dascitizen 0.0.1

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2012 Sergio Rubio <rubiojr@frameos.org>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,4 @@
+dascitizen
+==========
+
+The Great Network of the World

data/Rakefile

@@ -0,0 +1,30 @@
+require 'rubygems'
+require 'rake'
+require './lib/dascitizen.rb'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.version = DasCitizen::VERSION
+  gem.name = "dascitizen"
+  gem.homepage = "http://github.com/rubiojr/dascitizen"
+  gem.license = "MIT"
+  gem.summary = %Q{The Great VPN}
+  gem.description = %Q{The Great VPN}
+  gem.email = "rubiojr@frameos.org"
+  gem.authors = ["Sergio Rubio"]
+  # Include your dependencies below. Runtime dependencies are required when using your gem,
+  # and development dependencies are only needed for development (ie running rake tasks, tests, etc)
+  #gem.add_runtime_dependency 'alchemist'
+  gem.add_development_dependency 'rspec', '> 1.2.3'
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+task :default => :build

data/Vagrantfile

@@ -0,0 +1,6 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant::Config.run do |config|
+  config.vm.box = "precise64"
+end

data/bin/dascitizen

@@ -0,0 +1,9 @@
+#!/usr/bin/env ruby
+
+puts
+puts 'Hello, Citizen of the World:'
+puts
+puts "The Great Private Network isn't ready yet."
+puts "But it's coming soon."
+puts 
+puts "My apologies, Citizen of the World."

data/examples/client.pp

@@ -0,0 +1,24 @@
+#
+# Tinc client
+#
+class { 'dascitizen':
+  node_name => 'test',
+}
+
+dascitizen::network { 'dascitizen':
+  # client ip inside the mesh
+  node_ip            => '10.0.0.1',
+  # mesh netmask
+  netmask            => '255.255.0.0',
+  # enable the tinc  service at boot time
+  start_at_boottime  => true,
+  # master host
+  # the master will  serve node public keys
+  masters            => ['master1'],
+  # tinc daemon port  for this network
+  port               => 655,
+  master_ws_username => 'user',
+  master_ws_password => 'secret',
+  master_ws_ips      => ['127.0.0.1'],
+}
+

data/examples/master.pp

@@ -0,0 +1,39 @@
+#
+# master/client config
+#
+# The node will be both server and client
+#
+# Every master is always a client, so you always
+# need to declar a tinc::network when setting up
+# a master node
+#
+
+class { 'dascitizen':
+  node_name => 'test',
+}
+
+dascitizen::network { 'dascitizen':
+  # client ip inside the mesh
+  node_ip            => '10.0.0.1',
+  # mesh netmask
+  netmask            => '255.255.0.0',
+  # enable the tinc  service at boot time
+  start_at_boottime  => true,
+  # master host
+  # the master will  serve node public keys
+  masters            => ['master1'],
+  # tinc daemon port for this network
+  port               => 655,
+  master_ws_username => 'user',
+  master_ws_password => 'secret',
+  master_ws_ips      => ['127.0.0.1'],
+}
+
+# Install the master web service
+dascitizen::master { 'dascitizen':
+  public_ip   => '1.2.3.4',
+  port        => 655,
+  ws_username => 'user',
+  ws_password => 'secret',
+}
+

data/lib/dascitizen.rb

@@ -0,0 +1,3 @@
+module DasCitizen
+  VERSION = '0.0.1'
+end

data/modules/dascitizen/Modulefile

@@ -0,0 +1,11 @@
+name    'puppet-tinc'
+version '0.0.1'
+source 'UNKNOWN'
+author 'puppet'
+license 'Apache License, Version 2.0'
+summary 'UNKNOWN'
+description 'UNKNOWN'
+project_page 'UNKNOWN'
+
+## Add dependencies, if any:
+# dependency 'username/name', '>= 1.2.0'

data/modules/dascitizen/README

@@ -0,0 +1,16 @@
+tinc
+
+This is the tinc module.
+
+License
+-------
+
+
+Contact
+-------
+
+
+Support
+-------
+
+Please log tickets and issues at our [Projects site](http://projects.example.com)

data/modules/dascitizen/files/dascitizen-ws.rb

@@ -0,0 +1,66 @@
+#!/usr/bin/env ruby
+#
+# Based on:
+# http://stackoverflow.com/questions/3696558
+#
+require 'sinatra'
+require 'json'
+require 'webrick'
+require 'webrick/https'
+require 'openssl'
+require 'yaml'
+
+# Cheap cert:
+# apt-get install ssl-cert
+# sudo cp /etc/ssl/private/ssl-cert-snakeoil.key /etc/dascitizen/server.key
+# sudo cp /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/dascitizen/server.crt
+
+class TincMasterWS < Sinatra::Base
+  
+  conf = YAML.load_file '/etc/dascitizen/settings.yaml'
+  set :username, conf['username']
+  set :password, conf['password']
+
+  use Rack::Auth::Basic do |u, p|
+    u == settings.username && p == settings.password
+  end
+
+  get '/nodes/keys' do
+    hosts = []
+    Dir['/etc/dascitizen/hosts/*'].each do |f|
+      begin
+        host = {}
+        host[:name] = File.basename(f) 
+        host[:body] = File.read(f)
+        hosts << host
+      rescue
+        $stderr.puts "Error reading file #{f}"
+      end
+    end
+    hosts.to_json
+  end
+
+end
+
+CERT_PATH = '/etc/dascitizen'
+cert = File.read(File.join(CERT_PATH, "server.crt"))
+key  = File.read(File.join(CERT_PATH, "server.key"))
+
+webrick_options = {
+  :Port               => 9669,
+  :Logger             => WEBrick::Log::new($stderr, WEBrick::Log::DEBUG),
+  :DocumentRoot       => "/dev/null",
+  :SSLEnable          => true,
+  :SSLVerifyClient    => OpenSSL::SSL::VERIFY_NONE,
+  :SSLCertificate     => OpenSSL::X509::Certificate.new(cert),
+  :SSLPrivateKey      => OpenSSL::PKey::RSA.new(key),
+  :SSLCertName        => [ [ "CN",WEBrick::Utils::getservername ] ],
+  :app                => TincMasterWS
+}
+
+trap(:INT) do
+  Rack::Handler::WEBrick.shutdown
+end
+
+set :run, false
+Rack::Handler::WEBrick.run TincMasterWS, webrick_options

data/modules/dascitizen/files/fetch-tinc-nodes

@@ -0,0 +1,25 @@
+#!/usr/bin/env ruby
+require 'rest-client'
+require 'json'
+require 'yaml'
+
+network = ARGV[0]
+unless network
+  $stderr.puts "Usage: fetch-tinc-nodes <network>" 
+  exit 1
+end
+
+conf = YAML.load_file('/etc/dascitizen/client-settings.yaml')[network]
+user = conf['username']
+password = conf['password']
+masters = conf['master_nodes'].split(',')
+masters.each do |m|
+  puts "Fetching nodes from #{m}..."
+  hosts = JSON.parse RestClient.get "https://#{user}:#{password}@#{m}:9669/nodes/keys"
+  hosts.each do |h|
+    File.open "/etc/tinc/#{network}/hosts/#{h['name']}", 'w' do |f|
+      puts "Writting node host file for #{h['name']}"
+      f.puts h['body']
+    end
+  end
+end

data/modules/dascitizen/manifests/init.pp

@@ -0,0 +1,53 @@
+# == Class: dascitize
+#
+# Full description of class tinc here.
+#
+# === Parameters
+#
+# Document parameters here.
+#
+# [*sample_parameter*]
+#   Explanation of what this parameter affects and what it defaults to.
+#   e.g. "Specify one or more upstream ntp servers as an array."
+#
+# === Variables
+#
+# Here you should define a list of variables that this module would require.
+#
+# [*sample_variable*]
+#   Explanation of how this variable affects the funtion of this class and if it
+#   has a default. e.g. "The parameter enc_ntp_servers must be set by the
+#   External Node Classifier as a comma separated list of hostnames." (Note,
+#   global variables should not be used in preference to class parameters  as of
+#   Puppet 2.6.)
+#
+# === Examples
+#
+#  class { tinc:
+#    servers => [ 'pool.ntp.org', 'ntp.local.company.com' ]
+#  }
+#
+# === Authors
+#
+# Author Name <rubiojr@frameos.org>
+#
+# === Copyright
+#
+# Copyright 2011 Your name here, unless otherwise noted.
+#
+class dascitizen( $node_name ){
+
+  package { 'tinc': ensure => present }
+
+  service { 'tinc':
+    enable    => true,
+    ensure    => running,
+    require   => Package['tinc'],
+    hasstatus => false,
+  }
+
+  file { '/etc/dascitizen':
+    ensure  => directory,
+  }
+
+}

data/modules/dascitizen/manifests/master.pp

@@ -0,0 +1,75 @@
+define dascitizen::master(
+  $public_ip,
+  $port = 655,
+  $enable_webservice = true,
+  $ws_username = 'user',
+  $ws_password = 'secret',
+){
+
+  Dascitizen::Network[$name] -> Dascitizen::Master[$name]
+  Exec { path      => [ "/bin/", "/sbin/" , "/usr/bin/", "/usr/sbin/" ] }
+  Package { ensure => present }
+
+  $node_host_file = "/etc/tinc/${name}/hosts/${dascitizen::node_name}"
+
+  package { 'ruby-sinatra': }
+  package { 'ruby-json': }
+  package { 'ssl-cert': }
+
+  file { '/etc/dascitizen/server.key':
+    source  => '/etc/ssl/private/ssl-cert-snakeoil.key',
+    require => Package['ssl-cert'],
+  }
+
+  file { '/etc/dascitizen/server.crt':
+    source => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
+    require => Package['ssl-cert'],
+  }
+
+  file { '/usr/local/bin/dascitizen-ws':
+    ensure => present,
+    source => 'puppet:///modules/dascitizen/dascitizen-ws.rb',
+    mode   => 0755,
+    notify => Service['dascitizen-ws'],
+  }
+
+  file { '/etc/init/dascitizen-ws.conf':
+    ensure => present,
+    content => template('dascitizen/dascitizen-ws.upstart.erb'),
+    mode   => 0655,
+  }
+
+  file { '/etc/dascitizen/hosts':
+    ensure  => directory,
+  }
+
+  file { "/etc/dascitizen/hosts/${dascitizen::node_name}":
+    ensure => present,
+    source => $node_host_file
+  }
+
+  file { "/etc/dascitizen/settings.yaml":
+    ensure  => present,
+    replace => no,
+    content => template('dascitizen/dascitizen-ws.settings.yaml.erb'),
+    notify  => Service['dascitizen-ws'],
+  }
+
+  service { 'dascitizen-ws':
+    require => [
+      File['/usr/local/bin/dascitizen-ws'],
+      File['/etc/init/dascitizen-ws.conf'],
+      File['/etc/dascitizen/settings.yaml'],
+      Package['ruby-sinatra', 'ruby-json'],
+    ],
+    ensure   => running,
+    enable   => true,
+    provider => upstart,
+  }
+
+  exec { 'add_tinc_master_address':
+    command => "echo '\nAddress = ${public_ip} ${port}' >> ${node_host_file}",
+    unless  => "grep -i address ${node_host_file}",
+  }
+
+}

data/modules/dascitizen/manifests/network.pp

@@ -0,0 +1,83 @@
+define dascitizen::network(
+  $node_ip,
+  $netmask,
+  $node_subnet = '32',
+  $port = 655,
+  $start_at_boottime = false,
+  $masters = [], # list of master node ips/hosts
+  $compression = 10,
+  $master_ws_username = 'user',
+  $master_ws_password = 'secret',
+  $master_ws_ips = [],
+) {
+
+  Exec { path => [ "/bin/", "/sbin/" , "/usr/bin/", "/usr/sbin/" ] }
+
+  file { "/etc/tinc/${name}":
+    ensure => directory,
+  }
+
+  file { "/etc/tinc/${name}/hosts":
+    ensure => directory,
+  }
+
+  file { "/etc/tinc/${name}/tinc-up":
+    ensure   => present,
+    mode     => 0755,
+    content => "#!/bin/sh\nifconfig \$INTERFACE ${node_ip} netmask ${netmask}\n"
+  }
+
+  file { "/etc/tinc/${name}/tinc.conf":
+    ensure  => present,
+    content => template('dascitizen/tinc.conf.erb'),
+    notify  => Service['tinc'],
+  }
+
+  file { "/usr/local/bin/fetch-tinc-nodes":
+    ensure => present,
+    source => "puppet:///modules/dascitizen/fetch-tinc-nodes",
+    mode   => 0755,
+  }
+
+  file { "/etc/dascitizen/client-settings.yaml":
+    ensure  => present,
+    content => template('dascitizen/client-settings.yaml.erb'),
+    require => File['/etc/dascitizen'],
+  }
+
+  if !Package['curl'] {
+    package { 'curl': ensure => present }
+  }
+
+  if !Package['ruby-json'] {
+    package { 'ruby-json': ensure => present }
+  }
+
+  if !Package['ruby-rest-client'] {
+    package { 'ruby-rest-client': ensure => present }
+  }
+
+  $node_host_file = "/etc/tinc/${name}/hosts/${dascitizen::node_name}"
+  exec { 'create_tinc_node_host_file':
+    command => "echo '\nSubnet = ${node_ip}/${node_subnet}' >> ${node_host_file}",
+    unless  => "grep -i subnet ${node_host_file}",
+    require => File["/etc/tinc/${name}/hosts"],
+  }
+
+  exec { 'generate_keys':
+    command   => "yes ''|tincd -K -n ${name}",
+    creates   => "/etc/tinc/${name}/rsa_key.priv",
+    require   => Exec['create_tinc_node_host_file'],
+    logoutput => "on_failure",
+  }
+
+  if $start_at_boottime {
+    exec { 'enable_network_on_boot':
+      command   => "echo ${name} >> /etc/tinc/nets.boot",
+      unless    => "grep ${name} /etc/tinc/nets.boot",
+      notify    => Service['tinc'],
+      logoutput => "on_failure",
+    }
+  }
+
+}

data/modules/dascitizen/spec/spec_helper.rb

@@ -0,0 +1,17 @@
+dir = File.expand_path(File.dirname(__FILE__))
+$LOAD_PATH.unshift File.join(dir, 'lib')
+
+require 'mocha'
+require 'puppet'
+require 'rspec'
+require 'spec/autorun'
+
+Spec::Runner.configure do |config|
+    config.mock_with :mocha
+end
+
+# We need this because the RAL uses 'should' as a method.  This
+# allows us the same behaviour but with a different method name.
+class Object
+    alias :must :should
+end

data/modules/dascitizen/templates/client-settings.yaml.erb

@@ -0,0 +1,6 @@
+---
+# Network name
+dascitizen:
+  master_nodes: <%= master_ws_ips.join(',') %>
+  username: <%= master_ws_username %>
+  password: <%= master_ws_password %>

data/modules/dascitizen/templates/dascitizen-ws.settings.yaml.erb

@@ -0,0 +1,3 @@
+---
+username: <%= ws_username %>
+password: <%= ws_password %>

data/modules/dascitizen/templates/dascitizen-ws.upstart.erb

@@ -0,0 +1,10 @@
+# An example upstart script for ustate
+description "DasCitizen Master Web Service"
+
+start on started network
+stop on stopped network
+stop on starting shutdown
+
+respawn
+
+exec ruby /usr/local/bin/dascitizen-ws 6996

data/modules/dascitizen/templates/tinc.conf.erb

@@ -0,0 +1,6 @@
+Name = <%= scope.lookupvar('dascitizen::node_name') %>
+Compression = <%= compression || 10 %>
+<% masters.each do |m| -%>
+ConnectTo = <%= m %>
+<% end -%>
+Port = <%= port %>

data/modules/dascitizen/tests/init.pp

@@ -0,0 +1,11 @@
+# The baseline for module testing used by Puppet Labs is that each manifest
+# should have a corresponding test manifest that declares that class or defined
+# type.
+#
+# Tests are then run by using puppet apply --noop (to check for compilation errors
+# and view a log of events) or by fully applying the test in a virtual environment
+# (to compare the resulting system state to the desired state).
+#
+# Learn more about module testing here: http://docs.puppetlabs.com/guides/tests_smoke.html
+#
+include tinc

data/run.sh

@@ -0,0 +1 @@
+sudo puppet apply --modulepath /vagrant/modules/ examples/master.pp

metadata

@@ -0,0 +1,87 @@
+--- !ruby/object:Gem::Specification
+name: dascitizen
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Sergio Rubio
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-11-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>'
+      - !ruby/object:Gem::Version
+        version: 1.2.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>'
+      - !ruby/object:Gem::Version
+        version: 1.2.3
+description: The Great VPN
+email: rubiojr@frameos.org
+executables:
+- dascitizen
+extensions: []
+extra_rdoc_files:
+- LICENSE.txt
+- README.md
+files:
+- LICENSE.txt
+- README.md
+- Rakefile
+- Vagrantfile
+- bin/dascitizen
+- examples/.master.pp.swp
+- examples/client.pp
+- examples/master.pp
+- lib/dascitizen.rb
+- modules/dascitizen/Modulefile
+- modules/dascitizen/README
+- modules/dascitizen/files/dascitizen-ws.rb
+- modules/dascitizen/files/fetch-tinc-nodes
+- modules/dascitizen/manifests/init.pp
+- modules/dascitizen/manifests/master.pp
+- modules/dascitizen/manifests/network.pp
+- modules/dascitizen/spec/spec_helper.rb
+- modules/dascitizen/templates/client-settings.yaml.erb
+- modules/dascitizen/templates/dascitizen-ws.settings.yaml.erb
+- modules/dascitizen/templates/dascitizen-ws.upstart.erb
+- modules/dascitizen/templates/tinc.conf.erb
+- modules/dascitizen/tests/init.pp
+- run.sh
+homepage: http://github.com/rubiojr/dascitizen
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: The Great VPN
+test_files: []