forked from hswaw/hscloud
bgpwtf/cccampix: cronjobify ripe-sync
Change-Id: I185c2702384941b6537a6a4048bdb2e1c4e183ba
This commit is contained in:
parent
49bf87f8e1
commit
821fa5fcc4
3 changed files with 61 additions and 11 deletions
|
@ -1,18 +1,24 @@
|
|||
load("@io_bazel_rules_docker//container:container.bzl", "container_image", "container_layer", "container_push")
|
||||
load("@subpar//:subpar.bzl", "par_binary")
|
||||
|
||||
py_binary(
|
||||
name = "sync",
|
||||
par_binary(
|
||||
name = "ripe-sync",
|
||||
srcs = [
|
||||
"sync.py",
|
||||
"ripe-sync.py",
|
||||
],
|
||||
deps = [
|
||||
"@pip36//grpcio",
|
||||
"@pip36//requests",
|
||||
"//bgpwtf/cccampix/proto:ix_py_proto",
|
||||
],
|
||||
legacy_create_init = False,
|
||||
zip_safe = False,
|
||||
)
|
||||
|
||||
container_layer(
|
||||
name = "layer_bin",
|
||||
files = [
|
||||
"//bgpwtf/cccampix:ripe-sync.par",
|
||||
"//bgpwtf/cccampix/irr:irr",
|
||||
"//bgpwtf/cccampix/peeringdb:peeringdb",
|
||||
"//bgpwtf/cccampix/verifier:verifier",
|
||||
|
|
|
@ -5,7 +5,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
local ix = self,
|
||||
local cfg = ix.cfg,
|
||||
cfg:: {
|
||||
image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565559239-95928eecd7e35e8582fa011d1457643ca398c310",
|
||||
image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565566961-49bf87f8e1ff80e35acd8eb9fc699c4ae0bf250e",
|
||||
|
||||
domain: "ix-status.bgp.wtf",
|
||||
octorpki: {
|
||||
|
@ -213,6 +213,40 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
],
|
||||
},
|
||||
|
||||
ripeSync: kube.CronJob(ix.name("ripe-sync")) {
|
||||
metadata+: ix.metadata("ripe-sync"),
|
||||
spec+: {
|
||||
schedule: "*/5 * * * *",
|
||||
jobTemplate+: {
|
||||
spec+: {
|
||||
selector:: null,
|
||||
template+: {
|
||||
spec+: {
|
||||
containers_: {
|
||||
"ripe-sync": kube.Container(ix.name("ripe-sync")) {
|
||||
image: cfg.image,
|
||||
args: [
|
||||
"/ix/ripe-sync.par",
|
||||
"$(PASSWORD)",
|
||||
ix.verifier.address,
|
||||
],
|
||||
env_: {
|
||||
PASSWORD: {
|
||||
secretKeyRef: {
|
||||
name: ix.name("ripe-sync"),
|
||||
key: "password",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
ingress: kube.Ingress("ingress") {
|
||||
metadata+: ix.metadata("public") {
|
||||
annotations+: {
|
||||
|
|
|
@ -15,8 +15,12 @@ import string
|
|||
import sys
|
||||
import time
|
||||
|
||||
import grpc
|
||||
import requests
|
||||
|
||||
from bgpwtf.cccampix.proto import ix_pb2 as ipb
|
||||
from bgpwtf.cccampix.proto import ix_pb2_grpc as ipb_grpc
|
||||
|
||||
|
||||
class IRRObject:
|
||||
"""An IRR object from RIPE."""
|
||||
|
@ -199,18 +203,24 @@ def sync_asset(members, password, force=False):
|
|||
|
||||
if __name__ == '__main__':
|
||||
if len(sys.argv) != 3:
|
||||
print("Usage: {} password AS1,AS2,AS3,...".format(sys.argv[0]))
|
||||
print("Usage: {} <password> <verifier addr>".format(sys.argv[0]))
|
||||
sys.exit(1)
|
||||
|
||||
password = sys.argv[1]
|
||||
members = [m.strip().upper() for m in sys.argv[2].split(',')]
|
||||
verifier = sys.argv[2]
|
||||
|
||||
for member in members:
|
||||
if not member.startswith('AS'):
|
||||
raise Exception('{} is not a valid ASN'.format(member))
|
||||
chan = grpc.insecure_channel(verifier)
|
||||
stub = ipb_grpc.VerifierStub(chan)
|
||||
|
||||
if not all(c in string.digits for c in member[2:]):
|
||||
raise Exception('{} is not a valid ASN'.format(member))
|
||||
req = ipb.PeerSummaryRequest()
|
||||
peers = stub.PeerSummary(req)
|
||||
|
||||
members = []
|
||||
for peer in peers:
|
||||
if peer.check_status != peer.STATUS_OK:
|
||||
continue
|
||||
members.append('AS'+str(peer.peeringdb_info.asn))
|
||||
|
||||
print("Members:", members)
|
||||
sync_autnum(members, password)
|
||||
sync_asset(members, password)
|
Loading…
Reference in a new issue