ISC License
ansible-project-dumbhub
This is a Work-in-Progress project.
Create a dumbhub
that you can place between your router and the peer device
of ISP. The hub acts as L2 switch, simply forwards all packets from one
interface to another. However, the hub also runs ntopng
and other network
monitoring tools, providing a user interface of network status, including
packets per sec, protocol breakdown, and a list of top takers in the
network.
The project is managed by ansible
and several my ansible
roles, which
means that the device configuration can be tested in deterministic way in
a virtualised environment, and you can deploy with a single command on a plain
default installation from scratch.
The project has a set of tests that you can perform on virtual machine, or a machine in production.
You would like to monitor a network so that you can find bandwidth eaters in the network, or so that you can see trend of bandwidth. But your router is a consumer product without advanced monitoring features. You would like to see trends, top talkers, protocols, etc.
You would like to monitor traffic, but you cannot modify router configuration nor network topology.
ntopng
whichargus
which analyzes packet flows,net-snmp
which exports interface metricsdumpcap
whichpcap
formatsquid
] which provides HTTP proxyntopng
See more screenshots of ntopng
at the product page.
argus
Depending on your constraints, there are different deployment patterns. Choose the one that suits to your needs.
.----------. .---------. .--------.
| ISP peer |---| dumbhub |---| Router |---> Internal network
`----------' `---------' `--------'
| |
`-----WiFi----'
In this pattern, the router performs NAT. For whatever reason, you cannot change network topology or router configuration. The WiFi interface is used for accessing to the user interface.
Pros:
dumbhub
fails, simply remove the dumbhub
, and connect theCons:
dumbhub
cannot.----------. .---------. .--------.
| ISP peer |---| dumbhub |---| Router |---> Internal network
`----------' `---------' `--------'
In this pattern, the dumbhub
performs NAT. WiFi interface is optional.
Pros:
dumbhub
has internal IP address.Cons:
dumbhub
fails, you need another dumbhub
for backup and replacedumbhub
fails, and you do not have a backup dumbhub
, you needdumbhub
uses more CPU and RAM for NAT,.----------. .--------. .---------. .-------------------.
| ISP peer |---| Router |---| dumbhub |---| L2 switch/WiFi AP |---> Internal network
`----------' `--------' `---------' `-------------------'
| |
`------WiFi--------'
In this pattern, the router performs NAT. The dumbhub
acts as L2 switch.
Pros:
dumbhub
fails, simply remove the dumbhub
, and connect the L2Cons:
sshd
sudo(1)
as rootpython
The project provides two environments. One for development and tests, and another for production system.
virtualbox
environment is used for development, where virtualbox
VM is
launched and provisioned.
prod
is for production system. It can be VMs on cloud service, or a physical
machine.
TBW
Clone the repository.
git clone https://github.com/trombik/ansible-project-openhab
cd ansible-project-openhab
Setup bundler
.
bundle install --path=~/.vendor/bundle
Replace ~/.vendor/bundle
with your directory to install gems.
The project is managed by a Rakefile
. It provides targets to launch virtual
machines, provision them, and test the configured system.
Launch the VM.
bundle exec rake up
Provision the VM.
bundle exec rake provision
Test the system.
bundle exec rake test:serverspec:all
Login to the system (only for virtualbox
environment).
vagrant ssh hab.i.trombik.org
Destroy the VM.
bundle exec rake clean
The Rakefile
supports proxy on local machine. It assumes that the proxy is
running on local machine, listening on port 8080. If it detects the port is
open, then, automatically set necessary proxy setting during the deployment,
which makes the process faster. Any HTTP proxy application works. Here I use
polipo
.
polipo logFile= daemonise=false diskCacheRoot=~/tmp/cache allowedClients='0.0.0.0/0' proxyAddress='0.0.0.0' logSyslog=false logLevel=0xff proxyPort=8080 relaxTransparency=true
If you use other application on that port, VAGRANT_HTTP_PROXY_PORT
environment variable can be defined to override port 8080. Replace
~/tmp/cache
with your cache directory.
ANSIBLE_ENVIRONMENT
is an environment variable to switch the target
environment. If not defined, virtualbox
, where you develop the system, is
assumed. Another environment is prod
, which is the live production system.
To deploy to prod
, run:
ANSIBLE_ENVIRONMENT=prod bundle exec rake provision
By default, user vagrant
for virtualbox
environment, and the Unix account
on the local machine, is used as ssh
account. To override it, use
ANSIBLE_USER
environment variable.
ansible-vault
To decrypt password protected files by ansible-vault
, the Rakefile
use
ANSIBLE_VAULT_PASSWORD_FILE
environment variable. It should be path to
ansible-vault
password file on local machine.
To test the system in prod
environment, SUDO_PASSWORD
environment variable
must be set, which is used to run specs on the target machine. Your local Unix
account (or ANSIBLE_USER
account) must be able to run sudo(1)
on the
target machine.