-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Write ansible role for ooni-collector #164
Conversation
@@ -0,0 +1,33 @@ | |||
--- | |||
|
|||
# FIXME: do we _really_ need nginx in front of the collector? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Question 1: do we really need nginx in front of the collector?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would remove it for the time being as we haven't tried the deployment this way and stuff may break.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree
- template: src=ngx-ooni-backend-web dest=/etc/nginx/sites-enabled/ooni-backend-web | ||
notify: reload nginx | ||
|
||
# FIXME what is this? Do we need this for the collector?! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Question 2 What is this? Is this the configuration of the container network? Is this something we need for deploying the ooni collector role or is that something we can skip in this context?
gateway: 172.25.232.1 | ||
|
||
# FIXME this is not the correct procedure to start it up | ||
# at the moment this is copied from ooni-measurements |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Figure out the correct procedure to start up oonib
@@ -0,0 +1,34 @@ | |||
# ansible-managed in ooni-sysadmin.git | |||
# FIXME: copied from ooni-measurements... wondering whether we need it... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- If we need nginx, figure out what to put inside here
# This is copied from the example configuration file of oonib and it is | ||
# adapted such that it only starts up a collector instance. | ||
|
||
main: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- TODO: all the variables listed in here should be defined somewhere
umask: null | ||
euid: {{ ooni_collector_euid }} | ||
uid: {{ ooni_collector_uid }} | ||
gid: {{ ooni_collector_gid }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- TODO: I would like the collector to run as a non privileged user
policy_file: {{ ooni_collector_policy_file }} # TODO: add to repo | ||
bouncer_file: {{ ooni_collector_bouncer_file }} # TODO: add to repo | ||
|
||
logfile: null # TODO: okay? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- FIXME: I guess we need logging
#- {type: tcp, port: 10080} | ||
#- {type: onion, hsdir: /tmp/bouncer} | ||
|
||
# TODO: I should probably teach nginx to route to these ports? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- TODO
|
||
collector_endpoints: | ||
- {type: tls, port: 11443, fullchain: {{ ooni_collector_tls_endpoint_fullchain }}, privkey: {{ ooni_collector_tls_endpoint_privkey }}} | ||
#- {type: tcp, port: 11080} # TODO: do we want to support this? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- TODO
# at the moment this is copied from ooni-measurements | ||
- name: ooni-backend webservice | ||
docker_container: | ||
image: openobservatory/ooni-measurements:{{ ooni_backend_tag }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so this is actually not the correct docker container in here, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, this is copied and pasted from the other file you gave me and needs updating.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(So, now we use docker images for services? I guess this would make things simpler a great deal, but it was not the case when I looked into proteus deployment, so I didn't understood this bit.)
Needed for: ooni/sysadmin#164
This breaks OONI Backend. See ooni/backend#111 and ooni/sysadmin#164.
This breaks OONI Backend. See ooni/backend#111 and ooni/sysadmin#164.
This breaks OONI Backend. See ooni/backend#111 and ooni/sysadmin#164.
This breaks OONI Backend. See ooni/backend#111 and ooni/sysadmin#164.
We should look into merging this into master by:
|
Added the
help wanted
flag because this is beyond my current understanding on ansible and I will proceed very slowly here unless someone helps me.Added the
high-priority
flag because this is blocking the mobile release.