wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-09-03 10:33:13 +02:00
Code Issues Projects Releases Wiki Activity

OpenStack cloud provider (DreamCompute optimised) #623

Browse source
This commit is contained in:
Jack Ivanov 2018-02-19 19:00:56 +03:00
parent 9f7398ff77
commit 75e2d251d3
5 changed files with 113 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
algo
View file

@ -383,6 +383,22 @@ algo_region=${algo_region:-1}
EXTRA_VARS="scaleway_auth_token=$scaleway_auth_token scaleway_organization=\"$scaleway_organization\" algo_server_name=$algo_server_name algo_region=$region" EXTRA_VARS="scaleway_auth_token=$scaleway_auth_token scaleway_organization=\"$scaleway_organization\" algo_server_name=$algo_server_name algo_region=$region"
} }
openstack () {
read -p "
Enter the local path to your credentials OpenStack RC file (Can be donloaded from the OpenStack dashboard->Compute->API Access)
[...]: " -r os_rc
read -p "
Name the vpn server:
[algo.local]: " -r algo_server_name
algo_server_name=${algo_server_name:-algo.local}
ROLES="openstack vpn cloud"
EXTRA_VARS="algo_server_name=$algo_server_name"
source $os_rc
}
gce () { gce () {
read -p " read -p "
Enter the local path to your credentials JSON file (https://support.google.com/cloud/answer/6158849?hl=en&ref_topic=6262490#serviceaccounts): Enter the local path to your credentials JSON file (https://support.google.com/cloud/answer/6158849?hl=en&ref_topic=6262490#serviceaccounts):
@ -531,7 +547,8 @@ algo_provisioning () {
4. Microsoft Azure 4. Microsoft Azure
5. Google Compute Engine 5. Google Compute Engine
6. Scaleway 6. Scaleway
7. Install to existing Ubuntu 16.04 server 7. OpenStack (DreamCompute optimised)
8. Install to existing Ubuntu 16.04 server
Enter the number of your desired provider Enter the number of your desired provider
: " : "
@ -545,7 +562,8 @@ Enter the number of your desired provider
4) azure; ;; 4) azure; ;;
5) gce; ;; 5) gce; ;;
6) scaleway; ;; 6) scaleway; ;;
7) non_cloud; ;; 7) openstack; ;;
8) non_cloud; ;;
*) exit 1 ;; *) exit 1 ;;
esac esac

3
config.cfg
View file

@ -93,6 +93,9 @@ cloud_providers:
size: VC1S size: VC1S
image: Ubuntu Xenial image: Ubuntu Xenial
arch: x86_64 arch: x86_64
openstack:
flavor_ram: ">=512"
image: Ubuntu-16.04
local: local:
fail_hint: fail_hint:

3
deploy.yml
View file

@ -28,6 +28,7 @@
- { role: cloud-azure, tags: ['azure'] } - { role: cloud-azure, tags: ['azure'] }
- { role: cloud-lightsail, tags: ['lightsail'] } - { role: cloud-lightsail, tags: ['lightsail'] }
- { role: cloud-scaleway, tags: ['scaleway'] } - { role: cloud-scaleway, tags: ['scaleway'] }
- { role: cloud-openstack, tags: ['openstack'] }
- { role: local, tags: ['local'] } - { role: local, tags: ['local'] }
post_tasks: post_tasks:
@ -54,7 +55,7 @@
- block: - block:
- name: Common pre-tasks - name: Common pre-tasks
include_tasks: playbooks/common.yml include_tasks: playbooks/common.yml
tags: [ 'digitalocean', 'ec2', 'gce', 'azure', 'lightsail', 'scaleway', 'local', 'pre' ] tags: [ 'digitalocean', 'ec2', 'gce', 'azure', 'lightsail', 'scaleway', 'openstack', 'local', 'pre' ]
rescue: rescue:
- debug: var=fail_hint - debug: var=fail_hint
tags: always tags: always

1
requirements.txt
View file

@ -10,3 +10,4 @@ apache-libcloud
six six
pyopenssl pyopenssl
jinja2==2.8 jinja2==2.8
shade

87
roles/cloud-openstack/tasks/main.yml Normal file
View file

@ -0,0 +1,87 @@
---
- block:
- name: Security group created
os_security_group:
state: "{{ state|default('present') }}"
name: "{{ algo_server_name }}-security_group"
description: AlgoVPN security group
register: os_security_group
- name: Security rules created
os_security_group_rule:
state: "{{ state|default('present') }}"
security_group: "{{ os_security_group.id }}"
protocol: "{{ item.proto }}"
port_range_min: "{{ item.port_min }}"
port_range_max: "{{ item.port_max }}"
remote_ip_prefix: "{{ item.range }}"
with_items:
- { proto: tcp, port_min: 22, port_max: 22, range: 0.0.0.0/0 }
- { proto: icmp, port_min: -1, port_max: -1, range: 0.0.0.0/0 }
- { proto: udp, port_min: 4500, port_max: 4500, range: 0.0.0.0/0 }
- { proto: udp, port_min: 500, port_max: 500, range: 0.0.0.0/0 }
- name: Keypair created
os_keypair:
state: "{{ state|default('present') }}"
name: "{{ SSH_keys.comment|regex_replace('@', '_') }}"
public_key_file: "{{ SSH_keys.public }}"
register: os_keypair
- name: Gather facts about flavors
os_flavor_facts:
ram: "{{ cloud_providers.openstack.flavor_ram }}"
- name: Gather facts about images
os_image_facts:
image: "{{ cloud_providers.openstack.image }}"
- name: Gather facts about public networks
os_networks_facts:
- name: Set the network as a fact
set_fact:
public_network_id: "{{ item.id }}"
when:
- item['router:external']|default(omit)
- item['admin_state_up']|default(omit)
- item['status'] == 'ACTIVE'
with_items: "{{ openstack_networks }}"
- name: Set facts
set_fact:
flavor_id: "{{ (openstack_flavors | sort(attribute='ram'))[0]['id'] }}"
image_id: "{{ openstack_image['id'] }}"
keypair_name: "{{ os_keypair.key.name }}"
security_group_name: "{{ os_security_group['secgroup']['name'] }}"
- name: Server created
os_server:
state: "{{ state|default('present') }}"
name: "{{ algo_server_name }}"
image: "{{ image_id }}"
flavor: "{{ flavor_id }}"
key_name: "{{ keypair_name }}"
security_groups: "{{ security_group_name }}"
nics:
- net-id: "{{ public_network_id }}"
register: os_server
- set_fact:
cloud_instance_ip: "{{ os_server['openstack']['public_v4'] }}"
- name: Add new instance to host group
add_host:
hostname: "{{ cloud_instance_ip }}"
groupname: vpn-host
ansible_ssh_user: ubuntu
ansible_python_interpreter: "/usr/bin/python2.7"
ansible_ssh_private_key_file: "{{ SSH_keys.private }}"
cloud_provider: openstack
ipv6_support: omit
rescue:
- debug: var=fail_hint
tags: always
- fail:
tags: always