From 54fcafe131c411a49e4277cd0d14c6ea20044203 Mon Sep 17 00:00:00 2001 From: irregulator Date: Tue, 20 May 2014 23:20:58 +0300 Subject: Initial commit for obfsproxy server feature in platform --- provider_base/services/obfsproxy.json | 10 +++ puppet/manifests/site.pp | 5 ++ puppet/modules/obfsproxy/files/obfsproxy_daemon | 99 ++++++++++++++++++++++ puppet/modules/obfsproxy/manifests/init.pp | 64 ++++++++++++++ puppet/modules/obfsproxy/templates/etc_conf.erb | 11 +++ .../site_apt/manifests/preferences/obfsproxy.pp | 9 ++ puppet/modules/site_obfsproxy/README | 0 puppet/modules/site_obfsproxy/manifests/init.pp | 28 ++++++ 8 files changed, 226 insertions(+) create mode 100644 provider_base/services/obfsproxy.json create mode 100755 puppet/modules/obfsproxy/files/obfsproxy_daemon create mode 100644 puppet/modules/obfsproxy/manifests/init.pp create mode 100644 puppet/modules/obfsproxy/templates/etc_conf.erb create mode 100644 puppet/modules/site_apt/manifests/preferences/obfsproxy.pp create mode 100644 puppet/modules/site_obfsproxy/README create mode 100644 puppet/modules/site_obfsproxy/manifests/init.pp diff --git a/provider_base/services/obfsproxy.json b/provider_base/services/obfsproxy.json new file mode 100644 index 00000000..954ae868 --- /dev/null +++ b/provider_base/services/obfsproxy.json @@ -0,0 +1,10 @@ +{ + "obfsproxy": { + "scramblesuit": { + "password": "= base32_secret :scramblesuit_password", + //"port" : "= rand(11..5555)" + "port" : "= obfs_port :scramblesuit_port, 18000..32000" + }, + "gateway_address": "= nodes[:services => 'openvpn'].field('openvpn.gateway_address')[0]" + } +} diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 9afa5dfd..8e00fbbd 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -10,6 +10,7 @@ notice("Services for ${fqdn}: ${services_str}") if member($services, 'openvpn') { include site_openvpn + include site_obfsproxy } if member($services, 'couchdb') { @@ -42,4 +43,8 @@ if member($services, 'static') { include site_static } +if $services =~ /\bobfsproxy\b/ { + include site_obfsproxy +} + include site_config::packages::uninstall diff --git a/puppet/modules/obfsproxy/files/obfsproxy_daemon b/puppet/modules/obfsproxy/files/obfsproxy_daemon new file mode 100755 index 00000000..f5914980 --- /dev/null +++ b/puppet/modules/obfsproxy/files/obfsproxy_daemon @@ -0,0 +1,99 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: obfsproxy daemon +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: obfsproxy daemon +# Description: obfsproxy daemon +### END INIT INFO + +. /lib/lsb/init-functions + +DAEMON=/usr/bin/obfsproxy +NAME=obfsproxy +DESC="obfsproxy daemon" +USER=obfsproxy +PIDFILE=/var/run/obfsproxy.pid +CONF=/etc/obfsproxy.conf + +# If the daemon is not there, then exit. +test -x $DAEMON || exit 0 + +if [ -f $CONF ] ; then + . $CONF +else + echo "Obfsproxy configuration file is missing, aborting..." + exit +fi + +DAEMONARGS=" --log-min-severity=$LOG $TRANSPORT $PARAM \ + --dest=$DEST_IP:$DEST_PORT server 0.0.0.0:$PORT" + +start_obfsproxy() { + start-stop-daemon --start --quiet --oknodo -m --pidfile $PIDFILE \ + -b -c $USER --startas $DAEMON --$DAEMONARGS +} + +stop_obfsproxy() { + start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE +} + +status_obfsproxy() { + status_of_proc -p $PIDFILE $DAEMON $NAME && status="0" || status="$?" +} + +case $1 in + start) + if [ -e $PIDFILE ]; then + status_obfsproxy + if [ $status = "0" ]; then + exit + fi + fi + log_begin_msg "Starting $DESC" + start_obfsproxy + log_end_msg $? + ;; + stop) + if [ -e $PIDFILE ]; then + status_obfsproxy + if [ $status = "0" ]; then + log_begin_msg "Stopping $DESC" + stop_obfsproxy + rm -f $PIDFILE + log_end_msg $? + fi + else + log_daemon_msg "$NAME is not running" + log_end_msg $? + fi + ;; + restart) + $0 stop && sleep 2 && $0 start + ;; + status) +# if [ -e $PIDFILE ]; then +# #status_of_proc -p $PIDFILE $DAEMON "$NAME " && exit 0 || exit $? +# status_obfsproxy +# else +# log_daemon_msg "$NAME is not running" +# log_end_msg 0 +# fi + status_obfsproxy + ;; + reload) + if [ -e $PIDFILE ]; then + start-stop-daemon --stop --signal USR1 --quiet --pidfile $PIDFILE --name $NAME + log_success_msg "$DESC reloaded successfully" + else + log_failure_msg "$PIDFILE does not exists" + fi + ;; + *) + echo "Usage: $0 {start|stop|restart|reload|status}" + exit 2 + ;; +esac diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp new file mode 100644 index 00000000..4deebb62 --- /dev/null +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -0,0 +1,64 @@ +class obfsproxy ( + $transport, + $port, + $param, + $dest_ip, + $dest_port +){ + + user { obfsproxy: + ensure => present, + system => true, + gid => obfsproxy, + } + + group { obfsproxy: + ensure => present, + system => true, + } + +# file { '/etc/default/obfsproxy': +# path => '/etc/default/obfsproxy', +# owner => 'root', +# group => 'root', +# mode => '0750', +# content => template('obfsproxy/etc_default_conf.erb'), +# } + + file { '/etc/init.d/obfsproxy': + path => '/etc/init.d/obfsproxy', + ensure => present, + source => 'puppet:///modules/obfsproxy/obfsproxy_daemon', + owner => 'root', + group => 'root', + mode => '0755', + require => File['/etc/obfsproxy.conf'], + subscribe => File['/etc/obfsproxy.conf'], + #content => template('obfsproxy/etc_init_d.erb'), + } + + file { '/etc/obfsproxy.conf': + path => '/etc/obfsproxy.conf', + ensure => present, + owner => 'root', + group => 'root', + mode => '0750', + content => template('obfsproxy/etc_conf.erb'), + } + + package { "obfsproxy": + ensure => present, + } + + service { "obfsproxy": + ensure => running, + status => '/usr/sbin/service obfsproxy status + | grep "is running"', + require => [ + Package["obfsproxy"], + File["/etc/init.d/obfsproxy"] ] + } + + +} + diff --git a/puppet/modules/obfsproxy/templates/etc_conf.erb b/puppet/modules/obfsproxy/templates/etc_conf.erb new file mode 100644 index 00000000..3313b326 --- /dev/null +++ b/puppet/modules/obfsproxy/templates/etc_conf.erb @@ -0,0 +1,11 @@ +TRANSPORT=<%= @transport %> +PORT=<%= @port %> +DEST_IP=<%= @dest_ip %> +DEST_PORT=<%= @dest_port %> +<% if @transport == "scramblesuit" %> +PARAM=--password=<%= @param %> +<% else %> +PARAM=<%= @param %> +<% end %> +LOG=info + diff --git a/puppet/modules/site_apt/manifests/preferences/obfsproxy.pp b/puppet/modules/site_apt/manifests/preferences/obfsproxy.pp new file mode 100644 index 00000000..081086e5 --- /dev/null +++ b/puppet/modules/site_apt/manifests/preferences/obfsproxy.pp @@ -0,0 +1,9 @@ +class site_apt::preferences::obfsproxy { + + apt::preferences_snippet { 'obfsproxy': + package => 'obfsproxy', + release => "${::lsbdistcodename}-backports", + priority => 999; + } + +} diff --git a/puppet/modules/site_obfsproxy/README b/puppet/modules/site_obfsproxy/README new file mode 100644 index 00000000..e69de29b diff --git a/puppet/modules/site_obfsproxy/manifests/init.pp b/puppet/modules/site_obfsproxy/manifests/init.pp new file mode 100644 index 00000000..23a8dd30 --- /dev/null +++ b/puppet/modules/site_obfsproxy/manifests/init.pp @@ -0,0 +1,28 @@ +class site_obfsproxy { + tag 'leap_service' + Class['site_config::default'] -> Class['site_obfsproxy'] + + $transport = 'scramblesuit' + + $obfsproxy = hiera('obfsproxy') + $scramblesuit = $obfsproxy['scramblesuit'] + $scram_pass = $scramblesuit['password'] + $scram_port = $scramblesuit['port'] + $dest_ip = $obfsproxy['gateway_address'] + $dest_port = '443' + + include site_apt::preferences::twisted + include site_apt::preferences::obfsproxy + + class { 'obfsproxy': + transport => $transport, + port => $scram_port, + param => $scram_pass, + dest_ip => $dest_ip, + dest_port => $dest_port, + } + +} + + + -- cgit v1.2.3