Hooks catch-up

2023-11-30 02:44:01 -06:00 · 2023-11-30 02:44:01 -06:00 · 8392a3fe46
commit 8392a3fe46
parent 63a43c6f0e
7 changed files with 83 additions and 13 deletions
--- a/.gitignore
+++ b/.gitignore
@ -10,6 +10,7 @@ venv/**
 **/pkg/**
 **/src/**
 **pkg.tar.zst
+wiki/**

 # ---> Python
 # Byte-compiled / optimized / DLL files
--- a/16
+++ b/16
@ -9,23 +9,23 @@ install: clean compile
 	for opt in ${optlist}; do cp -pr $$opt ${pkgdir}/opt/aninix/${pkgdirname}/${opt}; done
 	make checkperm

-test: compile
-	#python3 -m pytest
-
 clean: 
 	git clean -fdX

 uninstall:
 	rm -Rf ${pkgdir}/opt/aninix/${pkgdirname}/

+test: compile
+	#python3 -m pytest
+
+checkperm:
+	chown -R root: ${pkgdir}/opt/aninix/${pkgdirname}/
+	chmod 0755 ${pkgdir}/opt/aninix/${pkgdirname}/
+	chmod -R a+r ${pkgdir}/opt/aninix/${pkgdirname}/
+
 diff: 
 	@echo Nothing to do.
 	for opt in ${optlist}; do diff -r ${pkgdir}/opt/aninix/${pkgdirname}/${opt} $$opt; done

 reverse: 
 	for opt in ${optlist}; do rsync -avzlp ${pkgdir}/opt/aninix/${pkgdirname}/${opt}/ $$opt; done
-
-checkperm:
-	chown -R root: ${pkgdir}/opt/aninix/${pkgdirname}/
-	chmod 0755 ${pkgdir}/opt/aninix/${pkgdirname}/
-	chmod -R a+r ${pkgdir}/opt/aninix/${pkgdirname}/
--- a/README.md
+++ b/README.md
@ -1,8 +1,12 @@
-This project will discover and provide inventory intelligence to Sora, Shadowfeed, Geth, and Sharingan. It is named after the fictional Star Wars Imperial Intelligence organization that oversaw the various divisions of Intelligence and orchestrated their operations. 
+This project will discover and provide inventory intelligence to Sora, Shadowfeed, Geth, and Sharingan.

 *Note*: This project is in progress -- former Makefiles from [ConfigPackages](/AniNIX/ConfigPackages) are being upgraded into Ansible playbooks here.

-# How to use
+# Etymology
+
+It is named after the fictional Star Wars Imperial Intelligence organization that oversaw the various divisions of Intelligence and orchestrated their operations. Like its namesake, this project oversees the various tools within our ecosystem and enforces compliance with standards.
+
+# Relevant Files and Software

 This project expects that you use an Ansible vault for credentials. Create one and add this to your `.bashrc`.
 ```
@ -14,7 +18,7 @@ Take a look at `examples/msn0.yml` as an example inventory -- make sure you popu

 Once you have your vault and inventory, use [AniNIX/ShadowArch](/AniNIX/ShadowArch) with your hypervisor to provision the base image for your machines, or [Raspbian](https://www.raspberrypi.org/).

-Then, use the SSHkey playbook to copy your key and the deploy playbook to set things up.
+Then, use the SSH key playbook to copy your key and the deploy playbook to set things up.
 ```
 ansible-playbook -i your-inventory.yml playbooks/sshkey.yml
 ansible-playbook -i your-inventory.yml playbooks/deploy.yml
@ -26,7 +30,14 @@ We've also added two scripts in `./bin` to make your life easier:

 Happy hacking!

-# Exceptions
+## Exceptions

 Some services, such as AniNIX/Sharingan and AniNIX/Geth, store their configuration in internal datastructures and databases such that we cannot easily export our build for others to use. We will document what we have done for each of these as best we can in the README.md files for others to replicate. Backups of these services into AniNIX/Aether are therefore dumps of these databases and not available to share.

+# Available Clients
+
+This service is a management tool -- its files get used by the Ansible toolset. There are no clients to connect directly to this service, as we have chosen a serverless approach.
+
+# Equivalents or Competition
+
+This service is our elected Infrastructure-as-Code solution -- many professional tools like Ansible Tower, Terraform, etc. do the same thing. Some apps ship OVA's, or prebuilt images, of their software. Docker registries also serve as similar way to document the means by which services are built.
--- a/bin/generate-monitoring.py
+++ b/bin/generate-monitoring.py
@ -69,7 +69,7 @@ def GenerateFiles(file):
    # Add DNS entries for each host
    hosttype = 'managed'
    for hostclass in ['physical','virtual','geth_hubs']:
-        WriteMonitoringEntry(content,hosttype,hostclass)
+        #WriteMonitoringEntry(content,hosttype,hostclass)
        WriteSSHMonitoringEntry(content,hosttype,hostclass)
    hosttype = 'unmanaged'
    for hostclass in ['ovas','appliances']:
--- a/examples/msn0.yml
+++ b/examples/msn0.yml
@ -51,11 +51,27 @@ all:
                            sslidentity: aninix.net-0001
                            secdetection: true
                            iptv_location: "Milwaukee|Madison"
+                            aether_source: true
                        Node0:
                            ipinterface: enp1s0f0
                            ip: 10.0.1.4
                            mac: DE:8B:9E:19:55:1D
                            tap: true
+                        Node1:
+                            ipinterface: enp1s0f0
+                            ip: 10.0.1.5
+                            mac: B0:41:6F:0D:47:E1
+                            tap: true
+                        Node2:
+                            ipinterface: enp1s0f0
+                            ip: 10.0.1.7
+                            mac: B0:41:6F:0D:41:D1
+                            tap: true
+                        Node3:
+                            ipinterface: enp1s0f0
+                            ip: 10.0.1.8
+                            mac: B0:41:6F:0D:51:0E
+                            tap: true
                virtual: # 10.0.1.16/28
                    vars:
                    hosts:
@ -101,15 +117,18 @@ all:
                            ip: 10.0.1.32
                            mac: 84:16:F9:14:15:C5
                            rotate: 0
+                            remote: NS-RC4NA-14
                      Geth-Hub-2:
                            ip: 10.0.1.33
                            mac: 84:16:F9:13:B6:E6
                            motion_enabled: no
                            rotate: 180
+                            remote: NS-RC4NA-14
                      Geth-Hub-3:
                            ip: 10.0.1.34
                            mac: b8:27:eb:60:73:68
                            rotate: 90
+                            remote: LG-AKB73715608
        unmanaged:
            children:
                # Both OVA groups are in the same subnet -- test_ovas aren't monitored
--- a/playbooks/disable-archlinux-keyring-wkd-sync.yml
+++ b/playbooks/disable-archlinux-keyring-wkd-sync.yml
@ -0,0 +1,27 @@
+# This playbook disables the archlinux-keyring-wkd-sync.service and timer, because they tend to fail for bad reasons.
+#
+---
+
+ - hosts: managed
+   ignore_errors: true
+   gather_facts: true
+   become: yes
+
+   tasks:
+
+     - name: Disable services & timers
+       when: ansible_os_family == "Archlinux"
+       service:
+         name: "{{ item }}"
+         state: stopped
+         enabled: no
+       loop:
+         - archlinux-keyring-wkd-sync.timer
+         - archlinux-keyring-wkd-sync.service
+
+     - name: Reset failed
+       when: ansible_os_family == "Archlinux"
+       command: "systemctl reset-failed {{ item }}"
+       loop:
+         - archlinux-keyring-wkd-sync.timer
+         - archlinux-keyring-wkd-sync.service
--- a/playbooks/patching.yml
+++ b/playbooks/patching.yml
@ -7,6 +7,18 @@
 # - target: the host grouper in the inventory -- default: all
 #
 # Patch then restart a node
+#
+#
+- hosts: physical,virtual
+  order: sorted
+  serial: 4
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+  tasks:
+       - package:
+             name: archlinux-keyring
+             state: latest

 - hosts: virtual,geth-hubs
  order: sorted