wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-06-05 06:33:56 +02:00
Code Issues Projects Releases Wiki Activity

on-build python venvs (#1199)

Browse source
This commit is contained in:
Jack Ivanov 2018-11-22 19:04:58 +01:00 committed by Dan Guido
parent 9187d8e637
commit a66d8f0069
26 changed files with 466 additions and 305 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -5,3 +5,5 @@ inventory_users
*.kate-swp *.kate-swp
env env
.DS_Store .DS_Store
venvs/*
!venvs/.gitinit

2
README.md
View file

@ -58,7 +58,7 @@ The easiest way to get an Algo server running is to let it set up a _new_ virtua
```bash ```bash
$ python -m virtualenv --python=`which python2` env && $ python -m virtualenv --python=`which python2` env &&
source env/bin/activate && source env/bin/activate &&
python -m pip install -U pip && python -m pip install -U pip virtualenv &&
python -m pip install -r requirements.txt python -m pip install -r requirements.txt
``` ```
On macOS, you may be prompted to install `cc`. You should press accept if so. On macOS, you may be prompted to install `cc`. You should press accept if so.

3
config.cfg
View file

@ -13,6 +13,9 @@ users:
# If True re-init all existing certificates. Boolean # If True re-init all existing certificates. Boolean
keys_clean_all: False keys_clean_all: False
# Clean up cloud python environments
clean_environment: false
vpn_network: 10.19.48.0/24 vpn_network: 10.19.48.0/24
vpn_network_ipv6: 'fd9d:bc11:4020::/48' vpn_network_ipv6: 'fd9d:bc11:4020::/48'
wireguard_enabled: true wireguard_enabled: true

10
playbooks/cloud-pre.yml
View file

@ -14,6 +14,16 @@
'dns_encryption "{{ dns_encryption }}"' \ 'dns_encryption "{{ dns_encryption }}"' \
> /dev/tty > /dev/tty
- name: Install the requirements
local_action:
module: pip
state: latest
name:
- pyOpenSSL
- jinja2==2.8
- segno
tags: always
- name: Generate the SSH private key - name: Generate the SSH private key
openssl_privatekey: openssl_privatekey:
path: "{{ SSH_keys.private }}" path: "{{ SSH_keys.private }}"

14
requirements.txt
View file

@ -1,13 +1 @@
setuptools>=11.3 ansible==2.5.2
SecretStorage < 3
ansible[azure]==2.5.2
dopy==0.3.5
boto>=2.5
boto3
apache-libcloud
six
pyopenssl
jinja2==2.8
shade
pycrypto
segno

1
roles/cloud-azure/defaults/main.yml
View file

@ -1,4 +1,5 @@
--- ---
azure_venv: "{{ playbook_dir }}/configs/.venvs/azure"
_azure_regions: > _azure_regions: >
[ [
{ {

7
roles/cloud-azure/tasks/main.yml
View file

@ -1,5 +1,9 @@
--- ---
- block: - block:
- name: Build python virtual environment
import_tasks: venv.yml
- block:
- name: Include prompts - name: Include prompts
import_tasks: prompts.yml import_tasks: prompts.yml
@ -37,7 +41,8 @@
- set_fact: - set_fact:
cloud_instance_ip: "{{ azure_rm_deployment.deployment.outputs.publicIPAddresses.value }}" cloud_instance_ip: "{{ azure_rm_deployment.deployment.outputs.publicIPAddresses.value }}"
ansible_ssh_user: ubuntu ansible_ssh_user: ubuntu
environment:
PYTHONPATH: "{{ azure_venv }}/lib/python2.7/site-packages/"
rescue: rescue:
- debug: var=fail_hint - debug: var=fail_hint
tags: always tags: always

32
roles/cloud-azure/tasks/venv.yml Normal file
View file

@ -0,0 +1,32 @@
---
- name: Clean up the environment
file:
dest: "{{ azure_venv }}"
state: absent
when: clean_environment
- name: Install requirements
pip:
name:
- packaging
- requests[security]
- azure-mgmt-compute>=2.0.0,<3
- azure-mgmt-network>=1.3.0,<2
- azure-mgmt-storage>=1.5.0,<2
- azure-mgmt-resource>=1.1.0,<2
- azure-storage>=0.35.1,<0.36
- azure-cli-core>=2.0.12,<3
- msrest==0.4.29
- msrestazure==0.4.31
- azure-mgmt-dns>=1.0.1,<2
- azure-mgmt-keyvault>=0.40.0,<0.41
- azure-mgmt-batch>=4.1.0,<5
- azure-mgmt-sql>=0.7.1,<0.8
- azure-mgmt-web>=0.32.0,<0.33
- azure-mgmt-containerservice>=2.0.0,<3.0.0
- azure-mgmt-containerregistry>=1.0.1
- azure-mgmt-rdbms==1.2.0
- azure-mgmt-containerinstance==0.4.0
state: latest
virtualenv: "{{ azure_venv }}"
virtualenv_python: python2.7

2
roles/cloud-digitalocean/defaults/main.yml Normal file
View file

@ -0,0 +1,2 @@
---
digitalocean_venv: "{{ playbook_dir }}/configs/.venvs/digitalocean"

6
roles/cloud-digitalocean/tasks/main.yml
View file

@ -1,4 +1,8 @@
- block: - block:
- name: Build python virtual environment
import_tasks: venv.yml
- block:
- name: Include prompts - name: Include prompts
import_tasks: prompts.yml import_tasks: prompts.yml
@ -97,6 +101,8 @@
- fail: - fail:
msg: "Please, ensure that your API token is not read-only." msg: "Please, ensure that your API token is not read-only."
environment:
PYTHONPATH: "{{ digitalocean_venv }}/lib/python2.7/site-packages/"
rescue: rescue:
- debug: var=fail_hint - debug: var=fail_hint
tags: always tags: always

13
roles/cloud-digitalocean/tasks/venv.yml Normal file
View file

@ -0,0 +1,13 @@
---
- name: Clean up the environment
file:
dest: "{{ digitalocean_venv }}"
state: absent
when: clean_environment
- name: Install requirements
pip:
name: dopy
version: 0.3.5
virtualenv: "{{ digitalocean_venv }}"
virtualenv_python: python2.7

1
roles/cloud-ec2/defaults/main.yml
View file

@ -4,3 +4,4 @@ encrypted: "{{ cloud_providers.ec2.encrypted }}"
ec2_vpc_nets: ec2_vpc_nets:
cidr_block: 172.16.0.0/16 cidr_block: 172.16.0.0/16
subnet_cidr: 172.16.254.0/23 subnet_cidr: 172.16.254.0/23
ec2_venv: "{{ playbook_dir }}/configs/.venvs/aws"

6
roles/cloud-ec2/tasks/main.yml
View file

@ -1,4 +1,8 @@
- block: - block:
- name: Build python virtual environment
import_tasks: venv.yml
- block:
- name: Include prompts - name: Include prompts
import_tasks: prompts.yml import_tasks: prompts.yml
@ -35,6 +39,8 @@
- set_fact: - set_fact:
cloud_instance_ip: "{{ stack.stack_outputs.ElasticIP }}" cloud_instance_ip: "{{ stack.stack_outputs.ElasticIP }}"
ansible_ssh_user: ubuntu ansible_ssh_user: ubuntu
environment:
PYTHONPATH: "{{ ec2_venv }}/lib/python2.7/site-packages/"
rescue: rescue:
- debug: var=fail_hint - debug: var=fail_hint
tags: always tags: always

15
roles/cloud-ec2/tasks/venv.yml Normal file
View file

@ -0,0 +1,15 @@
---
- name: Clean up the environment
file:
dest: "{{ ec2_venv }}"
state: absent
when: clean_environment
- name: Install requirements
pip:
name:
- boto>=2.5
- boto3
state: latest
virtualenv: "{{ ec2_venv }}"
virtualenv_python: python2.7

2
roles/cloud-gce/defaults/main.yml Normal file
View file

@ -0,0 +1,2 @@
---
gce_venv: "{{ playbook_dir }}/configs/.venvs/gce"

6
roles/cloud-gce/tasks/main.yml
View file

@ -1,4 +1,8 @@
- block: - block:
- name: Build python virtual environment
import_tasks: venv.yml
- block:
- name: Include prompts - name: Include prompts
import_tasks: prompts.yml import_tasks: prompts.yml
@ -49,6 +53,8 @@
- set_fact: - set_fact:
cloud_instance_ip: "{{ google_vm.instance_data[0].public_ip }}" cloud_instance_ip: "{{ google_vm.instance_data[0].public_ip }}"
ansible_ssh_user: ubuntu ansible_ssh_user: ubuntu
environment:
PYTHONPATH: "{{ gce_venv }}/lib/python2.7/site-packages/"
rescue: rescue:
- debug: var=fail_hint - debug: var=fail_hint
tags: always tags: always

15
roles/cloud-gce/tasks/venv.yml Normal file
View file

@ -0,0 +1,15 @@
---
- name: Clean up the environment
file:
dest: "{{ gce_venv }}"
state: absent
when: clean_environment
- name: Install requirements
pip:
name:
- apache-libcloud
- pycrypto
state: latest
virtualenv: "{{ gce_venv }}"
virtualenv_python: python2.7

2
roles/cloud-lightsail/defaults/main.yml Normal file
View file

@ -0,0 +1,2 @@
---
lightsail_venv: "{{ playbook_dir }}/configs/.venvs/aws"

6
roles/cloud-lightsail/tasks/main.yml
View file

@ -1,4 +1,8 @@
- block: - block:
- name: Build python virtual environment
import_tasks: venv.yml
- block:
- name: Include prompts - name: Include prompts
import_tasks: prompts.yml import_tasks: prompts.yml
@ -36,6 +40,8 @@
- set_fact: - set_fact:
cloud_instance_ip: "{{ algo_instance['instance']['public_ip_address'] }}" cloud_instance_ip: "{{ algo_instance['instance']['public_ip_address'] }}"
ansible_ssh_user: ubuntu ansible_ssh_user: ubuntu
environment:
PYTHONPATH: "{{ lightsail_venv }}/lib/python2.7/site-packages/"
rescue: rescue:
- debug: var=fail_hint - debug: var=fail_hint

15
roles/cloud-lightsail/tasks/venv.yml Normal file
View file

@ -0,0 +1,15 @@
---
- name: Clean up the environment
file:
dest: "{{ lightsail_venv }}"
state: absent
when: clean_environment
- name: Install requirements
pip:
name:
- boto>=2.5
- boto3
state: latest
virtualenv: "{{ lightsail_venv }}"
virtualenv_python: python2.7

2
roles/cloud-openstack/defaults/main.yml Normal file
View file

@ -0,0 +1,2 @@
---
openstack_venv: "{{ playbook_dir }}/configs/.venvs/openstack"

6
roles/cloud-openstack/tasks/main.yml
View file

@ -4,6 +4,10 @@
when: lookup('env', 'OS_AUTH_URL') == "" when: lookup('env', 'OS_AUTH_URL') == ""
- block: - block:
- name: Build python virtual environment
import_tasks: venv.yml
- block:
- name: Security group created - name: Security group created
os_security_group: os_security_group:
state: "{{ state|default('present') }}" state: "{{ state|default('present') }}"
@ -75,6 +79,8 @@
- set_fact: - set_fact:
cloud_instance_ip: "{{ os_server['openstack']['public_v4'] }}" cloud_instance_ip: "{{ os_server['openstack']['public_v4'] }}"
ansible_ssh_user: ubuntu ansible_ssh_user: ubuntu
environment:
PYTHONPATH: "{{ openstack_venv }}/lib/python2.7/site-packages/"
rescue: rescue:
- debug: var=fail_hint - debug: var=fail_hint

13
roles/cloud-openstack/tasks/venv.yml Normal file
View file

@ -0,0 +1,13 @@
---
- name: Clean up the environment
file:
dest: "{{ openstack_venv }}"
state: absent
when: clean_environment
- name: Install requirements
pip:
name: shade
state: latest
virtualenv: "{{ openstack_venv }}"
virtualenv_python: python2.7

10
users.yml
View file

@ -58,6 +58,16 @@
- config.cfg - config.cfg
- "configs/{{ inventory_hostname }}/config.yml" - "configs/{{ inventory_hostname }}/config.yml"
pre_tasks:
- block:
- name: Local pre-tasks
import_tasks: playbooks/cloud-pre.yml
rescue:
- debug: var=fail_hint
tags: always
- fail:
tags: always
roles: roles:
- role: common - role: common
- role: wireguard - role: wireguard

0
venvs/.gitinit Normal file
View file