Browse Source

threshold systemd service unit file

master
forest 2 years ago
parent
commit
8754d0cce4
  1. 14
      ansible-roles/threshold-client-config/tasks/main.yml
  2. 7
      ansible-roles/threshold-register-client-with-server/tasks/main.yml
  3. 14
      ansible-roles/threshold-server-config/tasks/main.yml
  4. 25
      ansible-roles/threshold/files/threshold.service
  5. 7
      ansible-roles/threshold/tasks/main.yml
  6. 1
      automation/patchGandi.go
  7. 15
      automation/terraformActions.go
  8. 11
      terraform-modules/ansible-threshold-client/playbook.yml

14
ansible-roles/threshold-client-config/tasks/main.yml

@ -6,6 +6,12 @@
group: threshold
mode: '0600'
- name: Set the systemd service unit file to client mode
replace:
path: /etc/systemd/system/threshold.service
regexp: '-mode THRESHOLD_MODE'
replace: '-mode client'
- name: install CA cert used to sign the server's key
copy:
src: '{{ domain }}_CA.crt'
@ -28,4 +34,10 @@
dest: '/opt/threshold/{{ clientId }}@{{ domain }}.key'
owner: threshold
group: threshold
mode: '0600'
mode: '0600'
- name: start the threshold service
systemd:
state: started
daemon_reload: yes
name: threshold

7
ansible-roles/threshold-register-client-with-server/tasks/main.yml

@ -4,4 +4,9 @@
dest: '/opt/threshold/{{ clientId }}_CA.crt'
owner: threshold
group: threshold
mode: '0600'
mode: '0600'
- name: restart the threshold service to pick up the new CA
systemd:
state: restarted
name: threshold

14
ansible-roles/threshold-server-config/tasks/main.yml

@ -7,6 +7,12 @@
group: threshold
mode: '0600'
- name: Set the systemd service unit file to client mode
replace:
path: /etc/systemd/system/threshold.service
regexp: '-mode THRESHOLD_MODE'
replace: '-mode server'
- name: install threshold server TLS certificate
copy:
src: '{{ domain }}.crt'
@ -21,4 +27,10 @@
dest: '/opt/threshold/{{ domain }}.key'
owner: threshold
group: threshold
mode: '0600'
mode: '0600'
- name: start the threshold service
systemd:
state: started
daemon_reload: yes
name: threshold

25
ansible-roles/threshold/files/threshold.service

@ -0,0 +1,25 @@
[Unit]
Description=Threshold TCP reverse tunnel for server.garden
After=network.target
[Service]
Type=simple
Restart=always
# wait at least 5 seconds before restarting if it crashes
RestartSec=5
# never give up on restarting this service if it crashes
StartLimitIntervalSec=0
WorkingDirectory=/opt/threshold
# THRESHOLD_MODE will be replaced by an ansible blockinfile
ExecStart=/opt/threshold/threshold -mode THRESHOLD_MODE -configFile /opt/threshold/config.json
User=threshold
Group=threshold
[Install]
WantedBy=multi-user.target

7
ansible-roles/threshold/tasks/main.yml

@ -54,3 +54,10 @@
path: '/tmp/threshold-{{ arch }}.tar.gz'
state: absent
- name: set owner, group and permissions on threshold binary
copy:
src: threshold.service
dest: /etc/systemd/system/threshold.service
owner: threshold
group: threshold
mode: '0755'

1
automation/patchGandi.go

@ -10,6 +10,7 @@ import (
"git.sequentialread.com/forest/rootsystem/configuration"
)
// https://api.gandi.net/docs/livedns/
type gandiLiveDNSRecord struct {
Name string `json:"rrset_name"`
Type string `json:"rrset_type"`

15
automation/terraformActions.go

@ -130,19 +130,8 @@ func TerraformPlanAndApply(
) (string, chan TerraformApplyResult, error) {
terraformDirectory := filepath.Join(workingDirectory, terraformProject)
// it looks like it might be safer to simply init every time. So skipping alreadyHasTerraformCacheDirectory.
// alreadyHasTerraformCacheDirectory := false
// terraformFileInfos, err := ioutil.ReadDir(terraformDirectory)
// if err != nil {
// return nil, errors.Wrapf(err, "can't GenerateTerraformPlan because can't ioutil.ReadDir(\"%s\")", terraformDirectory)
// }
// for _, fileInfo := range terraformFileInfos {
// if fileInfo.IsDir() && fileInfo.Name() == ".terraform" {
// alreadyHasTerraformCacheDirectory = true
// }
// }
// Under normal conditions you would not init every time. But I ran into some issues and decided doing this
// every time was the best course of action.
exitCode, initStdout, initStderr, err := shellExec(terraformDirectory, "terraform", "init")
err = errorFromShellExecResult("terraform init", exitCode, initStdout, initStderr, err)
if err != nil {

11
terraform-modules/ansible-threshold-client/playbook.yml

@ -1,11 +1,14 @@
---
- name: add this client's keys to the threshold server
hosts: all
gather_facts: no
roles:
- threshold-register-client-with-server
- name: install threshold in client mode on localhost
hosts: localhost
gather_facts: no
roles:
- threshold
- threshold-client-config
- name: add this client's keys to the threshold server
hosts: all
roles:
- threshold-register-client-with-server
Loading…
Cancel
Save