Merge pull request #221 from rackerlabs/components-rename

Components rename

ansible-playbooks/master.yml → ansible-playbooks/console.yml

@@ -1,9 +1,9 @@
 ---
-- hosts: master
+- hosts: console
   roles:
     - name: common
       tags: [ common ]
     - name: add_users
       tags: [ add_users ]
-    - name: master
-      tags: [ master ]
+    - name: console
+      tags: [ console ]

ansible-playbooks/engine.yml

@@ -0,0 +1,7 @@
+---
+- hosts: engine
+  roles:
+    - name: common
+      tags: [ common ]
+    - name: engine
+      tags: [ engine ]

ansible-playbooks/group_vars/all

@@ -9,17 +9,17 @@ non_root_user: scantron
 application_environment: production
 
 # IPs
-master_external_ip: "{{ groups.master[0] }}"  # Read from hosts file.
-master_internal_ip: "{{ groups.master[0] }}"  # Read from hosts file, change if dual-NIC'd.
-master_fqdn: "{{ groups.master[0] }}"  # master_fqdn: scantron.yourdomain.com.
+console_external_ip: "{{ groups.console[0] }}"  # Read from hosts file.
+console_internal_ip: "{{ groups.console[0] }}"  # Read from hosts file, change if dual-NIC'd.
+console_fqdn: "{{ groups.console[0] }}"  # console_fqdn: scantron.yourdomain.com.
 
-agent_exteral_ip: "{{ groups.agent[0] }}"  # Read from hosts file.
-agent_interal_ip: "{{ groups.agent[0] }}"  # Change if dual-NIC'd.
+engine_exteral_ip: "{{ groups.engine[0] }}"  # Read from hosts file.
+engine_interal_ip: "{{ groups.engine[0] }}"  # Change if dual-NIC'd.
 
 # masscan - installation requires a minimum amount of 1 GB of memory.
-install_masscan_on_agent: True
+install_masscan_on_engine: True
 
-# If you want to set one standard API token for all agents
-# instead of having to logging into every agent and updating agent/agent_config.json
+# If you want to set one standard API token for all engines
+# instead of having to logging into every engine and updating engine/engine_config.json
 # This is less secure!
-utilize_static_api_token_across_agents: False
+utilize_static_api_token_across_engines: False

ansible-playbooks/hosts

@@ -1,5 +1,5 @@
-[agent]
+[engine]
 192.168.169.165
 
-[master]
-192.168.169.164
+[console]
+192.168.169.164

ansible-playbooks/roles/add_users/README

@@ -2,4 +2,4 @@ Creates new users, adds their SSH key, and updates shell files.
 
 1) Edit vars/main.yml with any changes:
 
-2) Ensure role is uncommented in [agent|master].yml
+2) Ensure role is uncommented in [engine|console].yml

ansible-playbooks/roles/common/README

@@ -2,4 +2,4 @@ Installs baseline configuration for boxes.
 
 1) Edit vars/main.yml with any changes:
 
-2) Ensure role is uncommented in [agent|master].yml
+2) Ensure role is uncommented in [engine|console].yml

ansible-playbooks/roles/console/README

@@ -0,0 +1,5 @@
+Installs console role.
+
+1) Edit vars/main.yml with any changes:
+
+2) Execute console.yml

ansible-playbooks/roles/master/files/etc/logrotate.d/uwsgi → ansible-playbooks/roles/console/files/etc/logrotate.d/uwsgi

@@ -1,4 +1,4 @@
-/home/scantron/master/logs/uwsgi.log {
+/home/scantron/console/logs/uwsgi.log {
     copytruncate
     rotate 14
     size=256M

ansible-playbooks/roles/master/tasks/main.yml → ansible-playbooks/roles/console/tasks/main.yml

@@ -58,7 +58,7 @@
     state: link
 
 - name: Generate temporary self-signed SSL certificate.
-  command: openssl req -x509 -nodes -days 730 -sha256 -newkey rsa:2048 -keyout /etc/ssl/scantron.key -out /etc/ssl/scantron.crt -subj "/C=US/ST=Texas/L=San Antonio/O=Scantron/OU=NA/CN={{ master_fqdn }}"
+  command: openssl req -x509 -nodes -days 730 -sha256 -newkey rsa:2048 -keyout /etc/ssl/scantron.key -out /etc/ssl/scantron.crt -subj "/C=US/ST=Texas/L=San Antonio/O=Scantron/OU=NA/CN={{ console_fqdn }}"
   args:
     creates: /etc/ssl/scantron.key  # Only checks if .key file exists, not the .crt file.
   when: application_environment == 'production'
@@ -94,9 +94,9 @@
 
 # Misc.
 #######
-- name: rsync master files to server.
+- name: rsync console files to server.
   synchronize:
-    src: ../../../../master
+    src: ../../../../console
     dest: "/home/{{ non_root_user }}"
   tags: update_code
 
@@ -396,14 +396,14 @@
 
 - name: Change ownership of target_files
   file:
-    path: "/home/{{ non_root_user }}/master/target_files"
+    path: "/home/{{ non_root_user }}/console/target_files"
     owner: nobody
     group: nogroup
     recurse: yes
 
 - name: Change ownership of scan_results
   file:
-    path: "/home/{{ non_root_user }}/master/scan_results"
+    path: "/home/{{ non_root_user }}/console/scan_results"
     owner: nobody
     group: nogroup
     recurse: yes
@@ -435,7 +435,7 @@
 
 - name: Make nmap_to_csv.sh and nmap_to_csv.py executable.
   file:
-    path: "/home/{{ non_root_user }}/master/scan_results/{{ item }}"
+    path: "/home/{{ non_root_user }}/console/scan_results/{{ item }}"
     owner: root
     group: root
     mode: 0700
@@ -446,9 +446,9 @@
     - masscan_json_to_csv.py
     - xml_to_json_nmap_results.py
 
-- name: chown-ing master files to root in "/home/{{ non_root_user }}/master"
+- name: chown-ing console files to root in "/home/{{ non_root_user }}/console"
   file:
-    path: "/home/{{ non_root_user }}/master/{{ item }}"
+    path: "/home/{{ non_root_user }}/console/{{ item }}"
     owner: root
     group: root
     mode: 0700
@@ -514,16 +514,16 @@
   args:
      chdir: "{{ scantron_dir }}"
 
-- name: Determine the API token for the "agent1" user.
-  shell: echo "from rest_framework.authtoken.models import Token; print(Token.objects.filter(user__username='agent1')[0].key)" | {{ venv_python }} {{ scantron_dir }}/manage.py shell
+- name: Determine the API token for the "engine1" user.
+  shell: echo "from rest_framework.authtoken.models import Token; print(Token.objects.filter(user__username='engine1')[0].key)" | {{ venv_python }} {{ scantron_dir }}/manage.py shell
   args:
     chdir: "{{ scantron_dir }}"
   register: api_key_output
-  when: utilize_static_api_token_across_agents
+  when: utilize_static_api_token_across_engines
 
 - name: Copy the API key to scantron/ansible-playbooks/group_vars/static_api_key
   local_action: copy content="{{ api_key_output.stdout_lines[1] }}" dest="group_vars/static_api_key"
-  when: utilize_static_api_token_across_agents
+  when: utilize_static_api_token_across_engines
 
 - name: Reboot the box in 1 minute.
   command: shutdown -r 1

ansible-playbooks/roles/master/templates/etc/exports.j2 → ansible-playbooks/roles/console/templates/etc/exports.j2

@@ -11,5 +11,5 @@
 # rw: Even though writing to folder, must allow reads to verify it exists.
 # sync: Forces NFS to write changes to disk before replying.
 # no_subtree_check:  Disable subtree checking
-/home/{{ non_root_user }}/master/target_files    127.0.0.1(rw,sync,no_subtree_check,insecure)
-/home/{{ non_root_user }}/master/scan_results    127.0.0.1(rw,sync,no_subtree_check,insecure)
+/home/{{ non_root_user }}/console/target_files    127.0.0.1(rw,sync,no_subtree_check,insecure)
+/home/{{ non_root_user }}/console/scan_results    127.0.0.1(rw,sync,no_subtree_check,insecure)

ansible-playbooks/roles/master/templates/etc/nginx/sites-available/scantron_nginx.conf.j2 → ansible-playbooks/roles/console/templates/etc/nginx/sites-available/scantron_nginx.conf.j2

@@ -9,14 +9,14 @@ upstream scantron {
 # Redirect all non-encrypted (HTTP) to encrypted (HTTPS)
 server {
     listen 80;
-    server_name {{ master_fqdn }};  # Machine's IP address or FQDN
+    server_name {{ console_fqdn }};  # Machine's IP address or FQDN
     return 301 https://$server_name$request_uri;
 }
 
 # Primary configuration
 server {
     listen 443;
-    server_name {{ master_fqdn }};  # Substitute your machine's IP address or FQDN
+    server_name {{ console_fqdn }};  # Substitute your machine's IP address or FQDN
 
     ssl on;
     ssl_certificate /etc/ssl/scantron.crt;
@@ -45,7 +45,7 @@ server {
     }
 
     # client_max_body_size must be the MB value of the max_length of any target type fields in
-    # master/django_scantron/models.py
+    # console/django_scantron/models.py
     # 4194304 bytes --> 4M, assuming each character takes up 1 byte.
     client_max_body_size 4M;
 }

ansible-playbooks/roles/master/templates/etc/rc.local.j2 → ansible-playbooks/roles/console/templates/etc/rc.local.j2

@@ -11,10 +11,10 @@
 #
 # By default this script does nothing.
 
-# autossh required for each agent.
+# autossh required for each engine.
 # StrictHostKeyChecking prevents having to su as autossh and then ssh in to accept the host fingerprint.
 
-# SSH connection from master --> agent
-su - autossh -s /bin/bash -c 'autossh -M 0 -f -N -o "StrictHostKeyChecking no" -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -p 22 -R 4430:127.0.0.1:443 -R 2049:127.0.0.1:2049 -i /home/{{ non_root_user }}/master/autossh.key autossh@{{ agent_exteral_ip }}'
+# SSH connection from console --> engine
+su - autossh -s /bin/bash -c 'autossh -M 0 -f -N -o "StrictHostKeyChecking no" -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -p 22 -R 4430:127.0.0.1:443 -R 2049:127.0.0.1:2049 -i /home/{{ non_root_user }}/console/autossh.key autossh@{{ engine_exteral_ip }}'
 
 exit 0

ansible-playbooks/roles/master/templates/production.py.j2 → ansible-playbooks/roles/console/templates/production.py.j2

@@ -31,10 +31,10 @@ X_FRAME_OPTIONS = "DENY"
 # See https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
 
 # FQDN used to populate results URL for completed scan emails.
-MASTER_FQDN = "{{ master_fqdn }}"
+CONSOLE_FQDN = "{{ console_fqdn }}"
 
 ALLOWED_HOSTS = [
-    "{{ master_fqdn }}",
+    "{{ console_fqdn }}",
     "{{ ansible_default_ipv4.address }}",
     "127.0.0.1",
     "localhost",

ansible-playbooks/roles/master/templates/scantron_uwsgi.ini.j2 → ansible-playbooks/roles/console/templates/scantron_uwsgi.ini.j2

@@ -22,7 +22,7 @@ processes = 4
 threads = 2
 
 # PID file
-pidfile = /tmp/scantron-master.pid
+pidfile = /tmp/scantron-console.pid
 
 # Respawn processes taking more than 120 seconds
 harakiri = 120

ansible-playbooks/roles/master/vars/main.yml → ansible-playbooks/roles/console/vars/main.yml

@@ -19,7 +19,7 @@ install_packages:
   - xmlsec1  # SAML support.
 
 # secrets file
-scantron_secrets: "{{ lookup('file', '../../../master/scantron_secrets.json') | from_json }}"
+scantron_secrets: "{{ lookup('file', '../../../console/scantron_secrets.json') | from_json }}"
 
 # postgresql
 postgresql_version: 12
@@ -35,7 +35,7 @@ postgresql_hba_entries:
   - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
 
 # pip
-scantron_dir: "/home/{{ non_root_user }}/master"
+scantron_dir: "/home/{{ non_root_user }}/console"
 venv_dir: "{{ scantron_dir }}/.venv"
 venv_python: "{{ venv_dir }}/bin/python3.6"
 

ansible-playbooks/roles/engine/README

@@ -0,0 +1,5 @@
+Installs scantron engine.
+
+1) Edit vars/main.yml with any changes:
+
+2) Execute engine.yml

ansible-playbooks/roles/agent/files/etc/logrotate.d/scantron-agent → ansible-playbooks/roles/engine/files/etc/logrotate.d/scantron-engine

@@ -1,4 +1,4 @@
-/root/agent/logs/agent.log {
+/root/engine/logs/engine.log {
     create 700 root root
     copytruncate
     rotate 14