bgpwtf/cccampix: cronjobify ripe-sync
Change-Id: I185c2702384941b6537a6a4048bdb2e1c4e183ba
diff --git a/bgpwtf/cccampix/BUILD b/bgpwtf/cccampix/BUILD
index cac046a..291590a 100644
--- a/bgpwtf/cccampix/BUILD
+++ b/bgpwtf/cccampix/BUILD
@@ -1,18 +1,24 @@
load("@io_bazel_rules_docker//container:container.bzl", "container_image", "container_layer", "container_push")
+load("@subpar//:subpar.bzl", "par_binary")
-py_binary(
- name = "sync",
+par_binary(
+ name = "ripe-sync",
srcs = [
- "sync.py",
+ "ripe-sync.py",
],
deps = [
+ "@pip36//grpcio",
"@pip36//requests",
+ "//bgpwtf/cccampix/proto:ix_py_proto",
],
+ legacy_create_init = False,
+ zip_safe = False,
)
container_layer(
name = "layer_bin",
files = [
+ "//bgpwtf/cccampix:ripe-sync.par",
"//bgpwtf/cccampix/irr:irr",
"//bgpwtf/cccampix/peeringdb:peeringdb",
"//bgpwtf/cccampix/verifier:verifier",
diff --git a/bgpwtf/cccampix/kube/ix.libsonnet b/bgpwtf/cccampix/kube/ix.libsonnet
index 1503a47..597252d 100644
--- a/bgpwtf/cccampix/kube/ix.libsonnet
+++ b/bgpwtf/cccampix/kube/ix.libsonnet
@@ -5,7 +5,7 @@
local ix = self,
local cfg = ix.cfg,
cfg:: {
- image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565559239-95928eecd7e35e8582fa011d1457643ca398c310",
+ image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565566961-49bf87f8e1ff80e35acd8eb9fc699c4ae0bf250e",
domain: "ix-status.bgp.wtf",
octorpki: {
@@ -213,6 +213,40 @@
],
},
+ ripeSync: kube.CronJob(ix.name("ripe-sync")) {
+ metadata+: ix.metadata("ripe-sync"),
+ spec+: {
+ schedule: "*/5 * * * *",
+ jobTemplate+: {
+ spec+: {
+ selector:: null,
+ template+: {
+ spec+: {
+ containers_: {
+ "ripe-sync": kube.Container(ix.name("ripe-sync")) {
+ image: cfg.image,
+ args: [
+ "/ix/ripe-sync.par",
+ "$(PASSWORD)",
+ ix.verifier.address,
+ ],
+ env_: {
+ PASSWORD: {
+ secretKeyRef: {
+ name: ix.name("ripe-sync"),
+ key: "password",
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+
ingress: kube.Ingress("ingress") {
metadata+: ix.metadata("public") {
annotations+: {
diff --git a/bgpwtf/cccampix/sync.py b/bgpwtf/cccampix/ripe-sync.py
similarity index 91%
rename from bgpwtf/cccampix/sync.py
rename to bgpwtf/cccampix/ripe-sync.py
index 31c2d2e..116158c 100644
--- a/bgpwtf/cccampix/sync.py
+++ b/bgpwtf/cccampix/ripe-sync.py
@@ -15,8 +15,12 @@
import sys
import time
+import grpc
import requests
+from bgpwtf.cccampix.proto import ix_pb2 as ipb
+from bgpwtf.cccampix.proto import ix_pb2_grpc as ipb_grpc
+
class IRRObject:
"""An IRR object from RIPE."""
@@ -199,18 +203,24 @@
if __name__ == '__main__':
if len(sys.argv) != 3:
- print("Usage: {} password AS1,AS2,AS3,...".format(sys.argv[0]))
+ print("Usage: {} <password> <verifier addr>".format(sys.argv[0]))
sys.exit(1)
password = sys.argv[1]
- members = [m.strip().upper() for m in sys.argv[2].split(',')]
+ verifier = sys.argv[2]
- for member in members:
- if not member.startswith('AS'):
- raise Exception('{} is not a valid ASN'.format(member))
+ chan = grpc.insecure_channel(verifier)
+ stub = ipb_grpc.VerifierStub(chan)
- if not all(c in string.digits for c in member[2:]):
- raise Exception('{} is not a valid ASN'.format(member))
+ req = ipb.PeerSummaryRequest()
+ peers = stub.PeerSummary(req)
+ members = []
+ for peer in peers:
+ if peer.check_status != peer.STATUS_OK:
+ continue
+ members.append('AS'+str(peer.peeringdb_info.asn))
+
+ print("Members:", members)
sync_autnum(members, password)
sync_asset(members, password)