kytoon 1.0.0

data/lib/kytoon/ssh_util.rb

@@ -0,0 +1,23 @@
+module Kytoon
+
+module SshUtil
+
+  def self.remove_known_hosts_ip(ip, known_hosts_file=File.join(ENV['HOME'], ".ssh", "known_hosts"))
+
+    return if ip.nil? or ip.empty?
+    return if not FileTest.exist?(known_hosts_file)
+
+    existing=IO.read(known_hosts_file)
+    File.open(known_hosts_file, 'w') do |file|
+      existing.each_line do |line|
+        if not line =~ Regexp.new("^#{ip}.*$") then
+            file.write(line)
+        end
+      end
+    end
+
+  end
+
+end
+
+end

data/lib/kytoon/util.rb

@@ -0,0 +1,118 @@
+require 'yaml'
+require 'socket'
+require 'kytoon/server_group'
+
+module Kytoon
+
+module Util
+
+  SSH_OPTS="-o StrictHostKeyChecking=no"
+
+  @@configs=nil
+
+  def self.hostname
+    Socket.gethostname
+  end
+
+  def self.load_configs
+
+    return @@configs if not @@configs.nil?
+
+    config_file=ENV['KYTOON_CONFIG_FILE']
+    if config_file.nil? then
+
+      config_file=ENV['HOME']+File::SEPARATOR+".kytoon.conf"
+      if not File.exists?(config_file) then
+        config_file="/etc/kytoon.conf"
+      end
+
+    end
+
+    if File.exists?(config_file) then
+      configs=YAML.load_file(config_file)
+      raise_if_nil_or_empty(configs, "cloud_servers_vpc_url")
+      raise_if_nil_or_empty(configs, "cloud_servers_vpc_username")
+      raise_if_nil_or_empty(configs, "cloud_servers_vpc_password")
+      @@configs=configs
+    else
+      raise "Failed to load kytoon config file. Please configure /etc/kytoon.conf or create a .kytoon.conf config file in your HOME directory."
+    end
+
+    @@configs
+
+  end
+
+  def self.load_public_key
+
+    ssh_dir=ENV['HOME']+File::SEPARATOR+".ssh"+File::SEPARATOR
+    if File.exists?(ssh_dir+"id_rsa.pub")
+      pubkey=IO.read(ssh_dir+"id_rsa.pub")
+    elsif File.exists?(ssh_dir+"id_dsa.pub")
+      pubkey=IO.read(ssh_dir+"id_dsa.pub")
+    else
+      raise "Failed to load SSH key. Please create a SSH public key pair in your HOME directory."
+    end
+
+    pubkey.chomp
+
+  end
+
+  def self.raise_if_nil_or_empty(options, key)
+    if not options or options[key].nil? or options[key].empty? then
+      raise "Please specify a valid #{key.to_s} parameter."
+    end
+  end
+
+  def self.remote_exec(script_text, gateway_ip)
+    if gateway_ip.nil?
+      sg=ServerGroup.get
+      gateway_ip=sg.gateway_ip
+    end
+
+    out=%x{
+ssh #{SSH_OPTS} root@#{gateway_ip} bash <<-"REMOTE_EXEC_EOF"
+#{script_text}
+REMOTE_EXEC_EOF
+    }
+    retval=$?
+    if block_given? then
+      yield retval.success?, out
+    else
+      return [retval.success?, out]
+    end
+  end
+
+  def self.remote_multi_exec(hosts, script_text, gateway_ip)
+
+    if gateway_ip.nil?
+      sg=ServerGroup.get
+      gateway_ip=sg.gateway_ip
+    end
+
+    results = {}
+    threads = []
+
+    hosts.each do |host|
+      t = Thread.new do
+        out=%x{
+ssh #{SSH_OPTS} root@#{gateway_ip} bash <<-"REMOTE_EXEC_EOF"
+ssh #{host} bash <<-"EOF_HOST"
+#{script_text}
+EOF_HOST
+REMOTE_EXEC_EOF
+       }
+       retval=$?
+      results.store host, [retval.success?, out]
+      end
+      threads << t
+    end
+
+    threads.each {|t| t.join}
+
+    return results
+
+  end
+
+end
+
+end

data/lib/kytoon/version.rb

@@ -0,0 +1,8 @@
+module Kytoon
+
+class Version
+  KYTOON_ROOT = File.dirname(File.expand_path("../", File.dirname(__FILE__)))
+  VERSION = IO.read(File.join(KYTOON_ROOT, 'VERSION'))
+end
+
+end

data/lib/kytoon/vpn/vpn_connection.rb

@@ -0,0 +1,46 @@
+
+module Kytoon
+module Vpn
+class VpnConnection
+
+  CERT_DIR=File.join(ENV['HOME'], '.pki', 'openvpn')
+
+  def initialize(group, client = nil)
+    @group = group
+    @client = client
+  end
+
+  def create_certs
+    @ca_cert=get_cfile('ca.crt')
+    @client_cert=get_cfile('client.crt')
+    @client_key=get_cfile('client.key')
+
+    vpn_interface = @client.vpn_network_interfaces[0]
+
+    FileUtils.mkdir_p(get_cfile)
+    File::chmod(0700, File.join(ENV['HOME'], '.pki'))
+    File::chmod(0700, CERT_DIR)
+
+    File.open(@ca_cert, 'w') { |f| f.write(vpn_interface.ca_cert) }
+    File.open(@client_cert, 'w') { |f| f.write(vpn_interface.client_cert) }
+    File.open(@client_key, 'w') do |f|
+      f.write(vpn_interface.client_key)
+      f.chmod(0600)
+    end
+      end
+
+  def delete_certs
+    FileUtils.rm_rf(get_cfile)
+  end
+
+  def get_cfile(file = nil)
+    if file
+      File.join(CERT_DIR, @group.id.to_s, file)
+    else
+      File.join(CERT_DIR, @group.id.to_s)
+    end
+  end
+
+end
+end
+end

data/lib/kytoon/vpn/vpn_network_manager.rb

@@ -0,0 +1,237 @@
+require 'json'
+require 'builder'
+require 'rexml/document'
+require 'rexml/xpath'
+require 'uuidtools'
+require 'ipaddr'
+require 'fileutils'
+require 'tempfile'
+
+module Kytoon
+module Vpn
+
+class VpnNetworkManager < VpnConnection
+
+  def initialize(group, client = nil)
+    super(group, client)
+  end
+
+  def connect
+    create_certs
+    configure_gconf
+    puts %x{#{sudo_display} nmcli con up id "VPC Group: #{@group.id}"}
+  end
+
+  def disconnect
+    puts %x{#{sudo_display} nmcli con down id "VPC Group: #{@group.id}"}
+  end
+
+  def connected?
+    return system("#{sudo_display} nmcli con status | grep -c 'VPC Group: #{@group.id}' &> /dev/null")
+  end
+
+  def clean
+    unset_gconf_config
+    delete_certs
+  end
+
+  def configure_gconf
+
+    xml = Builder::XmlMarkup.new
+    xml.gconfentryfile do |file|
+      file.entrylist({ "base" => "/system/networking/connections/vpc_#{@group.id}"}) do |entrylist|
+
+        entrylist.entry do |entry|
+          entry.key("connection/autoconnect")
+          entry.value do |value|
+            value.bool("false")
+          end
+        end
+        entrylist.entry do |entry|
+          entry.key("connection/id")
+          entry.value do |value|
+            value.string("VPC Group: #{@group.id}")
+          end
+        end
+        entrylist.entry do |entry|
+          entry.key("connection/name")
+          entry.value do |value|
+            value.string("connection")
+          end
+        end
+        entrylist.entry do |entry|
+          entry.key("connection/timestamp")
+          entry.value do |value|
+            value.string(Time.now.to_i.to_s)
+          end
+        end
+        entrylist.entry do |entry|
+          entry.key("connection/type")
+          entry.value do |value|
+            value.string("vpn")
+          end
+        end
+        entrylist.entry do |entry|
+          entry.key("connection/uuid")
+          entry.value do |value|
+            value.string(UUIDTools::UUID.random_create)
+          end
+        end
+        entrylist.entry do |entry|
+          entry.key("ipv4/addresses")
+          entry.value do |value|
+            value.list("type" => "int") do |list|
+            end
+          end
+        end
+        entrylist.entry do |entry|
+          entry.key("ipv4/dns")
+          entry.value do |value|
+            value.list("type" => "int") do |list|
+              ip=IPAddr.new(@group.vpn_network.chomp("0")+"1")
+              list.value do |lv|
+                lv.int(ip_to_integer(ip.to_s))
+              end
+            end
+          end
+        end
+        entrylist.entry do |entry|
+          entry.key("ipv4/dns-search")
+          entry.value do |value|
+            value.list("type" => "string") do |list|
+              list.value do |lv|
+                lv.string(@group.domain_name)
+              end
+            end
+          end
+        end
+        entrylist.entry do |entry|
+          entry.key("ipv4/ignore-auto-dns")
+          entry.value do |value|
+            value.bool("true")
+          end
+        end
+        entrylist.entry do |entry|
+          entry.key("ipv4/method")
+          entry.value do |value|
+            value.string("auto")
+          end
+        end
+        entrylist.entry do |entry|
+          entry.key("ipv4/name")
+          entry.value do |value|
+            value.string("ipv4")
+          end
+        end
+        entrylist.entry do |entry|
+          entry.key("ipv4/never-default")
+          entry.value do |value|
+            value.bool("true")
+          end
+        end
+        entrylist.entry do |entry|
+          entry.key("ipv4/routes")
+          entry.value do |value|
+            value.list("type" => "int") do |list|
+            end
+          end
+        end
+        entrylist.entry do |entry|
+          entry.key("vpn/ca")
+          entry.value do |value|
+            value.string(@ca_cert)
+          end
+        end
+        entrylist.entry do |entry|
+          entry.key("vpn/cert")
+          entry.value do |value|
+            value.string(@client_cert)
+          end
+        end
+        entrylist.entry do |entry|
+          entry.key("vpn/comp-lzo")
+          entry.value do |value|
+            value.string("yes")
+          end
+        end
+        entrylist.entry do |entry|
+          entry.key("vpn/connection-type")
+          entry.value do |value|
+            value.string("tls")
+          end
+        end
+        entrylist.entry do |entry|
+          entry.key("vpn/key")
+          entry.value do |value|
+            value.string(@client_key)
+          end
+        end
+        if @group.vpn_proto == "tcp"
+          entrylist.entry do |entry|
+            entry.key("vpn/proto-tcp")
+            entry.value do |value|
+              value.string("yes")
+            end
+          end
+        else
+          entrylist.entry do |entry|
+            entry.key("vpn/proto-udp")
+            entry.value do |value|
+              value.string("yes")
+            end
+          end
+        end
+        if @group.vpn_device == "tap"
+          entrylist.entry do |entry|
+            entry.key("vpn/tap-dev")
+            entry.value do |value|
+              value.string("yes")
+            end
+          end
+        end
+        entrylist.entry do |entry|
+          entry.key("vpn/remote")
+          entry.value do |value|
+            value.string(@group.gateway_ip)
+          end
+        end
+        entrylist.entry do |entry|
+          entry.key("vpn/service-type")
+          entry.value do |value|
+            value.string("org.freedesktop.NetworkManager.openvpn")
+          end
+        end
+      end
+
+    end
+
+    Tempfile.open('w') do |f|
+      f.write(xml.target!)
+      f.flush
+      puts %x{gconftool-2 --load #{f.path}}
+    end
+
+    return true
+
+  end
+
+  def unset_gconf_config
+    puts %x{gconftool-2 --recursive-unset /system/networking/connections/vpc_#{@group.id}}
+  end
+
+  def ip_to_integer(ip_string)
+    return 0 if ip_string.nil?
+    ip_arr=ip_string.split(".").collect{ |s| s.to_i }
+    return ip_arr[0] + ip_arr[1]*2**8 + ip_arr[2]*2**16 + ip_arr[3]*2**24
+  end
+
+  def sudo_display
+    if ENV['DISPLAY'].nil? or ENV['DISPLAY'] != ":0.0" then
+      "sudo"
+    else
+      ""
+    end
+  end
+end
+end
+end

data/lib/kytoon/vpn/vpn_openvpn.rb

@@ -0,0 +1,112 @@
+module Kytoon
+module Vpn
+class VpnOpenVpn < VpnConnection
+
+  def initialize(group, client = nil)
+    super(group, client)
+  end
+
+  def connect
+    create_certs
+
+    @up_script=get_cfile('up.bash')
+    File.open(@up_script, 'w') do |f|
+        f << <<EOF_UP
+#!/bin/bash
+
+# setup routes
+/sbin/route add #{@group.vpn_network.chomp("0")+"1"} dev \$dev
+/sbin/route add -net #{@group.vpn_network} netmask 255.255.128.0 gw #{@group.vpn_network.chomp("0")+"1"}
+
+mv /etc/resolv.conf /etc/resolv.conf.bak
+egrep ^search /etc/resolv.conf.bak | sed -e 's/search /search #{@group.domain_name} /' > /etc/resolv.conf
+echo 'nameserver #{@group.vpn_network.chomp("0")+"1"}' >> /etc/resolv.conf
+grep ^nameserver /etc/resolv.conf.bak >> /etc/resolv.conf
+EOF_UP
+      f.chmod(0700)
+    end
+    @down_script=get_cfile('down.bash')
+    File.open(@down_script, 'w') do |f|
+        f << <<EOF_DOWN
+#!/bin/bash
+mv /etc/resolv.conf.bak /etc/resolv.conf
+EOF_DOWN
+      f.chmod(0700)
+    end
+
+    @config_file=get_cfile('config')
+    File.open(@config_file, 'w') do |f|
+      f << <<EOF_CONFIG
+client
+dev #{@group.vpn_device}
+proto #{@group.vpn_proto}
+
+#Change my.publicdomain.com to your public domain or IP address
+remote #{@group.gateway_ip} 1194
+
+resolv-retry infinite
+nobind
+persist-key
+persist-tun
+
+script-security 2
+
+ca #{@ca_cert}
+cert #{@client_cert}
+key #{@client_key}
+
+ns-cert-type server
+
+route-nopull
+
+comp-lzo
+
+verb 3
+up #{@up_script}
+down #{@down_script}
+EOF_CONFIG
+      f.chmod(0600)
+    end
+
+    disconnect if File.exist?(get_cfile('openvpn.pid'))
+    out=%x{sudo openvpn --config #{@config_file} --writepid #{get_cfile('openvpn.pid')} --daemon}
+    retval=$?
+    if retval.success? then
+      poll_vpn_interface
+      puts "OK."
+    else
+      raise "Failed to create VPN connection: #{out}"
+    end
+  end
+
+  def disconnect
+    raise "Not running? No pid file found!" unless File.exist?(get_cfile('openvpn.pid'))
+    pid = File.read(get_cfile('openvpn.pid')).chomp
+    system("sudo kill -TERM #{pid}")
+    File.delete(get_cfile('openvpn.pid'))
+  end
+
+  def connected?
+    system("/sbin/route -n | grep #{@group.vpn_network.chomp("0")+"1"} &> /dev/null")
+  end
+
+  def clean
+    delete_certs
+  end
+
+  private
+  def poll_vpn_interface
+    interface_name=@group.vpn_device+"0"
+    1.upto(30) do |i|
+      break if system("/sbin/ifconfig #{interface_name} > /dev/null 2>&1")
+      if i == 30 then
+        disconnect
+        raise "Failed to connect to VPN."
+      end
+      sleep 0.5
+    end
+  end
+
+end
+end
+end