wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-07-22 05:23:02 +02:00
Code Issues Projects Releases Wiki Activity

extend README to use roles

Browse source
This commit is contained in:
Jack Ivanov 2016-09-18 13:14:32 +03:00
parent d9441b236a
commit b41a8d58cd
1 changed files with 83 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

85
README.md
View file

@ -73,6 +73,86 @@ Ansible scripts are organized into roles. The roles used by Algo are described i
* SHell or BASH
* libselinux-python (for RedHat based distros)
### Roles and Tags
**Cloud roles:**
- role: cloud-digitalocean, tags: digitalocean
- role: cloud-ec2, tags: ec2
- role: cloud-gce, tags: gce
**Server roles:**
- role: vpn, tags: vpn
- role: dns_adblocking, tags: dns, adblock
- role: proxy, tags: proxy, adblock
- role: logging, tags: logging
- role: security, tags: security
- role: ssh_tunneling, tags: ssh_tunneling
### Cloud Providers
**digitalocean**
*Requirement variables:*
- do_access_token
- do_ssh_name
- do_server_name
- do_region
*Possible regions:*
- ams2
- ams3
- fra1
- lon1
- nyc1
- nyc2
- nyc3
- sfo1
- sfo2
- sgp1
- tor1
- blr1
**gce**
*Requirement variables:*
- credentials_file
- server_name
- ssh_public_key
- zone
*Possible zones:*
- us-central1-a
- us-central1-b
- us-central1-c
- us-central1-f
- us-east1-b
- us-east1-c
- us-east1-d
- europe-west1-b
- europe-west1-c
- europe-west1-d
- asia-east1-a
- asia-east1-b
- asia-east1-c
**ec2**
*Requirement variables:*
- aws_access_key
- aws_secret_key
- aws_server_name
- ssh_public_key
- region
*Possible regions:*
- us-east-1
- us-west-1
- us-west-2
- ap-south-1
- ap-northeast-2
- ap-southeast-1
- ap-southeast-2
- ap-northeast-1
- eu-central-1
- eu-west-1
- sa-east-1
### Cloud Deployment
To install the dependencies on OS X or Linux:
@ -84,10 +164,11 @@ sudo pip install -r requirements.txt
Open the file `config.cfg` in your favorite text editor. Specify the users you wish to create in the `users` list.
Start the deploy and follow the instructions:
Start the deploy with extra variables and tags that you need.
Example for DigitalOcean:
```
./algo
ansible-playbook deploy.yml -t digitalocean,vpn -e 'do_access_token=secret_token do_ssh_name=my_ssh_key do_server_name=algo.local do_region=ams2'
```
When the process is done, you can find `.mobileconfig` files and certificates in the `configs` directory. Send the `.mobileconfig` profile to users with Apple devices. Note that profile installation is supported over AirDrop. Do not send the mobileconfig file over plaintext (e.g., e-mail) since it contains the keys to access the VPN. For those using other clients, like Windows or Android, securely send them the X.509 certificates for the server and their user.