Write ansible role for ooni-collector #164
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bassosimone
added
enhancement
help wanted
bassosimone
changed the title
bassosimone
commented
Sep 26, 2017
| @@ -0,0 +1,33 @@ | |||
| --- | |||
|
|
|||
| # FIXME: do we _really_ need nginx in front of the collector? | |||
There was a problem hiding this comment.
Question 1: do we really need nginx in front of the collector?
There was a problem hiding this comment.
I would remove it for the time being as we haven't tried the deployment this way and stuff may break.
bassosimone
commented
Sep 26, 2017
| - template: src=ngx-ooni-backend-web dest=/etc/nginx/sites-enabled/ooni-backend-web | ||
| notify: reload nginx | ||
|
|
||
| # FIXME what is this? Do we need this for the collector?! |
There was a problem hiding this comment.
Question 2 What is this? Is this the configuration of the container network? Is this something we need for deploying the ooni collector role or is that something we can skip in this context?
bassosimone
commented
Sep 26, 2017
| gateway: 172.25.232.1 | ||
|
|
||
| # FIXME this is not the correct procedure to start it up | ||
| # at the moment this is copied from ooni-measurements |
There was a problem hiding this comment.
- Figure out the correct procedure to start up oonib
bassosimone
commented
Sep 26, 2017
| @@ -0,0 +1,34 @@ | |||
| # ansible-managed in ooni-sysadmin.git | |||
| # FIXME: copied from ooni-measurements... wondering whether we need it... | |||
There was a problem hiding this comment.
- If we need nginx, figure out what to put inside here
bassosimone
commented
Sep 26, 2017
| # This is copied from the example configuration file of oonib and it is | ||
| # adapted such that it only starts up a collector instance. | ||
|
|
||
| main: |
There was a problem hiding this comment.
- TODO: all the variables listed in here should be defined somewhere
bassosimone
commented
Sep 26, 2017
| umask: null | ||
| euid: {{ ooni_collector_euid }} | ||
| uid: {{ ooni_collector_uid }} | ||
| gid: {{ ooni_collector_gid }} |
There was a problem hiding this comment.
- TODO: I would like the collector to run as a non privileged user
bassosimone
commented
Sep 26, 2017
| policy_file: {{ ooni_collector_policy_file }} # TODO: add to repo | ||
| bouncer_file: {{ ooni_collector_bouncer_file }} # TODO: add to repo | ||
|
|
||
| logfile: null # TODO: okay? |
There was a problem hiding this comment.
- FIXME: I guess we need logging
bassosimone
commented
Sep 26, 2017
| #- {type: tcp, port: 10080} | ||
| #- {type: onion, hsdir: /tmp/bouncer} | ||
|
|
||
| # TODO: I should probably teach nginx to route to these ports? |
bassosimone
commented
Sep 26, 2017
|
|
||
| collector_endpoints: | ||
| - {type: tls, port: 11443, fullchain: {{ ooni_collector_tls_endpoint_fullchain }}, privkey: {{ ooni_collector_tls_endpoint_privkey }}} | ||
| #- {type: tcp, port: 11080} # TODO: do we want to support this? |
hellais
reviewed
Sep 26, 2017
| # at the moment this is copied from ooni-measurements | ||
| - name: ooni-backend webservice | ||
| docker_container: | ||
| image: openobservatory/ooni-measurements:{{ ooni_backend_tag }} |
There was a problem hiding this comment.
so this is actually not the correct docker container in here, right?
There was a problem hiding this comment.
Yeah, this is copied and pasted from the other file you gave me and needs updating.
There was a problem hiding this comment.
(So, now we use docker images for services? I guess this would make things simpler a great deal, but it was not the case when I looked into proteus deployment, so I didn't understood this bit.)
hellais
added a commit
to ooni/backend
that referenced
this pull request
Sep 26, 2017
Needed for: ooni/sysadmin#164
bassosimone
added a commit
to ooni/probe-ios
that referenced
this pull request
Sep 26, 2017
This breaks OONI Backend. See ooni/backend#111 and ooni/sysadmin#164.
bassosimone
added a commit
to ooni/probe-android
that referenced
this pull request
Sep 26, 2017
This breaks OONI Backend. See ooni/backend#111 and ooni/sysadmin#164.
bassosimone
added a commit
to ooni/probe-android
that referenced
this pull request
Sep 26, 2017
This breaks OONI Backend. See ooni/backend#111 and ooni/sysadmin#164.
bassosimone
added a commit
to ooni/probe-ios
that referenced
this pull request
Sep 26, 2017
This breaks OONI Backend. See ooni/backend#111 and ooni/sysadmin#164.
|
We should look into merging this into master by:
|
hellais
added
testing required
and removed
enhancement
help wanted
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added the
help wantedflag because this is beyond my current understanding on ansible and I will proceed very slowly here unless someone helps me.Added the
high-priorityflag because this is blocking the mobile release.