wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-06-05 22:54:01 +02:00
Code Issues Projects Releases Wiki Activity

Ubuntu1804 (#925)

Browse source 
- Fixes #897 #944 #956

Work in progress. Lightsail is not ready for Ubuntu 18.04 yet

- [x] DigitalOcean
~~- [ ] Amazon Lightsail~~
- [x] Amazon EC2
- [x] Microsoft Azure
- [x] Google Compute Engine
- [x] Scaleway
- [x] OpenStack (DreamCompute optimised)
This commit is contained in:
Jack Ivanov 2018-05-24 17:08:14 +03:00 committed by Dan Guido
parent d9dc68164f
commit d27b849f24
14 changed files with 91 additions and 101 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.travis.yml
View file

@ -35,13 +35,12 @@ cache:
before_cache:
- mkdir $HOME/lxc
- sudo tar cf $HOME/lxc/cache.tar /var/cache/lxc/
- sudo tar cf $HOME/lxc/cache.tar /var/lib/lxd/images/
- sudo chown $USER. $HOME/lxc/cache.tar
env:
- LXC_NAME=ubuntu1604 LXC_DISTRO=ubuntu LXC_RELEASE=xenial
- LXC_NAME=ubuntu1710 LXC_DISTRO=ubuntu LXC_RELEASE=artful
- LXC_NAME=docker LXC_DISTRO=ubuntu LXC_RELEASE=artful
- LXC_NAME=ubuntu1804 LXC_DISTRO=ubuntu LXC_RELEASE=18.04
- LXC_NAME=docker LXC_DISTRO=ubuntu LXC_RELEASE=18.04
before_install:
- test "${LXC_NAME}" != "docker" || docker build -t travis/algo .

34
algo
View file

@ -211,7 +211,7 @@ Name the vpn server:
10. Singapore
11. Toronto
12. Bangalore
Enter the number of your desired region:
[7]: " -r region
region=${region:-7}
@ -273,7 +273,7 @@ Name the vpn server:
14. ap-southeast-2 Asia Pacific (Sydney)
15. ap-south-1 Asia Pacific (Mumbai)
16. sa-east-1 South America (São Paulo)
Enter the number of your desired region:
[1]: " -r aws_region
aws_region=${aws_region:-1}
@ -335,7 +335,7 @@ Name the vpn server:
10. eu-central-1 EU (Frankfurt)
11. eu-west-1 EU (Ireland)
12. eu-west-2 EU (London)
Enter the number of your desired region:
[1]: " -r algo_region
algo_region=${algo_region:-1}
@ -471,7 +471,7 @@ Name the vpn server:
44. Australia (Sydney A)
45. Australia (Sydney B)
46. Australia (Sydney C)
Please choose the number of your zone. Press enter for default (#20) zone.
[20]: " -r region
region=${region:-20}
@ -575,13 +575,12 @@ algo_provisioning () {
echo -n "
What provider would you like to use?
1. DigitalOcean
2. Amazon Lightsail
3. Amazon EC2
4. Microsoft Azure
5. Google Compute Engine
6. Scaleway
7. OpenStack (DreamCompute optimised)
8. Install to existing Ubuntu 16.04 server (Advanced)
2. Amazon EC2
3. Microsoft Azure
4. Google Compute Engine
5. Scaleway
6. OpenStack (DreamCompute optimised)
7. Install to existing Ubuntu 16.04 server (Advanced)
Enter the number of your desired provider
: "
@ -590,13 +589,12 @@ Enter the number of your desired provider
case "$N" in
1) digitalocean; ;;
2) lightsail; ;;
3) ec2; ;;
4) azure; ;;
5) gce; ;;
6) scaleway; ;;
7) openstack; ;;
8) non_cloud; ;;
2) ec2; ;;
3) azure; ;;
4) gce; ;;
5) scaleway; ;;
6) openstack; ;;
7) non_cloud; ;;
*) exit 1 ;;
esac

14
config.cfg
View file

@ -80,29 +80,29 @@ cloud_providers:
image:
offer: UbuntuServer
publisher: Canonical
sku: '16.04-LTS' # 16.04-LTS / 17.04
sku: '18.04-LTS'
version: latest
digitalocean:
size: s-1vcpu-1gb
image: "ubuntu-16-04-x64" # ubuntu-16-04-x64 / ubuntu-17-10-x64
image: "ubuntu-18-04-x64"
ec2:
size: t2.micro
image:
name: "ubuntu-xenial-16.04" # ubuntu-xenial-16.04 / ubuntu-zesty-17.04
name: "ubuntu-bionic-18.04"
owner: "099720109477"
gce:
size: f1-micro
image: ubuntu-1604 # ubuntu-1604 / ubuntu-1704
image: ubuntu-1804
lightsail:
size: nano_1_0
image: ubuntu_16_04
scaleway:
size: VC1S
image: Ubuntu Xenial
size: START1-S
image: Ubuntu Bionic Beaver
arch: x86_64
openstack:
flavor_ram: ">=512"
image: Ubuntu-16.04
image: Ubuntu-18.04
local:
fail_hint:

1
deploy.yml
View file

@ -26,7 +26,6 @@
- { role: cloud-ec2, tags: ['ec2'] }
- { role: cloud-gce, tags: ['gce'] }
- { role: cloud-azure, tags: ['azure'] }
- { role: cloud-lightsail, tags: ['lightsail'] }
- { role: cloud-scaleway, tags: ['scaleway'] }
- { role: cloud-openstack, tags: ['openstack'] }
- { role: local, tags: ['local'] }

2
playbooks/common.yml
View file

@ -6,7 +6,7 @@
- name: Ubuntu pre-tasks
include_tasks: ubuntu.yml
when: '"Ubuntu" in OS.stdout'
when: '"Ubuntu" in OS.stdout or "Linux" in OS.stdout'
- name: FreeBSD pre-tasks
include_tasks: freebsd.yml

7
playbooks/ubuntu.yml
View file

@ -1,7 +1,12 @@
---
- name: Ubuntu | Install prerequisites
raw: sleep 10 && sudo apt-get update -qq && sudo apt-get install -qq -y python2.7
raw: "{{ item }}"
with_items:
- sleep 10
- apt-get update -qq
- apt-get install -qq -y python2.7 sudo
become: true
- name: Ubuntu | Configure defaults
raw: sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1

18
roles/cloud-ec2/files/stack.yml
View file

@ -147,11 +147,6 @@ Resources:
Metadata:
AWS::CloudFormation::Init:
config:
users:
ubuntu:
groups:
- "sudo"
homeDir: "/home/ubuntu/"
files:
/home/ubuntu/.ssh/authorized_keys:
content:
@ -173,18 +168,9 @@ Resources:
"Fn::Base64":
!Sub |
#!/bin/bash -xe
# http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-migrate-ipv6.html
# https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1013597
cat <<EOF > /etc/network/interfaces.d/60-default-with-ipv6.cfg
iface eth0 inet6 dhcp
up sysctl net.ipv6.conf.\$IFACE.accept_ra=2
pre-down ip link set dev \$IFACE up
EOF
ifdown eth0; ifup eth0
dhclient -6
apt-get update
apt-get -y install python-setuptools
easy_install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz
apt-get -y install python-pip
pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz
cfn-init -v --stack ${AWS::StackName} --resource EC2Instance --region ${AWS::Region}
cfn-signal -e $? --stack ${AWS::StackName} --resource EC2Instance --region ${AWS::Region}
Tags:

9
roles/cloud-scaleway/tasks/image_facts.yml Normal file
View file

@ -0,0 +1,9 @@
---
- name: Set image id as a fact
set_fact:
image_id: "{{ item.id }}"
no_log: true
when:
- cloud_providers.scaleway.image == item.name
- cloud_providers.scaleway.arch == item.arch
with_items: "{{ outer_item['json']['images'] }}"

24
roles/cloud-scaleway/tasks/main.yml
View file

@ -35,7 +35,7 @@
when: scaleway_organization == item.name
with_items: "{{ scaleway_organizations.json.organizations }}"
- name: Get images
- name: Get total count of images
uri:
url: "https://cp-{{ algo_region }}.scaleway.com/images"
method: GET
@ -43,16 +43,24 @@
Content-Type: 'application/json'
X-Auth-Token: "{{ scaleway_auth_token }}"
status_code: 200
register: scaleway_pages
- name: Get images
uri:
url: "https://cp-{{ algo_region }}.scaleway.com/images?per_page=100&page={{ item }}"
method: GET
headers:
Content-Type: 'application/json'
X-Auth-Token: "{{ scaleway_auth_token }}"
status_code: 200
register: scaleway_images
with_sequence: start=1 end={{ ((scaleway_pages.x_total_count|int / 100)| round )|int }}
- name: Set image id as a fact
set_fact:
image_id: "{{ item.id }}"
no_log: true
when:
- cloud_providers.scaleway.image in item.name
- cloud_providers.scaleway.arch == item.arch
with_items: "{{ scaleway_images.json.images }}"
include_tasks: image_facts.yml
with_items: "{{ scaleway_images['results'] }}"
loop_control:
loop_var: outer_item
- name: Create a server
uri:

7
roles/common/handlers/main.yml
View file

@ -7,8 +7,11 @@
- name: flush routing cache
shell: echo 1 > /proc/sys/net/ipv4/route/flush
- name: restart loopback
shell: ifdown lo:100 && ifup lo:100
- name: restart systemd-networkd
systemd:
name: systemd-networkd
state: restarted
daemon_reload: true
- name: restart loopback bsd
shell: >

33
roles/common/tasks/ubuntu.yml
View file

@ -48,34 +48,21 @@
tags:
- cloud
- name: Install system specific tools
package: name="{{ item }}" state=present
with_items:
- ifupdown
tags:
- always
- name: Ensure the interfaces directory exists
file:
path: /etc/network/interfaces.d/
state: directory
mode: 0755
owner: root
group: root
tags:
- always
- name: Loopback for services configured
template: src=10-loopback-services.cfg.j2 dest=/etc/network/interfaces.d/10-loopback-services.cfg
template:
src: 10-algo-lo100.network.j2
dest: /etc/systemd/network/10-algo-lo100.network
notify:
- restart loopback
- restart systemd-networkd
tags:
- always
- name: Loopback included into the network config
lineinfile: dest=/etc/network/interfaces line='source /etc/network/interfaces.d/10-loopback-services.cfg' state=present
notify:
- restart loopback
- name: systemd-networkd enabled and started
systemd:
name: systemd-networkd
state: started
enabled: true
daemon_reload: true
tags:
- always

7
roles/common/templates/10-algo-lo100.network.j2 Normal file
View file

@ -0,0 +1,7 @@
[Match]
Name=lo
[Network]
Label=lo:100
Address={{ local_service_ip }}/32
Address=FCAA::1/64

9
roles/common/templates/10-loopback-services.cfg.j2
View file

@ -1,9 +0,0 @@
auto lo:100
iface lo:100 inet static
address {{ local_service_ip }}
netmask 255.255.255.255
iface lo:100 inet6 static
address FCAA::1
netmask 64
autoconf 0

20
roles/dns_encryption/tasks/ubuntu.yml
View file

@ -35,14 +35,12 @@
owner: root
group: root
#- name: Ubuntu | Setup the cgroup limitations for dnscrypt-proxy
# copy:
# dest: /etc/systemd/system/dnscrypt-proxy.service.d/100-CustomLimitations.conf
# content: |
# [Service]
# MemoryLimit=16777216
# CPUAccounting=true
# CPUQuota=5%
# notify:
# - daemon-reload
# - restart dnscrypt-proxy
- name: Ubuntu | Add capabilities to bind ports
copy:
dest: /etc/systemd/system/dnscrypt-proxy.service.d/99-capabilities.conf
content: |
[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE
notify:
- daemon-reload
- restart dnscrypt-proxy