From 3fcfbf7a033a5a1b2e75b1b0381b37a1435ab2f4 Mon Sep 17 00:00:00 2001 From: Brian Lee Date: Sat, 12 Aug 2023 14:59:36 -0700 Subject: [PATCH] Install strfry-policies with the basic starter template policy. --- defaults/main.yml | 15 +++++++-------- {templates => files}/strfry-policy.ts | 4 ++-- tasks/deno.yml | 8 ++++---- tasks/install.yml | 13 +++++++------ templates/strfry.conf | 14 +++++++------- 5 files changed, 27 insertions(+), 27 deletions(-) rename {templates => files}/strfry-policy.ts (84%) diff --git a/defaults/main.yml b/defaults/main.yml index a457e8a..9f33348 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -10,7 +10,6 @@ strfry_data_path: /var/lib/strfry strfry_db: "./strfry-db/" # Becomes /var/lib/strfry/strfry-db strfry_policies_enabled: true -strfry_policies_path: "{{ strfry_data_path }}/strfry-policy.ts" strfry_dbParams: # Maximum number of threads/processes that can simultaneously have LMDB transactions open (restart required) @@ -65,30 +64,30 @@ strfry_relay: writePolicy: # If non-empty, path to an executable script that implements the writePolicy plugin logic - plugin: "" + plugin: "{{ strfry_data_path }}/strfry-policy.ts" # Number of seconds to search backwards for lookback events when starting the writePolicy plugin (0 for no lookback) lookbackSeconds: 0 compression: # Use permessage-deflate compression if supported by client. Reduces bandwidth, but slight increase in CPU (restart required) - enabled: "true" + enabled: yes # Maintain a sliding window buffer for each connection. Improves compression, but uses more memory (restart required) - slidingWindow: "true" + slidingWindow: yes logging: # Dump all incoming messages - dumpInAll: "false" + dumpInAll: no # Dump all incoming EVENT messages - dumpInEvents: "false" + dumpInEvents: no # Dump all incoming REQ/CLOSE messages - dumpInReqs: "false" + dumpInReqs: no # Log performance metrics for initial REQ database scans - dbScanPerf: "false" + dbScanPerf: no numThreads: # Ingester threads: route incoming requests, validate events/sigs (restart required) diff --git a/templates/strfry-policy.ts b/files/strfry-policy.ts similarity index 84% rename from templates/strfry-policy.ts rename to files/strfry-policy.ts index 2ba83c3..13caf7b 100644 --- a/templates/strfry-policy.ts +++ b/files/strfry-policy.ts @@ -1,5 +1,5 @@ #!/bin/sh -//bin/true; exec deno run "$0" "$@" +//bin/true; exec deno run -A "$0" "$@" import { antiDuplicationPolicy, hellthreadPolicy, @@ -11,7 +11,7 @@ import { for await (const msg of readStdin()) { const result = await pipeline(msg, [ - [hellthreadPolicy, { limit: 100 }], + [hellthreadPolicy, { limit: 10 }], [antiDuplicationPolicy, { ttl: 60000, minLength: 50 }], [rateLimitPolicy, { whitelist: ['127.0.0.1'] }], ]); diff --git a/tasks/deno.yml b/tasks/deno.yml index 435a55c..abba79a 100644 --- a/tasks/deno.yml +++ b/tasks/deno.yml @@ -10,18 +10,18 @@ path: /etc/ansible/facts.d state: directory -- name: 'Detect the latest {{ app_name }} version' +- name: 'Detect the latest Deno version' ansible.builtin.uri: url: https://api.github.com/repos/denoland/deno/releases/latest register: deno_latest_release_tag -- name: 'Determine whether or not the latest version of {{ app_name }} is already installed' +- name: 'Determine whether or not the latest version of Deno is already installed' ansible.builtin.set_fact: install_deno: "{{ (ansible_local.deno is not defined) or \ ((ansible_local.deno is defined) and \ (ansible_local['deno']['settings']['version'] != deno_latest_release_tag.json.tag_name | replace('v',''))) }}" -- name: 'Ensure {{ app_name }} is installed' +- name: 'Ensure Deno is installed' unarchive: src: 'https://github.com/denoland/deno/releases/download/{{ deno_latest_release_tag.json.tag_name }}/deno-x86_64-unknown-linux-gnu.zip' dest: /usr/local/bin @@ -31,7 +31,7 @@ - -j when: install_deno -- name: 'Save meta information about the version of {{ app_name }} that was installed' +- name: 'Save meta information about the version of Deno that was installed' community.general.ini_file: path: /etc/ansible/facts.d/deno.fact mode: 0644 diff --git a/tasks/install.yml b/tasks/install.yml index 8985bd7..47cfba2 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -28,14 +28,15 @@ tags: config notify: restart strfry -- name: Configure basic strfry-policies only if a configuration does not already exist - ansible.builtin.template: +- name: Install the strfry-policy template + ansible.builtin.copy: src: strfry-policy.ts - dest: "{{ strfry_policies_path }}" + dest: "{{ strfry_relay.writePolicy.plugin }}" owner: "{{ strfry_system_user }}" group: "{{ strfry_system_group }}" - when: not strfry_skip_config - tags: config +# force: false # Never overwrite, this is just a starter policy + mode: '0755' + when: strfry_policies_enabled notify: restart strfry - name: Ensure the configured database directory exists. @@ -52,4 +53,4 @@ state: directory owner: "{{ strfry_system_user }}" group: "{{ strfry_system_group }}" - when: not strfry_db.startswith('/') \ No newline at end of file + when: not strfry_db.startswith('/') diff --git a/templates/strfry.conf b/templates/strfry.conf index f3d3961..744aca0 100644 --- a/templates/strfry.conf +++ b/templates/strfry.conf @@ -49,7 +49,7 @@ relay { autoPingSeconds = {{ strfry_relay.autoPingSeconds }} # If TCP keep-alive should be enabled (detect dropped connections to upstream reverse proxy) - enableTcpKeepalive = {{ strfry_relay.enableTcpKeepalive }} + enableTcpKeepalive = {{ "true" if strfry_relay.enableTcpKeepalive else "false" }} # How much uninterrupted CPU time a REQ query should get during its DB scan queryTimesliceBudgetMicroseconds = {{ strfry_relay.queryTimesliceBudgetMicroseconds }} @@ -70,24 +70,24 @@ relay { compression { # Use permessage-deflate compression if supported by client. Reduces bandwidth, but slight increase in CPU (restart required) - enabled = {{ strfry_relay.compression.enabled }} + enabled = {{ "true" if strfry_relay.compression.enabled else "false" }} # Maintain a sliding window buffer for each connection. Improves compression, but uses more memory (restart required) - slidingWindow = {{ strfry_relay.compression.slidingWindow }} + slidingWindow = {{ "true" if strfry_relay.compression.slidingWindow else "false"}} } logging { # Dump all incoming messages - dumpInAll = {{ strfry_relay.logging.dumpInAll }} + dumpInAll = {{ "true" if strfry_relay.logging.dumpInAll else "false" }} # Dump all incoming EVENT messages - dumpInEvents = {{ strfry_relay.logging.dumpInEvents }} + dumpInEvents = {{ "true" if strfry_relay.logging.dumpInEvents else "false" }} # Dump all incoming REQ/CLOSE messages - dumpInReqs = {{ strfry_relay.logging.dumpInReqs }} + dumpInReqs = {{ "true" if strfry_relay.logging.dumpInReqs else "false" }} # Log performance metrics for initial REQ database scans - dbScanPerf = {{ strfry_relay.logging.dbScanPerf }} + dbScanPerf = {{ "true" if strfry_relay.logging.dbScanPerf else "false" }} } numThreads {