From 3065aef6aea024baa7e8e2a6968205e63d30aad8 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 30 Aug 2012 11:57:05 -0400 Subject: add basic puppetmaster-less deploy script --- deploy.sh | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 deploy.sh diff --git a/deploy.sh b/deploy.sh new file mode 100644 index 00000000..21cb6b73 --- /dev/null +++ b/deploy.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +puppet --modulepath=$PWD/modules $PWD/manifests/site.pp $@ -- cgit v1.2.3 From e1de953a7dda5a03fccb6bbbe6b60f321ad7e010 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 10:57:03 +0200 Subject: deploy.sh working --- deploy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) mode change 100644 => 100755 deploy.sh diff --git a/deploy.sh b/deploy.sh old mode 100644 new mode 100755 index 21cb6b73..c8f89b90 --- a/deploy.sh +++ b/deploy.sh @@ -1,3 +1,3 @@ #!/bin/sh -puppet --modulepath=$PWD/modules $PWD/manifests/site.pp $@ +puppet apply --modulepath=$PWD/puppet/modules $PWD/puppet/manifests/site.pp $@ -- cgit v1.2.3 From 58bb91f094611e95ccda0b2a2ed5756225c41617 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 10:57:26 +0200 Subject: initial site.pp --- puppet/manifests/site.pp | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 puppet/manifests/site.pp diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp new file mode 100644 index 00000000..3a136015 --- /dev/null +++ b/puppet/manifests/site.pp @@ -0,0 +1,3 @@ +node "default" { + notify {'Hello World':} +} -- cgit v1.2.3 From 59635ff7904645075bf3ddd30a70a05a58102bed Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 11:21:23 +0200 Subject: added submodule openvpn --- .gitmodules | 3 +++ puppet/modules/openvpn | 1 + 2 files changed, 4 insertions(+) create mode 100644 .gitmodules create mode 160000 puppet/modules/openvpn diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 00000000..a1a8c588 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "puppet/modules/openvpn"] + path = puppet/modules/openvpn + url = git://github.com/luxflux/puppet-openvpn.git diff --git a/puppet/modules/openvpn b/puppet/modules/openvpn new file mode 160000 index 00000000..25f1fe8d --- /dev/null +++ b/puppet/modules/openvpn @@ -0,0 +1 @@ +Subproject commit 25f1fe8d813f6128068d890a40f5e24be78fb47c -- cgit v1.2.3 From 2c2e3608a251bdb8210767484e05c896f6803d6c Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 11:29:17 +0200 Subject: beginning of openvpn server config --- puppet/manifests/site.pp | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 3a136015..39173f95 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,3 +1,15 @@ -node "default" { - notify {'Hello World':} +node 'cougar.leap.se' { + openvpn::server { + 'cougar.leap.se': + country => 'TR', + province => 'Ankara', + city => 'Ankara', + organization => 'leap.se', + email => 'sysdev@leap.se'; +} + +} + +node 'default' { + notify {'Please specify a host in site.pp!':} } -- cgit v1.2.3 From 653efcee3f3427817e63a8432df99c1e932e3261 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 11:46:46 +0200 Subject: install puppet+facter from backports --- deploy.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/deploy.sh b/deploy.sh index c8f89b90..4da972b5 100755 --- a/deploy.sh +++ b/deploy.sh @@ -1,3 +1,15 @@ #!/bin/sh +# +# missing: header, licence, usage + + +apt-get install lsb-release git + +# we need puppet from backports +dist="`lsb_release -cs`" +[ -f /etc/apt/sources.list.d/$dist-backports.list ] || echo "deb http://backports.debian.org/debian-backports/ $dist-backports main contrib non-free">/etc/apt/sources.list.d/$dist-backports.list + +apt-get update +apt-get install -t $dist-backports facter puppet puppet apply --modulepath=$PWD/puppet/modules $PWD/puppet/manifests/site.pp $@ -- cgit v1.2.3 From 670819cbaa3cf78e2fce45aeb030ece78a920a57 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 11:55:35 +0200 Subject: added submodule concat --- .gitmodules | 3 +++ puppet/modules/concat | 1 + 2 files changed, 4 insertions(+) create mode 160000 puppet/modules/concat diff --git a/.gitmodules b/.gitmodules index a1a8c588..f84f173e 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,6 @@ [submodule "puppet/modules/openvpn"] path = puppet/modules/openvpn url = git://github.com/luxflux/puppet-openvpn.git +[submodule "puppet/modules/concat"] + path = puppet/modules/concat + url = git://code.leap.se/puppet_concat diff --git a/puppet/modules/concat b/puppet/modules/concat new file mode 160000 index 00000000..abce1280 --- /dev/null +++ b/puppet/modules/concat @@ -0,0 +1 @@ +Subproject commit abce1280e07b544d8455f1572dd870bbd2f14892 -- cgit v1.2.3 From 54270961d928e5398f1b7d7a4947bbe14c94d746 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 11:56:26 +0200 Subject: batch mode for apt-get install --- deploy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy.sh b/deploy.sh index 4da972b5..441a1128 100755 --- a/deploy.sh +++ b/deploy.sh @@ -10,6 +10,6 @@ dist="`lsb_release -cs`" [ -f /etc/apt/sources.list.d/$dist-backports.list ] || echo "deb http://backports.debian.org/debian-backports/ $dist-backports main contrib non-free">/etc/apt/sources.list.d/$dist-backports.list apt-get update -apt-get install -t $dist-backports facter puppet +apt-get install -y -t $dist-backports facter puppet puppet apply --modulepath=$PWD/puppet/modules $PWD/puppet/manifests/site.pp $@ -- cgit v1.2.3 From caeac390b217849e8e57ac3afeb4061099e3fec5 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 12:10:21 +0200 Subject: use node default again, more openvpn config --- puppet/manifests/site.pp | 75 ++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 70 insertions(+), 5 deletions(-) diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 39173f95..890d2623 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,4 +1,6 @@ -node 'cougar.leap.se' { +node 'default' { + notify {'Please specify a host in site.pp!':} + openvpn::server { 'cougar.leap.se': country => 'TR', @@ -6,10 +8,73 @@ node 'cougar.leap.se' { city => 'Ankara', organization => 'leap.se', email => 'sysdev@leap.se'; -} + } -} +# configure server + + + openvpn::option { + "dev server1": + key => "dev", + value => "tun0", + server => "server1"; + "script-security server1": + key => "script-security", + value => "3", + server => "server1"; + "daemon server1": + key => "daemon", + server => "server1"; + "keepalive server1": + key => "keepalive", + value => "10 60", + server => "server1"; + "ping-timer-rem server1": + key => "ping-timer-rem", + server => "server1"; + "persist-tun server1": + key => "persist-tun", + server => "server1"; + "persist-key server1": + key => "persist-key", + server => "server1"; + "proto server1": + key => "proto", + value => "tcp-server", + server => "server1"; + "cipher server1": + key => "cipher", + value => "BF-CBC", + server => "server1"; + "local server1": + key => "local", + value => $ipaddress, + server => "server1"; + "tls-server server1": + key => "tls-server", + server => "server1"; + "server server1": + key => "server", + value => "10.10.10.0 255.255.255.0", + server => "server1"; + "lport server1": + key => "lport", + value => "1194", + server => "server1"; + "management server1": + key => "management", + value => "/var/run/openvpn-server1.sock unix", + server => "server1"; + "comp-lzo server1": + key => "comp-lzo", + server => "server1"; + "topology server1": + key => "topology", + value => "subnet", + server => "server1"; + "client-to-client server1": + key => "client-to-client", + server => "server1"; + } -node 'default' { - notify {'Please specify a host in site.pp!':} } -- cgit v1.2.3 From 72987f7f86bd322e8ea68ff2633c76a29c6c2f95 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 12:14:06 +0200 Subject: more openvpn config testing --- puppet/manifests/site.pp | 74 +++++++++++++++++++++++++----------------------- 1 file changed, 38 insertions(+), 36 deletions(-) diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 890d2623..de551aed 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,8 +1,10 @@ node 'default' { notify {'Please specify a host in site.pp!':} + $openvpn_server='cougar.leap.se' + openvpn::server { - 'cougar.leap.se': + "$openvpn_server": country => 'TR', province => 'Ankara', city => 'Ankara', @@ -14,67 +16,67 @@ node 'default' { openvpn::option { - "dev server1": + "dev $openvpn_server": key => "dev", value => "tun0", - server => "server1"; - "script-security server1": + server => "$openvpn_server"; + "script-security $openvpn_server": key => "script-security", value => "3", - server => "server1"; - "daemon server1": + server => "$openvpn_server"; + "daemon $openvpn_server": key => "daemon", - server => "server1"; - "keepalive server1": + server => "$openvpn_server"; + "keepalive $openvpn_server": key => "keepalive", value => "10 60", - server => "server1"; - "ping-timer-rem server1": + server => "$openvpn_server"; + "ping-timer-rem $openvpn_server": key => "ping-timer-rem", - server => "server1"; - "persist-tun server1": + server => "$openvpn_server"; + "persist-tun $openvpn_server": key => "persist-tun", - server => "server1"; - "persist-key server1": + server => "$openvpn_server"; + "persist-key $openvpn_server": key => "persist-key", - server => "server1"; - "proto server1": + server => "$openvpn_server"; + "proto $openvpn_server": key => "proto", value => "tcp-server", - server => "server1"; - "cipher server1": + server => "$openvpn_server"; + "cipher $openvpn_server": key => "cipher", value => "BF-CBC", - server => "server1"; - "local server1": + server => "$openvpn_server"; + "local $openvpn_server": key => "local", value => $ipaddress, - server => "server1"; - "tls-server server1": + server => "$openvpn_server"; + "tls-server $openvpn_server": key => "tls-server", - server => "server1"; - "server server1": + server => "$openvpn_server"; + "server $openvpn_server": key => "server", value => "10.10.10.0 255.255.255.0", - server => "server1"; - "lport server1": + server => "$openvpn_server"; + "lport $openvpn_server": key => "lport", value => "1194", - server => "server1"; - "management server1": + server => "$openvpn_server"; + "management $openvpn_server": key => "management", - value => "/var/run/openvpn-server1.sock unix", - server => "server1"; - "comp-lzo server1": + value => "/var/run/openvpn-$openvpn_server.sock unix", + server => "$openvpn_server"; + "comp-lzo $openvpn_server": key => "comp-lzo", - server => "server1"; - "topology server1": + server => "$openvpn_server"; + "topology $openvpn_server": key => "topology", value => "subnet", - server => "server1"; - "client-to-client server1": + server => "$openvpn_server"; + "client-to-client $openvpn_server": key => "client-to-client", - server => "server1"; + server => "$openvpn_server"; } } -- cgit v1.2.3 From 81812a5f631d40b83f862de3da30e2e0b4e2efaa Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 14:20:56 +0200 Subject: initial README --- README | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 README diff --git a/README b/README new file mode 100644 index 00000000..aae48d73 --- /dev/null +++ b/README @@ -0,0 +1,6 @@ +... + +Installation +------------ + +- Run the deploy.sh script as root -- cgit v1.2.3 From 45c8d3fb727e00ac2a9de3a9fc83f4500b981d55 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 14:23:17 +0200 Subject: install ruby-hiera-puppet --- deploy.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/deploy.sh b/deploy.sh index 441a1128..fd109c13 100755 --- a/deploy.sh +++ b/deploy.sh @@ -7,9 +7,19 @@ apt-get install lsb-release git # we need puppet from backports dist="`lsb_release -cs`" + +# enable backports for puppet + facter [ -f /etc/apt/sources.list.d/$dist-backports.list ] || echo "deb http://backports.debian.org/debian-backports/ $dist-backports main contrib non-free">/etc/apt/sources.list.d/$dist-backports.list +# enable debian testing for ruby-hiera-puppet +cat > /etc/apt/preferences.d/wheezy < Date: Fri, 7 Sep 2012 12:49:38 +0200 Subject: main hiera config --- puppet/hiera.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 puppet/hiera.yaml diff --git a/puppet/hiera.yaml b/puppet/hiera.yaml new file mode 100644 index 00000000..01b0d3b8 --- /dev/null +++ b/puppet/hiera.yaml @@ -0,0 +1,16 @@ +--- +:backends: + - yaml + - puppet + +:logger: console + +:hierarchy: + - "%{location}" + - common + +:yaml: + :datadir: /etc/leap/hieradata + +:puppet: + :datasource: data -- cgit v1.2.3 From ed2a625dd431233ca8813daab144b949b72c0402 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 7 Sep 2012 12:58:48 +0200 Subject: working on deploy.sh --- deploy.sh | 36 ++++++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/deploy.sh b/deploy.sh index fd109c13..e6a6c7ea 100755 --- a/deploy.sh +++ b/deploy.sh @@ -1,25 +1,37 @@ -#!/bin/sh +#!/bin/sh -x # # missing: header, licence, usage -apt-get install lsb-release git +install_packages () +{ + apt-get install lsb-release git -# we need puppet from backports -dist="`lsb_release -cs`" + # we need puppet from backports + dist="`lsb_release -cs`" -# enable backports for puppet + facter -[ -f /etc/apt/sources.list.d/$dist-backports.list ] || echo "deb http://backports.debian.org/debian-backports/ $dist-backports main contrib non-free">/etc/apt/sources.list.d/$dist-backports.list + # enable backports for puppet + facter + [ -f /etc/apt/sources.list.d/$dist-backports.list ] || echo "deb http://backports.debian.org/debian-backports/ $dist-backports main contrib non-free">/etc/apt/sources.list.d/$dist-backports.list -# enable debian testing for ruby-hiera-puppet -cat > /etc/apt/preferences.d/wheezy < /etc/apt/preferences.d/wheezy < Date: Fri, 7 Sep 2012 12:59:28 +0200 Subject: extending README --- README | 1 + 1 file changed, 1 insertion(+) diff --git a/README b/README index aae48d73..73f219a1 100644 --- a/README +++ b/README @@ -3,4 +3,5 @@ Installation ------------ +- Edit /etc/leap/hieradata/common.yaml for your needs - Run the deploy.sh script as root -- cgit v1.2.3 From cc435b580fc5cc45d99aa4d17e81f951197b837d Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 7 Sep 2012 13:04:19 +0200 Subject: provide common.yaml.example --- common.yaml.example | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 common.yaml.example diff --git a/common.yaml.example b/common.yaml.example new file mode 100644 index 00000000..4065f215 --- /dev/null +++ b/common.yaml.example @@ -0,0 +1,7 @@ +--- +country: TR +province: Ankara +city: Ankara +organization: leap.se +email: sysdev@leap.se + -- cgit v1.2.3 From bdfcfbb8702748ab013190b0116735fe56f7531e Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 7 Sep 2012 13:06:00 +0200 Subject: use hiere for openvpn CA --- puppet/manifests/site.pp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index de551aed..0d1f426d 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,15 +1,15 @@ node 'default' { notify {'Please specify a host in site.pp!':} - $openvpn_server='cougar.leap.se' + $openvpn_server=$::fqdn openvpn::server { "$openvpn_server": - country => 'TR', - province => 'Ankara', - city => 'Ankara', - organization => 'leap.se', - email => 'sysdev@leap.se'; + country => hiera("country"), + province => hiera("province"), + city => hiera("city"), + organization => hiera("organization"), + email => hiera("email"); } # configure server -- cgit v1.2.3 From c255a6a8772684397f545a560119428ac44993ca Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 20 Sep 2012 11:49:00 +0200 Subject: use relative path, hieradata outline --- puppet/hiera.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/puppet/hiera.yaml b/puppet/hiera.yaml index 01b0d3b8..76584ad1 100644 --- a/puppet/hiera.yaml +++ b/puppet/hiera.yaml @@ -6,11 +6,14 @@ :logger: console :hierarchy: - - "%{location}" - - common + - hosts/%{fqdn} + - services/%{service} + - defaults +# relative from where puppet is run, so we need to run puppet +# from the root dir of the leap_platform repo :yaml: - :datadir: /etc/leap/hieradata + :datadir: config :puppet: :datasource: data -- cgit v1.2.3 From 33ed5aadaa9080d8c424a9b626cbf7fb9422dedc Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 20 Sep 2012 11:49:24 +0200 Subject: config dir --- config/defaults.yaml | 2 ++ config/hosts/cougar.leap.se.yaml | 4 ++++ config/hosts/rocinante.bitrigger.de.yaml | 5 +++++ config/services/eip.yaml | 5 +++++ 4 files changed, 16 insertions(+) create mode 100644 config/defaults.yaml create mode 100644 config/hosts/cougar.leap.se.yaml create mode 100644 config/hosts/rocinante.bitrigger.de.yaml create mode 100644 config/services/eip.yaml diff --git a/config/defaults.yaml b/config/defaults.yaml new file mode 100644 index 00000000..3126c897 --- /dev/null +++ b/config/defaults.yaml @@ -0,0 +1,2 @@ +--- +testpw: secret diff --git a/config/hosts/cougar.leap.se.yaml b/config/hosts/cougar.leap.se.yaml new file mode 100644 index 00000000..ebd58979 --- /dev/null +++ b/config/hosts/cougar.leap.se.yaml @@ -0,0 +1,4 @@ +--- +openvpn_ports: - 999 + - 1000 +tor: true diff --git a/config/hosts/rocinante.bitrigger.de.yaml b/config/hosts/rocinante.bitrigger.de.yaml new file mode 100644 index 00000000..e83c802a --- /dev/null +++ b/config/hosts/rocinante.bitrigger.de.yaml @@ -0,0 +1,5 @@ +--- +# varac's local machine +openvpn_ports: - 1 + - 2 +tor: true diff --git a/config/services/eip.yaml b/config/services/eip.yaml new file mode 100644 index 00000000..d8ac5a4f --- /dev/null +++ b/config/services/eip.yaml @@ -0,0 +1,5 @@ +--- +openvpn_ports: - 80 + - 443 + - 1194 +tor: false -- cgit v1.2.3 From 429944efaac25766a5999966d8f52f74a0e0292b Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 20 Sep 2012 11:49:52 +0200 Subject: using class site_openvpn --- puppet/manifests/site.pp | 86 ++++-------------------------------------------- 1 file changed, 7 insertions(+), 79 deletions(-) diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 0d1f426d..1bfc730e 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,82 +1,10 @@ node 'default' { - notify {'Please specify a host in site.pp!':} - - $openvpn_server=$::fqdn - - openvpn::server { - "$openvpn_server": - country => hiera("country"), - province => hiera("province"), - city => hiera("city"), - organization => hiera("organization"), - email => hiera("email"); - } - -# configure server - - - openvpn::option { - "dev $openvpn_server": - key => "dev", - value => "tun0", - server => "$openvpn_server"; - "script-security $openvpn_server": - key => "script-security", - value => "3", - server => "$openvpn_server"; - "daemon $openvpn_server": - key => "daemon", - server => "$openvpn_server"; - "keepalive $openvpn_server": - key => "keepalive", - value => "10 60", - server => "$openvpn_server"; - "ping-timer-rem $openvpn_server": - key => "ping-timer-rem", - server => "$openvpn_server"; - "persist-tun $openvpn_server": - key => "persist-tun", - server => "$openvpn_server"; - "persist-key $openvpn_server": - key => "persist-key", - server => "$openvpn_server"; - "proto $openvpn_server": - key => "proto", - value => "tcp-server", - server => "$openvpn_server"; - "cipher $openvpn_server": - key => "cipher", - value => "BF-CBC", - server => "$openvpn_server"; - "local $openvpn_server": - key => "local", - value => $ipaddress, - server => "$openvpn_server"; - "tls-server $openvpn_server": - key => "tls-server", - server => "$openvpn_server"; - "server $openvpn_server": - key => "server", - value => "10.10.10.0 255.255.255.0", - server => "$openvpn_server"; - "lport $openvpn_server": - key => "lport", - value => "1194", - server => "$openvpn_server"; - "management $openvpn_server": - key => "management", - value => "/var/run/openvpn-$openvpn_server.sock unix", - server => "$openvpn_server"; - "comp-lzo $openvpn_server": - key => "comp-lzo", - server => "$openvpn_server"; - "topology $openvpn_server": - key => "topology", - value => "subnet", - server => "$openvpn_server"; - "client-to-client $openvpn_server": - key => "client-to-client", - server => "$openvpn_server"; - } + $service='eip' + $password=hiera('testpw') + $openvpn_ports=hiera_array('openvpn_ports') + $tor=hiera('tor') + notify {"Password: $password":} + notify {"Openvpn Config for $fqdn: openvpn_ports=$openvpn_ports, tor=$tor":} + #include site_openvpn } -- cgit v1.2.3 From 075d6fb40ddaace0442a8d5ba9396c9f1849bddc Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 20 Sep 2012 11:50:22 +0200 Subject: beginning of site_openvpn --- puppet/modules/site_openvpn/manifests/init.pp | 81 +++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 puppet/modules/site_openvpn/manifests/init.pp diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp new file mode 100644 index 00000000..3d753af9 --- /dev/null +++ b/puppet/modules/site_openvpn/manifests/init.pp @@ -0,0 +1,81 @@ +class site_openvpn { + + $openvpn_server=$::fqdn + + openvpn::server { + $openvpn_server: + country => hiera("country"), + province => hiera("province"), + city => hiera("city"), + organization => hiera("organization"), + email => hiera("email"); + } + +# configure server + + + openvpn::option { + "dev $openvpn_server": + key => "dev", + value => "tun0", + server => "$openvpn_server"; + "script-security $openvpn_server": + key => "script-security", + value => "3", + server => "$openvpn_server"; + "daemon $openvpn_server": + key => "daemon", + server => "$openvpn_server"; + "keepalive $openvpn_server": + key => "keepalive", + value => "10 60", + server => "$openvpn_server"; + "ping-timer-rem $openvpn_server": + key => "ping-timer-rem", + server => "$openvpn_server"; + "persist-tun $openvpn_server": + key => "persist-tun", + server => "$openvpn_server"; + "persist-key $openvpn_server": + key => "persist-key", + server => "$openvpn_server"; + "proto $openvpn_server": + key => "proto", + value => "tcp-server", + server => "$openvpn_server"; + "cipher $openvpn_server": + key => "cipher", + value => "BF-CBC", + server => "$openvpn_server"; + "local $openvpn_server": + key => "local", + value => $ipaddress, + server => "$openvpn_server"; + "tls-server $openvpn_server": + key => "tls-server", + server => "$openvpn_server"; + "server $openvpn_server": + key => "server", + value => "10.10.10.0 255.255.255.0", + server => "$openvpn_server"; + "lport $openvpn_server": + key => "lport", + value => "1194", + server => "$openvpn_server"; + "management $openvpn_server": + key => "management", + value => "/var/run/openvpn-$openvpn_server.sock unix", + server => "$openvpn_server"; + "comp-lzo $openvpn_server": + key => "comp-lzo", + server => "$openvpn_server"; + "topology $openvpn_server": + key => "topology", + value => "subnet", + server => "$openvpn_server"; + "client-to-client $openvpn_server": + key => "client-to-client", + server => "$openvpn_server"; + } + +} -- cgit v1.2.3 From 71e3e3cf022db2c83a52414f9c1cd2e3a985b25d Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 20 Sep 2012 12:12:50 +0200 Subject: no need for local configs here --- config/hosts/rocinante.bitrigger.de.yaml | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 config/hosts/rocinante.bitrigger.de.yaml diff --git a/config/hosts/rocinante.bitrigger.de.yaml b/config/hosts/rocinante.bitrigger.de.yaml deleted file mode 100644 index e83c802a..00000000 --- a/config/hosts/rocinante.bitrigger.de.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -# varac's local machine -openvpn_ports: - 1 - - 2 -tor: true -- cgit v1.2.3 From 7ad84a65744250098be1e05ef998f32f5c0a0523 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 20 Sep 2012 12:20:15 +0200 Subject: hierachy levels need to be unambiguous, so we can't use services here, as one host could provide multiple services --- puppet/hiera.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/puppet/hiera.yaml b/puppet/hiera.yaml index 76584ad1..764966a2 100644 --- a/puppet/hiera.yaml +++ b/puppet/hiera.yaml @@ -7,7 +7,7 @@ :hierarchy: - hosts/%{fqdn} - - services/%{service} +# - services/%{service} # that's not possible, as hiera needs _one_ target per hierarchy - defaults # relative from where puppet is run, so we need to run puppet -- cgit v1.2.3 From 5c7ce0a1c90ab1c0844369882f7fcdb6ff05c16d Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 20 Sep 2012 13:39:00 +0200 Subject: new config layout --- config/defaults.yaml | 1 + config/eip/cougar.leap.se.yaml | 5 +++++ config/eip/defaults.yml | 7 +++++++ config/hosts/cougar.leap.se.yaml | 6 +++--- config/services/eip.yaml | 5 ----- puppet/hiera.yaml | 5 ++++- 6 files changed, 20 insertions(+), 9 deletions(-) create mode 100644 config/eip/cougar.leap.se.yaml create mode 100644 config/eip/defaults.yml delete mode 100644 config/services/eip.yaml diff --git a/config/defaults.yaml b/config/defaults.yaml index 3126c897..17fa03bf 100644 --- a/config/defaults.yaml +++ b/config/defaults.yaml @@ -1,2 +1,3 @@ --- testpw: secret +services: - diff --git a/config/eip/cougar.leap.se.yaml b/config/eip/cougar.leap.se.yaml new file mode 100644 index 00000000..39926616 --- /dev/null +++ b/config/eip/cougar.leap.se.yaml @@ -0,0 +1,5 @@ +--- +openvpn_ports: - 80 + - 443 + - 1194 +tor: 'true' diff --git a/config/eip/defaults.yml b/config/eip/defaults.yml new file mode 100644 index 00000000..7be713b5 --- /dev/null +++ b/config/eip/defaults.yml @@ -0,0 +1,7 @@ +--- + +# make shure 'false' is quoted +tor: 'false' +openvpn_ports: - 80 + - 443 + - 1194 diff --git a/config/hosts/cougar.leap.se.yaml b/config/hosts/cougar.leap.se.yaml index ebd58979..312d0141 100644 --- a/config/hosts/cougar.leap.se.yaml +++ b/config/hosts/cougar.leap.se.yaml @@ -1,4 +1,4 @@ --- -openvpn_ports: - 999 - - 1000 -tor: true +# varac's local machine +services: - eip + - couchdb diff --git a/config/services/eip.yaml b/config/services/eip.yaml deleted file mode 100644 index d8ac5a4f..00000000 --- a/config/services/eip.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -openvpn_ports: - 80 - - 443 - - 1194 -tor: false diff --git a/puppet/hiera.yaml b/puppet/hiera.yaml index 764966a2..66efa299 100644 --- a/puppet/hiera.yaml +++ b/puppet/hiera.yaml @@ -7,7 +7,10 @@ :hierarchy: - hosts/%{fqdn} -# - services/%{service} # that's not possible, as hiera needs _one_ target per hierarchy + - ca/%{fqdn} + - ca/defaults + - eip/%{fqdn} + - eip/defaults - defaults # relative from where puppet is run, so we need to run puppet -- cgit v1.2.3 From 764ae6f21a8a54af78b29fc14876af36e2dd4651 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 20 Sep 2012 13:39:23 +0200 Subject: parse new config layout --- puppet/manifests/site.pp | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 1bfc730e..bb29e393 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,10 +1,22 @@ +define print() { + notice("The value is: '${name}'") +} + + node 'default' { - $service='eip' - $password=hiera('testpw') - $openvpn_ports=hiera_array('openvpn_ports') - $tor=hiera('tor') - notify {"Password: $password":} - notify {"Openvpn Config for $fqdn: openvpn_ports=$openvpn_ports, tor=$tor":} - #include site_openvpn + #$password=hiera('testpw') + #notify {"Password: $password":} + + $services=hiera_array('services') + notice("Services for $fqdn: $services") + + if 'eip' in $services { + $openvpn_ports=hiera_array('openvpn_ports') + $tor=hiera('tor') + notice("Openvpn Config for $fqdn: openvpn_ports=$openvpn_ports, tor=$tor") + print{$openvpn_ports:} + #include site_openvpn + } + } -- cgit v1.2.3 From 0c828109f9e9e70c817e5125473c9c561495ac57 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 20 Sep 2012 13:52:33 +0200 Subject: as we have the configuration inside the repo now, no need to provide an common.yaml.example --- common.yaml.example | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 common.yaml.example diff --git a/common.yaml.example b/common.yaml.example deleted file mode 100644 index 4065f215..00000000 --- a/common.yaml.example +++ /dev/null @@ -1,7 +0,0 @@ ---- -country: TR -province: Ankara -city: Ankara -organization: leap.se -email: sysdev@leap.se - -- cgit v1.2.3 From 1a0d1907b303c2ab1e8da2a26e061e8a7327241e Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 20 Sep 2012 13:58:03 +0200 Subject: just a comment --- puppet/hiera.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/puppet/hiera.yaml b/puppet/hiera.yaml index 66efa299..a992c057 100644 --- a/puppet/hiera.yaml +++ b/puppet/hiera.yaml @@ -11,6 +11,7 @@ - ca/defaults - eip/%{fqdn} - eip/defaults +# more services following - defaults # relative from where puppet is run, so we need to run puppet -- cgit v1.2.3 From 75e57c74d5aa0595e02435ca4de15b9df1cc6002 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 21 Sep 2012 12:45:36 +0200 Subject: parsing of hiera config hash works --- config/eip/cougar.leap.se.yaml | 12 ++++++++---- config/eip/defaults.yml | 5 +---- config/hosts/cougar.leap.se.yaml | 1 - puppet/manifests/site.pp | 21 +++++++++++++-------- 4 files changed, 22 insertions(+), 17 deletions(-) diff --git a/config/eip/cougar.leap.se.yaml b/config/eip/cougar.leap.se.yaml index 39926616..d98787d0 100644 --- a/config/eip/cougar.leap.se.yaml +++ b/config/eip/cougar.leap.se.yaml @@ -1,5 +1,9 @@ --- -openvpn_ports: - 80 - - 443 - - 1194 -tor: 'true' +openvpn: + port80_tcp: + port: 80 + protocol: tcp + port1194_udp: + port: 1194 + protocol: udp +tor: 'false' diff --git a/config/eip/defaults.yml b/config/eip/defaults.yml index 7be713b5..fab63a5c 100644 --- a/config/eip/defaults.yml +++ b/config/eip/defaults.yml @@ -1,7 +1,4 @@ --- - # make shure 'false' is quoted tor: 'false' -openvpn_ports: - 80 - - 443 - - 1194 +openvpn: diff --git a/config/hosts/cougar.leap.se.yaml b/config/hosts/cougar.leap.se.yaml index 312d0141..5cf37bb1 100644 --- a/config/hosts/cougar.leap.se.yaml +++ b/config/hosts/cougar.leap.se.yaml @@ -1,4 +1,3 @@ --- -# varac's local machine services: - eip - couchdb diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index bb29e393..abb81511 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,7 +1,15 @@ define print() { - notice("The value is: '${name}'") + notice("The value is: '${name}'") +} + +define create_openvpn_config($port, $protocol) { + $openvpn_configname=$name + notice("Creating OpenVPN $openvpn_configname: + Port: $port, Protocol: $protocol") + # ... + #include site_openvpn + } - node 'default' { #$password=hiera('testpw') @@ -11,12 +19,9 @@ node 'default' { notice("Services for $fqdn: $services") if 'eip' in $services { - $openvpn_ports=hiera_array('openvpn_ports') + $openvpn=hiera('openvpn') $tor=hiera('tor') - notice("Openvpn Config for $fqdn: openvpn_ports=$openvpn_ports, tor=$tor") - print{$openvpn_ports:} - #include site_openvpn + notice("Tor enabled: $tor") + create_resources('create_openvpn_config', $openvpn) } - - } -- cgit v1.2.3 From 1c5eb8a64426c93d8118acac52870a6a95f73010 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 21 Sep 2012 15:03:08 +0200 Subject: oved things around --- puppet/manifests/site.pp | 18 ++--- puppet/modules/site_openvpn/manifests/init.pp | 79 -------------------- .../site_openvpn/manifests/server_config.pp | 84 ++++++++++++++++++++++ 3 files changed, 89 insertions(+), 92 deletions(-) create mode 100644 puppet/modules/site_openvpn/manifests/server_config.pp diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index abb81511..98e683af 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -2,26 +2,18 @@ define print() { notice("The value is: '${name}'") } -define create_openvpn_config($port, $protocol) { - $openvpn_configname=$name - notice("Creating OpenVPN $openvpn_configname: - Port: $port, Protocol: $protocol") - # ... - #include site_openvpn - -} - node 'default' { - #$password=hiera('testpw') - #notify {"Password: $password":} + $concat_basedir = '/var/lib/puppet/modules/concat' + include concat::setup $services=hiera_array('services') notice("Services for $fqdn: $services") if 'eip' in $services { - $openvpn=hiera('openvpn') $tor=hiera('tor') notice("Tor enabled: $tor") - create_resources('create_openvpn_config', $openvpn) + + $openvpn_config=hiera('openvpn') + create_resources('site_openvpn::server_config', $openvpn_config) } } diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp index 3d753af9..7d63d569 100644 --- a/puppet/modules/site_openvpn/manifests/init.pp +++ b/puppet/modules/site_openvpn/manifests/init.pp @@ -1,81 +1,2 @@ class site_openvpn { - - $openvpn_server=$::fqdn - - openvpn::server { - $openvpn_server: - country => hiera("country"), - province => hiera("province"), - city => hiera("city"), - organization => hiera("organization"), - email => hiera("email"); - } - -# configure server - - - openvpn::option { - "dev $openvpn_server": - key => "dev", - value => "tun0", - server => "$openvpn_server"; - "script-security $openvpn_server": - key => "script-security", - value => "3", - server => "$openvpn_server"; - "daemon $openvpn_server": - key => "daemon", - server => "$openvpn_server"; - "keepalive $openvpn_server": - key => "keepalive", - value => "10 60", - server => "$openvpn_server"; - "ping-timer-rem $openvpn_server": - key => "ping-timer-rem", - server => "$openvpn_server"; - "persist-tun $openvpn_server": - key => "persist-tun", - server => "$openvpn_server"; - "persist-key $openvpn_server": - key => "persist-key", - server => "$openvpn_server"; - "proto $openvpn_server": - key => "proto", - value => "tcp-server", - server => "$openvpn_server"; - "cipher $openvpn_server": - key => "cipher", - value => "BF-CBC", - server => "$openvpn_server"; - "local $openvpn_server": - key => "local", - value => $ipaddress, - server => "$openvpn_server"; - "tls-server $openvpn_server": - key => "tls-server", - server => "$openvpn_server"; - "server $openvpn_server": - key => "server", - value => "10.10.10.0 255.255.255.0", - server => "$openvpn_server"; - "lport $openvpn_server": - key => "lport", - value => "1194", - server => "$openvpn_server"; - "management $openvpn_server": - key => "management", - value => "/var/run/openvpn-$openvpn_server.sock unix", - server => "$openvpn_server"; - "comp-lzo $openvpn_server": - key => "comp-lzo", - server => "$openvpn_server"; - "topology $openvpn_server": - key => "topology", - value => "subnet", - server => "$openvpn_server"; - "client-to-client $openvpn_server": - key => "client-to-client", - server => "$openvpn_server"; - } - } diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp new file mode 100644 index 00000000..e0e8db4f --- /dev/null +++ b/puppet/modules/site_openvpn/manifests/server_config.pp @@ -0,0 +1,84 @@ +define site_openvpn::server_config($port, $protocol) { + $openvpn_configname=$name + notice("Creating OpenVPN $openvpn_configname: + Port: $port, Protocol: $protocol") + + $openvpn_server=$::fqdn + # we don't need a ca generated + #openvpn::server { + # $openvpn_configname: + # country => hiera("country"), + # province => hiera("province"), + # city => hiera("city"), + # organization => hiera("organization"), + # email => hiera("email"); + #} + + # configure server + # all config options need to be "hieraized" + + openvpn::option { + "dev $openvpn_configname": + key => "dev", + value => "tun", + server => "$openvpn_server"; + "script-security $openvpn_configname": + key => "script-security", + value => "3", + server => "$openvpn_server"; + "daemon $openvpn_configname": + key => "daemon", + server => "$openvpn_server"; + "keepalive $openvpn_configname": + key => "keepalive", + value => "10 60", + server => "$openvpn_server"; + "ping-timer-rem $openvpn_configname": + key => "ping-timer-rem", + server => "$openvpn_server"; + "persist-tun $openvpn_configname": + key => "persist-tun", + server => "$openvpn_server"; + "persist-key $openvpn_configname": + key => "persist-key", + server => "$openvpn_server"; + "proto $openvpn_configname": + key => "proto", + value => "$proto", + server => "$openvpn_server"; + "cipher $openvpn_configname": + key => "cipher", + value => "BF-CBC", + server => "$openvpn_server"; + "local $openvpn_configname": + key => "local", + value => $ipaddress, + server => "$openvpn_server"; + "tls-server $openvpn_configname": + key => "tls-server", + server => "$openvpn_server"; + "server $openvpn_configname": + key => "server", + value => "$server", + server => "$openvpn_server"; + "lport $openvpn_configname": + key => "lport", + value => "$port", + server => "$openvpn_server"; + "management $openvpn_configname": + key => "management", + value => "/var/run/openvpn-$openvpn_configname.sock unix", + server => "$openvpn_server"; + "comp-lzo $openvpn_configname": + key => "comp-lzo", + server => "$openvpn_server"; + "topology $openvpn_configname": + key => "topology", + value => "subnet", + server => "$openvpn_server"; + "client-to-client $openvpn_configname": + key => "client-to-client", + server => "$openvpn_server"; + } + +} -- cgit v1.2.3 From 276de1e249b25e5e00c49229132215681aee6467 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 21 Sep 2012 20:26:20 +0200 Subject: basic configuration for openvpn server files --- config/eip/cougar.leap.se.yaml | 7 +- puppet/manifests/site.pp | 13 ++- puppet/modules/site_openvpn/manifests/init.pp | 41 +++++++++ .../site_openvpn/manifests/server_config.pp | 100 +++++++++++++-------- 4 files changed, 115 insertions(+), 46 deletions(-) diff --git a/config/eip/cougar.leap.se.yaml b/config/eip/cougar.leap.se.yaml index d98787d0..fd83d48e 100644 --- a/config/eip/cougar.leap.se.yaml +++ b/config/eip/cougar.leap.se.yaml @@ -1,9 +1,10 @@ --- -openvpn: +openvpn_server_configs: port80_tcp: port: 80 - protocol: tcp + proto: tcp-server port1194_udp: port: 1194 - protocol: udp + proto: udp + tor: 'false' diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 98e683af..f7b7303f 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,19 +1,18 @@ -define print() { - notice("The value is: '${name}'") -} - node 'default' { - $concat_basedir = '/var/lib/puppet/modules/concat' + # $concat_basedir = '/var/lib/puppet/modules/concat' # do we need this ? include concat::setup $services=hiera_array('services') notice("Services for $fqdn: $services") if 'eip' in $services { + include site_openvpn + $tor=hiera('tor') notice("Tor enabled: $tor") - $openvpn_config=hiera('openvpn') - create_resources('site_openvpn::server_config', $openvpn_config) + $openvpn_configs=hiera('openvpn_server_configs') + create_resources('site_openvpn::server_config', $openvpn_configs) + } } diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp index 7d63d569..c83b98c7 100644 --- a/puppet/modules/site_openvpn/manifests/init.pp +++ b/puppet/modules/site_openvpn/manifests/init.pp @@ -1,2 +1,43 @@ class site_openvpn { + package { + "openvpn": + ensure => installed; + } + service { + "openvpn": + ensure => running, + hasrestart => true, + hasstatus => true, + require => Exec["concat_/etc/default/openvpn"]; + } + file { + "/etc/openvpn": + ensure => directory, + require => Package["openvpn"]; + } + + include concat::setup + + concat { + "/etc/default/openvpn": + owner => root, + group => root, + mode => 644, + warn => true, + notify => Service["openvpn"]; + } + + concat::fragment { + "openvpn.default.header": + content => template("openvpn/etc-default-openvpn.erb"), + target => "/etc/default/openvpn", + order => 01; + } + + concat::fragment { + "openvpn.default.autostart.${name}": + content => "AUTOSTART=all", + target => "/etc/default/openvpn", + order => 10; + } } diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp index e0e8db4f..4a130d13 100644 --- a/puppet/modules/site_openvpn/manifests/server_config.pp +++ b/puppet/modules/site_openvpn/manifests/server_config.pp @@ -1,84 +1,112 @@ -define site_openvpn::server_config($port, $protocol) { +define site_openvpn::server_config($port, $proto) { $openvpn_configname=$name notice("Creating OpenVPN $openvpn_configname: - Port: $port, Protocol: $protocol") + Port: $port, Protocol: $proto") + + file { + "/etc/openvpn/${name}": + ensure => directory, + require => Package["openvpn"]; + } + + concat { + "/etc/openvpn/${openvpn_configname}.conf": + owner => root, + group => root, + mode => 644, + warn => true, + require => File["/etc/openvpn"], + notify => Service["openvpn"]; + } - $openvpn_server=$::fqdn - # we don't need a ca generated - #openvpn::server { - # $openvpn_configname: - # country => hiera("country"), - # province => hiera("province"), - # city => hiera("city"), - # organization => hiera("organization"), - # email => hiera("email"); - #} - # configure server - # all config options need to be "hieraized" openvpn::option { + "ca ${openvpn_configname}": + key => "ca", + value => "/etc/openvpn/ca.crt", + #require => Exec["initca ${openvpn_configname}"], + server => "${openvpn_configname}"; + "cert ${openvpn_configname}": + key => "cert", + value => "/etc/openvpn/${openvpn_configname}/server.crt", + #require => Exec["generate server cert ${openvpn_configname}"], + server => "${openvpn_configname}"; + "key ${openvpn_configname}": + key => "key", + value => "/etc/openvpn/${openvpn_configname}/server.key", + #require => Exec["generate server cert ${openvpn_configname}"], + server => "${openvpn_configname}"; + "dh ${openvpn_configname}": + key => "dh", + value => "/etc/openvpn/dh1024.pem", + #require => Exec["generate dh param ${openvpn_configname}"], + server => "${openvpn_configname}"; "dev $openvpn_configname": key => "dev", value => "tun", - server => "$openvpn_server"; + server => "$openvpn_configname"; + "mode ${openvpn_configname}": + key => 'mode', + value => 'server', + server => $openvpn_configname; "script-security $openvpn_configname": key => "script-security", value => "3", - server => "$openvpn_server"; + server => "$openvpn_configname"; "daemon $openvpn_configname": key => "daemon", - server => "$openvpn_server"; + server => "$openvpn_configname"; "keepalive $openvpn_configname": key => "keepalive", value => "10 60", - server => "$openvpn_server"; + server => "$openvpn_configname"; "ping-timer-rem $openvpn_configname": key => "ping-timer-rem", - server => "$openvpn_server"; + server => "$openvpn_configname"; "persist-tun $openvpn_configname": key => "persist-tun", - server => "$openvpn_server"; + server => "$openvpn_configname"; "persist-key $openvpn_configname": key => "persist-key", - server => "$openvpn_server"; + server => "$openvpn_configname"; "proto $openvpn_configname": key => "proto", value => "$proto", - server => "$openvpn_server"; + server => "$openvpn_configname"; "cipher $openvpn_configname": key => "cipher", value => "BF-CBC", - server => "$openvpn_server"; + server => "$openvpn_configname"; "local $openvpn_configname": key => "local", value => $ipaddress, - server => "$openvpn_server"; + server => "$openvpn_configname"; "tls-server $openvpn_configname": key => "tls-server", - server => "$openvpn_server"; - "server $openvpn_configname": - key => "server", - value => "$server", - server => "$openvpn_server"; + server => "$openvpn_configname"; + #"server $openvpn_configname": + # key => "server", + # value => "$server", + # server => "$openvpn_configname"; "lport $openvpn_configname": key => "lport", value => "$port", - server => "$openvpn_server"; + server => "$openvpn_configname"; "management $openvpn_configname": key => "management", value => "/var/run/openvpn-$openvpn_configname.sock unix", - server => "$openvpn_server"; + server => "$openvpn_configname"; "comp-lzo $openvpn_configname": key => "comp-lzo", - server => "$openvpn_server"; + server => "$openvpn_configname"; "topology $openvpn_configname": key => "topology", value => "subnet", - server => "$openvpn_server"; - "client-to-client $openvpn_configname": - key => "client-to-client", - server => "$openvpn_server"; + server => "$openvpn_configname"; + #"client-to-client $openvpn_configname": + # key => "client-to-client", + # server => "$openvpn_configname"; } } -- cgit v1.2.3 From f6ab238512364ea640dc46e35590d5a5d5de51f3 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 11:55:35 +0200 Subject: added submodule concat --- .gitmodules | 3 +++ puppet/modules/concat | 1 + 2 files changed, 4 insertions(+) create mode 160000 puppet/modules/concat diff --git a/.gitmodules b/.gitmodules index a1a8c588..f84f173e 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,6 @@ [submodule "puppet/modules/openvpn"] path = puppet/modules/openvpn url = git://github.com/luxflux/puppet-openvpn.git +[submodule "puppet/modules/concat"] + path = puppet/modules/concat + url = git://code.leap.se/puppet_concat diff --git a/puppet/modules/concat b/puppet/modules/concat new file mode 160000 index 00000000..abce1280 --- /dev/null +++ b/puppet/modules/concat @@ -0,0 +1 @@ +Subproject commit abce1280e07b544d8455f1572dd870bbd2f14892 -- cgit v1.2.3 From 8fb0fcd72bdb357942d5e9adc2092e78ce6e1ee0 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 23 Sep 2012 16:06:56 +0200 Subject: added submodule sshd --- .gitmodules | 3 +++ puppet/modules/sshd | 1 + 2 files changed, 4 insertions(+) create mode 160000 puppet/modules/sshd diff --git a/.gitmodules b/.gitmodules index f84f173e..a7781983 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,3 +4,6 @@ [submodule "puppet/modules/concat"] path = puppet/modules/concat url = git://code.leap.se/puppet_concat +[submodule "puppet/modules/sshd"] + path = puppet/modules/sshd + url = git://labs.riseup.net/shared-sshd diff --git a/puppet/modules/sshd b/puppet/modules/sshd new file mode 160000 index 00000000..bd2e283a --- /dev/null +++ b/puppet/modules/sshd @@ -0,0 +1 @@ +Subproject commit bd2e283ab59430a7b3194804f1c8da7a9b58f8ff -- cgit v1.2.3 From 413c306cf95f985d84a782f2f7dbbe795cb05c6c Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 23 Sep 2012 16:37:02 +0200 Subject: renamed eip/defaults.yml -> eip/defaults.yaml --- config/eip/defaults.yaml | 4 ++++ config/eip/defaults.yml | 4 ---- 2 files changed, 4 insertions(+), 4 deletions(-) create mode 100644 config/eip/defaults.yaml delete mode 100644 config/eip/defaults.yml diff --git a/config/eip/defaults.yaml b/config/eip/defaults.yaml new file mode 100644 index 00000000..250f741c --- /dev/null +++ b/config/eip/defaults.yaml @@ -0,0 +1,4 @@ +--- +# make shure 'false' is quoted +tor: 'false' +openvpn_server_configs: diff --git a/config/eip/defaults.yml b/config/eip/defaults.yml deleted file mode 100644 index fab63a5c..00000000 --- a/config/eip/defaults.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# make shure 'false' is quoted -tor: 'false' -openvpn: -- cgit v1.2.3 From 42b7b1c0568ce7f0f4a38745acc5363a0b676dd2 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 23 Sep 2012 16:37:31 +0200 Subject: towards ssh-keys --- config/defaults.yaml | 2 +- config/eip/cougar.leap.se.yaml | 2 +- config/eip/defaults.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/defaults.yaml b/config/defaults.yaml index 17fa03bf..489975b2 100644 --- a/config/defaults.yaml +++ b/config/defaults.yaml @@ -1,3 +1,3 @@ --- testpw: secret -services: - +ssh-keys: - diff --git a/config/eip/cougar.leap.se.yaml b/config/eip/cougar.leap.se.yaml index fd83d48e..2bbd71e0 100644 --- a/config/eip/cougar.leap.se.yaml +++ b/config/eip/cougar.leap.se.yaml @@ -7,4 +7,4 @@ openvpn_server_configs: port: 1194 proto: udp -tor: 'false' +#tor: 'false' diff --git a/config/eip/defaults.yaml b/config/eip/defaults.yaml index 250f741c..0938e655 100644 --- a/config/eip/defaults.yaml +++ b/config/eip/defaults.yaml @@ -1,4 +1,4 @@ --- # make shure 'false' is quoted tor: 'false' -openvpn_server_configs: +openvpn_server_configs: - -- cgit v1.2.3 From 1dba92e9a2d71b7a1259ecb5f627e57e1a8fc7b8 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 23 Sep 2012 19:01:54 +0200 Subject: beginning of site_sshd --- puppet/modules/site_sshd/manifests/init.pp | 1 + puppet/modules/site_sshd/manifests/ssh_key.pp | 3 +++ 2 files changed, 4 insertions(+) create mode 100644 puppet/modules/site_sshd/manifests/init.pp create mode 100644 puppet/modules/site_sshd/manifests/ssh_key.pp diff --git a/puppet/modules/site_sshd/manifests/init.pp b/puppet/modules/site_sshd/manifests/init.pp new file mode 100644 index 00000000..630e9bdf --- /dev/null +++ b/puppet/modules/site_sshd/manifests/init.pp @@ -0,0 +1 @@ +class site_sshd {} diff --git a/puppet/modules/site_sshd/manifests/ssh_key.pp b/puppet/modules/site_sshd/manifests/ssh_key.pp new file mode 100644 index 00000000..b47b2ebd --- /dev/null +++ b/puppet/modules/site_sshd/manifests/ssh_key.pp @@ -0,0 +1,3 @@ +define site_sshd::ssh_key($key) { + # ... todo: deploy ssh_key +} -- cgit v1.2.3 From 8320de2fd5bd8fcb429dfc1b68527a1c39a8341f Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 23 Sep 2012 19:02:28 +0200 Subject: reorderd config, include site_sshd --- config/defaults.yaml | 6 +++++- config/eip/defaults.yaml | 1 + puppet/manifests/site.pp | 8 ++++++++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/config/defaults.yaml b/config/defaults.yaml index 489975b2..62f047e3 100644 --- a/config/defaults.yaml +++ b/config/defaults.yaml @@ -1,3 +1,7 @@ --- testpw: secret -ssh-keys: - +services: - none + +ssh_keys: + test_key: + key: ssh-rsa random_noiseAAdABIwAAAGEA3FSyQwBI6Z+nCSjUUk8EEAnnkhXlukKoppND/RRClWz2s5TCzIkd3Ou5+Cyz71X0XmazM3l5WgeErvtIwQMyT1KjNoMhoJMrJnWqQPOt5Q8zWd9qG7PBl9+eiH5qV7NZ diff --git a/config/eip/defaults.yaml b/config/eip/defaults.yaml index 0938e655..29022408 100644 --- a/config/eip/defaults.yaml +++ b/config/eip/defaults.yaml @@ -2,3 +2,4 @@ # make shure 'false' is quoted tor: 'false' openvpn_server_configs: - + diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index f7b7303f..a897de11 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -5,6 +5,14 @@ node 'default' { $services=hiera_array('services') notice("Services for $fqdn: $services") + # configure ssh and inculde ssh-keys + #include sshd + $ssh_keys=hiera_hash('ssh_keys') + include site_sshd + notice($ssh_keys) + create_resources('site_sshd::ssh_key', $ssh_keys) + + if 'eip' in $services { include site_openvpn -- cgit v1.2.3 From 967c231e754d769225e26cbd7b2ad3738bce833b Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 17:36:58 +0200 Subject: added submodule apt --- .gitmodules | 3 +++ puppet/modules/apt | 1 + 2 files changed, 4 insertions(+) create mode 160000 puppet/modules/apt diff --git a/.gitmodules b/.gitmodules index a7781983..c3e82a04 100644 --- a/.gitmodules +++ b/.gitmodules @@ -7,3 +7,6 @@ [submodule "puppet/modules/sshd"] path = puppet/modules/sshd url = git://labs.riseup.net/shared-sshd +[submodule "puppet/modules/apt"] + path = puppet/modules/apt + url = git://code.leap.se/puppet_apt diff --git a/puppet/modules/apt b/puppet/modules/apt new file mode 160000 index 00000000..02bd3269 --- /dev/null +++ b/puppet/modules/apt @@ -0,0 +1 @@ +Subproject commit 02bd3269948f1a3c5a586e581a7fec22da69a2cc -- cgit v1.2.3 From 1b52d7de0f6214ceec879382932968fd07212624 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 17:45:08 +0200 Subject: added submodule lsb --- .gitmodules | 3 +++ puppet/modules/lsb | 1 + 2 files changed, 4 insertions(+) create mode 160000 puppet/modules/lsb diff --git a/.gitmodules b/.gitmodules index c3e82a04..43bd266c 100644 --- a/.gitmodules +++ b/.gitmodules @@ -10,3 +10,6 @@ [submodule "puppet/modules/apt"] path = puppet/modules/apt url = git://code.leap.se/puppet_apt +[submodule "puppet/modules/lsb"] + path = puppet/modules/lsb + url = git://labs.riseup.net/shared-lsb diff --git a/puppet/modules/lsb b/puppet/modules/lsb new file mode 160000 index 00000000..3742c1a0 --- /dev/null +++ b/puppet/modules/lsb @@ -0,0 +1 @@ +Subproject commit 3742c1a00c5602154a81834443ec5b0ca32c4ca0 -- cgit v1.2.3 From 3fc154d5b495338b7cce2971a0fba2c4faef4ee2 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 17:46:03 +0200 Subject: added submodule ntp --- .gitmodules | 3 +++ puppet/modules/ntp | 1 + 2 files changed, 4 insertions(+) create mode 160000 puppet/modules/ntp diff --git a/.gitmodules b/.gitmodules index 43bd266c..583a5e1a 100644 --- a/.gitmodules +++ b/.gitmodules @@ -13,3 +13,6 @@ [submodule "puppet/modules/lsb"] path = puppet/modules/lsb url = git://labs.riseup.net/shared-lsb +[submodule "puppet/modules/ntp"] + path = puppet/modules/ntp + url = git://github.com/puppetlabs/puppetlabs-ntp.git diff --git a/puppet/modules/ntp b/puppet/modules/ntp new file mode 160000 index 00000000..27f2bc72 --- /dev/null +++ b/puppet/modules/ntp @@ -0,0 +1 @@ +Subproject commit 27f2bc72110b1001233eb0907aa07e06cdf33194 -- cgit v1.2.3 From 53dea7cd638ebf8d353d052b2d2185940c2056b9 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 17:54:53 +0200 Subject: added submodule git --- .gitmodules | 3 +++ puppet/modules/git | 1 + 2 files changed, 4 insertions(+) create mode 160000 puppet/modules/git diff --git a/.gitmodules b/.gitmodules index 583a5e1a..52f3d748 100644 --- a/.gitmodules +++ b/.gitmodules @@ -16,3 +16,6 @@ [submodule "puppet/modules/ntp"] path = puppet/modules/ntp url = git://github.com/puppetlabs/puppetlabs-ntp.git +[submodule "puppet/modules/git"] + path = puppet/modules/git + url = git://code.leap.se/puppet_git diff --git a/puppet/modules/git b/puppet/modules/git new file mode 160000 index 00000000..497a1034 --- /dev/null +++ b/puppet/modules/git @@ -0,0 +1 @@ +Subproject commit 497a1034489e0dc3cab5dab2fb0a857785769734 -- cgit v1.2.3 From 914eddd89cbd33383c5b84bfdd063e670b848c09 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 18:32:22 +0200 Subject: cleaned deploy.sh --- deploy.sh | 32 ++++++++------------------------ 1 file changed, 8 insertions(+), 24 deletions(-) diff --git a/deploy.sh b/deploy.sh index e6a6c7ea..6aab1119 100755 --- a/deploy.sh +++ b/deploy.sh @@ -2,36 +2,20 @@ # # missing: header, licence, usage +PUPPET_ENV='--confdir=puppet' -install_packages () -{ - apt-get install lsb-release git - - # we need puppet from backports - dist="`lsb_release -cs`" - - # enable backports for puppet + facter - [ -f /etc/apt/sources.list.d/$dist-backports.list ] || echo "deb http://backports.debian.org/debian-backports/ $dist-backports main contrib non-free">/etc/apt/sources.list.d/$dist-backports.list - - # enable debian wheezy for ruby-hiera-puppet - if [ "$dist" != "wheezy" ] - then - cat > /etc/apt/preferences.d/wheezy < Date: Mon, 24 Sep 2012 18:32:40 +0200 Subject: include some basic mclasses --- puppet/manifests/site.pp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index a897de11..f70c0673 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -1,6 +1,10 @@ node 'default' { + + # include some basic classes # $concat_basedir = '/var/lib/puppet/modules/concat' # do we need this ? include concat::setup + include apt,git,lsb + $services=hiera_array('services') notice("Services for $fqdn: $services") @@ -21,6 +25,6 @@ node 'default' { $openvpn_configs=hiera('openvpn_server_configs') create_resources('site_openvpn::server_config', $openvpn_configs) - } + } -- cgit v1.2.3 From bedef1a878698997c5c8490599dc9269fef60c37 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 18:35:38 +0200 Subject: added submodule common --- .gitmodules | 3 +++ puppet/modules/common | 1 + 2 files changed, 4 insertions(+) create mode 160000 puppet/modules/common diff --git a/.gitmodules b/.gitmodules index 52f3d748..8f2fd482 100644 --- a/.gitmodules +++ b/.gitmodules @@ -19,3 +19,6 @@ [submodule "puppet/modules/git"] path = puppet/modules/git url = git://code.leap.se/puppet_git +[submodule "puppet/modules/common"] + path = puppet/modules/common + url = git://labs.riseup.net/shared-common diff --git a/puppet/modules/common b/puppet/modules/common new file mode 160000 index 00000000..0961ad45 --- /dev/null +++ b/puppet/modules/common @@ -0,0 +1 @@ +Subproject commit 0961ad453b8befb4ea61bbd19f6ecea32b9619c9 -- cgit v1.2.3 From e6651283ac7b7c4114224e90936e5cf26f4b8c65 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 18:41:16 +0200 Subject: handle submodules --- deploy.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/deploy.sh b/deploy.sh index 6aab1119..0db6cf91 100755 --- a/deploy.sh +++ b/deploy.sh @@ -6,16 +6,18 @@ PUPPET_ENV='--confdir=puppet' install_prerequisites () { apt-get update - apt-get install puppet + apt-get install puppet git # lsb is needed for a first puppet run puppet apply $PUPPET_ENV --execute 'include lsb' + git submodule init + git submodule update } # main # commented for testing purposes -#install_prerequisites +install_prerequisites puppet apply $PUPPET_ENV puppet/manifests/site.pp $@ -- cgit v1.2.3 From e73a5e34742a63d82ee4b1a84a779403d9f71bd7 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 18:41:37 +0200 Subject: include common --- puppet/manifests/site.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index f70c0673..5f58a733 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -3,8 +3,8 @@ node 'default' { # include some basic classes # $concat_basedir = '/var/lib/puppet/modules/concat' # do we need this ? include concat::setup - include apt,git,lsb - + include apt, lsb, git + import "common" $services=hiera_array('services') notice("Services for $fqdn: $services") -- cgit v1.2.3