Page MenuHomeDevCentral

Fetch GeoIP databases
ClosedPublic

Authored by dereckson on Mar 10 2023, 20:06.
Tags
None
Referenced Files
F3768220: D2874.id7324.diff
Sat, Nov 23, 07:10
Unknown Object (File)
Mon, Nov 18, 18:36
Unknown Object (File)
Mon, Nov 18, 18:36
Unknown Object (File)
Sun, Nov 17, 23:12
Unknown Object (File)
Sun, Nov 17, 22:55
Unknown Object (File)
Sun, Nov 17, 22:38
Unknown Object (File)
Fri, Nov 8, 06:24
Unknown Object (File)
Thu, Nov 7, 21:33
Subscribers
None

Details

Summary

Sentry can describe both end user and server IP addresses with geolocation.
To do so, it requires up-to-date MaxMind GeoLite2-City database.

The geoipupdate wrapper fetches the free databases in /srv/geoip,
firing a container with the Geo IP update program to run once.
It uses credentials stored in Vault for our MaxMind account.

Sentry containers can then mount /srv/geoip volume to fetch information.

References:

Ref T1791

Test Plan

geoipupdate on docker-002 created /srv/geoip like expected

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dereckson created this revision.

Wrappers part is omnipotent:

----------
          ID: /srv/geoip
    Function: file.directory
      Result: True
     Comment: The directory /srv/geoip is in the correct state
     Started: 20:07:36.676575
    Duration: 1.163 ms
     Changes:
----------
          ID: selinux_context_geoip_data
    Function: selinux.fcontext_policy_present
        Name: /srv/geoip
      Result: True
     Comment: SELinux policy for "/srv/geoip" already present with specified filetype "all files" and sel_type "container_file_t".
     Started: 20:07:36.679804
    Duration: 417.709 ms
     Changes:
----------
          ID: selinux_context_geoip_data_applied
    Function: selinux.fcontext_policy_applied
        Name: /srv/geoip
      Result: True
     Comment: SElinux policies are already applied for filespec "/srv/geoip"
     Started: 20:07:37.098133
    Duration: 18.949 ms
     Changes:
This revision is now accepted and ready to land.Mar 10 2023, 20:10
This revision was automatically updated to reflect the committed changes.