wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-08-02 19:03:04 +02:00
Code Issues Projects Releases Wiki Activity

clean commits from branch cloud-cloudstack w/ proper committer email/name

Browse source
This commit is contained in:
milkmix 2019-05-03 16:00:30 +02:00
parent b4740185e8
commit 1a9ed22703
11 changed files with 218 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -202,6 +202,7 @@ After this process completes, the Algo VPN server will contain only the users li
- Configure [Azure](docs/cloud-azure.md)
- Configure [DigitalOcean](docs/cloud-do.md)
- Configure [Google Cloud Platform](docs/cloud-gce.md)
- Configure [CloudStack](docs/cloud-cloudstack.md)
* Advanced Deployment
- Deploy to your own [FreeBSD](docs/deploy-to-freebsd.md) server
- Deploy to your own [Ubuntu 18.04](docs/deploy-to-ubuntu.md) server

2
cloud.yml
View file

@ -33,6 +33,8 @@
when: algo_provider == "scaleway"
- role: cloud-openstack
when: algo_provider == "openstack"
- role: cloud-cloudstack
when: algo_provider == "cloudstack"
- role: local
when: algo_provider == "local"

4
config.cfg
View file

@ -150,6 +150,10 @@ cloud_providers:
openstack:
flavor_ram: ">=512"
image: Ubuntu-18.04
cloudstack:
size: Micro
image: Linux Ubuntu 18.04 LTS 64-bit
disk: 10
vultr:
os: Ubuntu 18.04 x64
size: 1024 MB RAM,25 GB SSD,1.00 TB BW

20
docs/cloud-cloudstack.md Normal file
View file

@ -0,0 +1,20 @@
### Configuration file
You need to create a configuration file in INI format with your api key in `$HOME/.cloudstack.ini`
```
[cloudstack]
endpoint = <endpoint>
key = <your api key>
secret = <your secret>
timeout = 30
```
Example for Exoscale (European cloud provider exposing CloudStack API), visit https://portal.exoscale.com/u/<your account>/account/profile/api to gather the required information:
```
[cloudstack]
endpoint = https://api.exoscale.com/compute
key = <your api key>
secret = <your secret>
timeout = 30
```

1
docs/index.md
View file

@ -13,6 +13,7 @@
- Configure [Azure](cloud-azure.md)
- Configure [DigitalOcean](cloud-do.md)
- Configure [Vultr](cloud-vultr.md)
- Configure [CloudStack](cloud-cloudstack.md)
* Advanced Deployment
- Deploy to your own [FreeBSD](deploy-to-freebsd.md) server
- Deploy to your own [Ubuntu 18.04](deploy-to-ubuntu.md) server

1
input.yml
View file

@ -20,6 +20,7 @@
- { name: Google Compute Engine, alias: gce }
- { name: Scaleway, alias: scaleway}
- { name: OpenStack (DreamCompute optimised), alias: openstack }
- { name: CloudStack (Exoscale optimised), alias: cloudstack }
- { name: Install to existing Ubuntu 18.04 server (Advanced), alias: local }
vars_files:
- config.cfg

2
requirements.txt
View file

@ -1 +1 @@
ansible==2.5.2
ansible==2.5.2

49
roles/cloud-cloudstack/defaults/main.yml Normal file
View file

@ -0,0 +1,49 @@
---
cloudstack_venv: "{{ playbook_dir }}/configs/.venvs/cloudstack"
_cloudstack_zones: >
[
{
"allocationstate": "Enabled",
"dhcpprovider": "VirtualRouter",
"id": "1128bd56-b4d9-4ac6-a7b9-c715b187ce11",
"localstorageenabled": true,
"name": "ch-gva-2",
"networktype": "Basic",
"securitygroupsenabled": true,
"tags": [],
"zonetoken": "token"
},
{
"allocationstate": "Enabled",
"dhcpprovider": "VirtualRouter",
"id": "91e5e9e4-c9ed-4b76-bee4-427004b3baf9",
"localstorageenabled": true,
"name": "ch-dk-2",
"networktype": "Basic",
"securitygroupsenabled": true,
"tags": [],
"zonetoken": "token"
},
{
"allocationstate": "Enabled",
"dhcpprovider": "VirtualRouter",
"id": "4da1b188-dcd6-4ff5-b7fd-bde984055548",
"localstorageenabled": true,
"name": "at-vie-1",
"networktype": "Basic",
"securitygroupsenabled": true,
"tags": [],
"zonetoken": "token"
},
{
"allocationstate": "Enabled",
"dhcpprovider": "VirtualRouter",
"id": "35eb7739-d19e-45f7-a581-4687c54d6d02",
"localstorageenabled": true,
"name": "de-fra-1",
"networktype": "Basic",
"securitygroupsenabled": true,
"tags": [],
"zonetoken": "token"
}
]

71
roles/cloud-cloudstack/tasks/main.yml Normal file
View file

@ -0,0 +1,71 @@
---
- block:
- name: Build python virtual environment
import_tasks: venv.yml
- block:
- name: Include prompts
import_tasks: prompts.yml
- set_fact:
algo_region: >-
{% if region is defined %}{{ region }}
{%- elif _algo_region.user_input is defined and _algo_region.user_input != "" %}{{ cs_zones[_algo_region.user_input | int -1 ]['name'] }}
{%- else %}{{ cs_zones[default_zone | int - 1]['name'] }}{% endif %}
- name: Security group created
cs_securitygroup:
name: "{{ algo_server_name }}-security_group"
description: AlgoVPN security group
register: cs_security_group
- name: Security rules created
cs_securitygroup_rule:
security_group: "{{ cs_security_group.name }}"
protocol: "{{ item.proto }}"
start_port: "{{ item.start_port }}"
end_port: "{{ item.end_port }}"
cidr: "{{ item.range }}"
with_items:
- { proto: tcp, start_port: 22, end_port: 22, range: 0.0.0.0/0 }
- { proto: udp, start_port: 4500, end_port: 4500, range: 0.0.0.0/0 }
- { proto: udp, start_port: 500, end_port: 500, range: 0.0.0.0/0 }
- { proto: udp, start_port: "{{ wireguard_port }}", end_port: "{{ wireguard_port }}", range: 0.0.0.0/0 }
- name: Keypair created
cs_sshkeypair:
name: "{{ SSH_keys.comment|regex_replace('@', '_') }}"
public_key: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
register: cs_keypair
- name: Set facts
set_fact:
image_id: "{{ cloud_providers.cloudstack.image }}"
size: "{{ cloud_providers.cloudstack.size }}"
disk: "{{ cloud_providers.cloudstack.disk }}"
keypair_name: "{{ cs_keypair.name }}"
- name: Server created
cs_instance:
name: "{{ algo_server_name }}"
root_disk_size: "{{ disk }}"
template: "{{ image_id }}"
ssh_key: "{{ keypair_name }}"
security_groups: "{{ cs_security_group.name }}"
zone: "{{ algo_region }}"
service_offering: "{{ size }}"
register: cs_server
- set_fact:
cloud_instance_ip: "{{ cs_server.default_ip }}"
ansible_ssh_user: ubuntu
environment:
PYTHONPATH: "{{ cloudstack_venv }}/lib/python2.7/site-packages/"
CLOUDSTACK_CONFIG: "{{ _cs_config }}"
CLOUDSTACK_REGION: "{% if _cs_region.user_input == '' %}{{ 'exoscale' }}{% else %}{{ _cs_region.user_input }}{% endif %}"
rescue:
- debug: var=fail_hint
tags: always
- fail:
tags: always

53
roles/cloud-cloudstack/tasks/prompts.yml Normal file
View file

@ -0,0 +1,53 @@
---
- block:
- set_fact:
_cs_config: "{{ lookup('env', 'CLOUDSTACK_CONFIG') }}"
- pause:
prompt: |
Enter path for cloudstack.ini file
[~/.cloudstack.ini]
register: _cs_config_input
when: _cs_config == ""
- set_fact:
_cs_config_input: "{% if _cs_config_input.user_input == ''%}{{ '~/.cloudstack.ini' }}{% else %}{{ _cs_config_input.user_input }}{% endif %}"
when: _cs_config == ""
- set_fact:
_cs_config: "{% if _cs_config == '' %}{{ _cs_config_input }}{% else %}{{ _cs_config }}{% endif %}"
- pause:
prompt: |
Specify region to use in cloudstack.ini_file
[exoscale]
register: _cs_region
- name: Parse zones from output
set_fact:
_cs_zones: "{{ _cloudstack_zones | from_json }}"
- name: Extract zones from output
set_fact:
cs_zones: "{{ _cs_zones | sort(attribute='name') }}"
- name: Set the default zone
set_fact:
default_zone: >-
{% for z in cs_zones %}
{%- if z['name'] == "ch-gva-2" %}{{ loop.index }}{% endif %}
{%- endfor %}
- pause:
prompt: |
What zone should the server be located in?
{% for z in cs_zones %}
{{ loop.index }}. {{ z['name'] }}
{% endfor %}
Enter the number of your desired zone
[{{ default_zone }}]
register: _algo_region
when: region is undefined
environment:
PYTHONPATH: "{{ cloudstack_venv }}/lib/python2.7/site-packages/"

15
roles/cloud-cloudstack/tasks/venv.yml Normal file
View file

@ -0,0 +1,15 @@
---
- name: Clean up the environment
file:
dest: "{{ cloudstack_venv }}"
state: absent
when: clean_environment
- name: Install requirements
pip:
name:
- cs
- sshpubkeys
state: latest
virtualenv: "{{ cloudstack_venv }}"
virtualenv_python: python2.7