wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-08-02 19:03:04 +02:00
Code Issues Projects Releases Wiki Activity

Install cloud requirements to the existing venv

Browse source
This commit is contained in:
Jack Ivanov 2019-08-22 20:33:56 +02:00
parent 3225cf34c4
commit fa8a7ac5c4
21 changed files with 183 additions and 255 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
config.cfg
View file

@ -18,9 +18,6 @@ pki_in_tmpfs: true
# If True re-init all existing certificates. Boolean # If True re-init all existing certificates. Boolean
keys_clean_all: False keys_clean_all: False
# Clean up cloud python environments
clean_environment: false
# Deploy StrongSwan to enable IPsec support # Deploy StrongSwan to enable IPsec support
ipsec_enabled: true ipsec_enabled: true

1
roles/cloud-azure/defaults/main.yml
View file

@ -1,5 +1,4 @@
--- ---
azure_venv: "{{ playbook_dir }}/configs/.venvs/azure"
_azure_regions: > _azure_regions: >
[ [
{ {

11
roles/cloud-azure/tasks/main.yml
View file

@ -2,17 +2,16 @@
- name: Build python virtual environment - name: Build python virtual environment
import_tasks: venv.yml import_tasks: venv.yml
- block: - name: Include prompts
- name: Include prompts
import_tasks: prompts.yml import_tasks: prompts.yml
- set_fact: - set_fact:
algo_region: >- algo_region: >-
{% if region is defined %}{{ region }} {% if region is defined %}{{ region }}
{%- elif _algo_region.user_input %}{{ azure_regions[_algo_region.user_input | int -1 ]['name'] }} {%- elif _algo_region.user_input %}{{ azure_regions[_algo_region.user_input | int -1 ]['name'] }}
{%- else %}{{ azure_regions[default_region | int - 1]['name'] }}{% endif %} {%- else %}{{ azure_regions[default_region | int - 1]['name'] }}{% endif %}
- name: Create AlgoVPN Server - name: Create AlgoVPN Server
azure_rm_deployment: azure_rm_deployment:
state: present state: present
deployment_name: "{{ algo_server_name }}" deployment_name: "{{ algo_server_name }}"
@ -34,8 +33,6 @@
value: "{{ cloud_providers.azure.image }}" value: "{{ cloud_providers.azure.image }}"
register: azure_rm_deployment register: azure_rm_deployment
- set_fact: - set_fact:
cloud_instance_ip: "{{ azure_rm_deployment.deployment.outputs.publicIPAddresses.value }}" cloud_instance_ip: "{{ azure_rm_deployment.deployment.outputs.publicIPAddresses.value }}"
ansible_ssh_user: ubuntu ansible_ssh_user: ubuntu
environment:
PYTHONPATH: "{{ azure_venv }}/lib/python2.7/site-packages/"

9
roles/cloud-azure/tasks/venv.yml
View file

@ -1,10 +1,4 @@
--- ---
- name: Clean up the environment
file:
dest: "{{ azure_venv }}"
state: absent
when: clean_environment
- name: Install requirements - name: Install requirements
pip: pip:
name: name:
@ -45,5 +39,4 @@
- azure-mgmt-devtestlabs==3.0.0 - azure-mgmt-devtestlabs==3.0.0
- azure-mgmt-loganalytics==0.2.0 - azure-mgmt-loganalytics==0.2.0
state: latest state: latest
virtualenv: "{{ azure_venv }}" virtualenv_python: python3
virtualenv_python: python2.7

2
roles/cloud-cloudstack/defaults/main.yml
View file

@ -1,2 +0,0 @@
---
cloudstack_venv: "{{ playbook_dir }}/configs/.venvs/cloudstack"

1
roles/cloud-cloudstack/tasks/main.yml
View file

@ -60,7 +60,6 @@
cloud_instance_ip: "{{ cs_server.default_ip }}" cloud_instance_ip: "{{ cs_server.default_ip }}"
ansible_ssh_user: ubuntu ansible_ssh_user: ubuntu
environment: environment:
PYTHONPATH: "{{ cloudstack_venv }}/lib/python2.7/site-packages/"
CLOUDSTACK_CONFIG: "{{ algo_cs_config }}" CLOUDSTACK_CONFIG: "{{ algo_cs_config }}"
CLOUDSTACK_REGION: "{{ algo_cs_region }}" CLOUDSTACK_REGION: "{{ algo_cs_region }}"

9
roles/cloud-cloudstack/tasks/venv.yml
View file

@ -1,15 +1,8 @@
--- ---
- name: Clean up the environment
file:
dest: "{{ cloudstack_venv }}"
state: absent
when: clean_environment
- name: Install requirements - name: Install requirements
pip: pip:
name: name:
- cs - cs
- sshpubkeys - sshpubkeys
state: latest state: latest
virtualenv: "{{ cloudstack_venv }}" virtualenv_python: python3
virtualenv_python: python2.7

1
roles/cloud-ec2/defaults/main.yml
View file

@ -4,5 +4,4 @@ encrypted: "{{ cloud_providers.ec2.encrypted }}"
ec2_vpc_nets: ec2_vpc_nets:
cidr_block: 172.16.0.0/16 cidr_block: 172.16.0.0/16
subnet_cidr: 172.16.254.0/23 subnet_cidr: 172.16.254.0/23
ec2_venv: "{{ playbook_dir }}/configs/.venvs/aws"
existing_eip: "" existing_eip: ""

15
roles/cloud-ec2/tasks/main.yml
View file

@ -2,11 +2,10 @@
- name: Build python virtual environment - name: Build python virtual environment
import_tasks: venv.yml import_tasks: venv.yml
- block: - name: Include prompts
- name: Include prompts
import_tasks: prompts.yml import_tasks: prompts.yml
- name: Locate official AMI for region - name: Locate official AMI for region
ec2_ami_facts: ec2_ami_facts:
aws_access_key: "{{ access_key }}" aws_access_key: "{{ access_key }}"
aws_secret_key: "{{ secret_key }}" aws_secret_key: "{{ secret_key }}"
@ -16,21 +15,19 @@
name: "ubuntu/images/hvm-ssd/{{ cloud_providers.ec2.image.name }}-amd64-server-*" name: "ubuntu/images/hvm-ssd/{{ cloud_providers.ec2.image.name }}-amd64-server-*"
register: ami_search register: ami_search
- import_tasks: encrypt_image.yml - import_tasks: encrypt_image.yml
when: encrypted when: encrypted
- name: Set the ami id as a fact - name: Set the ami id as a fact
set_fact: set_fact:
ami_image: >- ami_image: >-
{% if ami_search_encrypted.image_id is defined %}{{ ami_search_encrypted.image_id }} {% if ami_search_encrypted.image_id is defined %}{{ ami_search_encrypted.image_id }}
{%- elif search_crypt.images is defined and search_crypt.images|length >= 1 %}{{ (search_crypt.images | sort(attribute='creation_date') | last)['image_id'] }} {%- elif search_crypt.images is defined and search_crypt.images|length >= 1 %}{{ (search_crypt.images | sort(attribute='creation_date') | last)['image_id'] }}
{%- else %}{{ (ami_search.images | sort(attribute='creation_date') | last)['image_id'] }}{% endif %} {%- else %}{{ (ami_search.images | sort(attribute='creation_date') | last)['image_id'] }}{% endif %}
- name: Deploy the stack - name: Deploy the stack
import_tasks: cloudformation.yml import_tasks: cloudformation.yml
- set_fact: - set_fact:
cloud_instance_ip: "{{ stack.stack_outputs.ElasticIP }}" cloud_instance_ip: "{{ stack.stack_outputs.ElasticIP }}"
ansible_ssh_user: ubuntu ansible_ssh_user: ubuntu
environment:
PYTHONPATH: "{{ ec2_venv }}/lib/python2.7/site-packages/"

9
roles/cloud-ec2/tasks/venv.yml
View file

@ -1,15 +1,8 @@
--- ---
- name: Clean up the environment
file:
dest: "{{ ec2_venv }}"
state: absent
when: clean_environment
- name: Install requirements - name: Install requirements
pip: pip:
name: name:
- boto>=2.5 - boto>=2.5
- boto3 - boto3
state: latest state: latest
virtualenv: "{{ ec2_venv }}" virtualenv_python: python3
virtualenv_python: python2.7

2
roles/cloud-gce/defaults/main.yml
View file

@ -1,2 +0,0 @@
---
gce_venv: "{{ playbook_dir }}/configs/.venvs/gce"

1
roles/cloud-gce/tasks/venv.yml
View file

@ -5,3 +5,4 @@
- requests>=2.18.4 - requests>=2.18.4
- google-auth>=1.3.0 - google-auth>=1.3.0
state: latest state: latest
virtualenv_python: python3

2
roles/cloud-hetzner/defaults/main.yml
View file

@ -1,2 +0,0 @@
---
hetzner_venv: "{{ playbook_dir }}/configs/.venvs/hetzner"

11
roles/cloud-hetzner/tasks/main.yml
View file

@ -2,11 +2,10 @@
- name: Build python virtual environment - name: Build python virtual environment
import_tasks: venv.yml import_tasks: venv.yml
- block: - name: Include prompts
- name: Include prompts
import_tasks: prompts.yml import_tasks: prompts.yml
- name: Create an ssh key - name: Create an ssh key
hcloud_ssh_key: hcloud_ssh_key:
name: "algo-{{ 999999 | random(seed=lookup('file', SSH_keys.public)) }}" name: "algo-{{ 999999 | random(seed=lookup('file', SSH_keys.public)) }}"
public_key: "{{ lookup('file', SSH_keys.public) }}" public_key: "{{ lookup('file', SSH_keys.public) }}"
@ -14,7 +13,7 @@
api_token: "{{ algo_hcloud_token }}" api_token: "{{ algo_hcloud_token }}"
register: hcloud_ssh_key register: hcloud_ssh_key
- name: Create a server... - name: Create a server...
hcloud_server: hcloud_server:
name: "{{ algo_server_name }}" name: "{{ algo_server_name }}"
location: "{{ algo_hcloud_region }}" location: "{{ algo_hcloud_region }}"
@ -27,8 +26,6 @@
Environment: algo Environment: algo
register: hcloud_server register: hcloud_server
- set_fact: - set_fact:
cloud_instance_ip: "{{ hcloud_server.hcloud_server.ipv4_address }}" cloud_instance_ip: "{{ hcloud_server.hcloud_server.ipv4_address }}"
ansible_ssh_user: root ansible_ssh_user: root
environment:
PYTHONPATH: "{{ hetzner_venv }}/lib/python2.7/site-packages/"

9
roles/cloud-hetzner/tasks/venv.yml
View file

@ -1,14 +1,7 @@
--- ---
- name: Clean up the environment
file:
dest: "{{ hetzner_venv }}"
state: absent
when: clean_environment
- name: Install requirements - name: Install requirements
pip: pip:
name: name:
- hcloud - hcloud
state: latest state: latest
virtualenv: "{{ hetzner_venv }}" virtualenv_python: python3
virtualenv_python: python2.7

2
roles/cloud-lightsail/defaults/main.yml
View file

@ -1,2 +0,0 @@
---
lightsail_venv: "{{ playbook_dir }}/configs/.venvs/aws"

9
roles/cloud-lightsail/tasks/main.yml
View file

@ -2,11 +2,10 @@
- name: Build python virtual environment - name: Build python virtual environment
import_tasks: venv.yml import_tasks: venv.yml
- block: - name: Include prompts
- name: Include prompts
import_tasks: prompts.yml import_tasks: prompts.yml
- name: Create an instance - name: Create an instance
lightsail: lightsail:
aws_access_key: "{{ access_key }}" aws_access_key: "{{ access_key }}"
aws_secret_key: "{{ secret_key }}" aws_secret_key: "{{ secret_key }}"
@ -37,8 +36,6 @@
test test
register: algo_instance register: algo_instance
- set_fact: - set_fact:
cloud_instance_ip: "{{ algo_instance['instance']['public_ip_address'] }}" cloud_instance_ip: "{{ algo_instance['instance']['public_ip_address'] }}"
ansible_ssh_user: ubuntu ansible_ssh_user: ubuntu
environment:
PYTHONPATH: "{{ lightsail_venv }}/lib/python2.7/site-packages/"

9
roles/cloud-lightsail/tasks/venv.yml
View file

@ -1,15 +1,8 @@
--- ---
- name: Clean up the environment
file:
dest: "{{ lightsail_venv }}"
state: absent
when: clean_environment
- name: Install requirements - name: Install requirements
pip: pip:
name: name:
- boto>=2.5 - boto>=2.5
- boto3 - boto3
state: latest state: latest
virtualenv: "{{ lightsail_venv }}" virtualenv_python: python3
virtualenv_python: python2.7

2
roles/cloud-openstack/defaults/main.yml
View file

@ -1,2 +0,0 @@
---
openstack_venv: "{{ playbook_dir }}/configs/.venvs/openstack"

23
roles/cloud-openstack/tasks/main.yml
View file

@ -6,15 +6,14 @@
- name: Build python virtual environment - name: Build python virtual environment
import_tasks: venv.yml import_tasks: venv.yml
- block: - name: Security group created
- name: Security group created
os_security_group: os_security_group:
state: "{{ state|default('present') }}" state: "{{ state|default('present') }}"
name: "{{ algo_server_name }}-security_group" name: "{{ algo_server_name }}-security_group"
description: AlgoVPN security group description: AlgoVPN security group
register: os_security_group register: os_security_group
- name: Security rules created - name: Security rules created
os_security_group_rule: os_security_group_rule:
state: "{{ state|default('present') }}" state: "{{ state|default('present') }}"
security_group: "{{ os_security_group.id }}" security_group: "{{ os_security_group.id }}"
@ -29,25 +28,25 @@
- { proto: udp, port_min: 500, port_max: 500, range: 0.0.0.0/0 } - { proto: udp, port_min: 500, port_max: 500, range: 0.0.0.0/0 }
- { proto: udp, port_min: "{{ wireguard_port }}", port_max: "{{ wireguard_port }}", range: 0.0.0.0/0 } - { proto: udp, port_min: "{{ wireguard_port }}", port_max: "{{ wireguard_port }}", range: 0.0.0.0/0 }
- name: Keypair created - name: Keypair created
os_keypair: os_keypair:
state: "{{ state|default('present') }}" state: "{{ state|default('present') }}"
name: "{{ SSH_keys.comment|regex_replace('@', '_') }}" name: "{{ SSH_keys.comment|regex_replace('@', '_') }}"
public_key_file: "{{ SSH_keys.public }}" public_key_file: "{{ SSH_keys.public }}"
register: os_keypair register: os_keypair
- name: Gather facts about flavors - name: Gather facts about flavors
os_flavor_facts: os_flavor_facts:
ram: "{{ cloud_providers.openstack.flavor_ram }}" ram: "{{ cloud_providers.openstack.flavor_ram }}"
- name: Gather facts about images - name: Gather facts about images
os_image_facts: os_image_facts:
image: "{{ cloud_providers.openstack.image }}" image: "{{ cloud_providers.openstack.image }}"
- name: Gather facts about public networks - name: Gather facts about public networks
os_networks_facts: os_networks_facts:
- name: Set the network as a fact - name: Set the network as a fact
set_fact: set_fact:
public_network_id: "{{ item.id }}" public_network_id: "{{ item.id }}"
when: when:
@ -56,14 +55,14 @@
- item['status'] == 'ACTIVE' - item['status'] == 'ACTIVE'
with_items: "{{ openstack_networks }}" with_items: "{{ openstack_networks }}"
- name: Set facts - name: Set facts
set_fact: set_fact:
flavor_id: "{{ (openstack_flavors | sort(attribute='ram'))[0]['id'] }}" flavor_id: "{{ (openstack_flavors | sort(attribute='ram'))[0]['id'] }}"
image_id: "{{ openstack_image['id'] }}" image_id: "{{ openstack_image['id'] }}"
keypair_name: "{{ os_keypair.key.name }}" keypair_name: "{{ os_keypair.key.name }}"
security_group_name: "{{ os_security_group['secgroup']['name'] }}" security_group_name: "{{ os_security_group['secgroup']['name'] }}"
- name: Server created - name: Server created
os_server: os_server:
state: "{{ state|default('present') }}" state: "{{ state|default('present') }}"
name: "{{ algo_server_name }}" name: "{{ algo_server_name }}"
@ -75,8 +74,6 @@
- net-id: "{{ public_network_id }}" - net-id: "{{ public_network_id }}"
register: os_server register: os_server
- set_fact: - set_fact:
cloud_instance_ip: "{{ os_server['openstack']['public_v4'] }}" cloud_instance_ip: "{{ os_server['openstack']['public_v4'] }}"
ansible_ssh_user: ubuntu ansible_ssh_user: ubuntu
environment:
PYTHONPATH: "{{ openstack_venv }}/lib/python2.7/site-packages/"

9
roles/cloud-openstack/tasks/venv.yml
View file

@ -1,13 +1,6 @@
--- ---
- name: Clean up the environment
file:
dest: "{{ openstack_venv }}"
state: absent
when: clean_environment
- name: Install requirements - name: Install requirements
pip: pip:
name: shade name: shade
state: latest state: latest
virtualenv: "{{ openstack_venv }}" virtualenv_python: python3
virtualenv_python: python2.7