summaryrefslogtreecommitdiff
path: root/provider_base
diff options
context:
space:
mode:
Diffstat (limited to 'provider_base')
-rw-r--r--provider_base/common.json5
-rw-r--r--provider_base/files/service-definitions/eip-service.json.erb8
-rw-r--r--provider_base/services/openvpn.json9
-rw-r--r--provider_base/services/webapp.json10
-rw-r--r--provider_base/tags/local.json3
-rw-r--r--provider_base/test/openvpn/client.ovpn.erb28
6 files changed, 50 insertions, 13 deletions
diff --git a/provider_base/common.json b/provider_base/common.json
index 4e85c9b0..6d4291c6 100644
--- a/provider_base/common.json
+++ b/provider_base/common.json
@@ -1,6 +1,7 @@
{
"ip_address": "REQUIRED",
"services": [],
+ "tags": [],
"domain": {
"full_suffix": "= global.provider.domain",
"internal_suffix": "= global.provider.internal_domain",
@@ -20,7 +21,7 @@
"use": false,
"cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap update-cert`') : nil",
"key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap update-cert`') : nil",
- "ca_cert": "= file :ca_cert"
+ "ca_cert": "= try_file :ca_cert"
},
- "local": "= self.vagrant?"
+ "local": false
}
diff --git a/provider_base/files/service-definitions/eip-service.json.erb b/provider_base/files/service-definitions/eip-service.json.erb
index 095f3530..8dc7211d 100644
--- a/provider_base/files/service-definitions/eip-service.json.erb
+++ b/provider_base/files/service-definitions/eip-service.json.erb
@@ -17,7 +17,7 @@
gateway["capabilities"] = node.openvpn.pick(
:ports, :protocols, :user_ips, :adblock, :filter_dns)
gateway["capabilities"]["transport"] = ["openvpn"]
- gateway["ip_address"] = node.ip_address
+ gateway["ip_address"] = node.openvpn.gateway_address
gateway["host"] = node.domain.full
gateway["cluster"] = underscore(node.openvpn.location)
gateways << gateway
@@ -28,6 +28,10 @@
end
hsh["gateways"] = gateways
hsh["clusters"] = clusters.values
-
+ hsh["openvpn_configuration"] = {
+ "tls-cipher" => "DHE-RSA-AES128-SHA",
+ "auth" => "SHA1",
+ "cipher" => "AES-128-CBC"
+ }
generate_json hsh
%> \ No newline at end of file
diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json
index 71d1d2c7..15deab70 100644
--- a/provider_base/services/openvpn.json
+++ b/provider_base/services/openvpn.json
@@ -1,7 +1,9 @@
{
"service_type": "user_service",
"x509": {
- "use": true
+ "use": true,
+ "ca_cert": "= file :ca_cert, :missing => 'Certificate Authority. Run `leap init-ca`'",
+ "dh": "= file :dh_params, :missing => 'Diffie-Hellman parameters. Run `leap init-dh`'"
},
"openvpn": {
"location": "Location Unknown",
@@ -9,9 +11,6 @@
"protocols": ["tcp", "udp"],
"filter_dns": false,
"adblock": false,
- "user_ips": false,
- "ca_crt": "= file :ca_cert, :missing => 'Certificate Authority. Run `leap init-ca`'",
- "ca_key": "= file :ca_key, :missing => 'Certificate Authority. Run `leap init-ca`'",
- "dh": "= file :dh_params, :missing => 'Diffie-Hellman parameters. Run `leap init-dh`'"
+ "user_ips": false
}
}
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index ca9edf33..afb51ee1 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -1,12 +1,12 @@
{
"webapp": {
"modules": ["user", "billing", "help"],
- "couchdb_hosts": "= nodes[:services => :couchdb].field('domain.name')",
+ "couchdb_hosts": "= nodes[:services => :couchdb][:local => local].field('domain.name')",
"couchdb_user": "= global.services[:couchdb].couch.users[:webapp]"
},
"definition_files": {
- "provider": "= file 'service-definitions/provider.json.erb'",
- "eip_service": "= file 'service-definitions/eip-service.json.erb'"
+ "provider": "= file :provider_json_template",
+ "eip_service": "= file :eip_service_json_template"
},
"service_type": "public_service",
"api_domain": "= 'api.' + domain.full_suffix",
@@ -15,7 +15,9 @@
},
"x509": {
"use": true,
+ "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap init-ca`'",
"commercial_cert": "= file [:commercial_cert, global.provider.domain]",
- "commercial_key": "= file [:commercial_key, global.provider.domain]"
+ "commercial_key": "= file [:commercial_key, global.provider.domain]",
+ "commercial_ca_cert": "= try_file :commercial_ca_cert"
}
} \ No newline at end of file
diff --git a/provider_base/tags/local.json b/provider_base/tags/local.json
new file mode 100644
index 00000000..9cb16602
--- /dev/null
+++ b/provider_base/tags/local.json
@@ -0,0 +1,3 @@
+{
+ "local": true
+} \ No newline at end of file
diff --git a/provider_base/test/openvpn/client.ovpn.erb b/provider_base/test/openvpn/client.ovpn.erb
new file mode 100644
index 00000000..96cb7177
--- /dev/null
+++ b/provider_base/test/openvpn/client.ovpn.erb
@@ -0,0 +1,28 @@
+client
+dev tun
+remote-cert-tls server
+remote-random
+nobind
+script-security 2
+verb 3
+auth SHA1
+cipher AES-128-CBC
+tls-cipher DHE-RSA-AES128-SHA
+
+<% manager.services['openvpn'].node_list.each_node do |node| -%>
+<% unless node.local -%>
+<%= "remote #{node.openvpn.gateway_address} 1194 udp"%>
+<% end -%>
+<% end -%>
+
+<ca>
+<%= read_file! :ca_cert -%>
+</ca>
+
+<cert>
+<%= read_file! :test_client_cert -%>
+</cert>
+
+<key>
+<%= read_file! :test_client_key -%>
+</key>
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-06 23:34:22 +0000