Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: make backend-hel functional as the test server #119

Merged
merged 27 commits into from
Jan 17, 2025
Merged

refactor: make backend-hel functional as the test server #119

Show file tree
Hide file tree
Changes from 16 commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
137ede2
cleanup: unrequired backend configs
DecFox Dec 7, 2024
7801981
feat: add db configuration for backend-hel
DecFox Dec 7, 2024
8f55d5d
refactor: remove hostname based if blocks
DecFox Dec 7, 2024
e86bb9c
set host vars from ansible vault
DecFox Dec 7, 2024
7ea5778
refactor: consolidate all conditionals to generic
DecFox Dec 7, 2024
118a3ab
refactor: configure ec2 machines from ansible
DecFox Dec 7, 2024
a6d6843
feat: init common module for ec2 machines
DecFox Dec 7, 2024
863ae72
refactor: move backendproxy to generic ec2 module
DecFox Dec 9, 2024
adf63e5
fix: cidr blocks arrays for ec2 module
DecFox Dec 10, 2024
3b7deeb
fix: eof errors
DecFox Dec 11, 2024
d2925ce
fix: more eof errors
DecFox Dec 11, 2024
b7ebb36
revert comments
DecFox Dec 11, 2024
cfb1049
remove db configs from host_vars
DecFox Dec 13, 2024
6c541be
refactor: changes to allow terraform to apply cleanly
DecFox Dec 18, 2024
01302a4
refactor: changes to allow terraform to apply cleanly
DecFox Dec 18, 2024
fe40deb
refactor: apply clickhouse proxy ansible configs
DecFox Dec 18, 2024
e4048a2
fix eof
DecFox Dec 18, 2024
093ce47
fix: eof errors
DecFox Dec 19, 2024
ddb8a74
refactor: make backend ansible role functional
DecFox Dec 20, 2024
0a3e400
Merge branch 'main' into refactor/backend-deployer
DecFox Dec 20, 2024
f51feb3
fix: add password file
DecFox Dec 20, 2024
f513265
fix(ooniapi): pass in clickhouse password without hashing
DecFox Jan 8, 2025
a5a853b
Merge branch 'main' into refactor/backend-deployer
DecFox Jan 8, 2025
c63d099
Merge branch 'main' into refactor/backend-deployer
DecFox Jan 14, 2025
5d92fd8
fix: ansible play script
DecFox Jan 15, 2025
5770bba
Merge branch 'main' into refactor/backend-deployer
DecFox Jan 17, 2025
10af729
remove data2 host from deployer
DecFox Jan 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions ansible/deploy-clickhouse-proxy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
- name: Deploy clickhouse proxy
hosts:
- clickhouseproxy.dev.ooni.io
become: true
roles:
- role: bootstrap
- role: nginx
tags: nginx
- role: clickhouse_proxy
vars:
clickhouse_url: "clickhouse3.prod.ooni.io"
clickhouse_port: 9000
2 changes: 1 addition & 1 deletion ansible/deploy-clickhouse.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
hosts:
- notebook.ooni.org
- data1.htz-fsn.prod.ooni.nu
#- data2.htz-fsn.prod.ooni.nu
- data2.htz-fsn.prod.ooni.nu
DecFox marked this conversation as resolved.
Show resolved Hide resolved
- data3.htz-fsn.prod.ooni.nu
become: true
tags:
Expand Down
39 changes: 39 additions & 0 deletions ansible/deploy-ooni-backend.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,42 @@
- role: ooni-backend
vars:
ssl_domain: backend-hel.ooni.org
collector_id: 2
clickhouse_url: "" # fetch from aws secrets
bucket_name: ooni-data-eu-fra-test
collectors:
- "backend-hel.ooni.org"
fastpath_version: 0.86~pr831-395
analysis_version: 1.12~pr836-413
deb_bucket_name: ooni-internal-deb
deb_server_name: deb-cli.ooni.org

# - hosts: backend-fsn.ooni.org
# roles:
# - role: bootstrap
# - role: base-backend
# - role: nftables
# - role: nginx
# tags: nginx
# vars:
# nginx_user: "www-data"
# - role: dehydrated
# tags: dehydrated
# expand: yes
# vars:
# ssl_domains:
# # with dehydrated the first entry is the cert FQDN
# # and the other ones are alternative names
# - "backend-hel.ooni.org"
# - role: ooni-backend
# vars:
# ssl_domain: backend-fsn.ooni.org
# collector_id: 1
# clickhouse_url: "" # fetch from aws secrets
# bucket_name: ooni-data-eu-fra
# collectors:
# - "backend-fsn.ooni.org"
# fastpath_version: 0.86~pr831-395
# analysis_version: 1.12~pr836-413
# deb_bucket_name: ooni.deb
# deb_server_name: deb.ooni.org
3 changes: 3 additions & 0 deletions ansible/deploy-tier0.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@
- name: Include ooni-backend playbook
ansible.builtin.import_playbook: deploy-ooni-backend.yml

- name: Include ooni-clickhouse-proxy playbook
ansible.builtin.import_playbook: deploy-clickhouse-proxy.yml

- name: Include clickhouse playbook
ansible.builtin.import_playbook: deploy-clickhouse.yml

Expand Down
2 changes: 2 additions & 0 deletions ansible/group_vars/clickhouse/vars.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ nftables_clickhouse_allow:
ip: 168.119.7.188
- fqdn: notebook.ooni.org
ip: 138.201.19.39
- fqdn: backend-hel.ooni.org
ip: 65.108.192.151
- fqdn: clickhouseproxy.dev.ooni.io
ip: "{{ lookup('dig', 'clickhouseproxy.dev.ooni.io/A') }}"

Expand Down
10 changes: 10 additions & 0 deletions ansible/host_vars/backend-fsn.ooni.org
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
s3_ooni_open_data_access_key: "{{ vault_s3_ooni_open_data_access_key }}"
amspg_ooni_org_onion_key: "{{ vault_amspg_ooni_org_onion_key }}"
jwt_encryption_key: "{{ vault_jwt_encryption_key }}"
account_id_hashing_key: "{{ vault_account_id_hashing_key }}"
github_token: "{{ vault_github_token }}"
mail_smtp_password: "{{ vault_mail_smtp_password }}"
base_url: "https://backend-fsn.ooni.org"
tor_targets: "{{ vault_tor_targets }}"
psiphon_config: "{{ vault_orchestra_psiphon_config_file_content }}"
digital_ocean_token: "{{ vault_digital_ocean_token }}"
8 changes: 8 additions & 0 deletions ansible/host_vars/backend-hel.ooni.org
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
s3_ooni_open_data_access_key: "{{ vault_s3_ooni_open_data_access_key }}"
jwt_encryption_key: "{{ vault_jwt_encryption_key }}"
account_id_hashing_key: "{{ vault_account_id_hashing_key }}"
github_token: "{{ vault_github_token }}"
mail_smtp_password: "{{ vault_mail_smtp_password }}"
base_url: "https://backend-hel.ooni.org"
tor_targets: "{{ vault_tor_targets }}"
psiphon_config: "{{ vault_orchestra_psiphon_config_file_content }}"
3 changes: 2 additions & 1 deletion ansible/host_vars/data3.htz-fsn.prod.ooni.nu
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
non_admin_usernames: [ ]
non_admin_usernames: []
clickhouse_base_path: /data/clickhouse

3 changes: 3 additions & 0 deletions ansible/inventory
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,6 @@ data3.htz-fsn.prod.ooni.nu

[ghs-ams]
openvpn-server1.ooni.io

[aws-proxy]
clickhouseproxy.dev.ooni.io
1 change: 1 addition & 0 deletions ansible/roles/bootstrap/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@

- name: install systemd-resolved
tags: resolved
ignore_errors: yes # some ubuntu hosts do not have the systemd-resolved package
ansible.builtin.apt:
install_recommends: no
cache_valid_time: 86400
Expand Down
15 changes: 15 additions & 0 deletions ansible/roles/clickhouse_proxy/handlers/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
- name: test nginx config
command: /usr/sbin/nginx -t -c /etc/nginx/nginx.conf
listen:
- restart nginx
- reload nginx

- name: restart nginx
service:
name: nginx
state: restarted

- name: reload nginx
service:
name: nginx
state: reloaded
20 changes: 20 additions & 0 deletions ansible/roles/clickhouse_proxy/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
- name: Create the modules-enabled directory if not exists
tags: webserv
ansible.builtin.file:
path: /etc/nginx/modules-enabled
state: directory
mode: 0755
owner: root
group: root

- name: Add stream nginx config
tags: webserv
template:
src: templates/99-stream.conf
dest: /etc/nginx/modules-enabled/99-stream.conf
mode: 0755
owner: root
notify:
- reload nginx
- restart nginx
13 changes: 13 additions & 0 deletions ansible/roles/clickhouse_proxy/templates/99-stream.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
stream {
upstream clickhouse_backend {
server {{ clickhouse_url }}:{{ clickhouse_port }};
}

server {
listen 9000;

proxy_pass clickhouse_backend;
}

error_log /var/log/nginx/error.log;
}
11 changes: 11 additions & 0 deletions ansible/roles/ooni-backend/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
ssl_domain: backend-hel.ooni.org
collector_id: 2
clickhouse_url: "" # fetch from aws secrets
bucket_name: ooni-data-eu-fra-test
collectors:
- "backend-hel.ooni.org"
fastpath_version: 0.86~pr831-395
analysis_version: 1.12~pr836-413
deb_bucket_name: ooni-internal-deb
deb_server_name: deb-ci.ooni.org
20 changes: 18 additions & 2 deletions ansible/roles/ooni-backend/handlers/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,22 @@
---
- name: reload nftables
tags: api, webserv
service: name=nftables state=reloaded

- name: restart clickhouse
service: name=clickhouse-server state=restarted
- name: test nginx config
command: nginx -t
listen:
- restart nginx
- reload nginx

- name: restart nginx
tags: webserv
service:
name: nginx
state: restarted

- name: reload nginx
tags: api, deb_ooni, webserv
service:
name: nginx
state: reloaded
Loading
Loading