forked from hswaw/hscloud
bgpwtf/cccampix: cronjobify ripe-sync
Change-Id: I185c2702384941b6537a6a4048bdb2e1c4e183ba
This commit is contained in:
parent
49bf87f8e1
commit
821fa5fcc4
3 changed files with 61 additions and 11 deletions
|
@ -1,18 +1,24 @@
|
||||||
load("@io_bazel_rules_docker//container:container.bzl", "container_image", "container_layer", "container_push")
|
load("@io_bazel_rules_docker//container:container.bzl", "container_image", "container_layer", "container_push")
|
||||||
|
load("@subpar//:subpar.bzl", "par_binary")
|
||||||
|
|
||||||
py_binary(
|
par_binary(
|
||||||
name = "sync",
|
name = "ripe-sync",
|
||||||
srcs = [
|
srcs = [
|
||||||
"sync.py",
|
"ripe-sync.py",
|
||||||
],
|
],
|
||||||
deps = [
|
deps = [
|
||||||
|
"@pip36//grpcio",
|
||||||
"@pip36//requests",
|
"@pip36//requests",
|
||||||
|
"//bgpwtf/cccampix/proto:ix_py_proto",
|
||||||
],
|
],
|
||||||
|
legacy_create_init = False,
|
||||||
|
zip_safe = False,
|
||||||
)
|
)
|
||||||
|
|
||||||
container_layer(
|
container_layer(
|
||||||
name = "layer_bin",
|
name = "layer_bin",
|
||||||
files = [
|
files = [
|
||||||
|
"//bgpwtf/cccampix:ripe-sync.par",
|
||||||
"//bgpwtf/cccampix/irr:irr",
|
"//bgpwtf/cccampix/irr:irr",
|
||||||
"//bgpwtf/cccampix/peeringdb:peeringdb",
|
"//bgpwtf/cccampix/peeringdb:peeringdb",
|
||||||
"//bgpwtf/cccampix/verifier:verifier",
|
"//bgpwtf/cccampix/verifier:verifier",
|
||||||
|
|
|
@ -5,7 +5,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
||||||
local ix = self,
|
local ix = self,
|
||||||
local cfg = ix.cfg,
|
local cfg = ix.cfg,
|
||||||
cfg:: {
|
cfg:: {
|
||||||
image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565559239-95928eecd7e35e8582fa011d1457643ca398c310",
|
image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565566961-49bf87f8e1ff80e35acd8eb9fc699c4ae0bf250e",
|
||||||
|
|
||||||
domain: "ix-status.bgp.wtf",
|
domain: "ix-status.bgp.wtf",
|
||||||
octorpki: {
|
octorpki: {
|
||||||
|
@ -213,6 +213,40 @@ local kube = import "../../../kube/kube.libsonnet";
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
|
|
||||||
|
ripeSync: kube.CronJob(ix.name("ripe-sync")) {
|
||||||
|
metadata+: ix.metadata("ripe-sync"),
|
||||||
|
spec+: {
|
||||||
|
schedule: "*/5 * * * *",
|
||||||
|
jobTemplate+: {
|
||||||
|
spec+: {
|
||||||
|
selector:: null,
|
||||||
|
template+: {
|
||||||
|
spec+: {
|
||||||
|
containers_: {
|
||||||
|
"ripe-sync": kube.Container(ix.name("ripe-sync")) {
|
||||||
|
image: cfg.image,
|
||||||
|
args: [
|
||||||
|
"/ix/ripe-sync.par",
|
||||||
|
"$(PASSWORD)",
|
||||||
|
ix.verifier.address,
|
||||||
|
],
|
||||||
|
env_: {
|
||||||
|
PASSWORD: {
|
||||||
|
secretKeyRef: {
|
||||||
|
name: ix.name("ripe-sync"),
|
||||||
|
key: "password",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
|
||||||
ingress: kube.Ingress("ingress") {
|
ingress: kube.Ingress("ingress") {
|
||||||
metadata+: ix.metadata("public") {
|
metadata+: ix.metadata("public") {
|
||||||
annotations+: {
|
annotations+: {
|
||||||
|
|
|
@ -15,8 +15,12 @@ import string
|
||||||
import sys
|
import sys
|
||||||
import time
|
import time
|
||||||
|
|
||||||
|
import grpc
|
||||||
import requests
|
import requests
|
||||||
|
|
||||||
|
from bgpwtf.cccampix.proto import ix_pb2 as ipb
|
||||||
|
from bgpwtf.cccampix.proto import ix_pb2_grpc as ipb_grpc
|
||||||
|
|
||||||
|
|
||||||
class IRRObject:
|
class IRRObject:
|
||||||
"""An IRR object from RIPE."""
|
"""An IRR object from RIPE."""
|
||||||
|
@ -199,18 +203,24 @@ def sync_asset(members, password, force=False):
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
if len(sys.argv) != 3:
|
if len(sys.argv) != 3:
|
||||||
print("Usage: {} password AS1,AS2,AS3,...".format(sys.argv[0]))
|
print("Usage: {} <password> <verifier addr>".format(sys.argv[0]))
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
||||||
password = sys.argv[1]
|
password = sys.argv[1]
|
||||||
members = [m.strip().upper() for m in sys.argv[2].split(',')]
|
verifier = sys.argv[2]
|
||||||
|
|
||||||
for member in members:
|
chan = grpc.insecure_channel(verifier)
|
||||||
if not member.startswith('AS'):
|
stub = ipb_grpc.VerifierStub(chan)
|
||||||
raise Exception('{} is not a valid ASN'.format(member))
|
|
||||||
|
|
||||||
if not all(c in string.digits for c in member[2:]):
|
req = ipb.PeerSummaryRequest()
|
||||||
raise Exception('{} is not a valid ASN'.format(member))
|
peers = stub.PeerSummary(req)
|
||||||
|
|
||||||
|
members = []
|
||||||
|
for peer in peers:
|
||||||
|
if peer.check_status != peer.STATUS_OK:
|
||||||
|
continue
|
||||||
|
members.append('AS'+str(peer.peeringdb_info.asn))
|
||||||
|
|
||||||
|
print("Members:", members)
|
||||||
sync_autnum(members, password)
|
sync_autnum(members, password)
|
||||||
sync_asset(members, password)
|
sync_asset(members, password)
|
Loading…
Reference in a new issue