Skip to content

Instantly share code, notes, and snippets.

@cameronkerrnz

cameronkerrnz/Deploy_MaxMind_geoipupdate_on_RHEL7.md

Last active August 9, 2021 07:44
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save cameronkerrnz/89bd2426bbd7b7f84bb8ae6a90fa7936 to your computer and use it in GitHub Desktop.
Save cameronkerrnz/89bd2426bbd7b7f84bb8ae6a90fa7936 to your computer and use it in GitHub Desktop.
Download ZIP
Ansible deployment for MaxMind geoipupdate
Raw
Deploy_MaxMind_geoipupdate_on_RHEL7.md

Logstash 7.14 introduces the concept of the databasemanager into logstash-filter-geoip, which downloads Maxmind GeoIP databases in accordance with Maxmind licencing terms. This does not work behind a proxy. Thus, I updated my deployment with the ability to download install the newer (more appropriate) version of geoipupdate from MaxMind, and configure that to download the databases.

A better (more scalable, easier on upstream) would be to have this on one machine, and then share out the resulting databases internally, on a recurring schedule.

This is an extract of a deployment Ansible (2.10ish) targetting RHEL7 / CentOS7, and while its use-case is to support Logstash, there is nothing in this gist that is specifically about Logstash.

Raw
group_vars_GROUP_vars.yml
geoipupdate_proxy: "my-squid-proxy.example.com:3128"
geoipupdate_notifications_email: "croncrap@example.com"
Raw
group_vars_GROUP_vault.yml (decrypted)
geoipupdate_account_id: ......
geoipupdate_license_key: .............
Raw
roles_SOMEROLE_tasks_geoipupdate.yml
- name: download geoipupdate rpm package
local_action:
module: ansible.builtin.get_url
url: "{{ geoipupdate.url | mandatory }}"
dest: "/tmp/{{ geoipupdate.rpm_filename | mandatory }}"
checksum: "{{ geoipupdate.checksum | mandatory }}"
run_once: True
become: False
- name: copy geoipupdate into place
ansible.builtin.copy:
src: "/tmp/{{ geoipupdate.rpm_filename }}"
dest: /tmp/{{ geoipupdate.rpm_filename }}
owner: root
group: root
mode: "0755"
- name: install geoipupdate
ansible.builtin.yum:
name: "/tmp/{{ geoipupdate.rpm_filename }}"
disablerepo: "*"
state: "present"
- name: template GeoIP.conf
ansible.builtin.template:
src: "etc/GeoIP.conf.j2"
dest: "/etc/GeoIP.conf"
owner: root
group: root
mode: "0640"
- name: run geoipupdate
ansible.builtin.command:
cmd: "/usr/bin/geoipupdate -f /etc/GeoIP.conf"
creates: "/usr/share/GeoIP/GeoLite2-City.mmdb"
- name: set MAILTO for geoipupdate
ansible.builtin.cron:
cron_file: logging_pipeline
user: "root"
env: yes
name: "MAILTO"
job: "{{ geoipupdate_notifications_email | mandatory }}"
- name: install cron job for geoipupdate
ansible.builtin.cron:
cron_file: logging_pipeline
name: geoipupdate
state: present
special_time: "daily"
user: "root"
job: /usr/bin/geoipupdate -f /etc/GeoIP.conf
Raw
roles_SOMEROLE_tasks_main.yml
- name: run the geoipupdate tasks
import_tasks: geoipupdate.yml
tags:
- geoipupdate
Raw
roles_SOMEROLE_vars_main.yml
geoipupdate:
url: "https://github.com/maxmind/geoipupdate/releases/download/v4.8.0/geoipupdate_4.8.0_linux_amd64.rpm"
checksum: "sha256:767a3e2c77fb67790e66dafe71074d41a76b02a1ad3c7d5c19d366eb684b6403"
rpm_filename: "geoipupdate_4.8.0_linux_amd64.rpm"
# You'll need to update this periodically; MaxMind don't have a YUM repository last time I went looking.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment