From 53e5d21c669ee741f8fe5adf0a3dc0839404fa57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arturo=20Filast=C3=B2?= Date: Wed, 24 Jul 2024 17:35:32 +0200 Subject: [PATCH 1/5] Start fleshing out the playbook for data.ooni.org --- ansible/inventory | 1 + ansible/playbook.yml | 7 ++ ansible/roles/clickhouse/tasks/main.yml | 1 - ansible/roles/jupyterhub/tasks/main.yml | 71 +++++++++++++++++++ .../jupyterhub/templates/jupyterhub_config.py | 1 + ansible/roles/jupyterhub/vars/main.yml | 6 ++ 6 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 ansible/roles/jupyterhub/tasks/main.yml create mode 100644 ansible/roles/jupyterhub/templates/jupyterhub_config.py create mode 100644 ansible/roles/jupyterhub/vars/main.yml diff --git a/ansible/inventory b/ansible/inventory index 8ce07dd8..095b296e 100644 --- a/ansible/inventory +++ b/ansible/inventory @@ -1,2 +1,3 @@ [all] monitoring.ooni.org +data.ooni.org diff --git a/ansible/playbook.yml b/ansible/playbook.yml index a8a65237..9620d746 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -20,3 +20,10 @@ - prometheus - prometheus_blackbox_exporter - prometheus_alertmanager + +- name: Deploy data.ooni.org host + hosts: data.ooni.org + become: yes + roles: + - clickhouse + - jupyterhub diff --git a/ansible/roles/clickhouse/tasks/main.yml b/ansible/roles/clickhouse/tasks/main.yml index 6680f947..ee7d90bb 100644 --- a/ansible/roles/clickhouse/tasks/main.yml +++ b/ansible/roles/clickhouse/tasks/main.yml @@ -71,4 +71,3 @@ mode: '0640' notify: - restart clickhouse-server - diff --git a/ansible/roles/jupyterhub/tasks/main.yml b/ansible/roles/jupyterhub/tasks/main.yml new file mode 100644 index 00000000..db03a4b5 --- /dev/null +++ b/ansible/roles/jupyterhub/tasks/main.yml @@ -0,0 +1,71 @@ +- name: Check if TLJH is installed + stat: + path: "{{ tljh_prefix }}" + register: tljh_directory + +- name: Install TLJH if not installed + block: + - name: Install required packages for TLJH + become: true + apt: + name: + - curl + - python3 + - python3-pip + - python3-dev + - python3-venv + - build-essential + - cifs-utils + state: latest + update_cache: yes + + - name: Download the TLJH installer + become: true + get_url: + url: "https://tljh.jupyter.org/bootstrap.py" + dest: "/tmp/tljh-bootstrap.py" + checksum: "sha256:2e20bf204c94e1b6eef31499c93f6a14324117deec2eb398a142cb14acbeedd1" + mode: 0700 + + - name: Run the TLJH installer + become: true + shell: | + python3 /tmp/tljh-bootstrap.py --admin {{ tljh_admin_user }}:{{ tljh_admin_password }} + + - name: Restart the JupyterHub service with daemon-reload + become: true + tags: + - config + systemd: + name: jupyterhub + state: restarted + enabled: yes + daemon_reload: yes + + - name: Configure Let's Encrypt email and domain + become: true + shell: | + tljh-config set https.enabled true + tljh-config set https.letsencrypt.email {{ letsencrypt_email }} + tljh-config add-item https.letsencrypt.domains {{ letsencrypt_domain }} + tljh-config reload proxy + vars: + letsencrypt_domain: "{{ inventory_hostname }}" + when: not tljh_directory.stat.exists + +- name: Copy the JupyterHub config + become: true + template: + src: jupyterhub_config.py + dest: "{{ jupyterhub_config_dest }}" + mode: preserve + +- name: Restart the JupyterHub service with daemon-reload + become: true + tags: + - config + systemd: + name: jupyterhub + state: restarted + enabled: yes + daemon_reload: yes diff --git a/ansible/roles/jupyterhub/templates/jupyterhub_config.py b/ansible/roles/jupyterhub/templates/jupyterhub_config.py new file mode 100644 index 00000000..654c8600 --- /dev/null +++ b/ansible/roles/jupyterhub/templates/jupyterhub_config.py @@ -0,0 +1 @@ +# c.Spawner.cmd = ['/srv/jupyterhub/conda/bin/jupyterhub-singleuser'] diff --git a/ansible/roles/jupyterhub/vars/main.yml b/ansible/roles/jupyterhub/vars/main.yml new file mode 100644 index 00000000..702f73ec --- /dev/null +++ b/ansible/roles/jupyterhub/vars/main.yml @@ -0,0 +1,6 @@ +letsencrypt_email: admin@openobservatory.org + +tljh_admin_user: admin +tljh_admin_pass: oonity! +tljh_prefix: /opt/tljh +jupyterhub_config_dest: /opt/tljh/config/jupyterhub_config.d/tljh.py From e470df439224b852002024fcd73b60390590f78b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arturo=20Filast=C3=B2?= Date: Thu, 25 Jul 2024 08:06:14 +0200 Subject: [PATCH 2/5] Improvements to the jupyterhub setup --- ansible/group_vars/jupyterhub/vars.yml | 29 +++++ ansible/inventory | 2 + ansible/playbook.yml | 11 +- ansible/roles/jupyterhub/tasks/main.yml | 107 +++++++++--------- .../jupyterhub/templates/jupyterhub_config.py | 1 - .../templates/jupyterhub_config.py.j2 | 2 + ansible/roles/jupyterhub/vars/main.yml | 10 +- 7 files changed, 101 insertions(+), 61 deletions(-) create mode 100644 ansible/group_vars/jupyterhub/vars.yml delete mode 100644 ansible/roles/jupyterhub/templates/jupyterhub_config.py create mode 100644 ansible/roles/jupyterhub/templates/jupyterhub_config.py.j2 diff --git a/ansible/group_vars/jupyterhub/vars.yml b/ansible/group_vars/jupyterhub/vars.yml new file mode 100644 index 00000000..0a68b055 --- /dev/null +++ b/ansible/group_vars/jupyterhub/vars.yml @@ -0,0 +1,29 @@ +extra_users: + - joss + - ingrid + - siti +extra_ssh_users: + joss: + login: joss + comment: Joss Wright + keys: + [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6/FkHyHF01XBziPA/+GqL+SsI9tvRZRVnF0gmaHDn1ssDkKwMKXhHcquOyhWR716UKC7RUq7gqzYjndMV8TwcX2tP8QT6iNBH/kF7sclyDme8R8dVgV2uIo61+plS/G1lREJ5FUqk9HaFe+zUFf9lkwmYG/GcK+TxcU9K+cEDZNFW+S6dIOi1fbPtvwqTFgdqH7UKX+0BnFGX81BxcPMWEZPYrhrtEZeIFxtipNs4m4J32B5ZbRD60RKqqnnRaqb2sYrAdAK16jWSLxeYaRhQXzo9UEN6TVj3LhT7C8Us4znvbZvY29+SzzaiPGVrleKLzqUbcwwYIa9INHt7XwinQ6zNC6ZLSJtEik2A7SPLT+e6vc9Jk2R6/rV6EHKkh8rTk8yk7lekLLl8sFfCmJks672Ro1KeLN5I8NmEPf6Wdr/gXiVvOzgpVXFfgWAaUix1pYNcZWUjYW3KLlGvq6U82HB2Av8Fo+0at14Vhiu3CRrwnm4aSrLgs0IgGO7PyhE=", + ] + ingrid: + login: ingrid + commment: Ingrid Epure + keys: + [ + "ssh-rsa AAAB3NzaC1yc2EAAAADAQABAAACAQCTJQDb/Ucq5CRGqSJbNz33pB6fYtk7Pi+6LlIaV9QLhByp/G2/g6ae6Eb/TimZtxpdeIwpAmACmUn2p+mCLMHjpollUK2f3dUjmXiUSNGMPRPRxQoIvzf56patUCQRS+S7zDUKTDW/5e18CrIj0sFCC27y/pS6mmmeedHA6gmpW7L6kM57BlsxFu79rr/o/nrNH+qceJBEd8fM93yoIdEwxPHZyKJ5kj9+lh+4TtDLxxkwFfc6Kce1d0qxfpX1NzIbK5Vp8JlXrGEWbOFFT8S7Ru+j1/g/ptUjsXJ7DpH1wwlF6wYsU0DJuhkLv6XFZQuoHYwpZ4jmnJRWrXSgdylPk67M5Dr9aB2j0WGJNZysiXVZQZmoMUhfrNxaGVv6gB48krE6ysUoLrenR68aLOYqF8Yqvu1lCIyds1ORtjnpxWxFB7NS89us4KFofAMW+qeg/g3nEYvln9/S0b58goToNIw/p7wP9WOeh7JuM/FBT5ahJbeYpXapJh1WW6Rt48RGVwxFLXbcnH8wpCfhUw7fIVpXMhbfhtWTlWVJEAyk3eLWdNEJ7AH6jaqTdfTa4qBgrof0MgoZrb64qFDAsG9Z80Uj9oC2Zdy+gwDu76WJQfSKaD7hmq0w8khoFSVju7fvcfd5HWgLZbptCIw51mJSMQIQWs8Y/iGijTSckXXCXQ==", + ] + siti: + login: siti + comment: Siti Nurliza + keys: + [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqG1VepfzDdSp3zG27jZq3S9/62CKPLh93F///ht9rf", + ] +ssh_users: {{ ssh_users | ansible.builtin.combine(extra_users) }} +non_admin_usernames: {{ non_admin_usernames + extra_users }} +jupyterhub_allowed_users: {{ non_admin_usernames + admin_usernames }} \ No newline at end of file diff --git a/ansible/inventory b/ansible/inventory index 095b296e..2a76add1 100644 --- a/ansible/inventory +++ b/ansible/inventory @@ -1,3 +1,5 @@ [all] monitoring.ooni.org + +[jupyterhub] data.ooni.org diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 9620d746..e369d7eb 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -2,20 +2,20 @@ - name: ClickHouse servers hosts: clickhouse_servers user: admin - become: yes + become: true vars: clickhouse_reader_password: "{{ lookup('env', 'CLICKHOUSE_READER_PASSWORD') }}" roles: - clickhouse handlers: - - name: restart clickhouse-server - service: + - name: Restart clickhouse-server + ansible.builtin.service: name: clickhouse-server state: restarted - name: Update monitoring config hosts: monitoring.ooni.org - become: yes + become: true roles: - prometheus - prometheus_blackbox_exporter @@ -23,7 +23,8 @@ - name: Deploy data.ooni.org host hosts: data.ooni.org - become: yes + become: true roles: - clickhouse + - ssh_users - jupyterhub diff --git a/ansible/roles/jupyterhub/tasks/main.yml b/ansible/roles/jupyterhub/tasks/main.yml index db03a4b5..96ea8900 100644 --- a/ansible/roles/jupyterhub/tasks/main.yml +++ b/ansible/roles/jupyterhub/tasks/main.yml @@ -1,62 +1,67 @@ +--- - name: Check if TLJH is installed - stat: - path: "{{ tljh_prefix }}" + ansible.builtin.stat: + path: "{{ jupyterhub_tljh_prefix }}" register: tljh_directory -- name: Install TLJH if not installed - block: - - name: Install required packages for TLJH - become: true - apt: - name: - - curl - - python3 - - python3-pip - - python3-dev - - python3-venv - - build-essential - - cifs-utils - state: latest - update_cache: yes +- name: Install required packages for TLJH + become: true + ansible.builtin.apt: + name: + - curl + - python3 + - python3-pip + - python3-dev + - python3-venv + - build-essential + - cifs-utils + state: present + update_cache: true - - name: Download the TLJH installer - become: true - get_url: - url: "https://tljh.jupyter.org/bootstrap.py" - dest: "/tmp/tljh-bootstrap.py" - checksum: "sha256:2e20bf204c94e1b6eef31499c93f6a14324117deec2eb398a142cb14acbeedd1" - mode: 0700 +- name: Download the TLJH installer + become: true + ansible.builtin.get_url: + url: "https://tljh.jupyter.org/bootstrap.py" + dest: "/tmp/tljh-bootstrap.py" + checksum: "sha256:2e20bf204c94e1b6eef31499c93f6a14324117deec2eb398a142cb14acbeedd1" + mode: "0700" + when: not tljh_directory.stat.exists - - name: Run the TLJH installer - become: true - shell: | - python3 /tmp/tljh-bootstrap.py --admin {{ tljh_admin_user }}:{{ tljh_admin_password }} +- name: Run the TLJH installer + become: true + ansible.builtin.shell: | + python3 /tmp/tljh-bootstrap.py --admin {{ jupyterhub_tljh_admin_user }}:{{ jupyterhub_tljh_admin_password }} + creates: "{{ jupyterhub_tljh_prefix }}" + when: not tljh_directory.stat.exists - - name: Restart the JupyterHub service with daemon-reload - become: true - tags: - - config - systemd: - name: jupyterhub - state: restarted - enabled: yes - daemon_reload: yes +- name: Restart the JupyterHub service with daemon-reload + become: true + tags: + - config + ansible.builtin.systemd: + name: jupyterhub + state: restarted + enabled: true + daemon_reload: true + when: not tljh_directory.stat.exists - - name: Configure Let's Encrypt email and domain - become: true - shell: | - tljh-config set https.enabled true - tljh-config set https.letsencrypt.email {{ letsencrypt_email }} - tljh-config add-item https.letsencrypt.domains {{ letsencrypt_domain }} - tljh-config reload proxy - vars: - letsencrypt_domain: "{{ inventory_hostname }}" +- name: Configure Let's Encrypt email and domain + become: true + ansible.builtin.shell: | + tljh-config set https.enabled true + tljh-config set https.letsencrypt.email {{ jupyterhub_letsencrypt_email }} + tljh-config add-item https.letsencrypt.domains {{ jupyterhub_letsencrypt_domain }} + tljh-config reload proxy + vars: + jupyterhub_letsencrypt_domain: "{{ inventory_hostname }}" + register: tljh_letsencrypt + changes_when: tljh_letsencrypt.rc != 0 when: not tljh_directory.stat.exists - name: Copy the JupyterHub config become: true - template: - src: jupyterhub_config.py + ansible.builtin.template: + src: jupyterhub_config.py.j2 dest: "{{ jupyterhub_config_dest }}" mode: preserve @@ -64,8 +69,8 @@ become: true tags: - config - systemd: + ansible.builtin.systemd: name: jupyterhub state: restarted - enabled: yes - daemon_reload: yes + enabled: true + daemon_reload: true diff --git a/ansible/roles/jupyterhub/templates/jupyterhub_config.py b/ansible/roles/jupyterhub/templates/jupyterhub_config.py deleted file mode 100644 index 654c8600..00000000 --- a/ansible/roles/jupyterhub/templates/jupyterhub_config.py +++ /dev/null @@ -1 +0,0 @@ -# c.Spawner.cmd = ['/srv/jupyterhub/conda/bin/jupyterhub-singleuser'] diff --git a/ansible/roles/jupyterhub/templates/jupyterhub_config.py.j2 b/ansible/roles/jupyterhub/templates/jupyterhub_config.py.j2 new file mode 100644 index 00000000..0f5d7d36 --- /dev/null +++ b/ansible/roles/jupyterhub/templates/jupyterhub_config.py.j2 @@ -0,0 +1,2 @@ +# c.Spawner.cmd = ['/srv/jupyterhub/conda/bin/jupyterhub-singleuser'] +c.Authenticator.allowed_users = { {{jupyterhub_allowed_users | join(",")}} } diff --git a/ansible/roles/jupyterhub/vars/main.yml b/ansible/roles/jupyterhub/vars/main.yml index 702f73ec..015989bf 100644 --- a/ansible/roles/jupyterhub/vars/main.yml +++ b/ansible/roles/jupyterhub/vars/main.yml @@ -1,6 +1,8 @@ -letsencrypt_email: admin@openobservatory.org +jupyterhub_letsencrypt_email: admin@openobservatory.org -tljh_admin_user: admin -tljh_admin_pass: oonity! -tljh_prefix: /opt/tljh +jupyterhub_tljh_admin_user: admin +jupyterhub_tljh_admin_pass: oonity! +jupyterhub_tljh_prefix: /opt/tljh jupyterhub_config_dest: /opt/tljh/config/jupyterhub_config.d/tljh.py + +jupyterhub_allowed_users: [] From 80f8ae5fcbf967710f07d1af37a43bba58139d07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arturo=20Filast=C3=B2?= Date: Thu, 1 Aug 2024 08:40:20 +0200 Subject: [PATCH 3/5] Fixes to data.ooni.org ssh user config --- ansible/group_vars/jupyterhub/vars.yml | 29 -------------- ansible/host_vars/data.ooni.org | 52 ++++++++++++++++++++++++++ ansible/playbook.yml | 4 +- 3 files changed, 54 insertions(+), 31 deletions(-) delete mode 100644 ansible/group_vars/jupyterhub/vars.yml create mode 100644 ansible/host_vars/data.ooni.org diff --git a/ansible/group_vars/jupyterhub/vars.yml b/ansible/group_vars/jupyterhub/vars.yml deleted file mode 100644 index 0a68b055..00000000 --- a/ansible/group_vars/jupyterhub/vars.yml +++ /dev/null @@ -1,29 +0,0 @@ -extra_users: - - joss - - ingrid - - siti -extra_ssh_users: - joss: - login: joss - comment: Joss Wright - keys: - [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6/FkHyHF01XBziPA/+GqL+SsI9tvRZRVnF0gmaHDn1ssDkKwMKXhHcquOyhWR716UKC7RUq7gqzYjndMV8TwcX2tP8QT6iNBH/kF7sclyDme8R8dVgV2uIo61+plS/G1lREJ5FUqk9HaFe+zUFf9lkwmYG/GcK+TxcU9K+cEDZNFW+S6dIOi1fbPtvwqTFgdqH7UKX+0BnFGX81BxcPMWEZPYrhrtEZeIFxtipNs4m4J32B5ZbRD60RKqqnnRaqb2sYrAdAK16jWSLxeYaRhQXzo9UEN6TVj3LhT7C8Us4znvbZvY29+SzzaiPGVrleKLzqUbcwwYIa9INHt7XwinQ6zNC6ZLSJtEik2A7SPLT+e6vc9Jk2R6/rV6EHKkh8rTk8yk7lekLLl8sFfCmJks672Ro1KeLN5I8NmEPf6Wdr/gXiVvOzgpVXFfgWAaUix1pYNcZWUjYW3KLlGvq6U82HB2Av8Fo+0at14Vhiu3CRrwnm4aSrLgs0IgGO7PyhE=", - ] - ingrid: - login: ingrid - commment: Ingrid Epure - keys: - [ - "ssh-rsa AAAB3NzaC1yc2EAAAADAQABAAACAQCTJQDb/Ucq5CRGqSJbNz33pB6fYtk7Pi+6LlIaV9QLhByp/G2/g6ae6Eb/TimZtxpdeIwpAmACmUn2p+mCLMHjpollUK2f3dUjmXiUSNGMPRPRxQoIvzf56patUCQRS+S7zDUKTDW/5e18CrIj0sFCC27y/pS6mmmeedHA6gmpW7L6kM57BlsxFu79rr/o/nrNH+qceJBEd8fM93yoIdEwxPHZyKJ5kj9+lh+4TtDLxxkwFfc6Kce1d0qxfpX1NzIbK5Vp8JlXrGEWbOFFT8S7Ru+j1/g/ptUjsXJ7DpH1wwlF6wYsU0DJuhkLv6XFZQuoHYwpZ4jmnJRWrXSgdylPk67M5Dr9aB2j0WGJNZysiXVZQZmoMUhfrNxaGVv6gB48krE6ysUoLrenR68aLOYqF8Yqvu1lCIyds1ORtjnpxWxFB7NS89us4KFofAMW+qeg/g3nEYvln9/S0b58goToNIw/p7wP9WOeh7JuM/FBT5ahJbeYpXapJh1WW6Rt48RGVwxFLXbcnH8wpCfhUw7fIVpXMhbfhtWTlWVJEAyk3eLWdNEJ7AH6jaqTdfTa4qBgrof0MgoZrb64qFDAsG9Z80Uj9oC2Zdy+gwDu76WJQfSKaD7hmq0w8khoFSVju7fvcfd5HWgLZbptCIw51mJSMQIQWs8Y/iGijTSckXXCXQ==", - ] - siti: - login: siti - comment: Siti Nurliza - keys: - [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqG1VepfzDdSp3zG27jZq3S9/62CKPLh93F///ht9rf", - ] -ssh_users: {{ ssh_users | ansible.builtin.combine(extra_users) }} -non_admin_usernames: {{ non_admin_usernames + extra_users }} -jupyterhub_allowed_users: {{ non_admin_usernames + admin_usernames }} \ No newline at end of file diff --git a/ansible/host_vars/data.ooni.org b/ansible/host_vars/data.ooni.org new file mode 100644 index 00000000..758c144f --- /dev/null +++ b/ansible/host_vars/data.ooni.org @@ -0,0 +1,52 @@ +ssh_users: + agrabeli: + login: agrabeli + comment: Maria Xynou + keys: ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDD0JSwM+t3Uz9lS3Mjoz9oo4vOToWyzboZhYQbP8JY5HvFtAvWanWHnUBO91t6hkgKIMiUqhdCJn26fqkhSGe/bRBaFUocOmuyfcmZoRdi0qzAskmycJsj/w6vWR4x6MYkmJvSeI/MGxjEFt4s2MfOG1tP8CBLUYft9qUleeJa7Jln8c+xbnqB7YngaI190icQHE9NuIB2CXvzbmo3tLtHNMagEwI7VoBDj6mxzTxBd9JhuhF4w5uGxxm0Gp1hzk+15obNnaBS+Anr7jXz8FPwwxCH+XhBZxB1PPpcIayKrf9iLyGtwmhkdDoWCqYAr1mue3LxFso+TZF4bwE4Cjt1 agrabelh@agrabelh"] + art: + login: art + comment: Arturo Filasto + keys: ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJsibU0nsQFFIdolD1POzXOws4VetV0ZNByINRzY8Hx0 arturo@ooni.org"] + majakomel: + login: majakomel + comment: Maja Komel + keys: + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7gWQL4h/IyMbwDuMIXbTVmNEm8Yx19Ftt0P2e3OyWctSMH7WGaHc6b0dGoGh6Y4x0Kpw5h0iHWshP8Rg0pckNG9LeDjLY9nLR3Jv66ogFQtFi1DAlg4CXe369N70rBN9iurndgXjShW9OV+bY+MOlW8Fmmm67Vg0xFiYuYzjgUOpl4ofkbLGAQ7sJRBzpDV6TqHhGfOdYMDJyfFvurVz0oSyEZPFFRv4Css9iVk7BGsBukCCpUuax8akEeEjxWWCvjYXva7OA0jHKayfPAroZx/OJh01rhFe7wxlu5JwUKOcevvAZqeHh6200C82ijZOCN+Qq9yvxOH+OgzhnQwnoetIbGFgnb4CkDxo7dVLc/DFyObznC4f26f5D1OyPMUX8AEarEVdEPwsEfD2ePQr6qek0XWCWtYvGklb+GRLk9Yn0VL1qwvgrtstHdeXsKONTPKRxaCjWHu18dQaG2qOUnZ+St6SHeL49CN9aav2azNI/YKoQ9SGR4D23XeBRsW8=" + mehul: + login: mehul + comment: Mehul Gulati + keys: + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDEZSA9TKUaYWG8gfnMoyDZO2S6vsy87xma4R/EzNpveZiOZTYSNn+UDL8NpQRuH5YgdWuQV2E7sKw/PIYA0lC/QTiq8Btqf6sEK5YWXtQy+yn9q5kB/rmi8zjaz0FUNigRrjL+26ao+c7NKpgmR+TRqbRd5VeJ46PuFD5M3c+MBeUoF1PT0zfioQFJ1mQoXwVix0n260clEXQDp4t0GZuNpWGTS+YTuJZ2vl6TDZtt8jrnENd99QArr2KU+NMTq8T2KYcPeQOoYsm7v/1TBkbv9UStllhjdE7HZSivPT8oRkF2YZYgytDxtCZG8i5iCK+vbNn6QmZMjuXPoBUeW+Njm70tlsirrKpUX+QiogA2qljxPD9st2eUkA7cATyOBkK7WLh1HYv2xyKpPtkkaELG+EHjmaVjVdyVAgUYwqg+MbIw1OyDpNmMZcW3iOpGpflXPMmLjKNMhee0//G7NxcGfwmIMbIiBkeofOnWDrMo+0PRULFtn6C7aA7ddirck+k=" + norbel: + login: norbel + comment: Norbel Ambanumben + keys: + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBXprrutdT6AhrV9hWBKjyzq6RqGmCBWpWxi3qwJyRcBJfkiEYKV9QWl3H0g/Sg9JzLd9lWG2yfAai7cyBAT4Ih0+OhwQ0V7wkhBn4YkNjs7d4BGPHjuLIywS9VtmiyH7VafikMjmqPLL/uPBIbRrx9RuSfLkAuN9XFZpVmqzWY8ePpcRCvnG6ucPxEY8o+4j5nfTrgxSaIT31kH16/PFJe07tn1SZjxZE4sZTz/p9xKt6s8HXmlP3RdnXSpXWmH8ZwYDrNhkcH8m6mC3giiqSKThFdwvQVflRRvn9pAlUOhy6KIBtAt1KobVJtOCPrrkcLhQ1C+2P9wKhfYspCGrScFGnrUqumLxPpwlqILxJvmgqGAtkm8Ela9f2D9sEv8CUv5x9XptZKlyRhtOLixvLYoJlwfXXnmXa8T1pg8+4063BhHUOu/bg0InpSp3hdscOfk0R8FtDlXnn6COwbPXynIt4PxzIxD/WQhP0ymgH3ky6ClB5wRBVhOqYvxQw32n2QFS9A5ocga+nATiOE7BTOufgmDCA/OIXfJ/GukXRaMCBsvlx7tObHS1LOMt0I+WdoOEjI0ARUrFzwoiTrs9QYmd922e7S35EnheT3JjnCTjebJrCNtwritUy8vjsN/M27wJs7MAXleT7drwXXnm+3xYrH+4KQ+ru0dxMe1zfBw== aanorbel@gmail.com" + ain: + login: ain + comment: Ain + keys: ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH6Js4xtJq7AoYA8mFraQg8vYgKz/glil9AaPq4lDwtg ain@intertubes"] + joss: + login: joss + comment: Joss Wright + keys: + [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC40MVrMUuP93UvmyTc6cGGKbdurK+CbuoQW0b4i20EPf8pjXjrTS3b/plh7y4egUfx7/2e5l321Ui8E4tuzDWjtJsSFY9l31msEnw6PTHMzOj8kVBWqHWidVZHYPpd9eVa+3ALL9HmLDQuwyhIXXaU2ExS3XZH0GJPUxgf8tubH7qteyANWTIh1XhV0fnoeBo3fvdGVkNiMLc1PSDp/iprMurdsvwCJC42+Z5R35ORpK7FJhr38Js2Ag1NwUpo3Li+PhErfoQ5A+x64p1NRm1Bnw1Z8eFHuDI6WXuzUHhuy+11M92CtaAVEoblfx75SaCftoiO0Khn6kZ9XDed+JM1 joss@pseudonymity.net" + ] + ingrid: + login: ingrid + commment: Ingrid Epure + keys: + [ + "ssh-rsa AAAB3NzaC1yc2EAAAADAQABAAACAQCTJQDb/Ucq5CRGqSJbNz33pB6fYtk7Pi+6LlIaV9QLhByp/G2/g6ae6Eb/TimZtxpdeIwpAmACmUn2p+mCLMHjpollUK2f3dUjmXiUSNGMPRPRxQoIvzf56patUCQRS+S7zDUKTDW/5e18CrIj0sFCC27y/pS6mmmeedHA6gmpW7L6kM57BlsxFu79rr/o/nrNH+qceJBEd8fM93yoIdEwxPHZyKJ5kj9+lh+4TtDLxxkwFfc6Kce1d0qxfpX1NzIbK5Vp8JlXrGEWbOFFT8S7Ru+j1/g/ptUjsXJ7DpH1wwlF6wYsU0DJuhkLv6XFZQuoHYwpZ4jmnJRWrXSgdylPk67M5Dr9aB2j0WGJNZysiXVZQZmoMUhfrNxaGVv6gB48krE6ysUoLrenR68aLOYqF8Yqvu1lCIyds1ORtjnpxWxFB7NS89us4KFofAMW+qeg/g3nEYvln9/S0b58goToNIw/p7wP9WOeh7JuM/FBT5ahJbeYpXapJh1WW6Rt48RGVwxFLXbcnH8wpCfhUw7fIVpXMhbfhtWTlWVJEAyk3eLWdNEJ7AH6jaqTdfTa4qBgrof0MgoZrb64qFDAsG9Z80Uj9oC2Zdy+gwDu76WJQfSKaD7hmq0w8khoFSVju7fvcfd5HWgLZbptCIw51mJSMQIQWs8Y/iGijTSckXXCXQ==", + ] + siti: + login: siti + comment: Siti Nurliza + keys: + [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqG1VepfzDdSp3zG27jZq3S9/62CKPLh93F///ht9rf", + ] +admin_usernames: [ art, majakomel, mehul, norbel ] +ssh_users: [ art, majakomel, mehul, norbel, ain, siti, ingrid, joss ] +jupyterhub_allowed_users: "{{ ssh_users }}" diff --git a/ansible/playbook.yml b/ansible/playbook.yml index c3d06234..b0f4981c 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -27,7 +27,7 @@ roles: - clickhouse - ssh_users - - jupyterhub + #- jupyterhub - name: Setup OpenVPN server hosts: openvpn-server1.ooni.io @@ -42,4 +42,4 @@ # become: true # remote_user: ubuntu # roles: -# - codesign_box \ No newline at end of file +# - codesign_box From 9269b995eee86b14f884251edb1f0bb99eb047e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arturo=20Filast=C3=B2?= Date: Thu, 1 Aug 2024 08:41:14 +0200 Subject: [PATCH 4/5] Comment out clickhouse --- ansible/playbook.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index b0f4981c..5f4ee32a 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -25,7 +25,7 @@ hosts: data.ooni.org become: true roles: - - clickhouse + #- clickhouse - ssh_users #- jupyterhub From e9df7f80ed0892abe4cff0cbc090cef8f3a87d3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arturo=20Filast=C3=B2?= Date: Thu, 1 Aug 2024 08:55:29 +0200 Subject: [PATCH 5/5] Fixes to the vars definitions --- ansible/host_vars/data.ooni.org | 7 ++++--- ansible/inventory | 4 +--- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/ansible/host_vars/data.ooni.org b/ansible/host_vars/data.ooni.org index 758c144f..10369666 100644 --- a/ansible/host_vars/data.ooni.org +++ b/ansible/host_vars/data.ooni.org @@ -35,18 +35,19 @@ ssh_users: ] ingrid: login: ingrid - commment: Ingrid Epure + comment: Ingrid Epure keys: [ "ssh-rsa AAAB3NzaC1yc2EAAAADAQABAAACAQCTJQDb/Ucq5CRGqSJbNz33pB6fYtk7Pi+6LlIaV9QLhByp/G2/g6ae6Eb/TimZtxpdeIwpAmACmUn2p+mCLMHjpollUK2f3dUjmXiUSNGMPRPRxQoIvzf56patUCQRS+S7zDUKTDW/5e18CrIj0sFCC27y/pS6mmmeedHA6gmpW7L6kM57BlsxFu79rr/o/nrNH+qceJBEd8fM93yoIdEwxPHZyKJ5kj9+lh+4TtDLxxkwFfc6Kce1d0qxfpX1NzIbK5Vp8JlXrGEWbOFFT8S7Ru+j1/g/ptUjsXJ7DpH1wwlF6wYsU0DJuhkLv6XFZQuoHYwpZ4jmnJRWrXSgdylPk67M5Dr9aB2j0WGJNZysiXVZQZmoMUhfrNxaGVv6gB48krE6ysUoLrenR68aLOYqF8Yqvu1lCIyds1ORtjnpxWxFB7NS89us4KFofAMW+qeg/g3nEYvln9/S0b58goToNIw/p7wP9WOeh7JuM/FBT5ahJbeYpXapJh1WW6Rt48RGVwxFLXbcnH8wpCfhUw7fIVpXMhbfhtWTlWVJEAyk3eLWdNEJ7AH6jaqTdfTa4qBgrof0MgoZrb64qFDAsG9Z80Uj9oC2Zdy+gwDu76WJQfSKaD7hmq0w8khoFSVju7fvcfd5HWgLZbptCIw51mJSMQIQWs8Y/iGijTSckXXCXQ==", ] siti: login: siti - comment: Siti Nurliza + comment: "Siti Nurliza" keys: [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqG1VepfzDdSp3zG27jZq3S9/62CKPLh93F///ht9rf", ] admin_usernames: [ art, majakomel, mehul, norbel ] -ssh_users: [ art, majakomel, mehul, norbel, ain, siti, ingrid, joss ] +non_admin_usernames: [ ain, siti, ingrid, joss ] jupyterhub_allowed_users: "{{ ssh_users }}" +admin_group_name: adm diff --git a/ansible/inventory b/ansible/inventory index 4c332568..77e90223 100644 --- a/ansible/inventory +++ b/ansible/inventory @@ -3,6 +3,4 @@ monitoring.ooni.org openvpn-server1.ooni.io # This requires manual setup of ~/.ssh/config #codesign-box - -[jupyterhub] -data.ooni.org \ No newline at end of file +data.ooni.org