chef-vpc-toolkit 2.5.2 → 2.6.0
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG +8 -0
- data/README.rdoc +4 -2
- data/VERSION +1 -1
- data/config/server_group.json +1 -0
- data/contrib/etc/chef_vpc_toolkit.conf +7 -1
- data/lib/chef-vpc-toolkit.rb +18 -0
- data/lib/chef-vpc-toolkit/chef_installer.rb +16 -4
- data/lib/chef-vpc-toolkit/cloud-servers-vpc/server_group.rb +6 -1
- data/lib/chef-vpc-toolkit/util.rb +1 -1
- data/lib/chef-vpc-toolkit/vpn_connection.rb +43 -0
- data/lib/chef-vpc-toolkit/vpn_network_manager.rb +46 -50
- data/lib/chef-vpc-toolkit/vpn_openvpn.rb +111 -0
- data/rake/chef_vpc_toolkit.rake +11 -10
- data/test/vpn_network_manager_test.rb +6 -6
- metadata +11 -9
data/CHANGELOG
CHANGED
@@ -1,3 +1,11 @@
|
|
1
|
+
* Thu Jun 21 2011 Dan Prince <dan.prince@rackspace.com> - 2.6.0
|
2
|
+
- Update to support images that have Chef preinstalled.
|
3
|
+
- Skip missing nodes when trying to install Chef.
|
4
|
+
- Added vpn_connection_type option w/ support for using command line
|
5
|
+
openvpn or network_manager.
|
6
|
+
- Add support for 'udp' VPN protocol. Default protocol is 'tcp'.
|
7
|
+
UDP support requires Cloud Servers VPC 2.2.0 or greater.
|
8
|
+
|
1
9
|
* Thu Apr 24 2011 Dan Prince <dan.prince@rackspace.com> - 2.5.2
|
2
10
|
- Raise an error in the chef:poll_clients task if a timeout occurs.
|
3
11
|
- Use CDN to install Chef for Ubuntu.
|
data/README.rdoc
CHANGED
@@ -22,13 +22,15 @@ The Chef VPC Toolkit is a set of Rake tasks that provide a framework to help aut
|
|
22
22
|
|
23
23
|
== Installation
|
24
24
|
|
25
|
-
Requires Ruby and Rubygems. The app was developed with Ruby 1.8.7.
|
25
|
+
Requires Ruby and Rubygems. The app was developed with Ruby 1.8.7 and 1.9.2.
|
26
26
|
|
27
|
-
The following gems are required:
|
27
|
+
The following gems are required when developing/building the toolkit gem:
|
28
28
|
|
29
29
|
rake
|
30
30
|
builder (2.1.2)
|
31
31
|
json (> 1.4.3)
|
32
|
+
uuidtools
|
33
|
+
jeweler
|
32
34
|
|
33
35
|
To install the gem:
|
34
36
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.
|
1
|
+
2.6.0
|
data/config/server_group.json
CHANGED
@@ -8,7 +8,13 @@ cloud_servers_vpc_password:
|
|
8
8
|
# The text editor to use for Chef knife commands. Used when a new server group
|
9
9
|
# is created. Default: vim
|
10
10
|
# knife_editor: vim
|
11
|
-
|
11
|
+
|
12
12
|
# VPN client name. The name given to this machine when connecting to a
|
13
13
|
# server group as a VPN client.
|
14
14
|
# vpn_client_name: local
|
15
|
+
|
16
|
+
# VPN connection type:
|
17
|
+
# -'openvpn' use command line openvpn to join the VPN
|
18
|
+
# -'network_manager' use Network Manager (Fedora 14 and Ubuntu 10.10 only)
|
19
|
+
#
|
20
|
+
vpn_connection_type: openvpn
|
data/lib/chef-vpc-toolkit.rb
CHANGED
@@ -3,6 +3,8 @@ require 'chef-vpc-toolkit/chef_installer'
|
|
3
3
|
require 'chef-vpc-toolkit/ssh_util'
|
4
4
|
require 'chef-vpc-toolkit/version'
|
5
5
|
require 'chef-vpc-toolkit/xml_util'
|
6
|
+
require 'chef-vpc-toolkit/vpn_connection'
|
7
|
+
require 'chef-vpc-toolkit/vpn_openvpn'
|
6
8
|
require 'chef-vpc-toolkit/vpn_network_manager'
|
7
9
|
require 'chef-vpc-toolkit/cloud-servers-vpc/connection'
|
8
10
|
require 'chef-vpc-toolkit/cloud-servers-vpc/client'
|
@@ -10,3 +12,19 @@ require 'chef-vpc-toolkit/cloud-servers-vpc/server'
|
|
10
12
|
require 'chef-vpc-toolkit/cloud-servers-vpc/server_group'
|
11
13
|
require 'chef-vpc-toolkit/cloud-servers-vpc/ssh_public_key'
|
12
14
|
require 'chef-vpc-toolkit/cloud-servers-vpc/vpn_network_interface'
|
15
|
+
|
16
|
+
module ChefVPCToolkit
|
17
|
+
|
18
|
+
# Loads the appropriate VPN connection type based on
|
19
|
+
# the configuration variable 'vpn_connection_type'.
|
20
|
+
#
|
21
|
+
def self.get_vpn_connection(group, client = nil)
|
22
|
+
configs = Util.load_configs
|
23
|
+
if "#{configs['vpn_connection_type']}" == "network_manager"
|
24
|
+
VpnNetworkManager.new(group, client)
|
25
|
+
else
|
26
|
+
VpnOpenVpn.new(group, client)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
end
|
@@ -29,6 +29,16 @@ def self.get_cookbook_repos(options)
|
|
29
29
|
end
|
30
30
|
end
|
31
31
|
|
32
|
+
def self.install_chef_script(install_type="CLIENT", os_type="")
|
33
|
+
return "" if os_type.nil? or os_type.empty?
|
34
|
+
|
35
|
+
return %{
|
36
|
+
#{IO.read(File.dirname(__FILE__) + "/chef_bootstrap/#{os_type}.bash")}
|
37
|
+
install_chef "#{install_type}"
|
38
|
+
}
|
39
|
+
|
40
|
+
end
|
41
|
+
|
32
42
|
# validate the chef.json config file by parsing it
|
33
43
|
def self.validate_json(options)
|
34
44
|
|
@@ -91,9 +101,8 @@ data=%x{
|
|
91
101
|
ssh -o "StrictHostKeyChecking no" root@#{options['ssh_gateway_ip']} bash <<-"EOF_GATEWAY"
|
92
102
|
ssh #{options['chef_server_name']} bash <<-"EOF_BASH"
|
93
103
|
#{IO.read(File.dirname(__FILE__) + "/cloud_files.bash")}
|
94
|
-
#{
|
104
|
+
#{install_chef_script('SERVER', os_type)}
|
95
105
|
#{IO.read(CHEF_INSTALL_FUNCTIONS)}
|
96
|
-
install_chef "SERVER"
|
97
106
|
|
98
107
|
mkdir -p /root/cookbook-repos
|
99
108
|
|
@@ -155,11 +164,14 @@ def self.install_chef_client(options, client_name, client_validation_key, os_typ
|
|
155
164
|
|
156
165
|
data=%x{
|
157
166
|
ssh -o "StrictHostKeyChecking no" root@#{options['ssh_gateway_ip']} bash <<-"EOF_GATEWAY"
|
167
|
+
if ! grep -c "#{client_name}" /etc/hosts &> /dev/null; then
|
168
|
+
echo "Client '#{client_name}' doesn't exist."
|
169
|
+
exit 0
|
170
|
+
fi
|
158
171
|
ssh #{client_name} bash <<-"EOF_BASH"
|
159
172
|
#{IO.read(File.dirname(__FILE__) + "/cloud_files.bash")}
|
160
|
-
#{IO.read(File.dirname(__FILE__) + "/chef_bootstrap/#{os_type}.bash")}
|
161
173
|
#{IO.read(CHEF_INSTALL_FUNCTIONS)}
|
162
|
-
|
174
|
+
#{install_chef_script('CLIENT', os_type)}
|
163
175
|
configure_chef_client '#{options['chef_server_name']}' '#{client_validation_key}'
|
164
176
|
start_chef_client
|
165
177
|
EOF_BASH
|
@@ -27,6 +27,7 @@ class ServerGroup
|
|
27
27
|
attr_accessor :description
|
28
28
|
attr_accessor :domain_name
|
29
29
|
attr_accessor :vpn_device
|
30
|
+
attr_accessor :vpn_proto
|
30
31
|
attr_accessor :vpn_network
|
31
32
|
attr_accessor :vpn_subnet
|
32
33
|
attr_accessor :owner_name
|
@@ -39,6 +40,7 @@ class ServerGroup
|
|
39
40
|
@description=options[:description]
|
40
41
|
@domain_name=options[:domain_name]
|
41
42
|
@vpn_device=options[:vpn_device] or @vpn_device="tun"
|
43
|
+
@vpn_proto=options[:vpn_proto] or @vpn_proto="tcp"
|
42
44
|
@vpn_network=options[:vpn_network] or @vpn_network="172.19.0.0"
|
43
45
|
@vpn_subnet=options[:vpn_subnet] or @vpn_subnet="255.255.128.0"
|
44
46
|
@owner_name=options[:owner_name] or @owner_name=ENV['USER']
|
@@ -86,6 +88,7 @@ class ServerGroup
|
|
86
88
|
:description => json_hash["description"],
|
87
89
|
:domain_name => json_hash["domain_name"],
|
88
90
|
:vpn_device => json_hash["vpn_device"],
|
91
|
+
:vpn_proto => json_hash["vpn_proto"],
|
89
92
|
:vpn_network => json_hash["vpn_network"],
|
90
93
|
:vpn_subnet => json_hash["vpn_subnet"]
|
91
94
|
)
|
@@ -119,7 +122,8 @@ class ServerGroup
|
|
119
122
|
sg.description(@description)
|
120
123
|
sg.tag! "owner-name", @owner_name
|
121
124
|
sg.tag! "domain-name", @domain_name
|
122
|
-
sg.tag! "vpn-device", @vpn_device
|
125
|
+
sg.tag! "vpn-device", @vpn_device if @vpn_device != "tun"
|
126
|
+
sg.tag! "vpn-proto", @vpn_proto if @vpn_proto != "tcp"
|
123
127
|
sg.tag! "vpn-network", @vpn_network
|
124
128
|
sg.tag! "vpn-subnet", @vpn_subnet
|
125
129
|
sg.servers("type" => "array") do |xml_servers|
|
@@ -181,6 +185,7 @@ class ServerGroup
|
|
181
185
|
:domain_name => XMLUtil.element_text(sg_xml, "domain-name"),
|
182
186
|
:description => XMLUtil.element_text(sg_xml, "description"),
|
183
187
|
:vpn_device => XMLUtil.element_text(sg_xml, "vpn-device"),
|
188
|
+
:vpn_proto => XMLUtil.element_text(sg_xml, "vpn-proto"),
|
184
189
|
:vpn_network => XMLUtil.element_text(sg_xml, "vpn-network"),
|
185
190
|
:vpn_subnet => XMLUtil.element_text(sg_xml, "vpn-subnet")
|
186
191
|
)
|
@@ -32,7 +32,7 @@ module Util
|
|
32
32
|
raise_if_nil_or_empty(configs, "cloud_servers_vpc_password")
|
33
33
|
@@configs=configs
|
34
34
|
else
|
35
|
-
raise "Failed to load
|
35
|
+
raise "Failed to load chef VPC toolkit config file. Please configure /etc/chef_vpc_toolkit.conf or create a .chef_vpc_toolkit.conf config file in your HOME directory."
|
36
36
|
end
|
37
37
|
|
38
38
|
@@configs
|
@@ -0,0 +1,43 @@
|
|
1
|
+
|
2
|
+
module ChefVPCToolkit
|
3
|
+
class VpnConnection
|
4
|
+
|
5
|
+
CERT_DIR=File.join(ENV['HOME'], '.pki', 'openvpn')
|
6
|
+
|
7
|
+
def initialize(group, client = nil)
|
8
|
+
@group = group
|
9
|
+
@client = client
|
10
|
+
end
|
11
|
+
|
12
|
+
def create_certs
|
13
|
+
@ca_cert=get_cfile('ca.crt')
|
14
|
+
@client_cert=get_cfile('client.crt')
|
15
|
+
@client_key=get_cfile('client.key')
|
16
|
+
|
17
|
+
vpn_interface = @client.vpn_network_interfaces[0]
|
18
|
+
|
19
|
+
FileUtils.mkdir_p(get_cfile)
|
20
|
+
File::chmod(0700, File.join(ENV['HOME'], '.pki'))
|
21
|
+
File::chmod(0700, CERT_DIR)
|
22
|
+
|
23
|
+
File.open(@ca_cert, 'w') { |f| f.write(vpn_interface.ca_cert) }
|
24
|
+
File.open(@client_cert, 'w') { |f| f.write(vpn_interface.client_cert) }
|
25
|
+
File.open(@client_key, 'w') do |f|
|
26
|
+
f.write(vpn_interface.client_key)
|
27
|
+
f.chmod(0600)
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
def delete_certs
|
32
|
+
FileUtils.rm_rf(get_cfile)
|
33
|
+
end
|
34
|
+
|
35
|
+
def get_cfile(file = nil)
|
36
|
+
if file
|
37
|
+
File.join(CERT_DIR, @group.id.to_s, file)
|
38
|
+
else
|
39
|
+
File.join(CERT_DIR, @group.id.to_s)
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
@@ -9,32 +9,36 @@ require 'tempfile'
|
|
9
9
|
|
10
10
|
module ChefVPCToolkit
|
11
11
|
|
12
|
-
|
12
|
+
class VpnNetworkManager < VpnConnection
|
13
13
|
|
14
|
-
|
14
|
+
def initialize(group, client = nil)
|
15
|
+
super(group, client)
|
16
|
+
end
|
15
17
|
|
16
|
-
def
|
18
|
+
def connect
|
19
|
+
create_certs
|
20
|
+
configure_gconf
|
21
|
+
puts %x{#{sudo_display} nmcli con up id "VPC Group: #{@group.id}"}
|
22
|
+
end
|
17
23
|
|
18
|
-
|
19
|
-
|
20
|
-
|
24
|
+
def disconnect
|
25
|
+
puts %x{#{sudo_display} nmcli con down id "VPC Group: #{@group.id}"}
|
26
|
+
end
|
21
27
|
|
22
|
-
|
28
|
+
def connected?
|
29
|
+
return system("#{sudo_display} nmcli con status | grep -c 'VPC Group: #{@group.id}' &> /dev/null")
|
30
|
+
end
|
23
31
|
|
24
|
-
|
25
|
-
|
26
|
-
|
32
|
+
def clean
|
33
|
+
unset_gconf_config
|
34
|
+
delete_certs
|
35
|
+
end
|
27
36
|
|
28
|
-
|
29
|
-
File.open(client_cert, 'w') { |f| f.write(vpn_interface.client_cert) }
|
30
|
-
File.open(client_key, 'w') do |f|
|
31
|
-
f.write(vpn_interface.client_key)
|
32
|
-
f.chmod(0600)
|
33
|
-
end
|
37
|
+
def configure_gconf
|
34
38
|
|
35
39
|
xml = Builder::XmlMarkup.new
|
36
40
|
xml.gconfentryfile do |file|
|
37
|
-
file.entrylist({ "base" => "/system/networking/connections/vpc_#{group.id}"}) do |entrylist|
|
41
|
+
file.entrylist({ "base" => "/system/networking/connections/vpc_#{@group.id}"}) do |entrylist|
|
38
42
|
|
39
43
|
entrylist.entry do |entry|
|
40
44
|
entry.key("connection/autoconnect")
|
@@ -45,7 +49,7 @@ module VpnNetworkManager
|
|
45
49
|
entrylist.entry do |entry|
|
46
50
|
entry.key("connection/id")
|
47
51
|
entry.value do |value|
|
48
|
-
value.string("VPC Group: #{group.id}")
|
52
|
+
value.string("VPC Group: #{@group.id}")
|
49
53
|
end
|
50
54
|
end
|
51
55
|
entrylist.entry do |entry|
|
@@ -83,7 +87,7 @@ module VpnNetworkManager
|
|
83
87
|
entry.key("ipv4/dns")
|
84
88
|
entry.value do |value|
|
85
89
|
value.list("type" => "int") do |list|
|
86
|
-
ip=IPAddr.new(group.vpn_network.chomp("0")+"1")
|
90
|
+
ip=IPAddr.new(@group.vpn_network.chomp("0")+"1")
|
87
91
|
list.value do |lv|
|
88
92
|
lv.int(ip_to_integer(ip.to_s))
|
89
93
|
end
|
@@ -95,7 +99,7 @@ module VpnNetworkManager
|
|
95
99
|
entry.value do |value|
|
96
100
|
value.list("type" => "string") do |list|
|
97
101
|
list.value do |lv|
|
98
|
-
lv.string(group.domain_name)
|
102
|
+
lv.string(@group.domain_name)
|
99
103
|
end
|
100
104
|
end
|
101
105
|
end
|
@@ -134,13 +138,13 @@ module VpnNetworkManager
|
|
134
138
|
entrylist.entry do |entry|
|
135
139
|
entry.key("vpn/ca")
|
136
140
|
entry.value do |value|
|
137
|
-
value.string(ca_cert)
|
141
|
+
value.string(@ca_cert)
|
138
142
|
end
|
139
143
|
end
|
140
144
|
entrylist.entry do |entry|
|
141
145
|
entry.key("vpn/cert")
|
142
146
|
entry.value do |value|
|
143
|
-
value.string(client_cert)
|
147
|
+
value.string(@client_cert)
|
144
148
|
end
|
145
149
|
end
|
146
150
|
entrylist.entry do |entry|
|
@@ -158,16 +162,25 @@ module VpnNetworkManager
|
|
158
162
|
entrylist.entry do |entry|
|
159
163
|
entry.key("vpn/key")
|
160
164
|
entry.value do |value|
|
161
|
-
value.string(client_key)
|
165
|
+
value.string(@client_key)
|
162
166
|
end
|
163
167
|
end
|
164
|
-
|
165
|
-
entry
|
166
|
-
|
167
|
-
value
|
168
|
+
if @group.vpn_proto == "tcp"
|
169
|
+
entrylist.entry do |entry|
|
170
|
+
entry.key("vpn/proto-tcp")
|
171
|
+
entry.value do |value|
|
172
|
+
value.string("yes")
|
173
|
+
end
|
174
|
+
end
|
175
|
+
else
|
176
|
+
entrylist.entry do |entry|
|
177
|
+
entry.key("vpn/proto-udp")
|
178
|
+
entry.value do |value|
|
179
|
+
value.string("yes")
|
180
|
+
end
|
168
181
|
end
|
169
182
|
end
|
170
|
-
if group.vpn_device == "tap"
|
183
|
+
if @group.vpn_device == "tap"
|
171
184
|
entrylist.entry do |entry|
|
172
185
|
entry.key("vpn/tap-dev")
|
173
186
|
entry.value do |value|
|
@@ -178,7 +191,7 @@ module VpnNetworkManager
|
|
178
191
|
entrylist.entry do |entry|
|
179
192
|
entry.key("vpn/remote")
|
180
193
|
entry.value do |value|
|
181
|
-
value.string(group.vpn_gateway_ip)
|
194
|
+
value.string(@group.vpn_gateway_ip)
|
182
195
|
end
|
183
196
|
end
|
184
197
|
entrylist.entry do |entry|
|
@@ -201,39 +214,22 @@ module VpnNetworkManager
|
|
201
214
|
|
202
215
|
end
|
203
216
|
|
204
|
-
def
|
205
|
-
puts %x{gconftool-2 --recursive-unset /system/networking/connections/vpc_#{
|
217
|
+
def unset_gconf_config
|
218
|
+
puts %x{gconftool-2 --recursive-unset /system/networking/connections/vpc_#{@group.id}}
|
206
219
|
end
|
207
220
|
|
208
|
-
def
|
209
|
-
FileUtils.rm_rf(File.join(CERT_DIR, server_group_id.to_s))
|
210
|
-
end
|
211
|
-
|
212
|
-
def self.connect(server_group_id)
|
213
|
-
puts %x{#{sudo_display} nmcli con up id "VPC Group: #{server_group_id}"}
|
214
|
-
end
|
215
|
-
|
216
|
-
def self.disconnect(server_group_id)
|
217
|
-
puts %x{#{sudo_display} nmcli con down id "VPC Group: #{server_group_id}"}
|
218
|
-
end
|
219
|
-
|
220
|
-
def self.connected?(server_group_id)
|
221
|
-
return system("#{sudo_display} nmcli con status | grep -c 'VPC Group: #{server_group_id}' &> /dev/null")
|
222
|
-
end
|
223
|
-
|
224
|
-
def self.ip_to_integer(ip_string)
|
221
|
+
def ip_to_integer(ip_string)
|
225
222
|
return 0 if ip_string.nil?
|
226
223
|
ip_arr=ip_string.split(".").collect{ |s| s.to_i }
|
227
224
|
return ip_arr[0] + ip_arr[1]*2**8 + ip_arr[2]*2**16 + ip_arr[3]*2**24
|
228
225
|
end
|
229
226
|
|
230
|
-
def
|
227
|
+
def sudo_display
|
231
228
|
if ENV['DISPLAY'].nil? or ENV['DISPLAY'] != ":0.0" then
|
232
229
|
"sudo"
|
233
230
|
else
|
234
231
|
""
|
235
232
|
end
|
236
233
|
end
|
237
|
-
|
238
234
|
end
|
239
235
|
end
|
@@ -0,0 +1,111 @@
|
|
1
|
+
|
2
|
+
module ChefVPCToolkit
|
3
|
+
class VpnOpenVpn < VpnConnection
|
4
|
+
|
5
|
+
def initialize(group, client = nil)
|
6
|
+
super(group, client)
|
7
|
+
end
|
8
|
+
|
9
|
+
def connect
|
10
|
+
create_certs
|
11
|
+
|
12
|
+
@up_script=get_cfile('up.bash')
|
13
|
+
File.open(@up_script, 'w') do |f|
|
14
|
+
f << <<EOF_UP
|
15
|
+
#!/bin/bash
|
16
|
+
|
17
|
+
# setup routes
|
18
|
+
/sbin/route add #{@group.vpn_network.chomp("0")+"1"} dev \$dev
|
19
|
+
/sbin/route add -net #{@group.vpn_network} netmask 255.255.128.0 gw #{@group.vpn_network.chomp("0")+"1"}
|
20
|
+
|
21
|
+
mv /etc/resolv.conf /etc/resolv.conf.bak
|
22
|
+
egrep ^search /etc/resolv.conf.bak | sed -e 's/search /search #{@group.domain_name} /' > /etc/resolv.conf
|
23
|
+
echo 'nameserver #{@group.vpn_network.chomp("0")+"1"}' >> /etc/resolv.conf
|
24
|
+
grep ^nameserver /etc/resolv.conf.bak >> /etc/resolv.conf
|
25
|
+
EOF_UP
|
26
|
+
f.chmod(0700)
|
27
|
+
end
|
28
|
+
@down_script=get_cfile('down.bash')
|
29
|
+
File.open(@down_script, 'w') do |f|
|
30
|
+
f << <<EOF_DOWN
|
31
|
+
#!/bin/bash
|
32
|
+
mv /etc/resolv.conf.bak /etc/resolv.conf
|
33
|
+
EOF_DOWN
|
34
|
+
f.chmod(0700)
|
35
|
+
end
|
36
|
+
|
37
|
+
@config_file=get_cfile('config')
|
38
|
+
File.open(@config_file, 'w') do |f|
|
39
|
+
f << <<EOF_CONFIG
|
40
|
+
client
|
41
|
+
dev #{@group.vpn_device}
|
42
|
+
proto #{@group.vpn_proto}
|
43
|
+
|
44
|
+
#Change my.publicdomain.com to your public domain or IP address
|
45
|
+
remote #{@group.vpn_gateway_ip} 1194
|
46
|
+
|
47
|
+
resolv-retry infinite
|
48
|
+
nobind
|
49
|
+
persist-key
|
50
|
+
persist-tun
|
51
|
+
|
52
|
+
script-security 2
|
53
|
+
|
54
|
+
ca #{@ca_cert}
|
55
|
+
cert #{@client_cert}
|
56
|
+
key #{@client_key}
|
57
|
+
|
58
|
+
ns-cert-type server
|
59
|
+
|
60
|
+
route-nopull
|
61
|
+
|
62
|
+
comp-lzo
|
63
|
+
|
64
|
+
verb 3
|
65
|
+
up #{@up_script}
|
66
|
+
down #{@down_script}
|
67
|
+
EOF_CONFIG
|
68
|
+
f.chmod(0600)
|
69
|
+
end
|
70
|
+
|
71
|
+
disconnect if File.exist?(get_cfile('openvpn.pid'))
|
72
|
+
out=%x{sudo openvpn --config #{@config_file} --writepid #{get_cfile('openvpn.pid')} --daemon}
|
73
|
+
retval=$?
|
74
|
+
if retval.success? then
|
75
|
+
poll_vpn_interface
|
76
|
+
puts "OK."
|
77
|
+
else
|
78
|
+
raise "Failed to create VPN connection: #{out}"
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
def disconnect
|
83
|
+
raise "Not running? No pid file found!" unless File.exist?(get_cfile('openvpn.pid'))
|
84
|
+
pid = File.read(get_cfile('openvpn.pid')).chomp
|
85
|
+
system("sudo kill -TERM #{pid}")
|
86
|
+
File.delete(get_cfile('openvpn.pid'))
|
87
|
+
end
|
88
|
+
|
89
|
+
def connected?
|
90
|
+
system("/sbin/route -n | grep #{@group.vpn_network.chomp("0")+"1"} &> /dev/null")
|
91
|
+
end
|
92
|
+
|
93
|
+
def clean
|
94
|
+
delete_certs
|
95
|
+
end
|
96
|
+
|
97
|
+
private
|
98
|
+
def poll_vpn_interface
|
99
|
+
interface_name=@group.vpn_device+"0"
|
100
|
+
1.upto(30) do |i|
|
101
|
+
break if system("ifconfig #{interface_name} &> /dev/null")
|
102
|
+
if i == 30 then
|
103
|
+
disconnect
|
104
|
+
raise "Failed to connect to VPN."
|
105
|
+
end
|
106
|
+
sleep 0.5
|
107
|
+
end
|
108
|
+
end
|
109
|
+
|
110
|
+
end
|
111
|
+
end
|
data/rake/chef_vpc_toolkit.rake
CHANGED
@@ -183,7 +183,6 @@ namespace :chef do
|
|
183
183
|
ChefInstaller.create_databags(configs)
|
184
184
|
ChefInstaller.install_chef_clients(configs, client_validation_key, group.os_types)
|
185
185
|
else
|
186
|
-
raise "Server with name '#{server_name}' does not exist." if group.server(server_name).nil?
|
187
186
|
client_validation_key=ChefInstaller.client_validation_key(configs)
|
188
187
|
ChefInstaller.install_chef_client(configs, server_name, client_validation_key, group.os_types[server_name])
|
189
188
|
end
|
@@ -298,8 +297,8 @@ namespace :vpn do
|
|
298
297
|
Rake::Task['vpn:poll_client'].invoke
|
299
298
|
end
|
300
299
|
client=Client.fetch(:id => group.id, :source => "cache")
|
301
|
-
|
302
|
-
|
300
|
+
vpn = ChefVPCToolkit::get_vpn_connection(group, client)
|
301
|
+
vpn.connect
|
303
302
|
|
304
303
|
end
|
305
304
|
|
@@ -307,7 +306,8 @@ namespace :vpn do
|
|
307
306
|
task :disconnect do
|
308
307
|
|
309
308
|
group=ServerGroup.fetch(:source => "cache")
|
310
|
-
|
309
|
+
vpn = ChefVPCToolkit::get_vpn_connection(group)
|
310
|
+
vpn.disconnect
|
311
311
|
|
312
312
|
vpn_server_ip=group.vpn_network.chomp("0")+"1"
|
313
313
|
SshUtil.remove_known_hosts_ip(vpn_server_ip)
|
@@ -315,12 +315,12 @@ namespace :vpn do
|
|
315
315
|
|
316
316
|
end
|
317
317
|
|
318
|
-
desc "Delete VPN config information."
|
318
|
+
#desc "Delete VPN config information."
|
319
319
|
task :delete do
|
320
320
|
|
321
321
|
group=ServerGroup.fetch(:source => "cache")
|
322
|
-
|
323
|
-
|
322
|
+
vpn = ChefVPCToolkit::get_vpn_connection(group)
|
323
|
+
vpn.clean
|
324
324
|
|
325
325
|
vpn_server_ip=group.vpn_network.chomp("0")+"1"
|
326
326
|
SshUtil.remove_known_hosts_ip(vpn_server_ip)
|
@@ -333,7 +333,7 @@ namespace :vpn do
|
|
333
333
|
|
334
334
|
end
|
335
335
|
|
336
|
-
desc "Create a new VPN client."
|
336
|
+
#desc "Create a new VPN client."
|
337
337
|
task :create_client do
|
338
338
|
|
339
339
|
group=ServerGroup.fetch(:source => "cache")
|
@@ -348,7 +348,7 @@ namespace :vpn do
|
|
348
348
|
|
349
349
|
end
|
350
350
|
|
351
|
-
desc "Poll until a client is online"
|
351
|
+
#desc "Poll until a client is online"
|
352
352
|
task :poll_client do
|
353
353
|
|
354
354
|
group=ServerGroup.fetch(:source => "cache")
|
@@ -415,7 +415,8 @@ task :rdesktop => 'group:init' do
|
|
415
415
|
pass=sg.server(server_name).admin_password
|
416
416
|
|
417
417
|
if use_public_ip.nil? then
|
418
|
-
|
418
|
+
vpn = ChefVPCToolkit::get_vpn_connection(sg)
|
419
|
+
if vpn.connected?
|
419
420
|
# on the VPN we connect directly to the windows machine
|
420
421
|
local_ip=%x{ssh -o \"StrictHostKeyChecking no\" root@#{sg.vpn_gateway_ip} grep #{server_name}.#{sg.domain_name} /etc/hosts | cut -f 1}.chomp
|
421
422
|
exec("rdesktop #{local_ip} -u Administrator -p #{pass}")
|
@@ -10,27 +10,27 @@ class VpnNetworkManagerTest < Test::Unit::TestCase
|
|
10
10
|
include ChefVPCToolkit::CloudServersVPC
|
11
11
|
|
12
12
|
def setup
|
13
|
+
@group=ServerGroup.from_xml(SERVER_GROUP_XML)
|
14
|
+
@client=Client.from_xml(CLIENT_XML)
|
13
15
|
tmpdir=TmpDir.new_tmp_dir
|
14
16
|
File.open(File.join(tmpdir, "gconftool-2"), 'w') do |f|
|
15
17
|
f.write("#!/bin/bash\nexit 0")
|
16
18
|
f.chmod(0755)
|
17
19
|
end
|
18
20
|
ENV['PATH']=tmpdir+":"+ENV['PATH']
|
21
|
+
@vpn_net_man = VpnNetworkManager.new(@group, @client)
|
19
22
|
end
|
20
23
|
|
21
24
|
def teardown
|
22
|
-
|
23
|
-
VpnNetworkManager.delete_certs(group.id)
|
25
|
+
@vpn_net_man.delete_certs
|
24
26
|
end
|
25
27
|
|
26
28
|
def test_configure_gconf
|
27
|
-
|
28
|
-
client=Client.from_xml(CLIENT_XML)
|
29
|
-
assert VpnNetworkManager.configure_gconf(group, client)
|
29
|
+
assert @vpn_net_man.configure_gconf
|
30
30
|
end
|
31
31
|
|
32
32
|
def test_ip_to_integer
|
33
|
-
assert_equal 16782252,
|
33
|
+
assert_equal 16782252, @vpn_net_man.ip_to_integer("172.19.0.1")
|
34
34
|
end
|
35
35
|
|
36
36
|
end
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: chef-vpc-toolkit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 23
|
5
5
|
prerelease: false
|
6
6
|
segments:
|
7
7
|
- 2
|
8
|
-
-
|
9
|
-
-
|
10
|
-
version: 2.
|
8
|
+
- 6
|
9
|
+
- 0
|
10
|
+
version: 2.6.0
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Dan Prince
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2011-
|
18
|
+
date: 2011-06-21 00:00:00 -04:00
|
19
19
|
default_executable: chef-vpc-toolkit
|
20
20
|
dependencies:
|
21
21
|
- !ruby/object:Gem::Dependency
|
@@ -132,7 +132,9 @@ files:
|
|
132
132
|
- lib/chef-vpc-toolkit/ssh_util.rb
|
133
133
|
- lib/chef-vpc-toolkit/util.rb
|
134
134
|
- lib/chef-vpc-toolkit/version.rb
|
135
|
+
- lib/chef-vpc-toolkit/vpn_connection.rb
|
135
136
|
- lib/chef-vpc-toolkit/vpn_network_manager.rb
|
137
|
+
- lib/chef-vpc-toolkit/vpn_openvpn.rb
|
136
138
|
- lib/chef-vpc-toolkit/xml_util.rb
|
137
139
|
- rake/chef_vpc_toolkit.rake
|
138
140
|
- test/client_test.rb
|
@@ -177,10 +179,10 @@ signing_key:
|
|
177
179
|
specification_version: 3
|
178
180
|
summary: Rake tasks to automate and configure server groups in the cloud with Chef.
|
179
181
|
test_files:
|
180
|
-
- test/
|
181
|
-
- test/util_test.rb
|
182
|
+
- test/client_test.rb
|
182
183
|
- test/ssh_util_test.rb
|
184
|
+
- test/server_group_test.rb
|
183
185
|
- test/test_helper.rb
|
184
|
-
- test/
|
186
|
+
- test/util_test.rb
|
185
187
|
- test/server_test.rb
|
186
|
-
- test/
|
188
|
+
- test/vpn_network_manager_test.rb
|