From ffb88e54c5e4e30fa61ea1009f3eee62f98ab17c Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 27 Feb 2013 23:46:58 -0800 Subject: openvpn -- added support for optional "free" rate-limited service via special client certificates with the FREE prefix in the common name. --- .../files/service-definitions/eip-service.json.erb | 33 +++++++++++++++------- 1 file changed, 23 insertions(+), 10 deletions(-) (limited to 'provider_base/files') diff --git a/provider_base/files/service-definitions/eip-service.json.erb b/provider_base/files/service-definitions/eip-service.json.erb index 8dc7211d..09b65bbb 100644 --- a/provider_base/files/service-definitions/eip-service.json.erb +++ b/provider_base/files/service-definitions/eip-service.json.erb @@ -6,21 +6,34 @@ words end + def gateway_definition(node) + gateway = {} + gateway["capabilities"] = node.openvpn.pick(:ports, :protocols, :user_ips, :adblock, :filter_dns) + gateway["capabilities"]["transport"] = ["openvpn"] + gateway["host"] = node.domain.full + gateway["cluster"] = underscore(node.openvpn.location) + gateway + end + hsh = {} hsh["serial"] = 1 hsh["version"] = 1 clusters = {} gateways = [] - global.services['openvpn'].node_list.each_node do |node| - next if node.vagrant? - gateway = {} - gateway["capabilities"] = node.openvpn.pick( - :ports, :protocols, :user_ips, :adblock, :filter_dns) - gateway["capabilities"]["transport"] = ["openvpn"] - gateway["ip_address"] = node.openvpn.gateway_address - gateway["host"] = node.domain.full - gateway["cluster"] = underscore(node.openvpn.location) - gateways << gateway + nodes_like_me[:services => 'openvpn'].each_node do |node| + if node.openvpn.gateway_address + gateway = gateway_definition(node) + gateway["ip_address"] = node.openvpn.gateway_address + gateway["capabilities"]["free"] = false + gateways << gateway + end + if node.openvpn.free_gateway_address && node.openvpn.free_gateway_address != "REQUIRED" + gateway = gateway_definition(node) + gateway["ip_address"] = node.openvpn.free_gateway_address + gateway["capabilities"]["free"] = true + gateway["capabilities"]["rate_limit"] = node.openvpn.free_rate_limit + gateways << gateway + end clusters[gateway["cluster"]] ||= { "name" => gateway["cluster"], "label" => {"en" => node.openvpn.location} -- cgit v1.2.3 From 4ec32a1f773918b2c7a42c117fbad110c07df458 Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 16 Mar 2013 23:15:14 -0700 Subject: the development tag now specifies an alternative provider domain. this requires that we use domain.full_suffix instead of provider.domain, whenever possible. --- provider_base/files/service-definitions/provider.json.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base/files') diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb index f26f25a2..2ca34548 100644 --- a/provider_base/files/service-definitions/provider.json.erb +++ b/provider_base/files/service-definitions/provider.json.erb @@ -13,7 +13,7 @@ hsh['api_version'] = "1" hsh['api_uri'] = "https://" + api.domain + ':' + api.port - hsh['ca_cert_uri'] = 'https://' + global.provider.domain + '/ca.crt' + hsh['ca_cert_uri'] = 'https://' + domain.full_suffix + '/ca.crt' hsh['ca_cert_fingerprint'] = fingerprint(:ca_cert) generate_json hsh -- cgit v1.2.3 From ad62cfdad04c8f8ed9d6454f716c92e850ac53ba Mon Sep 17 00:00:00 2001 From: elijah Date: Sun, 17 Mar 2013 13:15:51 -0700 Subject: added support for "limited" service levels (although vpn is not yet actually rate limited). --- .../files/service-definitions/eip-service.json.erb | 40 ++++++++++------------ .../files/service-definitions/provider.json.erb | 2 +- 2 files changed, 20 insertions(+), 22 deletions(-) (limited to 'provider_base/files') diff --git a/provider_base/files/service-definitions/eip-service.json.erb b/provider_base/files/service-definitions/eip-service.json.erb index 09b65bbb..ca42bef5 100644 --- a/provider_base/files/service-definitions/eip-service.json.erb +++ b/provider_base/files/service-definitions/eip-service.json.erb @@ -6,41 +6,39 @@ words end - def gateway_definition(node) + def add_gateway(node, locations, options={}) + return nil if options[:ip] == 'REQUIRED' gateway = {} gateway["capabilities"] = node.openvpn.pick(:ports, :protocols, :user_ips, :adblock, :filter_dns) gateway["capabilities"]["transport"] = ["openvpn"] gateway["host"] = node.domain.full - gateway["cluster"] = underscore(node.openvpn.location) + gateway["ip_address"] = options[:ip] + gateway["capabilities"]["limited"] = options[:limited] + if node.location + location_name = underscore(node.location.name) + gateway["location"] = location_name + locations[location_name] ||= node.location + end gateway end hsh = {} hsh["serial"] = 1 hsh["version"] = 1 - clusters = {} + locations = {} gateways = [] nodes_like_me[:services => 'openvpn'].each_node do |node| - if node.openvpn.gateway_address - gateway = gateway_definition(node) - gateway["ip_address"] = node.openvpn.gateway_address - gateway["capabilities"]["free"] = false - gateways << gateway - end - if node.openvpn.free_gateway_address && node.openvpn.free_gateway_address != "REQUIRED" - gateway = gateway_definition(node) - gateway["ip_address"] = node.openvpn.free_gateway_address - gateway["capabilities"]["free"] = true - gateway["capabilities"]["rate_limit"] = node.openvpn.free_rate_limit - gateways << gateway + if node.openvpn.allow_limited && node.openvpn.allow_unlimited + gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => false) + gateways << add_gateway(node, locations, :ip => node.openvpn.second_gateway_address, :limited => true) + elsif node.openvpn.allow_unlimited + gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => false) + elsif node.openvpn.allow_limited + gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => true) end - clusters[gateway["cluster"]] ||= { - "name" => gateway["cluster"], - "label" => {"en" => node.openvpn.location} - } end - hsh["gateways"] = gateways - hsh["clusters"] = clusters.values + hsh["gateways"] = gateways.compact + hsh["locations"] = locations hsh["openvpn_configuration"] = { "tls-cipher" => "DHE-RSA-AES128-SHA", "auth" => "SHA1", diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb index 2ca34548..54919898 100644 --- a/provider_base/files/service-definitions/provider.json.erb +++ b/provider_base/files/service-definitions/provider.json.erb @@ -4,7 +4,7 @@ # grab some fields from provider.json hsh = global.provider.pick( :languages, :description, :name, - :enrollment_policy, :default_language, :domain + :enrollment_policy, :default_language, :domain, :service ) # advertise services that are 'user services' -- cgit v1.2.3 From 8485b9340b96c16f47d6de145ceca0d7838d2fdd Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 18 Apr 2013 10:27:55 -0700 Subject: provider.json 'domain' entry should match the domain suffix of the node. --- provider_base/files/service-definitions/provider.json.erb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'provider_base/files') diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb index 54919898..bc93fac5 100644 --- a/provider_base/files/service-definitions/provider.json.erb +++ b/provider_base/files/service-definitions/provider.json.erb @@ -4,9 +4,11 @@ # grab some fields from provider.json hsh = global.provider.pick( :languages, :description, :name, - :enrollment_policy, :default_language, :domain, :service + :enrollment_policy, :default_language, :service ) + hsh['domain'] = domain.full_suffix + # advertise services that are 'user services' hsh['services'] = global.services[:service_type => :user_service].field(:name) -- cgit v1.2.3 From 4ed2bb37ea8283f79aecca8b78e80b141e9eff50 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 24 Apr 2013 18:04:48 -0700 Subject: provider base - service definitions are now versioned (requires new leap_cli) --- .../files/service-definitions/eip-service.json.erb | 48 ---------------------- .../service-definitions/v1/eip-service.json.erb | 48 ++++++++++++++++++++++ 2 files changed, 48 insertions(+), 48 deletions(-) delete mode 100644 provider_base/files/service-definitions/eip-service.json.erb create mode 100644 provider_base/files/service-definitions/v1/eip-service.json.erb (limited to 'provider_base/files') diff --git a/provider_base/files/service-definitions/eip-service.json.erb b/provider_base/files/service-definitions/eip-service.json.erb deleted file mode 100644 index ca42bef5..00000000 --- a/provider_base/files/service-definitions/eip-service.json.erb +++ /dev/null @@ -1,48 +0,0 @@ -<%= - def underscore(words) - words = words.to_s.dup - words.downcase! - words.gsub! /[^a-z]/, '_' - words - end - - def add_gateway(node, locations, options={}) - return nil if options[:ip] == 'REQUIRED' - gateway = {} - gateway["capabilities"] = node.openvpn.pick(:ports, :protocols, :user_ips, :adblock, :filter_dns) - gateway["capabilities"]["transport"] = ["openvpn"] - gateway["host"] = node.domain.full - gateway["ip_address"] = options[:ip] - gateway["capabilities"]["limited"] = options[:limited] - if node.location - location_name = underscore(node.location.name) - gateway["location"] = location_name - locations[location_name] ||= node.location - end - gateway - end - - hsh = {} - hsh["serial"] = 1 - hsh["version"] = 1 - locations = {} - gateways = [] - nodes_like_me[:services => 'openvpn'].each_node do |node| - if node.openvpn.allow_limited && node.openvpn.allow_unlimited - gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => false) - gateways << add_gateway(node, locations, :ip => node.openvpn.second_gateway_address, :limited => true) - elsif node.openvpn.allow_unlimited - gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => false) - elsif node.openvpn.allow_limited - gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => true) - end - end - hsh["gateways"] = gateways.compact - hsh["locations"] = locations - hsh["openvpn_configuration"] = { - "tls-cipher" => "DHE-RSA-AES128-SHA", - "auth" => "SHA1", - "cipher" => "AES-128-CBC" - } - generate_json hsh -%> \ No newline at end of file diff --git a/provider_base/files/service-definitions/v1/eip-service.json.erb b/provider_base/files/service-definitions/v1/eip-service.json.erb new file mode 100644 index 00000000..ca42bef5 --- /dev/null +++ b/provider_base/files/service-definitions/v1/eip-service.json.erb @@ -0,0 +1,48 @@ +<%= + def underscore(words) + words = words.to_s.dup + words.downcase! + words.gsub! /[^a-z]/, '_' + words + end + + def add_gateway(node, locations, options={}) + return nil if options[:ip] == 'REQUIRED' + gateway = {} + gateway["capabilities"] = node.openvpn.pick(:ports, :protocols, :user_ips, :adblock, :filter_dns) + gateway["capabilities"]["transport"] = ["openvpn"] + gateway["host"] = node.domain.full + gateway["ip_address"] = options[:ip] + gateway["capabilities"]["limited"] = options[:limited] + if node.location + location_name = underscore(node.location.name) + gateway["location"] = location_name + locations[location_name] ||= node.location + end + gateway + end + + hsh = {} + hsh["serial"] = 1 + hsh["version"] = 1 + locations = {} + gateways = [] + nodes_like_me[:services => 'openvpn'].each_node do |node| + if node.openvpn.allow_limited && node.openvpn.allow_unlimited + gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => false) + gateways << add_gateway(node, locations, :ip => node.openvpn.second_gateway_address, :limited => true) + elsif node.openvpn.allow_unlimited + gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => false) + elsif node.openvpn.allow_limited + gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => true) + end + end + hsh["gateways"] = gateways.compact + hsh["locations"] = locations + hsh["openvpn_configuration"] = { + "tls-cipher" => "DHE-RSA-AES128-SHA", + "auth" => "SHA1", + "cipher" => "AES-128-CBC" + } + generate_json hsh +%> \ No newline at end of file -- cgit v1.2.3 From c8e427c39285a0ac8750c1b9bbf247533bbce519 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 30 Apr 2013 14:25:45 -0700 Subject: added soledad-service.json --- .../service-definitions/v1/eip-service.json.erb | 2 +- .../v1/soledad-service.json.erb | 29 ++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 provider_base/files/service-definitions/v1/soledad-service.json.erb (limited to 'provider_base/files') diff --git a/provider_base/files/service-definitions/v1/eip-service.json.erb b/provider_base/files/service-definitions/v1/eip-service.json.erb index ca42bef5..9ee489de 100644 --- a/provider_base/files/service-definitions/v1/eip-service.json.erb +++ b/provider_base/files/service-definitions/v1/eip-service.json.erb @@ -14,7 +14,7 @@ gateway["host"] = node.domain.full gateway["ip_address"] = options[:ip] gateway["capabilities"]["limited"] = options[:limited] - if node.location + if node['location'] location_name = underscore(node.location.name) gateway["location"] = location_name locations[location_name] ||= node.location diff --git a/provider_base/files/service-definitions/v1/soledad-service.json.erb b/provider_base/files/service-definitions/v1/soledad-service.json.erb new file mode 100644 index 00000000..4d345930 --- /dev/null +++ b/provider_base/files/service-definitions/v1/soledad-service.json.erb @@ -0,0 +1,29 @@ +<%= + def underscore(words) + words = words.to_s.dup + words.downcase! + words.gsub! /[^a-z]/, '_' + words + end + + hsh = {} + hsh["serial"] = 1 + hsh["version"] = 1 + locations = {} + hosts = {} + nodes_like_me[:services => 'soledad'].each_node do |node| + host = {} + host["hostname"] = node.domain.full + host["ip_address"] = node.ip_address + host["port"] = node.soledad.port + if node['location'] + location_name = underscore(node.location.name) + host["location"] = location_name + locations[location_name] ||= node.location + end + hosts[node.name] = host + end + hsh["hosts"] = hosts + hsh["locations"] = locations + generate_json hsh +%> \ No newline at end of file -- cgit v1.2.3 From b3d1c6c58838b0c4f368bc42493ac3bae280b5af Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 14 May 2013 12:23:20 -0700 Subject: added smtp-service.json, requires latest leap_cli --- .../service-definitions/v1/smtp-service.json.erb | 29 ++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 provider_base/files/service-definitions/v1/smtp-service.json.erb (limited to 'provider_base/files') diff --git a/provider_base/files/service-definitions/v1/smtp-service.json.erb b/provider_base/files/service-definitions/v1/smtp-service.json.erb new file mode 100644 index 00000000..68d4bbab --- /dev/null +++ b/provider_base/files/service-definitions/v1/smtp-service.json.erb @@ -0,0 +1,29 @@ +<%= + def underscore(words) + words = words.to_s.dup + words.downcase! + words.gsub! /[^a-z]/, '_' + words + end + + hsh = {} + hsh["serial"] = 1 + hsh["version"] = 1 + locations = {} + hosts = {} + nodes_like_me[:services => 'mx'].each_node do |node| + host = {} + host["hostname"] = node.domain.full + host["ip_address"] = node.ip_address + host["port"] = 25 # hard coded for now, later node.smtp.port + if node['location'] + location_name = underscore(node.location.name) + host["location"] = location_name + locations[location_name] ||= node.location + end + hosts[node.name] = host + end + hsh["hosts"] = hosts + hsh["locations"] = locations + generate_json hsh +%> \ No newline at end of file -- cgit v1.2.3 From f82d5b5c7004b01565bbeace598d1716f72c1b2f Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 17 May 2013 11:53:10 -0700 Subject: minor - webapp api port should be integer, not string. --- provider_base/files/service-definitions/provider.json.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base/files') diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb index bc93fac5..d17aae96 100644 --- a/provider_base/files/service-definitions/provider.json.erb +++ b/provider_base/files/service-definitions/provider.json.erb @@ -13,7 +13,7 @@ hsh['services'] = global.services[:service_type => :user_service].field(:name) hsh['api_version'] = "1" - hsh['api_uri'] = "https://" + api.domain + ':' + api.port + hsh['api_uri'] = ["https://", api.domain, ':', api.port].join hsh['ca_cert_uri'] = 'https://' + domain.full_suffix + '/ca.crt' hsh['ca_cert_fingerprint'] = fingerprint(:ca_cert) -- cgit v1.2.3 From c591f65a555a20bd6bc3a2171cffb55283dd9d0c Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 21 May 2013 13:14:02 -0700 Subject: only advertise services that are actually deployed (in public provider.json) --- provider_base/files/service-definitions/provider.json.erb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'provider_base/files') diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb index d17aae96..5552c423 100644 --- a/provider_base/files/service-definitions/provider.json.erb +++ b/provider_base/files/service-definitions/provider.json.erb @@ -9,8 +9,10 @@ hsh['domain'] = domain.full_suffix - # advertise services that are 'user services' - hsh['services'] = global.services[:service_type => :user_service].field(:name) + # advertise services that are 'user services' and for which there are actually nodes + hsh['services'] = global.services[:service_type => :user_service].field(:name).select do |service| + nodes_like_me[:services => service].any? + end hsh['api_version'] = "1" hsh['api_uri'] = ["https://", api.domain, ':', api.port].join -- cgit v1.2.3 From 907c4fb87f2b1a6c9fdb02ba2bd6017d2019762b Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 4 Jun 2013 22:45:01 -0700 Subject: add support for client-side collection of facter facts. --- provider_base/files/service-definitions/provider.json.erb | 2 +- provider_base/files/service-definitions/v1/eip-service.json.erb | 2 +- provider_base/files/service-definitions/v1/smtp-service.json.erb | 2 +- provider_base/files/service-definitions/v1/soledad-service.json.erb | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) (limited to 'provider_base/files') diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb index 5552c423..8dbf7365 100644 --- a/provider_base/files/service-definitions/provider.json.erb +++ b/provider_base/files/service-definitions/provider.json.erb @@ -20,5 +20,5 @@ hsh['ca_cert_uri'] = 'https://' + domain.full_suffix + '/ca.crt' hsh['ca_cert_fingerprint'] = fingerprint(:ca_cert) - generate_json hsh + JSON.sorted_generate hsh %> \ No newline at end of file diff --git a/provider_base/files/service-definitions/v1/eip-service.json.erb b/provider_base/files/service-definitions/v1/eip-service.json.erb index 9ee489de..feaea25b 100644 --- a/provider_base/files/service-definitions/v1/eip-service.json.erb +++ b/provider_base/files/service-definitions/v1/eip-service.json.erb @@ -44,5 +44,5 @@ "auth" => "SHA1", "cipher" => "AES-128-CBC" } - generate_json hsh + JSON.sorted_generate hsh %> \ No newline at end of file diff --git a/provider_base/files/service-definitions/v1/smtp-service.json.erb b/provider_base/files/service-definitions/v1/smtp-service.json.erb index 68d4bbab..60129f5f 100644 --- a/provider_base/files/service-definitions/v1/smtp-service.json.erb +++ b/provider_base/files/service-definitions/v1/smtp-service.json.erb @@ -25,5 +25,5 @@ end hsh["hosts"] = hosts hsh["locations"] = locations - generate_json hsh + JSON.sorted_generate hsh %> \ No newline at end of file diff --git a/provider_base/files/service-definitions/v1/soledad-service.json.erb b/provider_base/files/service-definitions/v1/soledad-service.json.erb index 4d345930..0cd1c927 100644 --- a/provider_base/files/service-definitions/v1/soledad-service.json.erb +++ b/provider_base/files/service-definitions/v1/soledad-service.json.erb @@ -25,5 +25,5 @@ end hsh["hosts"] = hosts hsh["locations"] = locations - generate_json hsh + JSON.sorted_generate hsh %> \ No newline at end of file -- cgit v1.2.3 From 297f14f0656f80c906cc8bed0faaf5c73b7185c1 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 4 Jul 2013 22:36:56 -0700 Subject: bugfix - properly generate provider.json file. --- provider_base/files/service-definitions/provider.json.erb | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'provider_base/files') diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb index 8dbf7365..5d4c63a0 100644 --- a/provider_base/files/service-definitions/provider.json.erb +++ b/provider_base/files/service-definitions/provider.json.erb @@ -1,12 +1,9 @@ <%= - hsh = {} - # grab some fields from provider.json hsh = global.provider.pick( :languages, :description, :name, :enrollment_policy, :default_language, :service ) - hsh['domain'] = domain.full_suffix # advertise services that are 'user services' and for which there are actually nodes @@ -20,5 +17,5 @@ hsh['ca_cert_uri'] = 'https://' + domain.full_suffix + '/ca.crt' hsh['ca_cert_fingerprint'] = fingerprint(:ca_cert) - JSON.sorted_generate hsh + hsh.dump_json %> \ No newline at end of file -- cgit v1.2.3