Make ansible deployment script for bridge reachability probes on debian stable

This is similar to #12550 (closed), but instead of having to compile an up to date python since the one running on planet-lab is out of date, we just need to install packages via apt-get.

The core of this script will be setting up monitoring on the machine (#12549 (closed)) and a cronjob for running the bridge reachability measurements at a given interval.

added component::archived/ooni owner::dawuud parent::12544 priority::medium resolution::fixed status::closed type::enhancement labels

Hi! I'd like to help out with this ticket. Out of the 3 tasks you mention I'll do the first one first:

1. install ooni probe from deb packages

I was wondering... Shall I create a github repo or do you have something you'd rather I use for the OONI ansible stuff I'm about to write?

Trac:
Status: new to assigned
Owner: hellais to dawuud

Trac:
Cc: N/A to dstainton415@gmail.com

OK... I wrote a very basic ansible role and playbook: https://github.com/david415/ansible-ooniprobe

This works in Debian wheezy: it sets up backports and then installs ooniprobe. I'd like to add more features to this just as soon as I learn what is needed.

Now let's talk about the cronjob which does the bridge reachability tests... Which commands would this run? Do you have a suite of tests specified somewhere?

Replying to dawuud:

OK... I wrote a very basic ansible role and playbook: https://github.com/david415/ansible-ooniprobe

Very nice!

This works in Debian wheezy: it sets up backports and then installs ooniprobe. I'd like to add more features to this just as soon as I learn what is needed.

Now let's talk about the cronjob which does the bridge reachability tests... Which commands would this run?

I would start with having it do what the planetlab deployment script used to do for setting up the cronjob.

You can see that here: https://github.com/TheTorProject/ooni-probe/blob/master/scripts/install_on_planetlab.sh#L186

You probably also want to configure ooniprobe the way it is configured in that script.

Do you have a suite of tests specified somewhere?

By "suite of tests" you mean unittests? Those are part of ooni-probe and they can be run with trial. They are found in here: https://github.com/TheTorProject/ooni-probe/tree/master/ooni/tests

Bridge reachability tests is what i meant by suite of tests. OK... I updated the ooniprobe role to optionally install the bridge reachability cronjob... I've also updated the playbook to install tor via my tor-ansible role.

Let's look at an assumption my ooni bridge reachability playbook makes:

---
- hosts: ooni-bridge-probes
  roles:
    - { role: ansible-tor,
        tor_distribution_release: "wheezy",
        tor_ExitPolicy: "reject *:*",
        sudo: yes
      }
    - { role: ansible-ooniprobe,
        ooni_user: "human",
        ooni_home: "/home/human",
        ooni_start_tor: "false",
        ooni_cron_bridge_reachability: true,
        sudo: yes
      }

The assumption here is that the server has got a user called "human"... Ansible needs a ssh login to all the machines it touches... so typically I use the same user that Ansible logs in as. However... do you want this ansible role create an ooni user?

What else is required of this ticket?

I think that we should try to deploy this on one or two machines... Perhaps in doing so I will find something I've overlooked.

I have so far used this deployment script on 3-4 different deployments and it works quite well.

I am going to close this ticket and suggest we create new tickets when we want to add more functionality, but for the moment what is have is good enough.

Thanks for the ansible foo dawuud :)

Trac:
Resolution: N/A to fixed
Status: assigned to closed

closed