From 821fa5fcc40903ce95105aadade4e2a2bdad1dd3 Mon Sep 17 00:00:00 2001 From: Serge Bazanski Date: Wed, 14 Aug 2019 14:33:30 +0200 Subject: [PATCH] bgpwtf/cccampix: cronjobify ripe-sync Change-Id: I185c2702384941b6537a6a4048bdb2e1c4e183ba --- bgpwtf/cccampix/BUILD | 12 ++++++-- bgpwtf/cccampix/kube/ix.libsonnet | 36 ++++++++++++++++++++++- bgpwtf/cccampix/{sync.py => ripe-sync.py} | 24 ++++++++++----- 3 files changed, 61 insertions(+), 11 deletions(-) rename bgpwtf/cccampix/{sync.py => ripe-sync.py} (91%) diff --git a/bgpwtf/cccampix/BUILD b/bgpwtf/cccampix/BUILD index cac046ad..291590aa 100644 --- a/bgpwtf/cccampix/BUILD +++ b/bgpwtf/cccampix/BUILD @@ -1,18 +1,24 @@ load("@io_bazel_rules_docker//container:container.bzl", "container_image", "container_layer", "container_push") +load("@subpar//:subpar.bzl", "par_binary") -py_binary( - name = "sync", +par_binary( + name = "ripe-sync", srcs = [ - "sync.py", + "ripe-sync.py", ], deps = [ + "@pip36//grpcio", "@pip36//requests", + "//bgpwtf/cccampix/proto:ix_py_proto", ], + legacy_create_init = False, + zip_safe = False, ) container_layer( name = "layer_bin", files = [ + "//bgpwtf/cccampix:ripe-sync.par", "//bgpwtf/cccampix/irr:irr", "//bgpwtf/cccampix/peeringdb:peeringdb", "//bgpwtf/cccampix/verifier:verifier", diff --git a/bgpwtf/cccampix/kube/ix.libsonnet b/bgpwtf/cccampix/kube/ix.libsonnet index 1503a473..597252d2 100644 --- a/bgpwtf/cccampix/kube/ix.libsonnet +++ b/bgpwtf/cccampix/kube/ix.libsonnet @@ -5,7 +5,7 @@ local kube = import "../../../kube/kube.libsonnet"; local ix = self, local cfg = ix.cfg, cfg:: { - image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565559239-95928eecd7e35e8582fa011d1457643ca398c310", + image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565566961-49bf87f8e1ff80e35acd8eb9fc699c4ae0bf250e", domain: "ix-status.bgp.wtf", octorpki: { @@ -213,6 +213,40 @@ local kube = import "../../../kube/kube.libsonnet"; ], }, + ripeSync: kube.CronJob(ix.name("ripe-sync")) { + metadata+: ix.metadata("ripe-sync"), + spec+: { + schedule: "*/5 * * * *", + jobTemplate+: { + spec+: { + selector:: null, + template+: { + spec+: { + containers_: { + "ripe-sync": kube.Container(ix.name("ripe-sync")) { + image: cfg.image, + args: [ + "/ix/ripe-sync.par", + "$(PASSWORD)", + ix.verifier.address, + ], + env_: { + PASSWORD: { + secretKeyRef: { + name: ix.name("ripe-sync"), + key: "password", + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + ingress: kube.Ingress("ingress") { metadata+: ix.metadata("public") { annotations+: { diff --git a/bgpwtf/cccampix/sync.py b/bgpwtf/cccampix/ripe-sync.py similarity index 91% rename from bgpwtf/cccampix/sync.py rename to bgpwtf/cccampix/ripe-sync.py index 31c2d2ed..116158cb 100644 --- a/bgpwtf/cccampix/sync.py +++ b/bgpwtf/cccampix/ripe-sync.py @@ -15,8 +15,12 @@ import string import sys import time +import grpc import requests +from bgpwtf.cccampix.proto import ix_pb2 as ipb +from bgpwtf.cccampix.proto import ix_pb2_grpc as ipb_grpc + class IRRObject: """An IRR object from RIPE.""" @@ -199,18 +203,24 @@ def sync_asset(members, password, force=False): if __name__ == '__main__': if len(sys.argv) != 3: - print("Usage: {} password AS1,AS2,AS3,...".format(sys.argv[0])) + print("Usage: {} ".format(sys.argv[0])) sys.exit(1) password = sys.argv[1] - members = [m.strip().upper() for m in sys.argv[2].split(',')] + verifier = sys.argv[2] - for member in members: - if not member.startswith('AS'): - raise Exception('{} is not a valid ASN'.format(member)) + chan = grpc.insecure_channel(verifier) + stub = ipb_grpc.VerifierStub(chan) - if not all(c in string.digits for c in member[2:]): - raise Exception('{} is not a valid ASN'.format(member)) + req = ipb.PeerSummaryRequest() + peers = stub.PeerSummary(req) + members = [] + for peer in peers: + if peer.check_status != peer.STATUS_OK: + continue + members.append('AS'+str(peer.peeringdb_info.asn)) + + print("Members:", members) sync_autnum(members, password) sync_asset(members, password)