Page MenuHomeDevCentral
Differential D2874

Fetch GeoIP databases
ClosedPublic
Actions

Authored by dereckson on Mar 10 2023, 20:06.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 1, 21:21
Unknown Object (File)
Fri, Nov 1, 19:50
Unknown Object (File)
Thu, Oct 31, 20:11
Unknown Object (File)
Thu, Oct 31, 20:11
Unknown Object (File)
Thu, Oct 31, 19:41
Unknown Object (File)
Thu, Oct 31, 19:18
Unknown Object (File)
Thu, Oct 31, 10:46
Unknown Object (File)
Sat, Oct 26, 19:27
View All Files
Subscribers
None

Details

Reviewers
dereckson
Maniphest Tasks
T1791: Refresh Sentry installation
Commits
rOPSe542d69a0933: Fetch GeoIP databases
Summary

Sentry can describe both end user and server IP addresses with geolocation.
To do so, it requires up-to-date MaxMind GeoLite2-City database.

The geoipupdate wrapper fetches the free databases in /srv/geoip,
firing a container with the Geo IP update program to run once.
It uses credentials stored in Vault for our MaxMind account.

Sentry containers can then mount /srv/geoip volume to fetch information.

References:

Ref T1791

Test Plan

geoipupdate on docker-002 created /srv/geoip like expected

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Passed
Unit
No Test Coverage
Branch
sentry-geoip
Build Status
Buildable 4537
Build 4804: arc lint + arc unit

Event Timeline

dereckson requested review of this revision.Mar 10 2023, 20:06
dereckson created this revision.
Harbormaster completed remote builds in B4537: Diff 7324.Mar 10 2023, 20:06
dereckson added a comment.Mar 10 2023, 20:07

Wrappers part is omnipotent:

----------
          ID: /srv/geoip
    Function: file.directory
      Result: True
     Comment: The directory /srv/geoip is in the correct state
     Started: 20:07:36.676575
    Duration: 1.163 ms
     Changes:
----------
          ID: selinux_context_geoip_data
    Function: selinux.fcontext_policy_present
        Name: /srv/geoip
      Result: True
     Comment: SELinux policy for "/srv/geoip" already present with specified filetype "all files" and sel_type "container_file_t".
     Started: 20:07:36.679804
    Duration: 417.709 ms
     Changes:
----------
          ID: selinux_context_geoip_data_applied
    Function: selinux.fcontext_policy_applied
        Name: /srv/geoip
      Result: True
     Comment: SElinux policies are already applied for filespec "/srv/geoip"
     Started: 20:07:37.098133
    Duration: 18.949 ms
     Changes:
dereckson accepted this revision.Mar 10 2023, 20:10
This revision is now accepted and ready to land.Mar 10 2023, 20:10
Closed by commit rOPSe542d69a0933: Fetch GeoIP databases (authored by dereckson). · Explain WhyMar 10 2023, 20:11
This revision was automatically updated to reflect the committed changes.
dereckson added a commit: rOPSe542d69a0933: Fetch GeoIP databases.

Revision Contents
Changeset List

PathSize
pillar/
credentials/
2 lines
roles/
paas-docker/
salt/
files/
13 lines
wrappers/
files/
salt/
files/
geoipupdate.sh
credential.sh
17 lines
wrappers/
22 lines

Diff 7324

View Options

pillar/credentials/vault.sls

Loading...
View Options

roles/paas-docker/salt/files/credential.sh

Loading...
View Options

roles/paas-docker/wrappers/files/geoipupdate.sh

Loading...
View Options

roles/paas-docker/wrappers/init.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator