When running the ./algo command there are a number of interactive questions.
If I want to run this command with the same options on a regular basis (rotating servers) I should be able to configure the answers to those questions in the config file with boolean values for each. I should be able to run algo non-interactively.
That's reasonable. If you want access to a similar feature now, you can use the scripted deployment instructions here: https://github.com/trailofbits/algo/blob/master/docs/ADVANCED.md
@grempe alternatively you can use this syntax for repeated testing:
#!/bin/bash
mkdir tmp
cd tmp
apt install -q -y python-setuptools build-essential libssl-dev libffi-dev python-dev
git clone https://github.com/trailofbits/algo.git && cd algo
# Optional, but helpful for reporting issues (e.g., current master):
git reset --hard 148686e8fdb0bb12e1f1d88475c15f1f1cc84771
easy_install pip && pip install -r requirements.txt
# For this example:
# DigitalOcean, DO API token, DO SSH key, NYC region, algo.local hostname default,
# yes to sec enhance, y to ad block, yes to dns resolver, no to auditd,
# no to per-user ssh tunneling, no to always-on wifi, no to always-on cell,
# no to Win 10 client reduced security
cat <<END > cmd
1
[YOUR-API-TOKEN]
[YOUR-REGISTERED-DO-KEY.PUB]
5
y
y
y
n
n
n
n
n
END
./algo < cmd
Thanks @kennwhite thats a good script for testing for sure. It would be too scary to run after a git pull on the repo for regular VPN server rotation though. Having a nice contract with the config file would be a happier path. :-)
On second though, the shell script helper is not meant to be a stable target for scripting. It's there to guide non-technical users through the installation process. The questions it asks and other details about it frequently change and it is not expected to be a stable target for development. If you want to script a deploy, then you should do it with the scripted deploy features that are already available and provide identical functionality to what you've requested.
Thanks Kenn for your script! I'm going to add that as an example in ADVANCED.md.
Hmmm, I'm disappointed you closed this. I don't think I was asking that the interactive prompts go away for all, and I was also not suggesting that the algo command be a stable target for scripting (although Ken provided a helpful, though fragile, script to do just that).
What I was requesting was that there be the ability to answer those questions before the fact using (likely commented by default) options in the config file. A config file that users are already needing to modify. Having both interactive and config entry driven deployment of a server are not mutually exclusive.
An commonly seen alternative would be to also add command line flags to the algo script that allow specifying the answers at command line runtime.
Having to run through a (likely growing) list of interview questions, and having to remember which options I chose previously, does not seem to be as friendly as it could be.
I'm not sure why this is not a solution for you? It runs a deploy in a single step.
https://github.com/trailofbits/algo/blob/master/docs/ADVANCED.md#scripted-deployment
I just ran it to test it out (on macOS Sierra, with python and ansible installed via homebrew). It successfully ran with the following:
$ ansible-playbook deploy.yml -t digitalocean,vpn -e 'do_access_token=MY_API_KEY do_ssh_name=my_ssh_key do_server_name=test.local do_region=sfo1'
Some comments:
do_ssh_name=my_ssh_key should be set to. A path to a key? A name? I set it to something meaningless but I don't see what it did.-t tag requires you to enter cloud or server role tags, comma separated. You list them on the advanced page, but again, you have to hunt around to find out what they mean.So, sure, it took me only a few minutes to figure it out how to get it to work but I've also spent some hours familiarizing myself. But if the goal is to make the tool 1-click then this is not the way to go to make it friendly, and to make it easy to re-use a config IMHO.
Glad it worked. Happy to take a pull request that updates those docs.
ok, I will file a PR for some updates to the advanced docs. Doesn't really address this issue though (but I think you know that), since the advanced method is not feature compatible with the algo script (e.g. no way to specify vpn always on for wifi/cellular). I'll file bug reports for missing advanced features I see if you are fundamentally set in not making algo configurable.
See issues #197 and #199 (and pull requests for each) which address some of the issues I commented on above.