dascitizen 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,20 @@
1
+ Copyright (c) 2012 Sergio Rubio <rubiojr@frameos.org>
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@@ -0,0 +1,4 @@
1
+ dascitizen
2
+ ==========
3
+
4
+ The Great Network of the World
@@ -0,0 +1,30 @@
1
+ require 'rubygems'
2
+ require 'rake'
3
+ require './lib/dascitizen.rb'
4
+
5
+ require 'jeweler'
6
+ Jeweler::Tasks.new do |gem|
7
+ # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
8
+ gem.version = DasCitizen::VERSION
9
+ gem.name = "dascitizen"
10
+ gem.homepage = "http://github.com/rubiojr/dascitizen"
11
+ gem.license = "MIT"
12
+ gem.summary = %Q{The Great VPN}
13
+ gem.description = %Q{The Great VPN}
14
+ gem.email = "rubiojr@frameos.org"
15
+ gem.authors = ["Sergio Rubio"]
16
+ # Include your dependencies below. Runtime dependencies are required when using your gem,
17
+ # and development dependencies are only needed for development (ie running rake tasks, tests, etc)
18
+ #gem.add_runtime_dependency 'alchemist'
19
+ gem.add_development_dependency 'rspec', '> 1.2.3'
20
+ end
21
+ Jeweler::RubygemsDotOrgTasks.new
22
+
23
+ require 'rake/testtask'
24
+ Rake::TestTask.new(:test) do |test|
25
+ test.libs << 'lib' << 'test'
26
+ test.pattern = 'test/**/test_*.rb'
27
+ test.verbose = true
28
+ end
29
+
30
+ task :default => :build
@@ -0,0 +1,6 @@
1
+ # -*- mode: ruby -*-
2
+ # vi: set ft=ruby :
3
+
4
+ Vagrant::Config.run do |config|
5
+ config.vm.box = "precise64"
6
+ end
@@ -0,0 +1,9 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ puts
4
+ puts 'Hello, Citizen of the World:'
5
+ puts
6
+ puts "The Great Private Network isn't ready yet."
7
+ puts "But it's coming soon."
8
+ puts
9
+ puts "My apologies, Citizen of the World."
Binary file
@@ -0,0 +1,24 @@
1
+ #
2
+ # Tinc client
3
+ #
4
+ class { 'dascitizen':
5
+ node_name => 'test',
6
+ }
7
+
8
+ dascitizen::network { 'dascitizen':
9
+ # client ip inside the mesh
10
+ node_ip => '10.0.0.1',
11
+ # mesh netmask
12
+ netmask => '255.255.0.0',
13
+ # enable the tinc service at boot time
14
+ start_at_boottime => true,
15
+ # master host
16
+ # the master will serve node public keys
17
+ masters => ['master1'],
18
+ # tinc daemon port for this network
19
+ port => 655,
20
+ master_ws_username => 'user',
21
+ master_ws_password => 'secret',
22
+ master_ws_ips => ['127.0.0.1'],
23
+ }
24
+
@@ -0,0 +1,39 @@
1
+ #
2
+ # master/client config
3
+ #
4
+ # The node will be both server and client
5
+ #
6
+ # Every master is always a client, so you always
7
+ # need to declar a tinc::network when setting up
8
+ # a master node
9
+ #
10
+
11
+ class { 'dascitizen':
12
+ node_name => 'test',
13
+ }
14
+
15
+ dascitizen::network { 'dascitizen':
16
+ # client ip inside the mesh
17
+ node_ip => '10.0.0.1',
18
+ # mesh netmask
19
+ netmask => '255.255.0.0',
20
+ # enable the tinc service at boot time
21
+ start_at_boottime => true,
22
+ # master host
23
+ # the master will serve node public keys
24
+ masters => ['master1'],
25
+ # tinc daemon port for this network
26
+ port => 655,
27
+ master_ws_username => 'user',
28
+ master_ws_password => 'secret',
29
+ master_ws_ips => ['127.0.0.1'],
30
+ }
31
+
32
+ # Install the master web service
33
+ dascitizen::master { 'dascitizen':
34
+ public_ip => '1.2.3.4',
35
+ port => 655,
36
+ ws_username => 'user',
37
+ ws_password => 'secret',
38
+ }
39
+
@@ -0,0 +1,3 @@
1
+ module DasCitizen
2
+ VERSION = '0.0.1'
3
+ end
@@ -0,0 +1,11 @@
1
+ name 'puppet-tinc'
2
+ version '0.0.1'
3
+ source 'UNKNOWN'
4
+ author 'puppet'
5
+ license 'Apache License, Version 2.0'
6
+ summary 'UNKNOWN'
7
+ description 'UNKNOWN'
8
+ project_page 'UNKNOWN'
9
+
10
+ ## Add dependencies, if any:
11
+ # dependency 'username/name', '>= 1.2.0'
@@ -0,0 +1,16 @@
1
+ tinc
2
+
3
+ This is the tinc module.
4
+
5
+ License
6
+ -------
7
+
8
+
9
+ Contact
10
+ -------
11
+
12
+
13
+ Support
14
+ -------
15
+
16
+ Please log tickets and issues at our [Projects site](http://projects.example.com)
@@ -0,0 +1,66 @@
1
+ #!/usr/bin/env ruby
2
+ #
3
+ # Based on:
4
+ # http://stackoverflow.com/questions/3696558
5
+ #
6
+ require 'sinatra'
7
+ require 'json'
8
+ require 'webrick'
9
+ require 'webrick/https'
10
+ require 'openssl'
11
+ require 'yaml'
12
+
13
+ # Cheap cert:
14
+ # apt-get install ssl-cert
15
+ # sudo cp /etc/ssl/private/ssl-cert-snakeoil.key /etc/dascitizen/server.key
16
+ # sudo cp /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/dascitizen/server.crt
17
+
18
+ class TincMasterWS < Sinatra::Base
19
+
20
+ conf = YAML.load_file '/etc/dascitizen/settings.yaml'
21
+ set :username, conf['username']
22
+ set :password, conf['password']
23
+
24
+ use Rack::Auth::Basic do |u, p|
25
+ u == settings.username && p == settings.password
26
+ end
27
+
28
+ get '/nodes/keys' do
29
+ hosts = []
30
+ Dir['/etc/dascitizen/hosts/*'].each do |f|
31
+ begin
32
+ host = {}
33
+ host[:name] = File.basename(f)
34
+ host[:body] = File.read(f)
35
+ hosts << host
36
+ rescue
37
+ $stderr.puts "Error reading file #{f}"
38
+ end
39
+ end
40
+ hosts.to_json
41
+ end
42
+
43
+ end
44
+
45
+ CERT_PATH = '/etc/dascitizen'
46
+ cert = File.read(File.join(CERT_PATH, "server.crt"))
47
+ key = File.read(File.join(CERT_PATH, "server.key"))
48
+
49
+ webrick_options = {
50
+ :Port => 9669,
51
+ :Logger => WEBrick::Log::new($stderr, WEBrick::Log::DEBUG),
52
+ :DocumentRoot => "/dev/null",
53
+ :SSLEnable => true,
54
+ :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
55
+ :SSLCertificate => OpenSSL::X509::Certificate.new(cert),
56
+ :SSLPrivateKey => OpenSSL::PKey::RSA.new(key),
57
+ :SSLCertName => [ [ "CN",WEBrick::Utils::getservername ] ],
58
+ :app => TincMasterWS
59
+ }
60
+
61
+ trap(:INT) do
62
+ Rack::Handler::WEBrick.shutdown
63
+ end
64
+
65
+ set :run, false
66
+ Rack::Handler::WEBrick.run TincMasterWS, webrick_options
@@ -0,0 +1,25 @@
1
+ #!/usr/bin/env ruby
2
+ require 'rest-client'
3
+ require 'json'
4
+ require 'yaml'
5
+
6
+ network = ARGV[0]
7
+ unless network
8
+ $stderr.puts "Usage: fetch-tinc-nodes <network>"
9
+ exit 1
10
+ end
11
+
12
+ conf = YAML.load_file('/etc/dascitizen/client-settings.yaml')[network]
13
+ user = conf['username']
14
+ password = conf['password']
15
+ masters = conf['master_nodes'].split(',')
16
+ masters.each do |m|
17
+ puts "Fetching nodes from #{m}..."
18
+ hosts = JSON.parse RestClient.get "https://#{user}:#{password}@#{m}:9669/nodes/keys"
19
+ hosts.each do |h|
20
+ File.open "/etc/tinc/#{network}/hosts/#{h['name']}", 'w' do |f|
21
+ puts "Writting node host file for #{h['name']}"
22
+ f.puts h['body']
23
+ end
24
+ end
25
+ end
@@ -0,0 +1,53 @@
1
+ # == Class: dascitize
2
+ #
3
+ # Full description of class tinc here.
4
+ #
5
+ # === Parameters
6
+ #
7
+ # Document parameters here.
8
+ #
9
+ # [*sample_parameter*]
10
+ # Explanation of what this parameter affects and what it defaults to.
11
+ # e.g. "Specify one or more upstream ntp servers as an array."
12
+ #
13
+ # === Variables
14
+ #
15
+ # Here you should define a list of variables that this module would require.
16
+ #
17
+ # [*sample_variable*]
18
+ # Explanation of how this variable affects the funtion of this class and if it
19
+ # has a default. e.g. "The parameter enc_ntp_servers must be set by the
20
+ # External Node Classifier as a comma separated list of hostnames." (Note,
21
+ # global variables should not be used in preference to class parameters as of
22
+ # Puppet 2.6.)
23
+ #
24
+ # === Examples
25
+ #
26
+ # class { tinc:
27
+ # servers => [ 'pool.ntp.org', 'ntp.local.company.com' ]
28
+ # }
29
+ #
30
+ # === Authors
31
+ #
32
+ # Author Name <rubiojr@frameos.org>
33
+ #
34
+ # === Copyright
35
+ #
36
+ # Copyright 2011 Your name here, unless otherwise noted.
37
+ #
38
+ class dascitizen( $node_name ){
39
+
40
+ package { 'tinc': ensure => present }
41
+
42
+ service { 'tinc':
43
+ enable => true,
44
+ ensure => running,
45
+ require => Package['tinc'],
46
+ hasstatus => false,
47
+ }
48
+
49
+ file { '/etc/dascitizen':
50
+ ensure => directory,
51
+ }
52
+
53
+ }
@@ -0,0 +1,75 @@
1
+ define dascitizen::master(
2
+ $public_ip,
3
+ $port = 655,
4
+ $enable_webservice = true,
5
+ $ws_username = 'user',
6
+ $ws_password = 'secret',
7
+ ){
8
+
9
+ Dascitizen::Network[$name] -> Dascitizen::Master[$name]
10
+ Exec { path => [ "/bin/", "/sbin/" , "/usr/bin/", "/usr/sbin/" ] }
11
+ Package { ensure => present }
12
+
13
+ $node_host_file = "/etc/tinc/${name}/hosts/${dascitizen::node_name}"
14
+
15
+ package { 'ruby-sinatra': }
16
+ package { 'ruby-json': }
17
+ package { 'ssl-cert': }
18
+
19
+ file { '/etc/dascitizen/server.key':
20
+ source => '/etc/ssl/private/ssl-cert-snakeoil.key',
21
+ require => Package['ssl-cert'],
22
+ }
23
+
24
+ file { '/etc/dascitizen/server.crt':
25
+ source => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
26
+ require => Package['ssl-cert'],
27
+ }
28
+
29
+ file { '/usr/local/bin/dascitizen-ws':
30
+ ensure => present,
31
+ source => 'puppet:///modules/dascitizen/dascitizen-ws.rb',
32
+ mode => 0755,
33
+ notify => Service['dascitizen-ws'],
34
+ }
35
+
36
+ file { '/etc/init/dascitizen-ws.conf':
37
+ ensure => present,
38
+ content => template('dascitizen/dascitizen-ws.upstart.erb'),
39
+ mode => 0655,
40
+ }
41
+
42
+ file { '/etc/dascitizen/hosts':
43
+ ensure => directory,
44
+ }
45
+
46
+ file { "/etc/dascitizen/hosts/${dascitizen::node_name}":
47
+ ensure => present,
48
+ source => $node_host_file
49
+ }
50
+
51
+ file { "/etc/dascitizen/settings.yaml":
52
+ ensure => present,
53
+ replace => no,
54
+ content => template('dascitizen/dascitizen-ws.settings.yaml.erb'),
55
+ notify => Service['dascitizen-ws'],
56
+ }
57
+
58
+ service { 'dascitizen-ws':
59
+ require => [
60
+ File['/usr/local/bin/dascitizen-ws'],
61
+ File['/etc/init/dascitizen-ws.conf'],
62
+ File['/etc/dascitizen/settings.yaml'],
63
+ Package['ruby-sinatra', 'ruby-json'],
64
+ ],
65
+ ensure => running,
66
+ enable => true,
67
+ provider => upstart,
68
+ }
69
+
70
+ exec { 'add_tinc_master_address':
71
+ command => "echo '\nAddress = ${public_ip} ${port}' >> ${node_host_file}",
72
+ unless => "grep -i address ${node_host_file}",
73
+ }
74
+
75
+ }
@@ -0,0 +1,83 @@
1
+ define dascitizen::network(
2
+ $node_ip,
3
+ $netmask,
4
+ $node_subnet = '32',
5
+ $port = 655,
6
+ $start_at_boottime = false,
7
+ $masters = [], # list of master node ips/hosts
8
+ $compression = 10,
9
+ $master_ws_username = 'user',
10
+ $master_ws_password = 'secret',
11
+ $master_ws_ips = [],
12
+ ) {
13
+
14
+ Exec { path => [ "/bin/", "/sbin/" , "/usr/bin/", "/usr/sbin/" ] }
15
+
16
+ file { "/etc/tinc/${name}":
17
+ ensure => directory,
18
+ }
19
+
20
+ file { "/etc/tinc/${name}/hosts":
21
+ ensure => directory,
22
+ }
23
+
24
+ file { "/etc/tinc/${name}/tinc-up":
25
+ ensure => present,
26
+ mode => 0755,
27
+ content => "#!/bin/sh\nifconfig \$INTERFACE ${node_ip} netmask ${netmask}\n"
28
+ }
29
+
30
+ file { "/etc/tinc/${name}/tinc.conf":
31
+ ensure => present,
32
+ content => template('dascitizen/tinc.conf.erb'),
33
+ notify => Service['tinc'],
34
+ }
35
+
36
+ file { "/usr/local/bin/fetch-tinc-nodes":
37
+ ensure => present,
38
+ source => "puppet:///modules/dascitizen/fetch-tinc-nodes",
39
+ mode => 0755,
40
+ }
41
+
42
+ file { "/etc/dascitizen/client-settings.yaml":
43
+ ensure => present,
44
+ content => template('dascitizen/client-settings.yaml.erb'),
45
+ require => File['/etc/dascitizen'],
46
+ }
47
+
48
+ if !Package['curl'] {
49
+ package { 'curl': ensure => present }
50
+ }
51
+
52
+ if !Package['ruby-json'] {
53
+ package { 'ruby-json': ensure => present }
54
+ }
55
+
56
+ if !Package['ruby-rest-client'] {
57
+ package { 'ruby-rest-client': ensure => present }
58
+ }
59
+
60
+ $node_host_file = "/etc/tinc/${name}/hosts/${dascitizen::node_name}"
61
+ exec { 'create_tinc_node_host_file':
62
+ command => "echo '\nSubnet = ${node_ip}/${node_subnet}' >> ${node_host_file}",
63
+ unless => "grep -i subnet ${node_host_file}",
64
+ require => File["/etc/tinc/${name}/hosts"],
65
+ }
66
+
67
+ exec { 'generate_keys':
68
+ command => "yes ''|tincd -K -n ${name}",
69
+ creates => "/etc/tinc/${name}/rsa_key.priv",
70
+ require => Exec['create_tinc_node_host_file'],
71
+ logoutput => "on_failure",
72
+ }
73
+
74
+ if $start_at_boottime {
75
+ exec { 'enable_network_on_boot':
76
+ command => "echo ${name} >> /etc/tinc/nets.boot",
77
+ unless => "grep ${name} /etc/tinc/nets.boot",
78
+ notify => Service['tinc'],
79
+ logoutput => "on_failure",
80
+ }
81
+ }
82
+
83
+ }
@@ -0,0 +1,17 @@
1
+ dir = File.expand_path(File.dirname(__FILE__))
2
+ $LOAD_PATH.unshift File.join(dir, 'lib')
3
+
4
+ require 'mocha'
5
+ require 'puppet'
6
+ require 'rspec'
7
+ require 'spec/autorun'
8
+
9
+ Spec::Runner.configure do |config|
10
+ config.mock_with :mocha
11
+ end
12
+
13
+ # We need this because the RAL uses 'should' as a method. This
14
+ # allows us the same behaviour but with a different method name.
15
+ class Object
16
+ alias :must :should
17
+ end
@@ -0,0 +1,6 @@
1
+ ---
2
+ # Network name
3
+ dascitizen:
4
+ master_nodes: <%= master_ws_ips.join(',') %>
5
+ username: <%= master_ws_username %>
6
+ password: <%= master_ws_password %>
@@ -0,0 +1,3 @@
1
+ ---
2
+ username: <%= ws_username %>
3
+ password: <%= ws_password %>
@@ -0,0 +1,10 @@
1
+ # An example upstart script for ustate
2
+ description "DasCitizen Master Web Service"
3
+
4
+ start on started network
5
+ stop on stopped network
6
+ stop on starting shutdown
7
+
8
+ respawn
9
+
10
+ exec ruby /usr/local/bin/dascitizen-ws 6996
@@ -0,0 +1,6 @@
1
+ Name = <%= scope.lookupvar('dascitizen::node_name') %>
2
+ Compression = <%= compression || 10 %>
3
+ <% masters.each do |m| -%>
4
+ ConnectTo = <%= m %>
5
+ <% end -%>
6
+ Port = <%= port %>
@@ -0,0 +1,11 @@
1
+ # The baseline for module testing used by Puppet Labs is that each manifest
2
+ # should have a corresponding test manifest that declares that class or defined
3
+ # type.
4
+ #
5
+ # Tests are then run by using puppet apply --noop (to check for compilation errors
6
+ # and view a log of events) or by fully applying the test in a virtual environment
7
+ # (to compare the resulting system state to the desired state).
8
+ #
9
+ # Learn more about module testing here: http://docs.puppetlabs.com/guides/tests_smoke.html
10
+ #
11
+ include tinc
data/run.sh ADDED
@@ -0,0 +1 @@
1
+ sudo puppet apply --modulepath /vagrant/modules/ examples/master.pp
metadata ADDED
@@ -0,0 +1,87 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: dascitizen
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - Sergio Rubio
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2012-11-09 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: rspec
16
+ requirement: !ruby/object:Gem::Requirement
17
+ none: false
18
+ requirements:
19
+ - - ! '>'
20
+ - !ruby/object:Gem::Version
21
+ version: 1.2.3
22
+ type: :development
23
+ prerelease: false
24
+ version_requirements: !ruby/object:Gem::Requirement
25
+ none: false
26
+ requirements:
27
+ - - ! '>'
28
+ - !ruby/object:Gem::Version
29
+ version: 1.2.3
30
+ description: The Great VPN
31
+ email: rubiojr@frameos.org
32
+ executables:
33
+ - dascitizen
34
+ extensions: []
35
+ extra_rdoc_files:
36
+ - LICENSE.txt
37
+ - README.md
38
+ files:
39
+ - LICENSE.txt
40
+ - README.md
41
+ - Rakefile
42
+ - Vagrantfile
43
+ - bin/dascitizen
44
+ - examples/.master.pp.swp
45
+ - examples/client.pp
46
+ - examples/master.pp
47
+ - lib/dascitizen.rb
48
+ - modules/dascitizen/Modulefile
49
+ - modules/dascitizen/README
50
+ - modules/dascitizen/files/dascitizen-ws.rb
51
+ - modules/dascitizen/files/fetch-tinc-nodes
52
+ - modules/dascitizen/manifests/init.pp
53
+ - modules/dascitizen/manifests/master.pp
54
+ - modules/dascitizen/manifests/network.pp
55
+ - modules/dascitizen/spec/spec_helper.rb
56
+ - modules/dascitizen/templates/client-settings.yaml.erb
57
+ - modules/dascitizen/templates/dascitizen-ws.settings.yaml.erb
58
+ - modules/dascitizen/templates/dascitizen-ws.upstart.erb
59
+ - modules/dascitizen/templates/tinc.conf.erb
60
+ - modules/dascitizen/tests/init.pp
61
+ - run.sh
62
+ homepage: http://github.com/rubiojr/dascitizen
63
+ licenses:
64
+ - MIT
65
+ post_install_message:
66
+ rdoc_options: []
67
+ require_paths:
68
+ - lib
69
+ required_ruby_version: !ruby/object:Gem::Requirement
70
+ none: false
71
+ requirements:
72
+ - - ! '>='
73
+ - !ruby/object:Gem::Version
74
+ version: '0'
75
+ required_rubygems_version: !ruby/object:Gem::Requirement
76
+ none: false
77
+ requirements:
78
+ - - ! '>='
79
+ - !ruby/object:Gem::Version
80
+ version: '0'
81
+ requirements: []
82
+ rubyforge_project:
83
+ rubygems_version: 1.8.24
84
+ signing_key:
85
+ specification_version: 3
86
+ summary: The Great VPN
87
+ test_files: []