Add known_hosts creation, minor fixes

Federico Ceratto · Federico Ceratto · commit 9bb02b6b5621 · 2019-11-27T13:11:34.000Z
diff --git a/ansible/inventory b/ansible/inventory
@@ -201,9 +201,6 @@ staticiforme.torproject.org       # tor LDAP
 [no_nodeexp:children]
 no_passwd # no passwd => no nodeexp user ;-)
 
-[fastpath]
-fastpath.ooni.nu
-
 ########################################################################
 # TO DELETE.
 # Stopped VMs that should be deleted from GH and DNS after some grace period:
diff --git a/ansible/roles/fastpath/tasks/main.yml b/ansible/roles/fastpath/tasks/main.yml
@@ -11,27 +11,34 @@
 # Usage: place the .deb file in files/
 #        update the version number as needed
 
-- name: copy fastpath .deb package
-  copy:
-    src: files/fastpath_0.1_all.deb
-    dest: /root/
-    owner: root
-    group: root
-    mode: '0644'
-
-# Leave a copy of the .deb in /root as an emergency backup for rollbacks
+#- name: pull fastpath .deb package
+#  copy:
+#    src: files/fastpath_0.1_all.deb
+#    dest: /root/
+#    owner: root
+#    group: root
+#    mode: '0644'
 
-- name: install .deb using dpkg
-  apt:
-    deb: '{{ item }}'
-    state: present
-  with_items:
-    - /root/fastpath_0.1_all.deb
+#- name: install .deb using dpkg
+#  apt:
+#    deb: '{{ item }}'
+#    state: present
+#  with_items:
+#    - /root/fastpath_0.1_all.deb
 
-- name: generate fastpath.conf file with collectors
+- name: generate fastpath.conf file with active collectors names in it
   template:
     owner: "root"
     group: "root"
     mode: '0644'
     src: "fastpath.conf.j2"
     dest: "/etc/fastpath.conf"
+
+- name: fill active collectors SSH pubkeys into fastpath's known_hosts
+  template:
+    owner: "fastpath"
+    group: "fastpath"
+    mode: '0644'
+    src: "known_collectors"
+    dest: /var/lib/fastpath/ssh/known_hosts
+
diff --git a/ansible/roles/fastpath/templates/fastpath.conf.j2 b/ansible/roles/fastpath/templates/fastpath.conf.j2
@@ -1,7 +1,7 @@
-# Deployed by ansible
+# Deployed by https://github.com/ooni/sysadmin/blob/master/ansible/roles/fastpath
 # deploy-fastpath.yml
 # roles/fastpath/tasks/main.yml
 # roles/fastpath/templates/fastpath.conf.j2
 
 [DEFAULT]
-collectors = {{ groups['have_collector'] | join(' ') }}
+collectors = {{ groups['active_collector'] | join(' ') }}
diff --git a/ansible/roles/fastpath/templates/known_collectors b/ansible/roles/fastpath/templates/known_collectors
@@ -0,0 +1,4 @@
+# Deployed by https://github.com/ooni/sysadmin/blob/master/ansible/roles/fastpath/templates/known_collectors
+{% for host in groups.active_collector %}
+{{ lookup('pipe', 'grep -F -e {}, {}/../ext/known_hosts'.format(host, inventory_dir)) }}
+{% endfor %}
diff --git a/ansible/roles/ooni-collector/tasks/main.yml b/ansible/roles/ooni-collector/tasks/main.yml
@@ -151,9 +151,11 @@
     shell: /bin/bash
     home: "/home/sshfeeder"
     system: no
+  tags: collector_ssh
 
 - name: Set authorized key for sshfeeder
   authorized_key:
     user: sshfeeder
     state: present
     key: "{{ sshfeeder_key }}"
+  tags: collector_ssh
