summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/leap_cli/config/object.rb60
1 files changed, 60 insertions, 0 deletions
diff --git a/lib/leap_cli/config/object.rb b/lib/leap_cli/config/object.rb
index 35637f1..c298882 100644
--- a/lib/leap_cli/config/object.rb
+++ b/lib/leap_cli/config/object.rb
@@ -334,6 +334,66 @@ module LeapCli
entries.join("\n")
end
+ #
+ # stunnel configuration for the client side.
+ #
+ # +node_list+ is a ObjectList of nodes running stunnel servers.
+ #
+ # +port+ is the real port of the ultimate service running on the servers
+ # that the client wants to connect to.
+ #
+ # About ths stunnel puppet names:
+ #
+ # * accept_port is the port on localhost to which local clients
+ # can connect. it is auto generated serially.
+ # * connect_port is the port on the stunnel server to connect to.
+ # it is auto generated from the +port+ argument.
+ #
+ # The network looks like this:
+ #
+ # |------ stunnel client ---------------| |--------- stunnel server -----------------------|
+ # consumer app -> localhost:accept_port -> server:connect_port -> server:port -> service app
+ #
+ # generates an entry appropriate to be passed directly to
+ # create_resources(stunnel::service, hiera('..'), defaults)
+ #
+ def stunnel_client(node_list, port, options={})
+ @next_stunnel_port ||= 4000
+ node_list.values.inject(Config::ObjectList.new) do |hsh, node|
+ if node.name != self.name || options[:include_self]
+ hsh["#{node.name}#{port}"] = Config::Object[
+ 'accept_port', @next_stunnel_port,
+ 'connect', node.domain.internal,
+ 'connect_port', stunnel_port(port)
+ ]
+ @next_stunnel_port += 1
+ end
+ hsh
+ end
+ end
+
+ #
+ # generates a stunnel server entry.
+ #
+ # +port+ is the real port targeted service.
+ #
+ def stunnel_server(port)
+ {"accept" => stunnel_port(port), "connect" => "127.0.0.1:#{port}"}
+ end
+
+ #
+ # maps a real port to a stunnel port (used as the connect_port in the client config
+ # and the accept_port in the server config)
+ #
+ def stunnel_port(port)
+ port = port.to_i
+ if port < 50000
+ return port + 10000
+ else
+ return port - 10000
+ end
+ end
+
protected
#