From 61252fe74c8ec3668af551fb0b0b91f1bfa4705a Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 21 May 2017 23:28:20 +0200 Subject: [vagrant] Use eth1 on vagrant if present Virtualbox adds eth1 as second interface when private networking is enabled. - Related: #7769 --- puppet/modules/site_config/lib/facter/vagrant.rb | 8 ++++++++ puppet/modules/site_config/manifests/params.pp | 13 +++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 puppet/modules/site_config/lib/facter/vagrant.rb diff --git a/puppet/modules/site_config/lib/facter/vagrant.rb b/puppet/modules/site_config/lib/facter/vagrant.rb new file mode 100644 index 00000000..29a218dd --- /dev/null +++ b/puppet/modules/site_config/lib/facter/vagrant.rb @@ -0,0 +1,8 @@ +# Checks if systems runs inside vagrant +require 'facter' + +Facter.add(:vagrant) do + setcode do + FileTest.exists?('/vagrant') + end +end diff --git a/puppet/modules/site_config/manifests/params.pp b/puppet/modules/site_config/manifests/params.pp index 012b3ce0..4627515a 100644 --- a/puppet/modules/site_config/manifests/params.pp +++ b/puppet/modules/site_config/manifests/params.pp @@ -1,3 +1,4 @@ +# Default parameters class site_config::params { $ip_address = hiera('ip_address') @@ -6,8 +7,16 @@ class site_config::params { $environment = hiera('environment', undef) - if $environment == 'local' { - $interface = 'eth1' + if $::vagrant { + # Depending on the backend hypervisor networking is setup differently. + if $::interfaces =~ /eth1/ { + # Virtualbox: Private networking creates a second interface eth1 + $interface = 'eth1' + } + else { + # KVM/Libvirt: Private networking is done by defauly on first interface + $interface = 'eth0' + } include site_config::packages::build_essential } elsif hiera('interface','') != '' { -- cgit v1.2.3 From 9be35a2aaee59f8d78b620a5b1f02ea08ec3bc78 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 21 May 2017 23:29:34 +0200 Subject: [vagrant] Use private networking for direct acces Without private networking, the box cannot get directly accessed, only via port forwardings. https://www.vagrantup.com/docs/networking/private_network.html - Resolves: #7769 --- tests/example-provider/Vagrantfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/example-provider/Vagrantfile b/tests/example-provider/Vagrantfile index 1e410f5e..e909e79b 100644 --- a/tests/example-provider/Vagrantfile +++ b/tests/example-provider/Vagrantfile @@ -42,6 +42,10 @@ Vagrant.configure("2") do |config| config.ssh.username = "vagrant" + # Enable private networking so the box can be accessed directly, + # not only via port forwaring + config.vm.network "private_network", type: "dhcp" + # forward leap_web ports config.vm.network "forwarded_port", guest: 443, host:4443 # forward pixelated ports -- cgit v1.2.3 From 10164a2651cb9ca07442e8382b7e238c8a8939c1 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 23 May 2017 12:07:44 +0200 Subject: Lint configure-leap.sh --- tests/example-provider/vagrant/configure-leap.sh | 54 ++++++++++++------------ 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/tests/example-provider/vagrant/configure-leap.sh b/tests/example-provider/vagrant/configure-leap.sh index 8bd591e0..a8c0ff20 100755 --- a/tests/example-provider/vagrant/configure-leap.sh +++ b/tests/example-provider/vagrant/configure-leap.sh @@ -1,41 +1,41 @@ -#!/bin/bash - +#!/bin/sh +# shellcheck disable=SC1091 . /vagrant/vagrant/vagrant.config echo '===============================================' -echo 'configuring leap' +echo "Configuring LEAP in ${PROVIDERDIR}" echo '===============================================' # purge $PROVIDERDIR so this script can be run multiple times -[ -e $PROVIDERDIR ] && rm -rf $PROVIDERDIR +[ -e "$PROVIDERDIR" ] && rm -rf "$PROVIDERDIR" -mkdir -p $PROVIDERDIR -chown ${USER}:${USER} ${PROVIDERDIR} -cd $PROVIDERDIR +mkdir -p "$PROVIDERDIR" +chown "${USER}:${USER}" "${PROVIDERDIR}" +cd "$PROVIDERDIR" || exit -$LEAP $OPTS new --contacts "$contacts" --domain "$provider_domain" --name "$provider_name" --platform="$PLATFORMDIR" . -echo -e '\n@log = "./deploy.log"' >> Leapfile +$LEAP "$OPTS" new --contacts "${contacts:?}" --domain "${provider_domain:?}" --name "${provider_name:?}" --platform="$PLATFORMDIR" . +printf '\n@log = "./deploy.log"' >> Leapfile -if [ ! -e /home/${USER}/.ssh/id_rsa ]; then - $SUDO ssh-keygen -f /home/${USER}/.ssh/id_rsa -P '' +if [ ! -e "/home/${USER}/.ssh/id_rsa" ]; then + $SUDO ssh-keygen -f "/home/${USER}/.ssh/id_rsa" -P '' [ -d /root/.ssh ] || mkdir /root/.ssh - cat /home/${USER}/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys + cat "/home/${USER}/.ssh/id_rsa.pub" >> /root/.ssh/authorized_keys fi -$SUDO mkdir -p ${PROVIDERDIR}/files/nodes/${NODE} +$SUDO mkdir -p "${PROVIDERDIR}/files/nodes/${NODE}" sh -c "cat /etc/ssh/ssh_host_rsa_key.pub | cut -d' ' -f1,2 >> $PROVIDERDIR/files/nodes/$NODE/${NODE}_ssh.pub" -chown ${USER}:${USER} ${PROVIDERDIR}/files/nodes/${NODE}/${NODE}_ssh.pub +chown "${USER}:${USER}" "${PROVIDERDIR}/files/nodes/${NODE}/${NODE}_ssh.pub" -$LEAP $OPTS add-user --self -$LEAP $OPTS cert ca -$LEAP $OPTS cert csr -$LEAP $OPTS node add $NODE ip_address:"$(facter ipaddress)" couch.mode:plain services:"$services" tags:production +$LEAP "$OPTS" add-user --self +$LEAP "$OPTS" cert ca +$LEAP "$OPTS" cert csr +$LEAP "$OPTS" node add "$NODE" ip_address:"$(facter ipaddress)" couch.mode:plain services:"${services:?}" tags:production echo '{ "webapp": { "admins": ["testadmin"] } }' > services/webapp.json -$LEAP $OPTS compile +$LEAP "$OPTS" compile -$LEAP $OPTS node init $NODE +$LEAP "$OPTS" node init "$NODE" if [ $? -eq 1 ]; then echo 'node init failed' exit 1 @@ -46,7 +46,7 @@ fi # workaround is to install rake as gem gem install rake -$LEAP $OPTS -v 2 deploy +$LEAP "$OPTS" -v 2 deploy # Vagrant: leap_mx fails to start on jessie # https://leap.se/code/issues/7755 @@ -62,7 +62,7 @@ echo '===============================================' echo 'testing the platform' echo '===============================================' -$LEAP $OPTS -v 2 test --continue +$LEAP "$OPTS" -v 2 test --continue echo '===============================================' echo 'setting node to demo-mode' @@ -73,13 +73,13 @@ postconf -e default_transport='error: in demo mode' curl -s -k https://localhost/1/users.json -d "user%5Blogin%5D=testuser&user%5Bpassword_salt%5D=7d4880237a038e0e&user%5Bpassword_verifier%5D=b98dc393afcd16e5a40fb57ce9cddfa6a978b84be326196627c111d426cada898cdaf3a6427e98b27daf4b0ed61d278bc856515aeceb2312e50c8f816659fcaa4460d839a1e2d7ffb867d32ac869962061368141c7571a53443d58dc84ca1fca34776894414c1090a93e296db6cef12c2cc3f7a991b05d49728ed358fd868286" curl -s -k https://localhost/1/users.json -d "user%5Blogin%5D=testadmin&user%5Bpassword_salt%5D=ece1c457014d8282&user%5Bpassword_verifier%5D=9654d93ab409edf4ff1543d07e08f321107c3fd00de05c646c637866a94f28b3eb263ea9129dacebb7291b3374cc6f0bf88eb3d231eb3a76eed330a0e8fd2a5c477ed2693694efc1cc23ae83c2ae351a21139701983dd595b6c3225a1bebd2a4e6122f83df87606f1a41152d9890e5a11ac3749b3bfcf4407fc83ef60b4ced68" -echo -e '\n===========================================================================================================\n\n' -echo -e 'You are now ready to use your local LEAP provider.\n' +printf '\n===========================================================================================================\n\n' +printf 'You are now ready to use your local LEAP provider.\n' echo 'If you want to use the *Bitmask client* with your provider, please update your /etc/hosts with following dns overrides:' $LEAP list --print ip_address,domain.full,dns.aliases | sed 's/^.* //' | sed 's/, null//g' | tr -d '\]\[",' echo 'Please see https://leap.se/en/docs/platform/tutorials/vagrant#use-the-bitmask-client-to-do-an-initial-soledad-sync for more details how to use and test your LEAP provider.' -echo -e "\nIf you don't want to use the Bitmask client, please ignore the above instructions.\n" -echo -e 'The LEAP webapp is now available at https://localhost:4443\n' -echo -e 'Please add an exception in your browser dialog to allow the self-signed certificate.\n' +printf "\nIf you don't want to use the Bitmask client, please ignore the above instructions.\n" +printf 'The LEAP webapp is now available at https://localhost:4443\n' +printf 'Please add an exception in your browser dialog to allow the self-signed certificate.\n' -- cgit v1.2.3 From d2dc27738a26b824f42da3fdea527be072867678 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 23 May 2017 13:23:43 +0200 Subject: [vagrant] Move $OPTS to vagrant config --- tests/example-provider/vagrant/configure-leap.sh | 21 ++++++++++++--------- tests/example-provider/vagrant/vagrant.config | 2 +- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/tests/example-provider/vagrant/configure-leap.sh b/tests/example-provider/vagrant/configure-leap.sh index a8c0ff20..2ea2f178 100755 --- a/tests/example-provider/vagrant/configure-leap.sh +++ b/tests/example-provider/vagrant/configure-leap.sh @@ -1,5 +1,8 @@ #!/bin/sh +# Exit on failure +set -e + # shellcheck disable=SC1091 . /vagrant/vagrant/vagrant.config @@ -14,7 +17,7 @@ mkdir -p "$PROVIDERDIR" chown "${USER}:${USER}" "${PROVIDERDIR}" cd "$PROVIDERDIR" || exit -$LEAP "$OPTS" new --contacts "${contacts:?}" --domain "${provider_domain:?}" --name "${provider_name:?}" --platform="$PLATFORMDIR" . +$LEAP new --contacts "${contacts:?}" --domain "${provider_domain:?}" --name "${provider_name:?}" --platform="$PLATFORMDIR" . printf '\n@log = "./deploy.log"' >> Leapfile if [ ! -e "/home/${USER}/.ssh/id_rsa" ]; then @@ -27,15 +30,15 @@ $SUDO mkdir -p "${PROVIDERDIR}/files/nodes/${NODE}" sh -c "cat /etc/ssh/ssh_host_rsa_key.pub | cut -d' ' -f1,2 >> $PROVIDERDIR/files/nodes/$NODE/${NODE}_ssh.pub" chown "${USER}:${USER}" "${PROVIDERDIR}/files/nodes/${NODE}/${NODE}_ssh.pub" -$LEAP "$OPTS" add-user --self -$LEAP "$OPTS" cert ca -$LEAP "$OPTS" cert csr -$LEAP "$OPTS" node add "$NODE" ip_address:"$(facter ipaddress)" couch.mode:plain services:"${services:?}" tags:production +$LEAP add-user --self +$LEAP cert ca +$LEAP cert csr +$LEAP node add "$NODE" ip_address:"$(facter ipaddress)" couch.mode:plain services:"${services:?}" tags:production echo '{ "webapp": { "admins": ["testadmin"] } }' > services/webapp.json -$LEAP "$OPTS" compile +$LEAP compile -$LEAP "$OPTS" node init "$NODE" +$LEAP node init "$NODE" if [ $? -eq 1 ]; then echo 'node init failed' exit 1 @@ -46,7 +49,7 @@ fi # workaround is to install rake as gem gem install rake -$LEAP "$OPTS" -v 2 deploy +$LEAP -v 2 deploy # Vagrant: leap_mx fails to start on jessie # https://leap.se/code/issues/7755 @@ -62,7 +65,7 @@ echo '===============================================' echo 'testing the platform' echo '===============================================' -$LEAP "$OPTS" -v 2 test --continue +$LEAP -v 2 test --continue echo '===============================================' echo 'setting node to demo-mode' diff --git a/tests/example-provider/vagrant/vagrant.config b/tests/example-provider/vagrant/vagrant.config index ff5dd38f..07222c3f 100644 --- a/tests/example-provider/vagrant/vagrant.config +++ b/tests/example-provider/vagrant/vagrant.config @@ -18,4 +18,4 @@ NODE='node1' SUDO="sudo -u ${USER}" PROVIDERDIR="/home/${USER}/leap/configuration" PLATFORMDIR="/srv/leap_platform" -LEAP="$SUDO /usr/local/bin/leap" +LEAP="$SUDO /usr/local/bin/leap $OPTS" -- cgit v1.2.3 From 85c0f8a67188902c36558d97651c2801849112f1 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 23 May 2017 13:28:54 +0200 Subject: [vagrant] Use private networking IP from eth1 if present --- tests/example-provider/vagrant/configure-leap.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/tests/example-provider/vagrant/configure-leap.sh b/tests/example-provider/vagrant/configure-leap.sh index 2ea2f178..7a1efc71 100755 --- a/tests/example-provider/vagrant/configure-leap.sh +++ b/tests/example-provider/vagrant/configure-leap.sh @@ -33,7 +33,16 @@ chown "${USER}:${USER}" "${PROVIDERDIR}/files/nodes/${NODE}/${NODE}_ssh.pub" $LEAP add-user --self $LEAP cert ca $LEAP cert csr -$LEAP node add "$NODE" ip_address:"$(facter ipaddress)" couch.mode:plain services:"${services:?}" tags:production + +# Try to see if there's a private IP for eth1 +# Otherwise take eth0 +# (virtualbox and libvirt backends behave differenently setting up +# direct accessible private networks. +# see https://www.vagrantup.com/docs/networking/private_network.html +IP="$(facter ipaddress_eth1)" +[ "$IP" = '' ] && IP="$(facter ipaddress_eth0)" +$LEAP node add "$NODE" ip_address:"${IP}" couch.mode:plain services:"${services:?}" tags:production + echo '{ "webapp": { "admins": ["testadmin"] } }' > services/webapp.json $LEAP compile -- cgit v1.2.3 From 0dec9e7305001353beca3b32e180bc9e707ce8b9 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 23 May 2017 13:48:15 +0200 Subject: [vagrant] Lint vagrant.pp --- puppet/modules/site_config/manifests/vagrant.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/puppet/modules/site_config/manifests/vagrant.pp b/puppet/modules/site_config/manifests/vagrant.pp index 8f50b305..23ca4de1 100644 --- a/puppet/modules/site_config/manifests/vagrant.pp +++ b/puppet/modules/site_config/manifests/vagrant.pp @@ -1,11 +1,11 @@ +# Gets included on vagrant nodes class site_config::vagrant { - # class for vagrant nodes include site_shorewall::defaults - # eth0 on vagrant nodes is the uplink if + # eth0 on vagrant nodes is the uplink shorewall::interface { 'eth0': - zone => 'net', - options => 'tcpflags,blacklist,nosmurfs'; + zone => 'net', + options => 'tcpflags,blacklist,nosmurfs'; } } -- cgit v1.2.3 From d2824a6bc1178c6c2ce4923faacfde8e05f8389a Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 23 May 2017 13:56:57 +0200 Subject: Include site_config::vagrant on vagrant nodes --- puppet/modules/site_config/manifests/setup.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/puppet/modules/site_config/manifests/setup.pp b/puppet/modules/site_config/manifests/setup.pp index 82dfe76d..a96f87a6 100644 --- a/puppet/modules/site_config/manifests/setup.pp +++ b/puppet/modules/site_config/manifests/setup.pp @@ -37,7 +37,7 @@ class site_config::setup { # we need to include shorewall::interface{eth0} in setup.pp so # packages can be installed during main puppetrun, even before shorewall # is configured completly - if ( $::site_config::params::environment == 'local' ) { + if $::vagrant { include site_config::vagrant } -- cgit v1.2.3 From 40f7b49003594a1be8c0540a92292d7cfb63eb61 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 23 May 2017 13:58:38 +0200 Subject: [vagrant] Don't block eth0 if eth1 is configured Eth0 is vagrant's main interface to access the box --- puppet/modules/site_config/manifests/vagrant.pp | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/puppet/modules/site_config/manifests/vagrant.pp b/puppet/modules/site_config/manifests/vagrant.pp index 23ca4de1..1682de8b 100644 --- a/puppet/modules/site_config/manifests/vagrant.pp +++ b/puppet/modules/site_config/manifests/vagrant.pp @@ -2,10 +2,14 @@ class site_config::vagrant { include site_shorewall::defaults - # eth0 on vagrant nodes is the uplink - shorewall::interface { 'eth0': - zone => 'net', - options => 'tcpflags,blacklist,nosmurfs'; + + if ( $::site_config::params::interface == 'eth1' ) { + # Don't block eth0 even if eth1 is configured, because + # it's vagrant's main interface to access the box + shorewall::interface { 'eth0': + zone => 'net', + options => 'tcpflags,blacklist,nosmurfs'; + } } } -- cgit v1.2.3