summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorkwadronaut <kwadronaut@leap.se>2017-05-23 16:20:26 +0200
committerkwadronaut <kwadronaut@leap.se>2017-05-23 16:20:55 +0200
commit0e09968d8ed3f245a238306de43a037d0749fd5a (patch)
tree165d49dfb17d115dbb649ffe669064f2042bb527
parent26be1f84de9efabf5fec1278401ae0c5538454d9 (diff)
parent40f7b49003594a1be8c0540a92292d7cfb63eb61 (diff)
Merge branch 'varac/platform-vagrant_private_networking'
-rw-r--r--puppet/modules/site_config/lib/facter/vagrant.rb8
-rw-r--r--puppet/modules/site_config/manifests/params.pp13
-rw-r--r--puppet/modules/site_config/manifests/setup.pp2
-rw-r--r--puppet/modules/site_config/manifests/vagrant.pp14
-rw-r--r--tests/example-provider/Vagrantfile4
-rwxr-xr-xtests/example-provider/vagrant/configure-leap.sh64
-rw-r--r--tests/example-provider/vagrant/vagrant.config2
7 files changed, 72 insertions, 35 deletions
diff --git a/puppet/modules/site_config/lib/facter/vagrant.rb b/puppet/modules/site_config/lib/facter/vagrant.rb
new file mode 100644
index 00000000..29a218dd
--- /dev/null
+++ b/puppet/modules/site_config/lib/facter/vagrant.rb
@@ -0,0 +1,8 @@
+# Checks if systems runs inside vagrant
+require 'facter'
+
+Facter.add(:vagrant) do
+ setcode do
+ FileTest.exists?('/vagrant')
+ end
+end
diff --git a/puppet/modules/site_config/manifests/params.pp b/puppet/modules/site_config/manifests/params.pp
index 012b3ce0..4627515a 100644
--- a/puppet/modules/site_config/manifests/params.pp
+++ b/puppet/modules/site_config/manifests/params.pp
@@ -1,3 +1,4 @@
+# Default parameters
class site_config::params {
$ip_address = hiera('ip_address')
@@ -6,8 +7,16 @@ class site_config::params {
$environment = hiera('environment', undef)
- if $environment == 'local' {
- $interface = 'eth1'
+ if $::vagrant {
+ # Depending on the backend hypervisor networking is setup differently.
+ if $::interfaces =~ /eth1/ {
+ # Virtualbox: Private networking creates a second interface eth1
+ $interface = 'eth1'
+ }
+ else {
+ # KVM/Libvirt: Private networking is done by defauly on first interface
+ $interface = 'eth0'
+ }
include site_config::packages::build_essential
}
elsif hiera('interface','') != '' {
diff --git a/puppet/modules/site_config/manifests/setup.pp b/puppet/modules/site_config/manifests/setup.pp
index 82dfe76d..a96f87a6 100644
--- a/puppet/modules/site_config/manifests/setup.pp
+++ b/puppet/modules/site_config/manifests/setup.pp
@@ -37,7 +37,7 @@ class site_config::setup {
# we need to include shorewall::interface{eth0} in setup.pp so
# packages can be installed during main puppetrun, even before shorewall
# is configured completly
- if ( $::site_config::params::environment == 'local' ) {
+ if $::vagrant {
include site_config::vagrant
}
diff --git a/puppet/modules/site_config/manifests/vagrant.pp b/puppet/modules/site_config/manifests/vagrant.pp
index 8f50b305..1682de8b 100644
--- a/puppet/modules/site_config/manifests/vagrant.pp
+++ b/puppet/modules/site_config/manifests/vagrant.pp
@@ -1,11 +1,15 @@
+# Gets included on vagrant nodes
class site_config::vagrant {
- # class for vagrant nodes
include site_shorewall::defaults
- # eth0 on vagrant nodes is the uplink if
- shorewall::interface { 'eth0':
- zone => 'net',
- options => 'tcpflags,blacklist,nosmurfs';
+
+ if ( $::site_config::params::interface == 'eth1' ) {
+ # Don't block eth0 even if eth1 is configured, because
+ # it's vagrant's main interface to access the box
+ shorewall::interface { 'eth0':
+ zone => 'net',
+ options => 'tcpflags,blacklist,nosmurfs';
+ }
}
}
diff --git a/tests/example-provider/Vagrantfile b/tests/example-provider/Vagrantfile
index 1e410f5e..e909e79b 100644
--- a/tests/example-provider/Vagrantfile
+++ b/tests/example-provider/Vagrantfile
@@ -42,6 +42,10 @@ Vagrant.configure("2") do |config|
config.ssh.username = "vagrant"
+ # Enable private networking so the box can be accessed directly,
+ # not only via port forwaring
+ config.vm.network "private_network", type: "dhcp"
+
# forward leap_web ports
config.vm.network "forwarded_port", guest: 443, host:4443
# forward pixelated ports
diff --git a/tests/example-provider/vagrant/configure-leap.sh b/tests/example-provider/vagrant/configure-leap.sh
index 8bd591e0..7a1efc71 100755
--- a/tests/example-provider/vagrant/configure-leap.sh
+++ b/tests/example-provider/vagrant/configure-leap.sh
@@ -1,41 +1,53 @@
-#!/bin/bash
+#!/bin/sh
+# Exit on failure
+set -e
+# shellcheck disable=SC1091
. /vagrant/vagrant/vagrant.config
echo '==============================================='
-echo 'configuring leap'
+echo "Configuring LEAP in ${PROVIDERDIR}"
echo '==============================================='
# purge $PROVIDERDIR so this script can be run multiple times
-[ -e $PROVIDERDIR ] && rm -rf $PROVIDERDIR
+[ -e "$PROVIDERDIR" ] && rm -rf "$PROVIDERDIR"
-mkdir -p $PROVIDERDIR
-chown ${USER}:${USER} ${PROVIDERDIR}
-cd $PROVIDERDIR
+mkdir -p "$PROVIDERDIR"
+chown "${USER}:${USER}" "${PROVIDERDIR}"
+cd "$PROVIDERDIR" || exit
-$LEAP $OPTS new --contacts "$contacts" --domain "$provider_domain" --name "$provider_name" --platform="$PLATFORMDIR" .
-echo -e '\n@log = "./deploy.log"' >> Leapfile
+$LEAP new --contacts "${contacts:?}" --domain "${provider_domain:?}" --name "${provider_name:?}" --platform="$PLATFORMDIR" .
+printf '\n@log = "./deploy.log"' >> Leapfile
-if [ ! -e /home/${USER}/.ssh/id_rsa ]; then
- $SUDO ssh-keygen -f /home/${USER}/.ssh/id_rsa -P ''
+if [ ! -e "/home/${USER}/.ssh/id_rsa" ]; then
+ $SUDO ssh-keygen -f "/home/${USER}/.ssh/id_rsa" -P ''
[ -d /root/.ssh ] || mkdir /root/.ssh
- cat /home/${USER}/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
+ cat "/home/${USER}/.ssh/id_rsa.pub" >> /root/.ssh/authorized_keys
fi
-$SUDO mkdir -p ${PROVIDERDIR}/files/nodes/${NODE}
+$SUDO mkdir -p "${PROVIDERDIR}/files/nodes/${NODE}"
sh -c "cat /etc/ssh/ssh_host_rsa_key.pub | cut -d' ' -f1,2 >> $PROVIDERDIR/files/nodes/$NODE/${NODE}_ssh.pub"
-chown ${USER}:${USER} ${PROVIDERDIR}/files/nodes/${NODE}/${NODE}_ssh.pub
+chown "${USER}:${USER}" "${PROVIDERDIR}/files/nodes/${NODE}/${NODE}_ssh.pub"
+
+$LEAP add-user --self
+$LEAP cert ca
+$LEAP cert csr
+
+# Try to see if there's a private IP for eth1
+# Otherwise take eth0
+# (virtualbox and libvirt backends behave differenently setting up
+# direct accessible private networks.
+# see https://www.vagrantup.com/docs/networking/private_network.html
+IP="$(facter ipaddress_eth1)"
+[ "$IP" = '' ] && IP="$(facter ipaddress_eth0)"
+$LEAP node add "$NODE" ip_address:"${IP}" couch.mode:plain services:"${services:?}" tags:production
-$LEAP $OPTS add-user --self
-$LEAP $OPTS cert ca
-$LEAP $OPTS cert csr
-$LEAP $OPTS node add $NODE ip_address:"$(facter ipaddress)" couch.mode:plain services:"$services" tags:production
echo '{ "webapp": { "admins": ["testadmin"] } }' > services/webapp.json
-$LEAP $OPTS compile
+$LEAP compile
-$LEAP $OPTS node init $NODE
+$LEAP node init "$NODE"
if [ $? -eq 1 ]; then
echo 'node init failed'
exit 1
@@ -46,7 +58,7 @@ fi
# workaround is to install rake as gem
gem install rake
-$LEAP $OPTS -v 2 deploy
+$LEAP -v 2 deploy
# Vagrant: leap_mx fails to start on jessie
# https://leap.se/code/issues/7755
@@ -62,7 +74,7 @@ echo '==============================================='
echo 'testing the platform'
echo '==============================================='
-$LEAP $OPTS -v 2 test --continue
+$LEAP -v 2 test --continue
echo '==============================================='
echo 'setting node to demo-mode'
@@ -73,13 +85,13 @@ postconf -e default_transport='error: in demo mode'
curl -s -k https://localhost/1/users.json -d "user%5Blogin%5D=testuser&user%5Bpassword_salt%5D=7d4880237a038e0e&user%5Bpassword_verifier%5D=b98dc393afcd16e5a40fb57ce9cddfa6a978b84be326196627c111d426cada898cdaf3a6427e98b27daf4b0ed61d278bc856515aeceb2312e50c8f816659fcaa4460d839a1e2d7ffb867d32ac869962061368141c7571a53443d58dc84ca1fca34776894414c1090a93e296db6cef12c2cc3f7a991b05d49728ed358fd868286"
curl -s -k https://localhost/1/users.json -d "user%5Blogin%5D=testadmin&user%5Bpassword_salt%5D=ece1c457014d8282&user%5Bpassword_verifier%5D=9654d93ab409edf4ff1543d07e08f321107c3fd00de05c646c637866a94f28b3eb263ea9129dacebb7291b3374cc6f0bf88eb3d231eb3a76eed330a0e8fd2a5c477ed2693694efc1cc23ae83c2ae351a21139701983dd595b6c3225a1bebd2a4e6122f83df87606f1a41152d9890e5a11ac3749b3bfcf4407fc83ef60b4ced68"
-echo -e '\n===========================================================================================================\n\n'
-echo -e 'You are now ready to use your local LEAP provider.\n'
+printf '\n===========================================================================================================\n\n'
+printf 'You are now ready to use your local LEAP provider.\n'
echo 'If you want to use the *Bitmask client* with your provider, please update your /etc/hosts with following dns overrides:'
$LEAP list --print ip_address,domain.full,dns.aliases | sed 's/^.* //' | sed 's/, null//g' | tr -d '\]\[",'
echo 'Please see https://leap.se/en/docs/platform/tutorials/vagrant#use-the-bitmask-client-to-do-an-initial-soledad-sync for more details how to use and test your LEAP provider.'
-echo -e "\nIf you don't want to use the Bitmask client, please ignore the above instructions.\n"
-echo -e 'The LEAP webapp is now available at https://localhost:4443\n'
-echo -e 'Please add an exception in your browser dialog to allow the self-signed certificate.\n'
+printf "\nIf you don't want to use the Bitmask client, please ignore the above instructions.\n"
+printf 'The LEAP webapp is now available at https://localhost:4443\n'
+printf 'Please add an exception in your browser dialog to allow the self-signed certificate.\n'
diff --git a/tests/example-provider/vagrant/vagrant.config b/tests/example-provider/vagrant/vagrant.config
index ff5dd38f..07222c3f 100644
--- a/tests/example-provider/vagrant/vagrant.config
+++ b/tests/example-provider/vagrant/vagrant.config
@@ -18,4 +18,4 @@ NODE='node1'
SUDO="sudo -u ${USER}"
PROVIDERDIR="/home/${USER}/leap/configuration"
PLATFORMDIR="/srv/leap_platform"
-LEAP="$SUDO /usr/local/bin/leap"
+LEAP="$SUDO /usr/local/bin/leap $OPTS"