summaryrefslogtreecommitdiff
path: root/provider_base
diff options
context:
space:
mode:
Diffstat (limited to 'provider_base')
-rw-r--r--provider_base/README9
-rw-r--r--provider_base/common.json25
-rw-r--r--provider_base/files/service-definitions/provider.json.erb20
-rw-r--r--provider_base/provider.json27
-rw-r--r--provider_base/services/ca.json6
-rw-r--r--provider_base/services/couchdb.json22
-rw-r--r--provider_base/services/dns.json7
-rw-r--r--provider_base/services/openvpn.json14
-rw-r--r--provider_base/services/webapp.json19
9 files changed, 149 insertions, 0 deletions
diff --git a/provider_base/README b/provider_base/README
new file mode 100644
index 00000000..bb80df50
--- /dev/null
+++ b/provider_base/README
@@ -0,0 +1,9 @@
+This directory holds the base provider files that actual providers inherit from.
+
+For example:
+
+ the file........ myproject/provider/common.json
+ inherits from... myproject/leap_platform/provider_base/common.json
+
+
+
diff --git a/provider_base/common.json b/provider_base/common.json
new file mode 100644
index 00000000..f3557800
--- /dev/null
+++ b/provider_base/common.json
@@ -0,0 +1,25 @@
+{
+ "ip_address": "REQUIRED",
+ "services": [],
+ "domain": {
+ "full_suffix": "= global.provider.domain",
+ "internal_suffix": "= global.provider.internal_domain",
+ "full": "= node.name + '.' + domain.full_suffix",
+ "internal": "= node.name + '.' + domain.internal_suffix",
+ "name": "= node.name + '.' + (dns.public ? domain.full_suffix : domain.internal_suffix)"
+ },
+ "dns": {
+ "public": "= service_type != 'internal_service'"
+ },
+ "ssh": {
+ "authorized_keys": "= file :authorized_keys",
+ "known_hosts": "= file :known_hosts",
+ "port": 22
+ },
+ "x509": {
+ "use": false,
+ "cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap update-cert`') : nil",
+ "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap update-cert`') : nil"
+ },
+ "local": "= self.vagrant?"
+}
diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb
new file mode 100644
index 00000000..76245739
--- /dev/null
+++ b/provider_base/files/service-definitions/provider.json.erb
@@ -0,0 +1,20 @@
+<%=
+ hsh = {}
+
+ # grab some fields from provider.json
+ hsh = global.provider.pick(
+ :languages, :description, :name,
+ :enrollment_policy, :default_language, :domain
+ )
+
+ # advertise services that are 'user services'
+ hsh['services'] = global.services[:service_type => :user_service].field(:name)
+
+ hsh['api_version'] = "1"
+ hsh['api_uri'] = "https://" + api_domain
+
+ hsh['ca_cert_uri'] = 'https://' + global.provider.domain + '/ca.crt'
+ hsh['ca_cert_fingerprint'] = ""
+
+ generate_json hsh
+%> \ No newline at end of file
diff --git a/provider_base/provider.json b/provider_base/provider.json
new file mode 100644
index 00000000..a144d04e
--- /dev/null
+++ b/provider_base/provider.json
@@ -0,0 +1,27 @@
+{
+ "domain": "REQUIRED",
+ "internal_domain": "= domain.sub(/\\..*$/,'.i')",
+ "name": {
+ "en": "REQUIRED"
+ },
+ "description": {
+ "en": "REQUIRED"
+ },
+ "languages": ["en"],
+ "default_language": "en",
+ "enrollment_policy": "open",
+ "ca": {
+ "name": "= global.provider.ca.organization + ' Root CA'",
+ "organization": "= global.provider.name[global.provider.default_language]",
+ "organizational_unit": "= 'https://' + global.common.domain.full_suffix",
+ "bit_size": 4096,
+ "life_span": "10y",
+ "server_certificates": {
+ "bit_size": 3248,
+ "life_span": "1y"
+ }
+ },
+ "vagrant":{
+ "network":"10.5.5.0/24"
+ }
+} \ No newline at end of file
diff --git a/provider_base/services/ca.json b/provider_base/services/ca.json
new file mode 100644
index 00000000..68f970f7
--- /dev/null
+++ b/provider_base/services/ca.json
@@ -0,0 +1,6 @@
+{
+ "service_type": "internal_service",
+ "x509": {
+ "use": true
+ }
+}
diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json
new file mode 100644
index 00000000..1c8005c2
--- /dev/null
+++ b/provider_base/services/couchdb.json
@@ -0,0 +1,22 @@
+{
+ "service_type": "internal_service",
+ "x509": {
+ "use": true
+ },
+ "couch": {
+ "users": {
+ "admin": {
+ "username": "admin",
+ "password": "= secret :couch_admin_password"
+ },
+ "webapp": {
+ "username": "webapp",
+ "password": "= secret :couch_webapp_password"
+ },
+ "ca_daemon": {
+ "username": "ca_daemon",
+ "password": "= secret :couch_ca_daemon_password"
+ }
+ }
+ }
+}
diff --git a/provider_base/services/dns.json b/provider_base/services/dns.json
new file mode 100644
index 00000000..677d9b2c
--- /dev/null
+++ b/provider_base/services/dns.json
@@ -0,0 +1,7 @@
+{
+ "hosts": {
+ "public": "= nodes['dns.public' => true].fields('domain.name', 'dns.aliases', 'ip_address')",
+ "private": "= nodes['dns.public' => false].fields('domain.name', 'dns.aliases', 'ip_address')"
+ },
+ "service_type": "public_service"
+} \ No newline at end of file
diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json
new file mode 100644
index 00000000..4b7d25ec
--- /dev/null
+++ b/provider_base/services/openvpn.json
@@ -0,0 +1,14 @@
+{
+ "service_type": "user_service",
+ "x509": {
+ "use": true
+ },
+ "openvpn": {
+ "ports": ["80", "443", "53", "1194"],
+ "filter_dns": false,
+ "nat": true,
+ "ca_crt": "= file :ca_cert",
+ "ca_key": "= file :ca_key",
+ "dh": "= file :dh_params"
+ }
+}
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
new file mode 100644
index 00000000..6e5c029c
--- /dev/null
+++ b/provider_base/services/webapp.json
@@ -0,0 +1,19 @@
+{
+ "webapp": {
+ "modules": ["user", "billing", "help"],
+ "couchdb_hosts": "= nodes[:services => :couchdb].field('domain.name')",
+ "couchdb_user": "= global.services[:couchdb].couch.users[:webapp]"
+ },
+ "definition_files": {
+ "provider": "= file('service-definitions/provider.json.erb')",
+ "eip_service": "file('service-definitions/eip-service.json.erb')"
+ },
+ "service_type": "public_service",
+ "api_domain": "= 'api.' + domain.full_suffix",
+ "dns": {
+ "aliases": "= [domain.full, api_domain]"
+ },
+ "x509": {
+ "use": true
+ }
+} \ No newline at end of file