From ffb88e54c5e4e30fa61ea1009f3eee62f98ab17c Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 27 Feb 2013 23:46:58 -0800 Subject: openvpn -- added support for optional "free" rate-limited service via special client certificates with the FREE prefix in the common name. --- .../files/service-definitions/eip-service.json.erb | 33 +++++++++++++++------- provider_base/provider.json | 12 ++++++++ provider_base/services/openvpn.json | 7 ++++- provider_base/services/webapp.json | 4 ++- 4 files changed, 44 insertions(+), 12 deletions(-) (limited to 'provider_base') diff --git a/provider_base/files/service-definitions/eip-service.json.erb b/provider_base/files/service-definitions/eip-service.json.erb index 8dc7211d..09b65bbb 100644 --- a/provider_base/files/service-definitions/eip-service.json.erb +++ b/provider_base/files/service-definitions/eip-service.json.erb @@ -6,21 +6,34 @@ words end + def gateway_definition(node) + gateway = {} + gateway["capabilities"] = node.openvpn.pick(:ports, :protocols, :user_ips, :adblock, :filter_dns) + gateway["capabilities"]["transport"] = ["openvpn"] + gateway["host"] = node.domain.full + gateway["cluster"] = underscore(node.openvpn.location) + gateway + end + hsh = {} hsh["serial"] = 1 hsh["version"] = 1 clusters = {} gateways = [] - global.services['openvpn'].node_list.each_node do |node| - next if node.vagrant? - gateway = {} - gateway["capabilities"] = node.openvpn.pick( - :ports, :protocols, :user_ips, :adblock, :filter_dns) - gateway["capabilities"]["transport"] = ["openvpn"] - gateway["ip_address"] = node.openvpn.gateway_address - gateway["host"] = node.domain.full - gateway["cluster"] = underscore(node.openvpn.location) - gateways << gateway + nodes_like_me[:services => 'openvpn'].each_node do |node| + if node.openvpn.gateway_address + gateway = gateway_definition(node) + gateway["ip_address"] = node.openvpn.gateway_address + gateway["capabilities"]["free"] = false + gateways << gateway + end + if node.openvpn.free_gateway_address && node.openvpn.free_gateway_address != "REQUIRED" + gateway = gateway_definition(node) + gateway["ip_address"] = node.openvpn.free_gateway_address + gateway["capabilities"]["free"] = true + gateway["capabilities"]["rate_limit"] = node.openvpn.free_rate_limit + gateways << gateway + end clusters[gateway["cluster"]] ||= { "name" => gateway["cluster"], "label" => {"en" => node.openvpn.location} diff --git a/provider_base/provider.json b/provider_base/provider.json index 8ce848f3..14eabdc2 100644 --- a/provider_base/provider.json +++ b/provider_base/provider.json @@ -13,6 +13,12 @@ "languages": ["en"], "default_language": "en", "enrollment_policy": "open", + "service_levels": [ + {"name": "free", "bandwidth":102400, "storage":50}, + {"name": "basic", "bandwidth":null, "storage":1000}, + {"name": "premium", "bandwidth":null, "storage":10000} + ], + "service_allow_free": false, "ca": { "name": "= global.provider.ca.organization + ' Root CA'", "organization": "= global.provider.name[global.provider.default_language]", @@ -24,6 +30,12 @@ "bit_size": 3248, "digest": "SHA256", "life_span": "1y" + }, + "client_certificates": { + "bit_size": 2024, + "digest": "SHA256", + "life_span": "2m", + "free_prefix": "FREE" } }, "hiera_sync_destination": "/etc/leap" diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index 7b67ccb3..e78a02ac 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -7,10 +7,15 @@ }, "openvpn": { "location": "Location Unknown", + "gateway_address": "REQUIRED", + "free_gateway_address": "= openvpn.allow_free ? 'REQUIRED' : nil", "ports": ["80", "443", "53", "1194"], "protocols": ["tcp", "udp"], "filter_dns": false, "adblock": false, - "user_ips": false + "user_ips": false, + "allow_free": "= global.provider.service_allow_free", + "free_prefix": "= global.provider.ca.client_certificates.free_prefix", + "free_rate_limit": "= openvpn.allow_free ? global.provider.service_levels.detect{|level| level['name'] == 'free'}['bandwidth'] : nil" } } diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index e3055c6f..8ede0ecf 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -8,7 +8,9 @@ "favicon": "= file_path 'branding/favicon.ico'", "tail_scss": "= file_path 'branding/tail.scss'", "head_scss": "= file_path 'branding/head.scss'", - "img_dir": "= file_path 'branding/img'" + "img_dir": "= file_path 'branding/img'", + "client_certificates": "= global.provider.ca.client_certificates", + "allow_free": "= global.provider.service_allow_free" }, "definition_files": { "provider": "= file :provider_json_template", -- cgit v1.2.3 From 08c6032837e2f1c4c504976074c456e04202c64a Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 5 Mar 2013 13:11:10 -0800 Subject: change json comment to '//' --- provider_base/services/webapp.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'provider_base') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 8ede0ecf..ea79d7c4 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -2,8 +2,8 @@ "webapp": { "modules": ["user", "billing", "help"], "couchdb_hosts": "= hostnames nodes[:services => :couchdb][:local => local]", - # NOTE: this is bad, but pending a fix to https://leap.se/code/issues/1163 - # before we can use user "webapp" + // NOTE: this is bad, but pending a fix to https://leap.se/code/issues/1163 + // before we can use user "webapp" "couchdb_user": "= global.services[:couchdb].couch.users[:admin]", "favicon": "= file_path 'branding/favicon.ico'", "tail_scss": "= file_path 'branding/tail.scss'", -- cgit v1.2.3 From 402bb92da08b0c0a46be643963a87576e558b589 Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 8 Mar 2013 23:07:13 -0800 Subject: node environment: switch from production=true to environment=production. requires latest leap_cli --- provider_base/common.json | 3 +-- provider_base/services/ca.json | 2 +- provider_base/tags/development.json | 3 +++ provider_base/tags/local.json | 2 +- provider_base/tags/production.json | 2 +- 5 files changed, 7 insertions(+), 5 deletions(-) create mode 100644 provider_base/tags/development.json (limited to 'provider_base') diff --git a/provider_base/common.json b/provider_base/common.json index e674edb6..dc59b88e 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -1,5 +1,6 @@ { "ip_address": null, + "environment": null, "services": [], "tags": [], "domain": { @@ -24,8 +25,6 @@ "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap cert update`') : nil", "ca_cert": "= try_file :ca_cert" }, - "local": false, - "production": false, "service_type": "internal_service", "development": { "site_config": true diff --git a/provider_base/services/ca.json b/provider_base/services/ca.json index 3fb8bf6c..64866ddc 100644 --- a/provider_base/services/ca.json +++ b/provider_base/services/ca.json @@ -1,6 +1,6 @@ { "ca_daemon": { - "couchdb_hosts": "= hostnames nodes[:services => :couchdb][:local => local]", + "couchdb_hosts": "= hostnames nodes_like_me[:services => :couchdb]", "couchdb_user": "= global.services[:couchdb].couch.users[:ca_daemon]" }, "service_type": "internal_service", diff --git a/provider_base/tags/development.json b/provider_base/tags/development.json new file mode 100644 index 00000000..caf18e9d --- /dev/null +++ b/provider_base/tags/development.json @@ -0,0 +1,3 @@ +{ + "environment": "development" +} \ No newline at end of file diff --git a/provider_base/tags/local.json b/provider_base/tags/local.json index 9cb16602..48312b33 100644 --- a/provider_base/tags/local.json +++ b/provider_base/tags/local.json @@ -1,3 +1,3 @@ { - "local": true + "environment": "local" } \ No newline at end of file diff --git a/provider_base/tags/production.json b/provider_base/tags/production.json index b35c0650..ea17498f 100644 --- a/provider_base/tags/production.json +++ b/provider_base/tags/production.json @@ -1,3 +1,3 @@ { - "production": true + "environment": "production" } \ No newline at end of file -- cgit v1.2.3 From f76ab4429aeb5db67b384bfa103b13caaaa09900 Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 8 Mar 2013 23:07:29 -0800 Subject: couch - explicitly configure couch port --- provider_base/services/couchdb.json | 1 + 1 file changed, 1 insertion(+) (limited to 'provider_base') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 1c8005c2..ac84eeb2 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -4,6 +4,7 @@ "use": true }, "couch": { + "port": 5984, "users": { "admin": { "username": "admin", -- cgit v1.2.3 From 9ea188c22774607bd6914334daa3d303c041d9a4 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 10 Mar 2013 17:21:01 +0100 Subject: added bigcouch:cookie to services/couchdb.json --- provider_base/services/couchdb.json | 3 +++ 1 file changed, 3 insertions(+) (limited to 'provider_base') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 1c8005c2..e7668286 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -4,6 +4,9 @@ "use": true }, "couch": { + "bigcouch": { + "cookie": "= secret :bigcouch_cookie" + }, "users": { "admin": { "username": "admin", -- cgit v1.2.3 From 4ec32a1f773918b2c7a42c117fbad110c07df458 Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 16 Mar 2013 23:15:14 -0700 Subject: the development tag now specifies an alternative provider domain. this requires that we use domain.full_suffix instead of provider.domain, whenever possible. --- provider_base/files/service-definitions/provider.json.erb | 2 +- provider_base/services/webapp.json | 4 ++-- provider_base/tags/development.json | 6 +++++- 3 files changed, 8 insertions(+), 4 deletions(-) (limited to 'provider_base') diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb index f26f25a2..2ca34548 100644 --- a/provider_base/files/service-definitions/provider.json.erb +++ b/provider_base/files/service-definitions/provider.json.erb @@ -13,7 +13,7 @@ hsh['api_version'] = "1" hsh['api_uri'] = "https://" + api.domain + ':' + api.port - hsh['ca_cert_uri'] = 'https://' + global.provider.domain + '/ca.crt' + hsh['ca_cert_uri'] = 'https://' + domain.full_suffix + '/ca.crt' hsh['ca_cert_fingerprint'] = fingerprint(:ca_cert) generate_json hsh diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index ea79d7c4..5e7260a6 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -29,8 +29,8 @@ "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'", "client_ca_cert": "= file_path :client_ca_cert", "client_ca_key": "= file_path :client_ca_key", - "commercial_cert": "= file [:commercial_cert, global.provider.domain]", - "commercial_key": "= file [:commercial_key, global.provider.domain]", + "commercial_cert": "= file [:commercial_cert, domain.full_suffix]", + "commercial_key": "= file [:commercial_key, domain.full_suffix]", "commercial_ca_cert": "= try_file :commercial_ca_cert" } } \ No newline at end of file diff --git a/provider_base/tags/development.json b/provider_base/tags/development.json index caf18e9d..6d4f9e25 100644 --- a/provider_base/tags/development.json +++ b/provider_base/tags/development.json @@ -1,3 +1,7 @@ { - "environment": "development" + "environment": "development", + "domain": { + "full_suffix": "= 'dev.' + global.provider.domain", + "internal_suffix": "= 'dev.' + global.provider.domain_internal" + } } \ No newline at end of file -- cgit v1.2.3 From ad62cfdad04c8f8ed9d6454f716c92e850ac53ba Mon Sep 17 00:00:00 2001 From: elijah Date: Sun, 17 Mar 2013 13:15:51 -0700 Subject: added support for "limited" service levels (although vpn is not yet actually rate limited). --- .../files/service-definitions/eip-service.json.erb | 40 ++++++++++------------ .../files/service-definitions/provider.json.erb | 2 +- provider_base/provider.json | 29 +++++++++++----- provider_base/services/openvpn.json | 12 ++++--- provider_base/services/webapp.json | 4 ++- provider_base/test/openvpn/client.ovpn.erb | 6 ++-- 6 files changed, 54 insertions(+), 39 deletions(-) (limited to 'provider_base') diff --git a/provider_base/files/service-definitions/eip-service.json.erb b/provider_base/files/service-definitions/eip-service.json.erb index 09b65bbb..ca42bef5 100644 --- a/provider_base/files/service-definitions/eip-service.json.erb +++ b/provider_base/files/service-definitions/eip-service.json.erb @@ -6,41 +6,39 @@ words end - def gateway_definition(node) + def add_gateway(node, locations, options={}) + return nil if options[:ip] == 'REQUIRED' gateway = {} gateway["capabilities"] = node.openvpn.pick(:ports, :protocols, :user_ips, :adblock, :filter_dns) gateway["capabilities"]["transport"] = ["openvpn"] gateway["host"] = node.domain.full - gateway["cluster"] = underscore(node.openvpn.location) + gateway["ip_address"] = options[:ip] + gateway["capabilities"]["limited"] = options[:limited] + if node.location + location_name = underscore(node.location.name) + gateway["location"] = location_name + locations[location_name] ||= node.location + end gateway end hsh = {} hsh["serial"] = 1 hsh["version"] = 1 - clusters = {} + locations = {} gateways = [] nodes_like_me[:services => 'openvpn'].each_node do |node| - if node.openvpn.gateway_address - gateway = gateway_definition(node) - gateway["ip_address"] = node.openvpn.gateway_address - gateway["capabilities"]["free"] = false - gateways << gateway - end - if node.openvpn.free_gateway_address && node.openvpn.free_gateway_address != "REQUIRED" - gateway = gateway_definition(node) - gateway["ip_address"] = node.openvpn.free_gateway_address - gateway["capabilities"]["free"] = true - gateway["capabilities"]["rate_limit"] = node.openvpn.free_rate_limit - gateways << gateway + if node.openvpn.allow_limited && node.openvpn.allow_unlimited + gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => false) + gateways << add_gateway(node, locations, :ip => node.openvpn.second_gateway_address, :limited => true) + elsif node.openvpn.allow_unlimited + gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => false) + elsif node.openvpn.allow_limited + gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => true) end - clusters[gateway["cluster"]] ||= { - "name" => gateway["cluster"], - "label" => {"en" => node.openvpn.location} - } end - hsh["gateways"] = gateways - hsh["clusters"] = clusters.values + hsh["gateways"] = gateways.compact + hsh["locations"] = locations hsh["openvpn_configuration"] = { "tls-cipher" => "DHE-RSA-AES128-SHA", "auth" => "SHA1", diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb index 2ca34548..54919898 100644 --- a/provider_base/files/service-definitions/provider.json.erb +++ b/provider_base/files/service-definitions/provider.json.erb @@ -4,7 +4,7 @@ # grab some fields from provider.json hsh = global.provider.pick( :languages, :description, :name, - :enrollment_policy, :default_language, :domain + :enrollment_policy, :default_language, :domain, :service ) # advertise services that are 'user services' diff --git a/provider_base/provider.json b/provider_base/provider.json index 14eabdc2..cf1baac6 100644 --- a/provider_base/provider.json +++ b/provider_base/provider.json @@ -13,21 +13,31 @@ "languages": ["en"], "default_language": "en", "enrollment_policy": "open", - "service_levels": [ - {"name": "free", "bandwidth":102400, "storage":50}, - {"name": "basic", "bandwidth":null, "storage":1000}, - {"name": "premium", "bandwidth":null, "storage":10000} - ], - "service_allow_free": false, + "service": { + "levels": [ + // bandwidth limit is in Bytes, storage limit is in MB. + {"id": 1, "name": "free", "bandwidth":"limited", "storage":50}, + {"id": 2, "name": "basic", "storage":1000, "rate": ["US$10", "€10"]}, + {"id": 3, "name": "pro", "storage":10000, "rate": ["US$20", "€20"]} + ], + "default_service_level": 1, + "bandwidth_limit": 102400, + "allow_free": "= global.provider.service.levels.select {|l| l['rate'].nil?}.any?", + "allow_paid": "= global.provider.service.levels.select {|l| !l['rate'].nil?}.any?", + "allow_anonymous": "= global.provider.service.levels.select {|l| l['name'] == 'anonymous'}.any?", + "allow_registration": "= global.provider.service.levels.select {|l| l['name'] != 'anonymous'}.any?", + "allow_limited_bandwidth": "= global.provider.service.levels.select {|l| l['bandwidth'] == 'limited'}.any?", + "allow_unlimited_bandwidth": "= global.provider.service.levels.select {|l| l['bandwidth'].nil?}.any?" + }, "ca": { "name": "= global.provider.ca.organization + ' Root CA'", "organization": "= global.provider.name[global.provider.default_language]", - "organizational_unit": "= 'https://' + global.common.domain.full_suffix", + "organizational_unit": "= 'https://' + global.provider.domain", "bit_size": 4096, "digest": "SHA256", "life_span": "10y", "server_certificates": { - "bit_size": 3248, + "bit_size": 2024, "digest": "SHA256", "life_span": "1y" }, @@ -35,7 +45,8 @@ "bit_size": 2024, "digest": "SHA256", "life_span": "2m", - "free_prefix": "FREE" + "limited_prefix": "LIMITED", + "unlimited_prefix": "UNLIMITED" } }, "hiera_sync_destination": "/etc/leap" diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index e78a02ac..5d77f946 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -5,17 +5,19 @@ "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'", "dh": "= file :dh_params, :missing => 'Diffie-Hellman parameters. Run `leap cert dh`'" }, + "location": null, "openvpn": { - "location": "Location Unknown", "gateway_address": "REQUIRED", - "free_gateway_address": "= openvpn.allow_free ? 'REQUIRED' : nil", + "second_gateway_address": "= openvpn.allow_limited && openvpn.allow_unlimited ? 'REQUIRED' : nil", "ports": ["80", "443", "53", "1194"], "protocols": ["tcp", "udp"], "filter_dns": false, "adblock": false, "user_ips": false, - "allow_free": "= global.provider.service_allow_free", - "free_prefix": "= global.provider.ca.client_certificates.free_prefix", - "free_rate_limit": "= openvpn.allow_free ? global.provider.service_levels.detect{|level| level['name'] == 'free'}['bandwidth'] : nil" + "allow_limited": "= global.provider.service.allow_limited_bandwidth", + "allow_unlimited": "= global.provider.service.allow_unlimited_bandwidth", + "limited_prefix": "= global.provider.ca.client_certificates.limited_prefix", + "unlimited_prefix": "= global.provider.ca.client_certificates.unlimited_prefix", + "rate_limit": "= openvpn.allow_limited ? global.provider.service.bandwidth_limit : nil" } } diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 5e7260a6..477d5f17 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -10,7 +10,9 @@ "head_scss": "= file_path 'branding/head.scss'", "img_dir": "= file_path 'branding/img'", "client_certificates": "= global.provider.ca.client_certificates", - "allow_free": "= global.provider.service_allow_free" + "allow_limited_certs": "= global.provider.service.allow_limited_bandwidth", + "allow_unlimited_certs": "= global.provider.service.allow_unlimited_bandwidth", + "allow_anonymous_certs": "= global.provider.service.allow_anonymous" }, "definition_files": { "provider": "= file :provider_json_template", diff --git a/provider_base/test/openvpn/client.ovpn.erb b/provider_base/test/openvpn/client.ovpn.erb index a0bdd307..af183ef4 100644 --- a/provider_base/test/openvpn/client.ovpn.erb +++ b/provider_base/test/openvpn/client.ovpn.erb @@ -18,9 +18,11 @@ tls-cipher DHE-RSA-AES128-SHA -<%= read_file! :test_client_cert -%> +<%# read_file! :test_client_cert -%> +<%= cert -%> -<%= read_file! :test_client_key -%> +<%# read_file! :test_client_key -%> +<%= key -%> -- cgit v1.2.3 From 9c1c74c359f80cf0e61b62befee0ec5cc04ab4c3 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 17:41:37 -0400 Subject: create a separate couchdb.yml.admin that contains the couchdb admin privileges, putting the unprivileged ones in as user webapp in couchdb.yml. This allows us to migrate the couchdb design docs on deployment, but use an unprivileged user the remainder of the time --- provider_base/services/webapp.json | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'provider_base') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 477d5f17..0288a0cd 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -2,9 +2,8 @@ "webapp": { "modules": ["user", "billing", "help"], "couchdb_hosts": "= hostnames nodes[:services => :couchdb][:local => local]", - // NOTE: this is bad, but pending a fix to https://leap.se/code/issues/1163 - // before we can use user "webapp" - "couchdb_user": "= global.services[:couchdb].couch.users[:admin]", + "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]", + "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", "favicon": "= file_path 'branding/favicon.ico'", "tail_scss": "= file_path 'branding/tail.scss'", "head_scss": "= file_path 'branding/head.scss'", -- cgit v1.2.3 From 92ea0355de872a502d552d89ed88729b9b4fbaa2 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 18:20:33 -0400 Subject: add webapp secret token that pulls from hiera a 'secret' --- provider_base/services/webapp.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 0288a0cd..69c015a6 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -11,7 +11,8 @@ "client_certificates": "= global.provider.ca.client_certificates", "allow_limited_certs": "= global.provider.service.allow_limited_bandwidth", "allow_unlimited_certs": "= global.provider.service.allow_unlimited_bandwidth", - "allow_anonymous_certs": "= global.provider.service.allow_anonymous" + "allow_anonymous_certs": "= global.provider.service.allow_anonymous", + "secret_token": "= secret :webapp_secret_token" }, "definition_files": { "provider": "= file :provider_json_template", -- cgit v1.2.3 From ffda76a47c7f9d5766325d8cdf13d289430456eb Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 28 Mar 2013 10:01:32 -0700 Subject: added stunnel_server --- provider_base/services/couchdb.json | 3 +++ provider_base/services/webapp.json | 7 ++++++- 2 files changed, 9 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index c3502c6b..0c407316 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -3,6 +3,9 @@ "x509": { "use": true }, + "stunnel": { + "couch_server": "= stunnel_server(couch.port)" + }, "couch": { "port": 5984, "bigcouch": { diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 69c015a6..895aa6e3 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -1,7 +1,6 @@ { "webapp": { "modules": ["user", "billing", "help"], - "couchdb_hosts": "= hostnames nodes[:services => :couchdb][:local => local]", "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]", "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", "favicon": "= file_path 'branding/favicon.ico'", @@ -14,6 +13,12 @@ "allow_anonymous_certs": "= global.provider.service.allow_anonymous", "secret_token": "= secret :webapp_secret_token" }, + "stunnel": { + "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)" + }, + "haproxy": { + "local_ports": "= stunnel.couch_client.field(:accept_port)" + }, "definition_files": { "provider": "= file :provider_json_template", "eip_service": "= file :eip_service_json_template" -- cgit v1.2.3 From 5bd90fd23c34874fa32880e27105b4bea130ec3b Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 18 Mar 2013 23:25:20 +0100 Subject: added stunnel config for bigcouch communication --- provider_base/services/couchdb.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 0c407316..41f9695f 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -4,11 +4,13 @@ "use": true }, "stunnel": { - "couch_server": "= stunnel_server(couch.port)" + "couch_server": "= stunnel_server(couch.port)", + "bigcouch_replication_server": "= stunnel_server(couch.bigcouch.port)" }, "couch": { "port": 5984, "bigcouch": { + "port": 4369, "cookie": "= secret :bigcouch_cookie" }, "users": { -- cgit v1.2.3 From af141e738c8b90a11ff8009e2eed602b168e4fc3 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 20 Mar 2013 19:28:48 +0100 Subject: add stunnel hiera values to provider_base/services/couchdb.json for bigcouch cluster protocol --- provider_base/services/couchdb.json | 1 + 1 file changed, 1 insertion(+) (limited to 'provider_base') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 41f9695f..7b649da9 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -7,6 +7,7 @@ "couch_server": "= stunnel_server(couch.port)", "bigcouch_replication_server": "= stunnel_server(couch.bigcouch.port)" }, + "stunnel": "= nextport = 4000; nodes_like_me[:services => :couchdb].values.inject({}) {|hsh, node| hsh[node.name + node.couch.bigcouch.port.to_s] = {'accept_port' => nextport.to_s, 'connect' => node.domain.full }; nextport+=1; hsh}", "couch": { "port": 5984, "bigcouch": { -- cgit v1.2.3 From 6f422863966a7e361f1c52be33a50e55bb39b9ff Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 20 Mar 2013 20:28:08 +0100 Subject: updated shorewall dnat hiera values for bigcouch cluster protocol --- provider_base/services/couchdb.json | 1 - 1 file changed, 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 7b649da9..41f9695f 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -7,7 +7,6 @@ "couch_server": "= stunnel_server(couch.port)", "bigcouch_replication_server": "= stunnel_server(couch.bigcouch.port)" }, - "stunnel": "= nextport = 4000; nodes_like_me[:services => :couchdb].values.inject({}) {|hsh, node| hsh[node.name + node.couch.bigcouch.port.to_s] = {'accept_port' => nextport.to_s, 'connect' => node.domain.full }; nextport+=1; hsh}", "couch": { "port": 5984, "bigcouch": { -- cgit v1.2.3 From baf3ed5b6db4e8af052564864d8c3e426cf5d9d0 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Sun, 31 Mar 2013 12:32:42 -0400 Subject: switch to using stunnel_client and stunnel_server leap_cli macros add bigcouch_replication_clients to couchdb.json change site_couchdb/manifests/stunnel to use stunnel_client and stunnel_server generated hiera values to setup the stunnels for the couch_server connections, and the bigcouch_replication_server and bigcouch_replication_clients tunnels instead of using hard-coded ips and ports. also change the pid names to be more consistent with what the tunnels are and are named --- provider_base/services/couchdb.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 41f9695f..c00f08cd 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -5,7 +5,8 @@ }, "stunnel": { "couch_server": "= stunnel_server(couch.port)", - "bigcouch_replication_server": "= stunnel_server(couch.bigcouch.port)" + "bigcouch_replication_server": "= stunnel_server(couch.bigcouch.port)", + "bigcouch_replication_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.port)" }, "couch": { "port": 5984, -- cgit v1.2.3 From 4ed5d33f33c488a6a6d5f6a5e8f57b74ecd53a7d Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 2 Apr 2013 15:38:44 -0700 Subject: added password salt to services/couchdb.json (requires latest leap_cli) --- provider_base/services/couchdb.json | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'provider_base') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 0c407316..e60f4e0f 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -14,15 +14,18 @@ "users": { "admin": { "username": "admin", - "password": "= secret :couch_admin_password" + "password": "= secret :couch_admin_password", + "salt": "= hex_secret :couch_admin_password_salt, 128" }, "webapp": { "username": "webapp", - "password": "= secret :couch_webapp_password" + "password": "= secret :couch_webapp_password", + "salt": "= hex_secret :couch_webapp_password_salt, 128" }, "ca_daemon": { "username": "ca_daemon", - "password": "= secret :couch_ca_daemon_password" + "password": "= secret :couch_ca_daemon_password", + "salt": "= hex_secret :couch_ca_daemon_password_salt, 128" } } } -- cgit v1.2.3 From 710e4dd1826f4c98c787108a048fd679cc990d67 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 3 Apr 2013 11:20:57 -0700 Subject: added contacts.english for when you need a descriptive contact rather than an email address contact. --- provider_base/provider.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/provider.json b/provider_base/provider.json index cf1baac6..e698b5dd 100644 --- a/provider_base/provider.json +++ b/provider_base/provider.json @@ -8,7 +8,8 @@ "en": "REQUIRED" }, "contacts": { - "default": "REQUIRED" + "default": "REQUIRED", + "english": "= contacts.default.split('@').join(' at the domain ')" }, "languages": ["en"], "default_language": "en", -- cgit v1.2.3 From 264e63967d9247e42662182aec771fbfb81e8e8e Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 4 Apr 2013 11:27:59 -0400 Subject: rename the bigcouch_replication_[server,client] to be the more accurately, and shorter named epmd (erlang port mapper daemon) --- provider_base/services/couchdb.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'provider_base') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index ce46e3bb..111baf08 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -5,8 +5,8 @@ }, "stunnel": { "couch_server": "= stunnel_server(couch.port)", - "bigcouch_replication_server": "= stunnel_server(couch.bigcouch.port)", - "bigcouch_replication_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.port)" + "epmd_server": "= stunnel_server(couch.bigcouch.port)", + "epmd_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.port)" }, "couch": { "port": 5984, -- cgit v1.2.3 From e530f0c1d1a0a26bd277b70197b1f26871d92b1b Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 4 Apr 2013 11:40:12 -0400 Subject: rename bigcouch.port to more accurate bigcouch.epmd_port --- provider_base/services/couchdb.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'provider_base') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 111baf08..3ef4c213 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -5,13 +5,13 @@ }, "stunnel": { "couch_server": "= stunnel_server(couch.port)", - "epmd_server": "= stunnel_server(couch.bigcouch.port)", - "epmd_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.port)" + "epmd_server": "= stunnel_server(couch.bigcouch.epmd_port)", + "epmd_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.epmd_port)", }, "couch": { "port": 5984, "bigcouch": { - "port": 4369, + "epmd_port": 4369, "cookie": "= secret :bigcouch_cookie" }, "users": { -- cgit v1.2.3 From 2c53c5023b925cb596e3f450f194482eade1fbeb Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 4 Apr 2013 12:50:30 -0400 Subject: add Erlang Distributed Node Protocol Port json entry under bigcouch setup ednp_server and ednp_client stunnels update couchdb puppet submodule to support configurable ednp_port parameter and general module cleanup pass ednp_port to couchdb setup so that it is configured in the vm.args template clarify in comments the difference between the epmd and ednp ports remove hard-coded erlang_vm_port variable and instead setup shorewall to allow for the stunnel connection only setup dnat rules for the ednp client connections --- provider_base/services/couchdb.json | 3 +++ 1 file changed, 3 insertions(+) (limited to 'provider_base') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 3ef4c213..22578a70 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -7,11 +7,14 @@ "couch_server": "= stunnel_server(couch.port)", "epmd_server": "= stunnel_server(couch.bigcouch.epmd_port)", "epmd_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.epmd_port)", + "ednp_server": "= stunnel_server(couch.bigcouch.ednp_port)", + "ednp_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.ednp_port)" }, "couch": { "port": 5984, "bigcouch": { "epmd_port": 4369, + "ednp_port": 9002, "cookie": "= secret :bigcouch_cookie" }, "users": { -- cgit v1.2.3 From 92f565f349266f7c5adfc88b31d0d2902431efa4 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 10 Apr 2013 12:27:39 -0400 Subject: clean up ca_daemon things, it is not used any longer because it has been included in the web app (#1978) remove site_ca_daemon module and configuration in site.pp as well as the provider_base/services/ca.json --- provider_base/services/ca.json | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 provider_base/services/ca.json (limited to 'provider_base') diff --git a/provider_base/services/ca.json b/provider_base/services/ca.json deleted file mode 100644 index 64866ddc..00000000 --- a/provider_base/services/ca.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "ca_daemon": { - "couchdb_hosts": "= hostnames nodes_like_me[:services => :couchdb]", - "couchdb_user": "= global.services[:couchdb].couch.users[:ca_daemon]" - }, - "service_type": "internal_service", - "x509": { - "use": true, - "ca_key": "= file(:ca_key, :missing => 'CA key. Run `leap cert ca` to create the Certificate Authority.')" - } -} -- cgit v1.2.3 From 8485b9340b96c16f47d6de145ceca0d7838d2fdd Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 18 Apr 2013 10:27:55 -0700 Subject: provider.json 'domain' entry should match the domain suffix of the node. --- provider_base/files/service-definitions/provider.json.erb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb index 54919898..bc93fac5 100644 --- a/provider_base/files/service-definitions/provider.json.erb +++ b/provider_base/files/service-definitions/provider.json.erb @@ -4,9 +4,11 @@ # grab some fields from provider.json hsh = global.provider.pick( :languages, :description, :name, - :enrollment_policy, :default_language, :domain, :service + :enrollment_policy, :default_language, :service ) + hsh['domain'] = domain.full_suffix + # advertise services that are 'user services' hsh['services'] = global.services[:service_type => :user_service].field(:name) -- cgit v1.2.3 From 0d821e158b78365c59d148267a569f3ce2d82e47 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 23 Apr 2013 12:01:43 -0400 Subject: move generic couchdb host configuration from bitmask into the provider base (#2016) --- provider_base/services/webapp.json | 1 + 1 file changed, 1 insertion(+) (limited to 'provider_base') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 895aa6e3..29ed6110 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -1,6 +1,7 @@ { "webapp": { "modules": ["user", "billing", "help"], + "couchdb_hosts": "= hostnames nodes_like_me[:services => :couchdb]", "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]", "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", "favicon": "= file_path 'branding/favicon.ico'", -- cgit v1.2.3 From 285236312c9e787767b742feb320ff0e7816a985 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 23 Apr 2013 12:08:56 -0400 Subject: remove no longer used json key couchdb_hosts --- provider_base/services/webapp.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'provider_base') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 29ed6110..f87b0833 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -1,7 +1,6 @@ { "webapp": { "modules": ["user", "billing", "help"], - "couchdb_hosts": "= hostnames nodes_like_me[:services => :couchdb]", "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]", "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", "favicon": "= file_path 'branding/favicon.ico'", @@ -41,4 +40,4 @@ "commercial_key": "= file [:commercial_key, domain.full_suffix]", "commercial_ca_cert": "= try_file :commercial_ca_cert" } -} \ No newline at end of file +} -- cgit v1.2.3 From 3ced5ec963311c45cf359803727bd18fe6e23b69 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 24 Apr 2013 15:53:05 +0200 Subject: updated needed couchdb users and DBs --- provider_base/services/couchdb.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'provider_base') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 22578a70..43a6c650 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -28,10 +28,10 @@ "password": "= secret :couch_webapp_password", "salt": "= hex_secret :couch_webapp_password_salt, 128" }, - "ca_daemon": { - "username": "ca_daemon", - "password": "= secret :couch_ca_daemon_password", - "salt": "= hex_secret :couch_ca_daemon_password_salt, 128" + "soledad": { + "username": "soledad", + "password": "= secret :couch_soledad_password", + "salt": "= hex_secret :couch_soledad_password_salt, 128" } } } -- cgit v1.2.3 From 4ed2bb37ea8283f79aecca8b78e80b141e9eff50 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 24 Apr 2013 18:04:48 -0700 Subject: provider base - service definitions are now versioned (requires new leap_cli) --- .../files/service-definitions/eip-service.json.erb | 48 ---------------------- .../service-definitions/v1/eip-service.json.erb | 48 ++++++++++++++++++++++ provider_base/services/webapp.json | 5 ++- 3 files changed, 51 insertions(+), 50 deletions(-) delete mode 100644 provider_base/files/service-definitions/eip-service.json.erb create mode 100644 provider_base/files/service-definitions/v1/eip-service.json.erb (limited to 'provider_base') diff --git a/provider_base/files/service-definitions/eip-service.json.erb b/provider_base/files/service-definitions/eip-service.json.erb deleted file mode 100644 index ca42bef5..00000000 --- a/provider_base/files/service-definitions/eip-service.json.erb +++ /dev/null @@ -1,48 +0,0 @@ -<%= - def underscore(words) - words = words.to_s.dup - words.downcase! - words.gsub! /[^a-z]/, '_' - words - end - - def add_gateway(node, locations, options={}) - return nil if options[:ip] == 'REQUIRED' - gateway = {} - gateway["capabilities"] = node.openvpn.pick(:ports, :protocols, :user_ips, :adblock, :filter_dns) - gateway["capabilities"]["transport"] = ["openvpn"] - gateway["host"] = node.domain.full - gateway["ip_address"] = options[:ip] - gateway["capabilities"]["limited"] = options[:limited] - if node.location - location_name = underscore(node.location.name) - gateway["location"] = location_name - locations[location_name] ||= node.location - end - gateway - end - - hsh = {} - hsh["serial"] = 1 - hsh["version"] = 1 - locations = {} - gateways = [] - nodes_like_me[:services => 'openvpn'].each_node do |node| - if node.openvpn.allow_limited && node.openvpn.allow_unlimited - gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => false) - gateways << add_gateway(node, locations, :ip => node.openvpn.second_gateway_address, :limited => true) - elsif node.openvpn.allow_unlimited - gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => false) - elsif node.openvpn.allow_limited - gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => true) - end - end - hsh["gateways"] = gateways.compact - hsh["locations"] = locations - hsh["openvpn_configuration"] = { - "tls-cipher" => "DHE-RSA-AES128-SHA", - "auth" => "SHA1", - "cipher" => "AES-128-CBC" - } - generate_json hsh -%> \ No newline at end of file diff --git a/provider_base/files/service-definitions/v1/eip-service.json.erb b/provider_base/files/service-definitions/v1/eip-service.json.erb new file mode 100644 index 00000000..ca42bef5 --- /dev/null +++ b/provider_base/files/service-definitions/v1/eip-service.json.erb @@ -0,0 +1,48 @@ +<%= + def underscore(words) + words = words.to_s.dup + words.downcase! + words.gsub! /[^a-z]/, '_' + words + end + + def add_gateway(node, locations, options={}) + return nil if options[:ip] == 'REQUIRED' + gateway = {} + gateway["capabilities"] = node.openvpn.pick(:ports, :protocols, :user_ips, :adblock, :filter_dns) + gateway["capabilities"]["transport"] = ["openvpn"] + gateway["host"] = node.domain.full + gateway["ip_address"] = options[:ip] + gateway["capabilities"]["limited"] = options[:limited] + if node.location + location_name = underscore(node.location.name) + gateway["location"] = location_name + locations[location_name] ||= node.location + end + gateway + end + + hsh = {} + hsh["serial"] = 1 + hsh["version"] = 1 + locations = {} + gateways = [] + nodes_like_me[:services => 'openvpn'].each_node do |node| + if node.openvpn.allow_limited && node.openvpn.allow_unlimited + gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => false) + gateways << add_gateway(node, locations, :ip => node.openvpn.second_gateway_address, :limited => true) + elsif node.openvpn.allow_unlimited + gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => false) + elsif node.openvpn.allow_limited + gateways << add_gateway(node, locations, :ip => node.openvpn.gateway_address, :limited => true) + end + end + hsh["gateways"] = gateways.compact + hsh["locations"] = locations + hsh["openvpn_configuration"] = { + "tls-cipher" => "DHE-RSA-AES128-SHA", + "auth" => "SHA1", + "cipher" => "AES-128-CBC" + } + generate_json hsh +%> \ No newline at end of file diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index f87b0833..e4926ba7 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -11,7 +11,8 @@ "allow_limited_certs": "= global.provider.service.allow_limited_bandwidth", "allow_unlimited_certs": "= global.provider.service.allow_unlimited_bandwidth", "allow_anonymous_certs": "= global.provider.service.allow_anonymous", - "secret_token": "= secret :webapp_secret_token" + "secret_token": "= secret :webapp_secret_token", + "api_version": 1 }, "stunnel": { "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)" @@ -21,7 +22,7 @@ }, "definition_files": { "provider": "= file :provider_json_template", - "eip_service": "= file :eip_service_json_template" + "eip_service": "= file [:eip_service_json_template, 'v'+webapp.api_version.to_s]" }, "service_type": "public_service", "api": { -- cgit v1.2.3 From c8e427c39285a0ac8750c1b9bbf247533bbce519 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 30 Apr 2013 14:25:45 -0700 Subject: added soledad-service.json --- provider_base/common.json | 3 ++- .../service-definitions/v1/eip-service.json.erb | 2 +- .../v1/soledad-service.json.erb | 29 ++++++++++++++++++++++ provider_base/services/soledad.json | 6 +++++ provider_base/services/webapp.json | 3 ++- 5 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 provider_base/files/service-definitions/v1/soledad-service.json.erb create mode 100644 provider_base/services/soledad.json (limited to 'provider_base') diff --git a/provider_base/common.json b/provider_base/common.json index dc59b88e..e89fce7e 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -29,5 +29,6 @@ "development": { "site_config": true }, - "name": "common" + "name": "common", + "location": null } diff --git a/provider_base/files/service-definitions/v1/eip-service.json.erb b/provider_base/files/service-definitions/v1/eip-service.json.erb index ca42bef5..9ee489de 100644 --- a/provider_base/files/service-definitions/v1/eip-service.json.erb +++ b/provider_base/files/service-definitions/v1/eip-service.json.erb @@ -14,7 +14,7 @@ gateway["host"] = node.domain.full gateway["ip_address"] = options[:ip] gateway["capabilities"]["limited"] = options[:limited] - if node.location + if node['location'] location_name = underscore(node.location.name) gateway["location"] = location_name locations[location_name] ||= node.location diff --git a/provider_base/files/service-definitions/v1/soledad-service.json.erb b/provider_base/files/service-definitions/v1/soledad-service.json.erb new file mode 100644 index 00000000..4d345930 --- /dev/null +++ b/provider_base/files/service-definitions/v1/soledad-service.json.erb @@ -0,0 +1,29 @@ +<%= + def underscore(words) + words = words.to_s.dup + words.downcase! + words.gsub! /[^a-z]/, '_' + words + end + + hsh = {} + hsh["serial"] = 1 + hsh["version"] = 1 + locations = {} + hosts = {} + nodes_like_me[:services => 'soledad'].each_node do |node| + host = {} + host["hostname"] = node.domain.full + host["ip_address"] = node.ip_address + host["port"] = node.soledad.port + if node['location'] + location_name = underscore(node.location.name) + host["location"] = location_name + locations[location_name] ||= node.location + end + hosts[node.name] = host + end + hsh["hosts"] = hosts + hsh["locations"] = locations + generate_json hsh +%> \ No newline at end of file diff --git a/provider_base/services/soledad.json b/provider_base/services/soledad.json new file mode 100644 index 00000000..10657563 --- /dev/null +++ b/provider_base/services/soledad.json @@ -0,0 +1,6 @@ +{ + "service_type": "public_service", + "soledad": { + "port": 1111 + } +} \ No newline at end of file diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index e4926ba7..4b2f7c26 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -22,7 +22,8 @@ }, "definition_files": { "provider": "= file :provider_json_template", - "eip_service": "= file [:eip_service_json_template, 'v'+webapp.api_version.to_s]" + "eip_service": "= file [:eip_service_json_template, 'v'+webapp.api_version.to_s]", + "soledad_service": "= file [:soledad_service_json_template, 'v'+webapp.api_version.to_s]" }, "service_type": "public_service", "api": { -- cgit v1.2.3 From b3d1c6c58838b0c4f368bc42493ac3bae280b5af Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 14 May 2013 12:23:20 -0700 Subject: added smtp-service.json, requires latest leap_cli --- .../service-definitions/v1/smtp-service.json.erb | 29 ++++++++++++++++++++++ provider_base/services/webapp.json | 3 ++- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 provider_base/files/service-definitions/v1/smtp-service.json.erb (limited to 'provider_base') diff --git a/provider_base/files/service-definitions/v1/smtp-service.json.erb b/provider_base/files/service-definitions/v1/smtp-service.json.erb new file mode 100644 index 00000000..68d4bbab --- /dev/null +++ b/provider_base/files/service-definitions/v1/smtp-service.json.erb @@ -0,0 +1,29 @@ +<%= + def underscore(words) + words = words.to_s.dup + words.downcase! + words.gsub! /[^a-z]/, '_' + words + end + + hsh = {} + hsh["serial"] = 1 + hsh["version"] = 1 + locations = {} + hosts = {} + nodes_like_me[:services => 'mx'].each_node do |node| + host = {} + host["hostname"] = node.domain.full + host["ip_address"] = node.ip_address + host["port"] = 25 # hard coded for now, later node.smtp.port + if node['location'] + location_name = underscore(node.location.name) + host["location"] = location_name + locations[location_name] ||= node.location + end + hosts[node.name] = host + end + hsh["hosts"] = hosts + hsh["locations"] = locations + generate_json hsh +%> \ No newline at end of file diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 4b2f7c26..1fe5cf7b 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -23,7 +23,8 @@ "definition_files": { "provider": "= file :provider_json_template", "eip_service": "= file [:eip_service_json_template, 'v'+webapp.api_version.to_s]", - "soledad_service": "= file [:soledad_service_json_template, 'v'+webapp.api_version.to_s]" + "soledad_service": "= file [:soledad_service_json_template, 'v'+webapp.api_version.to_s]", + "smtp_service": "= file [:smtp_service_json_template, 'v'+webapp.api_version.to_s]" }, "service_type": "public_service", "api": { -- cgit v1.2.3 From f82d5b5c7004b01565bbeace598d1716f72c1b2f Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 17 May 2013 11:53:10 -0700 Subject: minor - webapp api port should be integer, not string. --- provider_base/files/service-definitions/provider.json.erb | 2 +- provider_base/services/webapp.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'provider_base') diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb index bc93fac5..d17aae96 100644 --- a/provider_base/files/service-definitions/provider.json.erb +++ b/provider_base/files/service-definitions/provider.json.erb @@ -13,7 +13,7 @@ hsh['services'] = global.services[:service_type => :user_service].field(:name) hsh['api_version'] = "1" - hsh['api_uri'] = "https://" + api.domain + ':' + api.port + hsh['api_uri'] = ["https://", api.domain, ':', api.port].join hsh['ca_cert_uri'] = 'https://' + domain.full_suffix + '/ca.crt' hsh['ca_cert_fingerprint'] = fingerprint(:ca_cert) diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 1fe5cf7b..5f0bdc9e 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -29,7 +29,7 @@ "service_type": "public_service", "api": { "domain": "= 'api.' + domain.full_suffix", - "port": "4430" + "port": 4430 }, "dns": { "aliases": "= [domain.full, api.domain]" -- cgit v1.2.3 From 450fb19a4df8f4740dcf077b585dbd77c096d133 Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 18 May 2013 17:13:05 -0700 Subject: added module site_nickserver --- provider_base/services/webapp.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 5f0bdc9e..3dd9bebe 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -31,8 +31,13 @@ "domain": "= 'api.' + domain.full_suffix", "port": 4430 }, + "nickserver": { + "domain": "= 'nicknym.' + domain.full_suffix", + "port": 6425, + "couchdb_user": "= global.services[:couchdb].couch.users[:admin]" + }, "dns": { - "aliases": "= [domain.full, api.domain]" + "aliases": "= [domain.full, api.domain, nickserver.domain]" }, "x509": { "use": true, -- cgit v1.2.3 From c591f65a555a20bd6bc3a2171cffb55283dd9d0c Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 21 May 2013 13:14:02 -0700 Subject: only advertise services that are actually deployed (in public provider.json) --- provider_base/files/service-definitions/provider.json.erb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'provider_base') diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb index d17aae96..5552c423 100644 --- a/provider_base/files/service-definitions/provider.json.erb +++ b/provider_base/files/service-definitions/provider.json.erb @@ -9,8 +9,10 @@ hsh['domain'] = domain.full_suffix - # advertise services that are 'user services' - hsh['services'] = global.services[:service_type => :user_service].field(:name) + # advertise services that are 'user services' and for which there are actually nodes + hsh['services'] = global.services[:service_type => :user_service].field(:name).select do |service| + nodes_like_me[:services => service].any? + end hsh['api_version'] = "1" hsh['api_uri'] = ["https://", api.domain, ':', api.port].join -- cgit v1.2.3 From ddb899b650e63c5557370fb7a3b2c3bfd14b1ce7 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 23 May 2013 18:51:13 +0200 Subject: added couch.bigcouch.neighbors to provider_base/services/couchdb.json --- provider_base/services/couchdb.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index 43a6c650..ba07733c 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -15,7 +15,8 @@ "bigcouch": { "epmd_port": 4369, "ednp_port": 9002, - "cookie": "= secret :bigcouch_cookie" + "cookie": "= secret :bigcouch_cookie", + "neighbors": "= nodes_like_me[:services => :couchdb].exclude(self).field('domain.full')" }, "users": { "admin": { -- cgit v1.2.3 From a39f9981e7227b8e4668937a7bf0f658e1fbe8bd Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 27 May 2013 13:58:25 -0700 Subject: common.json - default all nodes to be 'enabled' --- provider_base/common.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/common.json b/provider_base/common.json index e89fce7e..d3ae84ff 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -30,5 +30,6 @@ "site_config": true }, "name": "common", - "location": null + "location": null, + "enabled": true } -- cgit v1.2.3 From c92d3ac0780e813a5440c5e475bfdba5de5a0447 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 30 May 2013 17:06:14 -0700 Subject: site_sshd -- added xterm title, optional support for mosh --- provider_base/common.json | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/common.json b/provider_base/common.json index d3ae84ff..ade409a6 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -16,7 +16,11 @@ "ssh": { "authorized_keys": "= file :authorized_keys", "known_hosts": "=> known_hosts_file", - "port": 22 + "port": 22, + "mosh": { + "ports": "60000:61000", + "enabled": false + } }, "hosts": "=> hosts_file", "x509": { -- cgit v1.2.3 From 907c4fb87f2b1a6c9fdb02ba2bd6017d2019762b Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 4 Jun 2013 22:45:01 -0700 Subject: add support for client-side collection of facter facts. --- provider_base/files/service-definitions/provider.json.erb | 2 +- provider_base/files/service-definitions/v1/eip-service.json.erb | 2 +- provider_base/files/service-definitions/v1/smtp-service.json.erb | 2 +- provider_base/files/service-definitions/v1/soledad-service.json.erb | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) (limited to 'provider_base') diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb index 5552c423..8dbf7365 100644 --- a/provider_base/files/service-definitions/provider.json.erb +++ b/provider_base/files/service-definitions/provider.json.erb @@ -20,5 +20,5 @@ hsh['ca_cert_uri'] = 'https://' + domain.full_suffix + '/ca.crt' hsh['ca_cert_fingerprint'] = fingerprint(:ca_cert) - generate_json hsh + JSON.sorted_generate hsh %> \ No newline at end of file diff --git a/provider_base/files/service-definitions/v1/eip-service.json.erb b/provider_base/files/service-definitions/v1/eip-service.json.erb index 9ee489de..feaea25b 100644 --- a/provider_base/files/service-definitions/v1/eip-service.json.erb +++ b/provider_base/files/service-definitions/v1/eip-service.json.erb @@ -44,5 +44,5 @@ "auth" => "SHA1", "cipher" => "AES-128-CBC" } - generate_json hsh + JSON.sorted_generate hsh %> \ No newline at end of file diff --git a/provider_base/files/service-definitions/v1/smtp-service.json.erb b/provider_base/files/service-definitions/v1/smtp-service.json.erb index 68d4bbab..60129f5f 100644 --- a/provider_base/files/service-definitions/v1/smtp-service.json.erb +++ b/provider_base/files/service-definitions/v1/smtp-service.json.erb @@ -25,5 +25,5 @@ end hsh["hosts"] = hosts hsh["locations"] = locations - generate_json hsh + JSON.sorted_generate hsh %> \ No newline at end of file diff --git a/provider_base/files/service-definitions/v1/soledad-service.json.erb b/provider_base/files/service-definitions/v1/soledad-service.json.erb index 4d345930..0cd1c927 100644 --- a/provider_base/files/service-definitions/v1/soledad-service.json.erb +++ b/provider_base/files/service-definitions/v1/soledad-service.json.erb @@ -25,5 +25,5 @@ end hsh["hosts"] = hosts hsh["locations"] = locations - generate_json hsh + JSON.sorted_generate hsh %> \ No newline at end of file -- cgit v1.2.3 From 8c038fea91adc87adf9e408c16e2f0ec9838e3d2 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 12 Jun 2013 11:34:43 -0700 Subject: temp hack: deploy the webapp as couch user 'admin' --- provider_base/services/webapp.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 3dd9bebe..ad32bb61 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -2,7 +2,8 @@ "webapp": { "modules": ["user", "billing", "help"], "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]", - "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", +// "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", + "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:admin]", "favicon": "= file_path 'branding/favicon.ico'", "tail_scss": "= file_path 'branding/tail.scss'", "head_scss": "= file_path 'branding/head.scss'", -- cgit v1.2.3 From 157fb1237d66c4eae83fa2c685745da9e20bca72 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 25 Jun 2013 17:32:56 -0700 Subject: add hash for authorized_keys to common.json --- provider_base/common.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/common.json b/provider_base/common.json index ade409a6..2313bd8b 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -14,7 +14,7 @@ "public": "= service_type != 'internal_service'" }, "ssh": { - "authorized_keys": "= file :authorized_keys", + "authorized_keys": "= authorized_keys", "known_hosts": "=> known_hosts_file", "port": 22, "mosh": { -- cgit v1.2.3 From c989c8dcf03af62381ce7477aa8613f692641934 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 4 Jul 2013 12:32:42 -0700 Subject: remove stupid bandwidth limit from default provider.json --- provider_base/provider.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/provider.json b/provider_base/provider.json index e698b5dd..b6a7af21 100644 --- a/provider_base/provider.json +++ b/provider_base/provider.json @@ -17,7 +17,7 @@ "service": { "levels": [ // bandwidth limit is in Bytes, storage limit is in MB. - {"id": 1, "name": "free", "bandwidth":"limited", "storage":50}, + {"id": 1, "name": "free", "storage":50}, {"id": 2, "name": "basic", "storage":1000, "rate": ["US$10", "€10"]}, {"id": 3, "name": "pro", "storage":10000, "rate": ["US$20", "€20"]} ], -- cgit v1.2.3 From 8d71649f1dcfcae30ec278e31bc7fc4d7dede80f Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 4 Jul 2013 12:35:24 -0700 Subject: couchdb.json should not set service_type, since internal_service is the default. --- provider_base/services/couchdb.json | 1 - 1 file changed, 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json index ba07733c..a26579c8 100644 --- a/provider_base/services/couchdb.json +++ b/provider_base/services/couchdb.json @@ -1,5 +1,4 @@ { - "service_type": "internal_service", "x509": { "use": true }, -- cgit v1.2.3 From 47dd8cde0316256e0d2d1037787fdf539a3f8975 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 4 Jul 2013 12:36:22 -0700 Subject: make sure webapps have the full domain suffix as an alias (fixes problems generating zone file). --- provider_base/services/webapp.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index ad32bb61..93396ec7 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -38,7 +38,7 @@ "couchdb_user": "= global.services[:couchdb].couch.users[:admin]" }, "dns": { - "aliases": "= [domain.full, api.domain, nickserver.domain]" + "aliases": "= [domain.full_suffix, domain.full, api.domain, nickserver.domain]" }, "x509": { "use": true, -- cgit v1.2.3 From 297f14f0656f80c906cc8bed0faaf5c73b7185c1 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 4 Jul 2013 22:36:56 -0700 Subject: bugfix - properly generate provider.json file. --- provider_base/files/service-definitions/provider.json.erb | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'provider_base') diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb index 8dbf7365..5d4c63a0 100644 --- a/provider_base/files/service-definitions/provider.json.erb +++ b/provider_base/files/service-definitions/provider.json.erb @@ -1,12 +1,9 @@ <%= - hsh = {} - # grab some fields from provider.json hsh = global.provider.pick( :languages, :description, :name, :enrollment_policy, :default_language, :service ) - hsh['domain'] = domain.full_suffix # advertise services that are 'user services' and for which there are actually nodes @@ -20,5 +17,5 @@ hsh['ca_cert_uri'] = 'https://' + domain.full_suffix + '/ca.crt' hsh['ca_cert_fingerprint'] = fingerprint(:ca_cert) - JSON.sorted_generate hsh + hsh.dump_json %> \ No newline at end of file -- cgit v1.2.3