From f9124abb6c69c6fdf6dabe0e604906293860d036 Mon Sep 17 00:00:00 2001 From: tanshu Date: Tue, 26 Apr 2022 09:03:10 +0530 Subject: [PATCH] Moved ssh and redis tunneling from knox to beacon --- deploy.sh | 14 +++++++--- docker/bake-pies.yml | 38 +++++++++++++------------- docker/files/gotthard.service | 16 ----------- docker/files/knox-redis-tunnel.service | 15 ---------- docker/vars/pies.yml | 2 +- 5 files changed, 30 insertions(+), 55 deletions(-) delete mode 100644 docker/files/gotthard.service delete mode 100644 docker/files/knox-redis-tunnel.service diff --git a/deploy.sh b/deploy.sh index c3c82dc..12c06b5 100755 --- a/deploy.sh +++ b/deploy.sh @@ -24,8 +24,14 @@ curl --silent 'https://git.tanshu.com/tanshu/barker/raw/tag/latest/barker/pyproj cd "$parent_path/docker/app" || exit docker build --tag barker:latest . +if [ 1 -eq "$#" ] +then + docker tag barker:latest "$1" +else + echo "No version bump" +fi cd "$parent_path/docker" || exit -docker save barker:latest | bzip2 | pv | ssh tanshu@knox.tanshu.com 'bunzip2 | sudo docker load' -ansible-playbook --limit=knox playbook-mhl.yml -ansible-playbook --limit=knox playbook-chd.yml -ansible-playbook --limit=knox playbook-pkl.yml +docker save barker:latest | bzip2 | pv | ssh tanshu@beacon.tanshu.com 'bunzip2 | sudo docker load' +ansible-playbook --limit=beacon playbook-mhl.yml +ansible-playbook --limit=beacon playbook-chd.yml +ansible-playbook --limit=beacon playbook-pkl.yml diff --git a/docker/bake-pies.yml b/docker/bake-pies.yml index 571f37b..bf0bf98 100755 --- a/docker/bake-pies.yml +++ b/docker/bake-pies.yml @@ -59,15 +59,15 @@ line: "{{ peitho_key }}" when: peithokey_test.stdout == "0" - - name: Check Knox public key - shell: "grep -c \"{{ knox_key }}\" /home/pi/.ssh/authorized_keys || true" - register: knoxkey_test + - name: Check Beacon public key + shell: "grep -c \"{{ beacon_key }}\" /home/pi/.ssh/authorized_keys || true" + register: beaconkey_test - name: Add Knox public key lineinfile: dest: /home/pi/.ssh/authorized_keys - line: "{{ knox_key }}" - when: knoxkey_test.stdout == "0" + line: "{{ beacon_key }}" + when: beaconkey_test.stdout == "0" - name: Check Buttercup public key shell: "grep -c \"{{ buttercup_key }}\" /home/pi/.ssh/authorized_keys || true" @@ -146,34 +146,34 @@ groups: lp append: yes - - name: install knox-redis-tunnel systemd unit file + - name: install beacon-redis-tunnel systemd unit file template: - src: "files/knox-redis-tunnel.service" - dest: "/etc/systemd/system/knox-redis-tunnel.service" + src: "files/beacon-redis-tunnel.service" + dest: "/etc/systemd/system/beacon-redis-tunnel.service" - - name: enable service knox-redis-tunnel and ensure it is not masked + - name: enable service beacon-redis-tunnel and ensure it is not masked systemd: - name: knox-redis-tunnel + name: beacon-redis-tunnel enabled: yes masked: no - - name: Make sure knox-redis-tunnel service is running + - name: Make sure beacon-redis-tunnel service is running systemd: state: started - name: knox-redis-tunnel + name: beacon-redis-tunnel - - name: install gotthard systemd unit file + - name: install leardal systemd unit file template: - src: "files/gotthard.service" - dest: "/etc/systemd/system/gotthard.service" + src: "files/leardal.service" + dest: "/etc/systemd/system/leardal.service" - - name: enable service gotthard and ensure it is not masked + - name: enable service leardal and ensure it is not masked systemd: - name: gotthard + name: leardal enabled: yes masked: no - - name: Make sure gotthard service is running + - name: Make sure leardal service is running systemd: state: started - name: gotthard + name: leardal diff --git a/docker/files/gotthard.service b/docker/files/gotthard.service deleted file mode 100644 index ef67dbe..0000000 --- a/docker/files/gotthard.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=Reverse SSH connection -After=network.target - -[Service] -Type=simple -User=pi - -ExecStart=/usr/bin/ssh -NTg -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -o ServerAliveCountMax=3 -o StrictHostKeyChecking=no -i /home/pi/.ssh/id_rsa -R {{ ssh_port }}:localhost:22 tanshu@knox.tanshu.com - -# Restart every >2 seconds to avoid StartLimitInterval failure -Restart=always -RestartSec=5s - -[Install] -WantedBy=default.target diff --git a/docker/files/knox-redis-tunnel.service b/docker/files/knox-redis-tunnel.service deleted file mode 100644 index 90d3402..0000000 --- a/docker/files/knox-redis-tunnel.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Keep ssh tunnel to specified remote host open -After=network.target - -[Service] -User=pi - -ExecStart=/usr/bin/ssh -NT -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -o ServerAliveCountMax=3 -o StrictHostKeyChecking=no -i /home/pi/.ssh/id_rsa -L 6379:localhost:6379 tanshu@knox.tanshu.com - -# Restart every >2 seconds to avoid StartLimitInterval failure -RestartSec=5 -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/docker/vars/pies.yml b/docker/vars/pies.yml index 09312d7..196a928 100644 --- a/docker/vars/pies.yml +++ b/docker/vars/pies.yml @@ -2,5 +2,5 @@ hostname: "pkl3" ssh_port: "22243" peitho_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCrT4geK0hUTc/3NDVt0g3DZwdOg2dRq4MbNdVvmRVsJHXRXWkyehzDVTRmxxmUvPZgy20QgLcMVJWQ1128ksg7tYNcVRw7/8kV9xMmVFeHGc03H+8WltUuDrbcM5ejaIFvYgZvZpl1A7uuE8VOT6Z0LentV7VSKpmhrRsnYw3+parmjCLWSoW6HLj6L841OlF+4u07fPj92qXonqufeWvh5Fr2RF+uBkDv3Bk+Lk7ENa0GLt9zu/5zVZGynXpCIRwltxCFkLoFYEzXYxT4jGWSxZQmLizm08RFfQGlrbYx/3qUomF/A7cgpkPo8kOq4iXtc+1+1GZNKhg8356yeQonUdbZ9hUfEfgyHRGRx9x5cq588XKYy7VsYDp/08ZYB0RvvGvO4fVzmVUwrTwxQXJaKkqTMdkee11JAaDfJpfsyrAcLiD/jp2ezoJhGWJxZLZQSMLtZcyRWPw6bPT65a8MdyF3b1Mv2aOU78Gjagh7mH8DCa3ZtPglngiwjKMZTMvSavNtDEE5CUL6hE+Hsqo6RUGRnYy3VvqvBepx3+CyTwYNvg2+AuzacKjumhrxG5Ca0gyxFdHVSK0eFqsVotU7/m8yJUxSYzsyeEC/sELpj3H3JU1aaySCnW22T6b/8Fwe2Sj0YHIvNidN1K5/voxqd9WgNObdcvbOXNUfd4vAdQ== 2020.05.26 peitho" -knox_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCx0VJ05IOFNJbXNZANk5JPZEaqZH5PwdpmfvLvEmOBpc/nAggukElAmzIUXxomIHNiomwCz2vdTR3iNR5wRpaQW0KpJ+bi2ErDG7DoXLozHh98UOZOnG9uSAZh5v+2n9gtQM4qKHgtoarKFF7PZXB8u7ROLOnY6eLXFjvS6j0tYgPbn0i2ULRTzgC3pnK5GlJ/m5yqk3poArfXTn0vO/HMnLdMXVY9AFBGNEO4C6uvtTYzLbFj8ymPXf7oDyFwEujaRoc1/ns+9s3dPE3EMYWGu0mMwRZTUOIC2Rbix7U3bVuU4UJHPCMxDYXH9CAvM/KpKSVNswfO414lpvKsS1P6co00pYhUr+pYGA0ur2ixOnuXbz9zIWh9KnUvenKwXSYgentsmTp+ylAchPULgf+bLI9SIPaac5TwEn8Njx/APtEiu+Z8xxIWL4LrDufcLLlTvXuTZzlsNE8ipOjpE1kCAjmyrl6d/Umfm2Vbp3laJYSSirRp8uMoPcDwVvPOZ0s= tanshu@knox 2020.12.07" +beacon_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwNa8o0lCTdHOWJ09lNuvZr+mZmsynggJuBTe4CPYXqAdx3iVFGWHlJ9xmcEqZQwDxTh/Aw0Dgf0knZGLHqQE3LDTjIajbJNCFY04Uo5ZHAUE74uRaQ0EDwGzU/VDRiWdzmnAhZ6kZ46S4hSaIzDFyX15Mo1ao/buAuu9N+cCTj/fvyg/7THeSBo5dQPmH+NQulcrbluhafGIJLowTOsn6h/LJ3NAKlM2HpDuIV0Ttmo/D/xQ5pOSj5/87Dh6rhKwfCgIQsH5rf9kYp2IMKwrF+hMLo+qmKr6kqq8wLmnGShcTcOcAMyKn+AX4tLvkgJ8Q1+ucE9v4AZXbEHVEhPZnQSO/dco02+qF+nlTep/zqqMqe2ys3Rrqa5rnKTNz4LV9/W/oNfatU54kNZR1MC3q5EbVIhk3qIkmBak50lhh2oDs8hb9srRxRyXUg9C+dA6IKQ21FwCOn4G+fLAZdqDgVod6LXdNE7uEx6weRhN1EdpyfOO0jXPjcO3sT4T9ty1LP9RLm/W4j4doqMP7NRpyZoRZUdDGRnwCT6Er+d3dIQdll4nKikrkPTx6HTnPWCq5JpUjJ4YonWxCkWw19CDSXPHEQHp25buAX7smussfhrOXWFb65t2ft3vbVuTVR16gbwAI4A/iKvktKbQuo36/QhCcR2bE0/mOas1Dm/sM9w== tanshu@beacon 2022.01.03" buttercup_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfXd0bEU7vJFA+IA+Bdwfh/hTqSvi3JjPhHGxBr0i8/HgE4cww89GqNgY21vjxWgOv9BgBBhKndVTOzeY3FKI5p67JRvMoRSQAzFXBtiMCIHbtFqeWV7u0smcHT59c6ROAk8Gep8+XSRKHvN0Vwcm21BZBh8jb4PXG7AIXwlL1ovopgIzO50qg1a5sAIW8uTWMLHDGiOdgwet1qj55sYoO1XxPRJxk/aD9QVTYl1/wGo912bI/HN7z6DudqLVaZubJXF9Svsas8BO28h9Qn+IH4/mVqeB56AE3NrrCEsCyMFccZgG9YYIvGx8/OxWd0TjjqGq7P0SfuQ/xZGVBwFFJe8QC0Y8BZHyHx5fzSFxqZ756ue7BjHrdqS6HtCPZk9kQqo0xmGOum1WknonVT6to11mcsZE9lMeoLbpJnmNbKJp1YW1yTJJs8kB56BJQ8pRm4A+hbHjJPYScJVOf5aX39aDaszGBbqxCC525D6blQ9TGNBEY7xGzC00MORZ7FFlQI8Hu+uwmzcMNa5QWbKnFn/QwvnnpKi6inuZDQ7LZzSFjqZf/mF7BALYQ86Fj0oD2iJS6V03Mjqvc7L2rYEY60LZuhtx8h+T/KIvoNUemBr4OOgjdX3RQaeoI8pUbKr2cy9HALiGtt4sCuM9dLL6jTKpVBxks7rv1CvYqqE8/tw== tanshu@buttercup 2020.05.26"