Opened 5 years ago

Closed 5 years ago

#12769 closed enhancement (fixed)

Make ansible deployment script for bridge reachability probes on debian stable

Reported by: hellais Owned by: dawuud
Priority: Medium Milestone:
Component: Archived/Ooni Version:
Severity: Keywords:
Cc: dstainton415@… Actual Points:
Parent ID: #12544 Points:
Reviewer: Sponsor:

Description

This is similar to #12550, but instead of having to compile an up to date python since the one running on planet-lab is out of date, we just need to install packages via apt-get.

The core of this script will be setting up monitoring on the machine (#12549) and a cronjob for running the bridge reachability measurements at a given interval.

Child Tickets

Change History (7)

comment:1 Changed 5 years ago by dawuud

Owner: changed from hellais to dawuud
Status: newassigned

Hi! I'd like to help out with this ticket.
Out of the 3 tasks you mention I'll do the first one first:

  1. install ooni probe from deb packages

I was wondering...
Shall I create a github repo or do you have something you'd rather I use for the OONI ansible stuff I'm about to write?

comment:2 Changed 5 years ago by dawuud

Cc: dstainton415@… added

comment:3 Changed 5 years ago by dawuud

OK... I wrote a very basic ansible role and playbook:
https://github.com/david415/ansible-ooniprobe

This works in Debian wheezy: it sets up backports and then installs ooniprobe.
I'd like to add more features to this just as soon as I learn what is needed.

Now let's talk about the cronjob which does the bridge reachability tests...
Which commands would this run?
Do you have a suite of tests specified somewhere?

comment:4 in reply to:  3 Changed 5 years ago by hellais

Replying to dawuud:

OK... I wrote a very basic ansible role and playbook:
https://github.com/david415/ansible-ooniprobe

Very nice!

This works in Debian wheezy: it sets up backports and then installs ooniprobe.
I'd like to add more features to this just as soon as I learn what is needed.

Now let's talk about the cronjob which does the bridge reachability tests...
Which commands would this run?

I would start with having it do what the planetlab deployment script used to do for setting up the cronjob.

You can see that here:
https://github.com/TheTorProject/ooni-probe/blob/master/scripts/install_on_planetlab.sh#L186

You probably also want to configure ooniprobe the way it is configured in that script.

Do you have a suite of tests specified somewhere?

By "suite of tests" you mean unittests? Those are part of ooni-probe and they can be run with trial. They are found in here: https://github.com/TheTorProject/ooni-probe/tree/master/ooni/tests

comment:5 Changed 5 years ago by dawuud

Bridge reachability tests is what i meant by suite of tests.
OK... I updated the ooniprobe role to optionally install the bridge reachability cronjob...
I've also updated the playbook to install tor via my tor-ansible role.

Let's look at an assumption my ooni bridge reachability playbook makes:

---
- hosts: ooni-bridge-probes
  roles:
    - { role: ansible-tor,
        tor_distribution_release: "wheezy",
        tor_ExitPolicy: "reject *:*",
        sudo: yes
      }
    - { role: ansible-ooniprobe,
        ooni_user: "human",
        ooni_home: "/home/human",
        ooni_start_tor: "false",
        ooni_cron_bridge_reachability: true,
        sudo: yes
      }

The assumption here is that the server has got a user called "human"...
Ansible needs a ssh login to all the machines it touches... so typically
I use the same user that Ansible logs in as.
However... do you want this ansible role create an ooni user?

What else is required of this ticket?

comment:6 Changed 5 years ago by dawuud

I think that we should try to deploy this on one or two machines...
Perhaps in doing so I will find something I've overlooked.

comment:7 Changed 5 years ago by hellais

Resolution: fixed
Status: assignedclosed

I have so far used this deployment script on 3-4 different deployments and it works quite well.

I am going to close this ticket and suggest we create new tickets when we want to add more functionality, but for the moment what is have is good enough.

Thanks for the ansible foo dawuud :)

Note: See TracTickets for help on using tickets.