From 54fcafe131c411a49e4277cd0d14c6ea20044203 Mon Sep 17 00:00:00 2001 From: irregulator Date: Tue, 20 May 2014 23:20:58 +0300 Subject: Initial commit for obfsproxy server feature in platform --- puppet/modules/obfsproxy/manifests/init.pp | 64 ++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 puppet/modules/obfsproxy/manifests/init.pp (limited to 'puppet/modules/obfsproxy/manifests/init.pp') diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp new file mode 100644 index 00000000..4deebb62 --- /dev/null +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -0,0 +1,64 @@ +class obfsproxy ( + $transport, + $port, + $param, + $dest_ip, + $dest_port +){ + + user { obfsproxy: + ensure => present, + system => true, + gid => obfsproxy, + } + + group { obfsproxy: + ensure => present, + system => true, + } + +# file { '/etc/default/obfsproxy': +# path => '/etc/default/obfsproxy', +# owner => 'root', +# group => 'root', +# mode => '0750', +# content => template('obfsproxy/etc_default_conf.erb'), +# } + + file { '/etc/init.d/obfsproxy': + path => '/etc/init.d/obfsproxy', + ensure => present, + source => 'puppet:///modules/obfsproxy/obfsproxy_daemon', + owner => 'root', + group => 'root', + mode => '0755', + require => File['/etc/obfsproxy.conf'], + subscribe => File['/etc/obfsproxy.conf'], + #content => template('obfsproxy/etc_init_d.erb'), + } + + file { '/etc/obfsproxy.conf': + path => '/etc/obfsproxy.conf', + ensure => present, + owner => 'root', + group => 'root', + mode => '0750', + content => template('obfsproxy/etc_conf.erb'), + } + + package { "obfsproxy": + ensure => present, + } + + service { "obfsproxy": + ensure => running, + status => '/usr/sbin/service obfsproxy status + | grep "is running"', + require => [ + Package["obfsproxy"], + File["/etc/init.d/obfsproxy"] ] + } + + +} + -- cgit v1.2.3 From 94e0791cff9a3ce47e66c56a921e41b83b52b3d9 Mon Sep 17 00:00:00 2001 From: irregulator Date: Wed, 21 May 2014 21:52:14 +0300 Subject: Add data directory to save scramblesuit's state. Also clean up a little the obfsproxy puppet class, create appropriate directories, restrict permissions. --- puppet/modules/obfsproxy/manifests/init.pp | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) (limited to 'puppet/modules/obfsproxy/manifests/init.pp') diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index 4deebb62..c15a0dc8 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -6,13 +6,16 @@ class obfsproxy ( $dest_port ){ - user { obfsproxy: + $user = 'obfsproxy' + $conf = '/etc/obfsproxy/obfsproxy.conf' + + user { $user: ensure => present, system => true, - gid => obfsproxy, + gid => $user, } - group { obfsproxy: + group { $user: ensure => present, system => true, } @@ -31,19 +34,26 @@ class obfsproxy ( source => 'puppet:///modules/obfsproxy/obfsproxy_daemon', owner => 'root', group => 'root', - mode => '0755', - require => File['/etc/obfsproxy.conf'], - subscribe => File['/etc/obfsproxy.conf'], - #content => template('obfsproxy/etc_init_d.erb'), + mode => '0750', + require => File[$conf], + subscribe => File[$conf], } - file { '/etc/obfsproxy.conf': - path => '/etc/obfsproxy.conf', + file { $conf : + path => $conf, ensure => present, owner => 'root', group => 'root', - mode => '0750', + mode => '0600', content => template('obfsproxy/etc_conf.erb'), + require => File['/etc/obfsproxy'], + } + + file { '/etc/obfsproxy': + ensure => directory, + owner => $user, + group => $user, + mode => '0700', } package { "obfsproxy": -- cgit v1.2.3 From 7c9dd9ee9653c854badaf4f1d21d7dd833e3e620 Mon Sep 17 00:00:00 2001 From: irregulator Date: Thu, 22 May 2014 20:44:51 +0300 Subject: Move obfsproxy_daemon to obfsproxy_init --- puppet/modules/obfsproxy/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/obfsproxy/manifests/init.pp') diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index c15a0dc8..e62bfcd8 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -31,7 +31,7 @@ class obfsproxy ( file { '/etc/init.d/obfsproxy': path => '/etc/init.d/obfsproxy', ensure => present, - source => 'puppet:///modules/obfsproxy/obfsproxy_daemon', + source => 'puppet:///modules/obfsproxy/obfsproxy_init', owner => 'root', group => 'root', mode => '0750', -- cgit v1.2.3 From ae75dccbb6a65ee22b6185dcd8c0fedd14e35d0f Mon Sep 17 00:00:00 2001 From: irregulator Date: Thu, 22 May 2014 20:49:12 +0300 Subject: Remove commented lines from obfsproxy puppet module class --- puppet/modules/obfsproxy/manifests/init.pp | 8 -------- 1 file changed, 8 deletions(-) (limited to 'puppet/modules/obfsproxy/manifests/init.pp') diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index e62bfcd8..d0212c64 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -20,14 +20,6 @@ class obfsproxy ( system => true, } -# file { '/etc/default/obfsproxy': -# path => '/etc/default/obfsproxy', -# owner => 'root', -# group => 'root', -# mode => '0750', -# content => template('obfsproxy/etc_default_conf.erb'), -# } - file { '/etc/init.d/obfsproxy': path => '/etc/init.d/obfsproxy', ensure => present, -- cgit v1.2.3 From 1a0161da0ff420d26732b492898ebf0074b2292c Mon Sep 17 00:00:00 2001 From: irregulator Date: Thu, 22 May 2014 20:52:44 +0300 Subject: Line up equal signs, change double to single quotes --- puppet/modules/obfsproxy/manifests/init.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'puppet/modules/obfsproxy/manifests/init.pp') diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index d0212c64..456fe1a7 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -48,17 +48,17 @@ class obfsproxy ( mode => '0700', } - package { "obfsproxy": + package { 'obfsproxy': ensure => present, } - service { "obfsproxy": + service { 'obfsproxy': ensure => running, status => '/usr/sbin/service obfsproxy status | grep "is running"', require => [ - Package["obfsproxy"], - File["/etc/init.d/obfsproxy"] ] + Package['obfsproxy'], + File['/etc/init.d/obfsproxy'] ] } -- cgit v1.2.3 From 7a54923591125894440b9ff7020e4b413a1c6fb5 Mon Sep 17 00:00:00 2001 From: irregulator Date: Fri, 23 May 2014 17:28:32 +0300 Subject: Address logging for obfsproxy daemon Create obfsproxy directory in /var/log, specify log file when obfsproxy is spawned by init script, create a logrotate configuration for obfsproxy's logs. --- puppet/modules/obfsproxy/manifests/init.pp | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'puppet/modules/obfsproxy/manifests/init.pp') diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index 456fe1a7..9ba2d0fd 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -48,6 +48,22 @@ class obfsproxy ( mode => '0700', } + file { '/var/log/obfsproxy': + ensure => directory, + owner => $user, + group => $user, + mode => '0750', + } + + file { '/etc/logrotate.d/obfsproxy': + ensure => present, + source => 'puppet:///modules/obfsproxy/obfsproxy_logrotate', + owner => 'root', + group => 'root', + mode => '0644', + require => File['/var/log/obfsproxy'], + } + package { 'obfsproxy': ensure => present, } -- cgit v1.2.3 From fedbb6dccf7bd78b0b2a507a817dacaef0b67ac3 Mon Sep 17 00:00:00 2001 From: irregulator Date: Fri, 23 May 2014 17:45:13 +0300 Subject: Be able to specify log_level parameter for obfsproxy log_level sets minimum logging severity of obfsproxy daemon, can be error, warning, info, debug. Defaults to info. --- puppet/modules/obfsproxy/manifests/init.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'puppet/modules/obfsproxy/manifests/init.pp') diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index 9ba2d0fd..1ee44d6f 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -3,7 +3,8 @@ class obfsproxy ( $port, $param, $dest_ip, - $dest_port + $dest_port, + $log_level = 'info' ){ $user = 'obfsproxy' -- cgit v1.2.3 From 4ad025d9d7b0c1999bf34e0acd3ca12c88358d05 Mon Sep 17 00:00:00 2001 From: irregulator Date: Sat, 24 May 2014 17:41:46 +0300 Subject: Simplify init script, let puppet service resource use init status --- puppet/modules/obfsproxy/manifests/init.pp | 2 -- 1 file changed, 2 deletions(-) (limited to 'puppet/modules/obfsproxy/manifests/init.pp') diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index 1ee44d6f..b45a60a1 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -71,8 +71,6 @@ class obfsproxy ( service { 'obfsproxy': ensure => running, - status => '/usr/sbin/service obfsproxy status - | grep "is running"', require => [ Package['obfsproxy'], File['/etc/init.d/obfsproxy'] ] -- cgit v1.2.3 From 58347eddee416410e3ad3c8c4edc2b0e40a3d26c Mon Sep 17 00:00:00 2001 From: irregulator Date: Sat, 24 May 2014 18:08:31 +0300 Subject: Subscribe obfsproxy service resource to conf file --- puppet/modules/obfsproxy/manifests/init.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'puppet/modules/obfsproxy/manifests/init.pp') diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index b45a60a1..4a0221af 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -39,7 +39,6 @@ class obfsproxy ( group => 'root', mode => '0600', content => template('obfsproxy/etc_conf.erb'), - require => File['/etc/obfsproxy'], } file { '/etc/obfsproxy': @@ -70,8 +69,9 @@ class obfsproxy ( } service { 'obfsproxy': - ensure => running, - require => [ + ensure => running, + subscribe => File[$conf], + require => [ Package['obfsproxy'], File['/etc/init.d/obfsproxy'] ] } -- cgit v1.2.3 From db9290a2b1b406e8231c0df569ae47c0a74ec12a Mon Sep 17 00:00:00 2001 From: irregulator Date: Sat, 24 May 2014 19:26:05 +0300 Subject: Move log files to var/log instead of var/log/obfsproxy --- puppet/modules/obfsproxy/manifests/init.pp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'puppet/modules/obfsproxy/manifests/init.pp') diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index 4a0221af..9750932f 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -48,11 +48,11 @@ class obfsproxy ( mode => '0700', } - file { '/var/log/obfsproxy': - ensure => directory, - owner => $user, - group => $user, - mode => '0750', + file { '/var/log/obfsproxy.log': + ensure => present, + owner => $user, + group => $user, + mode => '0640', } file { '/etc/logrotate.d/obfsproxy': @@ -61,7 +61,7 @@ class obfsproxy ( owner => 'root', group => 'root', mode => '0644', - require => File['/var/log/obfsproxy'], + require => File['/var/log/obfsproxy.log'], } package { 'obfsproxy': -- cgit v1.2.3 From 436d98b3781aa66c78b3ec77fa7d47652a92f590 Mon Sep 17 00:00:00 2001 From: irregulator Date: Sat, 24 May 2014 19:33:08 +0300 Subject: Remove initscript subscription to conf file --- puppet/modules/obfsproxy/manifests/init.pp | 1 - 1 file changed, 1 deletion(-) (limited to 'puppet/modules/obfsproxy/manifests/init.pp') diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index 9750932f..ddb198bb 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -29,7 +29,6 @@ class obfsproxy ( group => 'root', mode => '0750', require => File[$conf], - subscribe => File[$conf], } file { $conf : -- cgit v1.2.3 From 791e22b136910ecfa204eb78be747baed2b02590 Mon Sep 17 00:00:00 2001 From: irregulator Date: Wed, 28 May 2014 17:35:12 +0300 Subject: Make obfsproxy daemon bind to specific address rather than 0.0.0.0 If obfsproxy is spawned alongside eip service, make it listen to the gateway_adress IP. If obfsproxy is running standalone listen to ip_address. --- puppet/modules/obfsproxy/manifests/init.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/obfsproxy/manifests/init.pp') diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index ddb198bb..35d47d13 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -1,5 +1,6 @@ class obfsproxy ( $transport, + $bind_address, $port, $param, $dest_ip, -- cgit v1.2.3 From aa3e39bc8342b6800129965efad72527b53596df Mon Sep 17 00:00:00 2001 From: irregulator Date: Tue, 3 Jun 2014 17:41:46 +0300 Subject: Add User resource requirement for obfsproxy service, log, etc dir --- puppet/modules/obfsproxy/manifests/init.pp | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'puppet/modules/obfsproxy/manifests/init.pp') diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index 35d47d13..a23cfa58 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -42,10 +42,11 @@ class obfsproxy ( } file { '/etc/obfsproxy': - ensure => directory, - owner => $user, - group => $user, - mode => '0700', + ensure => directory, + owner => $user, + group => $user, + mode => '0700', + require => User[$user], } file { '/var/log/obfsproxy.log': @@ -53,6 +54,7 @@ class obfsproxy ( owner => $user, group => $user, mode => '0640', + require => User[$user], } file { '/etc/logrotate.d/obfsproxy': @@ -73,7 +75,9 @@ class obfsproxy ( subscribe => File[$conf], require => [ Package['obfsproxy'], - File['/etc/init.d/obfsproxy'] ] + File['/etc/init.d/obfsproxy'], + User[$user], + Group[$user]] } -- cgit v1.2.3 From e184143d3066f02968c8bb1035e0e02bae44d587 Mon Sep 17 00:00:00 2001 From: irregulator Date: Tue, 3 Jun 2014 17:47:50 +0300 Subject: Add apt preferences requirement for obfsproxy package resource --- puppet/modules/obfsproxy/manifests/init.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'puppet/modules/obfsproxy/manifests/init.pp') diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index a23cfa58..61714fdf 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -67,7 +67,8 @@ class obfsproxy ( } package { 'obfsproxy': - ensure => present, + ensure => present, + require => Class['site_apt::preferences::obfsproxy'], } service { 'obfsproxy': -- cgit v1.2.3