30 02:44:01 -06:00
parent 63a43c6f0e
commit 8392a3fe46
Signed by: DarkFeather
GPG Key ID: 1CC1E3F4ED06F296
7 changed files with 83 additions and 13 deletions

1
.gitignore vendored
View File

@ -10,6 +10,7 @@ venv/**
**/pkg/** **/pkg/**
**/src/** **/src/**
**pkg.tar.zst **pkg.tar.zst
wiki/**
# ---> Python # ---> Python
# Byte-compiled / optimized / DLL files # Byte-compiled / optimized / DLL files

View File

@ -9,23 +9,23 @@ install: clean compile
for opt in ${optlist}; do cp -pr $$opt ${pkgdir}/opt/aninix/${pkgdirname}/${opt}; done for opt in ${optlist}; do cp -pr $$opt ${pkgdir}/opt/aninix/${pkgdirname}/${opt}; done
make checkperm make checkperm
test: compile
#python3 -m pytest
clean: clean:
git clean -fdX git clean -fdX
uninstall: uninstall:
rm -Rf ${pkgdir}/opt/aninix/${pkgdirname}/ rm -Rf ${pkgdir}/opt/aninix/${pkgdirname}/
test: compile
#python3 -m pytest
checkperm:
chown -R root: ${pkgdir}/opt/aninix/${pkgdirname}/
chmod 0755 ${pkgdir}/opt/aninix/${pkgdirname}/
chmod -R a+r ${pkgdir}/opt/aninix/${pkgdirname}/
diff: diff:
@echo Nothing to do. @echo Nothing to do.
for opt in ${optlist}; do diff -r ${pkgdir}/opt/aninix/${pkgdirname}/${opt} $$opt; done for opt in ${optlist}; do diff -r ${pkgdir}/opt/aninix/${pkgdirname}/${opt} $$opt; done
reverse: reverse:
for opt in ${optlist}; do rsync -avzlp ${pkgdir}/opt/aninix/${pkgdirname}/${opt}/ $$opt; done for opt in ${optlist}; do rsync -avzlp ${pkgdir}/opt/aninix/${pkgdirname}/${opt}/ $$opt; done
checkperm:
chown -R root: ${pkgdir}/opt/aninix/${pkgdirname}/
chmod 0755 ${pkgdir}/opt/aninix/${pkgdirname}/
chmod -R a+r ${pkgdir}/opt/aninix/${pkgdirname}/

View File

@ -1,8 +1,12 @@
This project will discover and provide inventory intelligence to Sora, Shadowfeed, Geth, and Sharingan. It is named after the fictional Star Wars Imperial Intelligence organization that oversaw the various divisions of Intelligence and orchestrated their operations. This project will discover and provide inventory intelligence to Sora, Shadowfeed, Geth, and Sharingan.
*Note*: This project is in progress -- former Makefiles from [ConfigPackages](/AniNIX/ConfigPackages) are being upgraded into Ansible playbooks here. *Note*: This project is in progress -- former Makefiles from [ConfigPackages](/AniNIX/ConfigPackages) are being upgraded into Ansible playbooks here.
# How to use # Etymology
It is named after the fictional Star Wars Imperial Intelligence organization that oversaw the various divisions of Intelligence and orchestrated their operations. Like its namesake, this project oversees the various tools within our ecosystem and enforces compliance with standards.
# Relevant Files and Software
This project expects that you use an Ansible vault for credentials. Create one and add this to your `.bashrc`. This project expects that you use an Ansible vault for credentials. Create one and add this to your `.bashrc`.
``` ```
@ -14,7 +18,7 @@ Take a look at `examples/msn0.yml` as an example inventory -- make sure you popu
Once you have your vault and inventory, use [AniNIX/ShadowArch](/AniNIX/ShadowArch) with your hypervisor to provision the base image for your machines, or [Raspbian](https://www.raspberrypi.org/). Once you have your vault and inventory, use [AniNIX/ShadowArch](/AniNIX/ShadowArch) with your hypervisor to provision the base image for your machines, or [Raspbian](https://www.raspberrypi.org/).
Then, use the SSHkey playbook to copy your key and the deploy playbook to set things up. Then, use the SSH key playbook to copy your key and the deploy playbook to set things up.
``` ```
ansible-playbook -i your-inventory.yml playbooks/sshkey.yml ansible-playbook -i your-inventory.yml playbooks/sshkey.yml
ansible-playbook -i your-inventory.yml playbooks/deploy.yml ansible-playbook -i your-inventory.yml playbooks/deploy.yml
@ -26,7 +30,14 @@ We've also added two scripts in `./bin` to make your life easier:
Happy hacking! Happy hacking!
# Exceptions ## Exceptions
Some services, such as AniNIX/Sharingan and AniNIX/Geth, store their configuration in internal datastructures and databases such that we cannot easily export our build for others to use. We will document what we have done for each of these as best we can in the README.md files for others to replicate. Backups of these services into AniNIX/Aether are therefore dumps of these databases and not available to share. Some services, such as AniNIX/Sharingan and AniNIX/Geth, store their configuration in internal datastructures and databases such that we cannot easily export our build for others to use. We will document what we have done for each of these as best we can in the README.md files for others to replicate. Backups of these services into AniNIX/Aether are therefore dumps of these databases and not available to share.
# Available Clients
This service is a management tool -- its files get used by the Ansible toolset. There are no clients to connect directly to this service, as we have chosen a serverless approach.
# Equivalents or Competition
This service is our elected Infrastructure-as-Code solution -- many professional tools like Ansible Tower, Terraform, etc. do the same thing. Some apps ship OVA's, or prebuilt images, of their software. Docker registries also serve as similar way to document the means by which services are built.

View File

@ -69,7 +69,7 @@ def GenerateFiles(file):
# Add DNS entries for each host # Add DNS entries for each host
hosttype = 'managed' hosttype = 'managed'
for hostclass in ['physical','virtual','geth_hubs']: for hostclass in ['physical','virtual','geth_hubs']:
WriteMonitoringEntry(content,hosttype,hostclass) #WriteMonitoringEntry(content,hosttype,hostclass)
WriteSSHMonitoringEntry(content,hosttype,hostclass) WriteSSHMonitoringEntry(content,hosttype,hostclass)
hosttype = 'unmanaged' hosttype = 'unmanaged'
for hostclass in ['ovas','appliances']: for hostclass in ['ovas','appliances']:

View File

@ -51,11 +51,27 @@ all:
sslidentity: aninix.net-0001 sslidentity: aninix.net-0001
secdetection: true secdetection: true
iptv_location: "Milwaukee|Madison" iptv_location: "Milwaukee|Madison"
aether_source: true
Node0: Node0:
ipinterface: enp1s0f0 ipinterface: enp1s0f0
ip: 10.0.1.4 ip: 10.0.1.4
mac: DE:8B:9E:19:55:1D mac: DE:8B:9E:19:55:1D
tap: true tap: true
Node1:
ipinterface: enp1s0f0
ip: 10.0.1.5
mac: B0:41:6F:0D:47:E1
tap: true
Node2:
ipinterface: enp1s0f0
ip: 10.0.1.7
mac: B0:41:6F:0D:41:D1
tap: true
Node3:
ipinterface: enp1s0f0
ip: 10.0.1.8
mac: B0:41:6F:0D:51:0E
tap: true
virtual: # 10.0.1.16/28 virtual: # 10.0.1.16/28
vars: vars:
hosts: hosts:
@ -101,15 +117,18 @@ all:
ip: 10.0.1.32 ip: 10.0.1.32
mac: 84:16:F9:14:15:C5 mac: 84:16:F9:14:15:C5
rotate: 0 rotate: 0
remote: NS-RC4NA-14
Geth-Hub-2: Geth-Hub-2:
ip: 10.0.1.33 ip: 10.0.1.33
mac: 84:16:F9:13:B6:E6 mac: 84:16:F9:13:B6:E6
motion_enabled: no motion_enabled: no
rotate: 180 rotate: 180
remote: NS-RC4NA-14
Geth-Hub-3: Geth-Hub-3:
ip: 10.0.1.34 ip: 10.0.1.34
mac: b8:27:eb:60:73:68 mac: b8:27:eb:60:73:68
rotate: 90 rotate: 90
remote: LG-AKB73715608
unmanaged: unmanaged:
children: children:
# Both OVA groups are in the same subnet -- test_ovas aren't monitored # Both OVA groups are in the same subnet -- test_ovas aren't monitored

View File

@ -0,0 +1,27 @@
# This playbook disables the archlinux-keyring-wkd-sync.service and timer, because they tend to fail for bad reasons.
#
---
- hosts: managed
ignore_errors: true
gather_facts: true
become: yes
tasks:
- name: Disable services & timers
when: ansible_os_family == "Archlinux"
service:
name: "{{ item }}"
state: stopped
enabled: no
loop:
- archlinux-keyring-wkd-sync.timer
- archlinux-keyring-wkd-sync.service
- name: Reset failed
when: ansible_os_family == "Archlinux"
command: "systemctl reset-failed {{ item }}"
loop:
- archlinux-keyring-wkd-sync.timer
- archlinux-keyring-wkd-sync.service

View File

@ -7,6 +7,18 @@
# - target: the host grouper in the inventory -- default: all # - target: the host grouper in the inventory -- default: all
# #
# Patch then restart a node # Patch then restart a node
#
#
- hosts: physical,virtual
order: sorted
serial: 4
vars:
ansible_become: yes
ansible_become_method: sudo
tasks:
- package:
name: archlinux-keyring
state: latest
- hosts: virtual,geth-hubs - hosts: virtual,geth-hubs
order: sorted order: sorted