From 54fcafe131c411a49e4277cd0d14c6ea20044203 Mon Sep 17 00:00:00 2001 From: irregulator Date: Tue, 20 May 2014 23:20:58 +0300 Subject: Initial commit for obfsproxy server feature in platform --- puppet/modules/obfsproxy/files/obfsproxy_daemon | 99 +++++++++++++++++++++++++ puppet/modules/obfsproxy/manifests/init.pp | 64 ++++++++++++++++ puppet/modules/obfsproxy/templates/etc_conf.erb | 11 +++ 3 files changed, 174 insertions(+) create mode 100755 puppet/modules/obfsproxy/files/obfsproxy_daemon create mode 100644 puppet/modules/obfsproxy/manifests/init.pp create mode 100644 puppet/modules/obfsproxy/templates/etc_conf.erb (limited to 'puppet/modules/obfsproxy') diff --git a/puppet/modules/obfsproxy/files/obfsproxy_daemon b/puppet/modules/obfsproxy/files/obfsproxy_daemon new file mode 100755 index 00000000..f5914980 --- /dev/null +++ b/puppet/modules/obfsproxy/files/obfsproxy_daemon @@ -0,0 +1,99 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: obfsproxy daemon +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: obfsproxy daemon +# Description: obfsproxy daemon +### END INIT INFO + +. /lib/lsb/init-functions + +DAEMON=/usr/bin/obfsproxy +NAME=obfsproxy +DESC="obfsproxy daemon" +USER=obfsproxy +PIDFILE=/var/run/obfsproxy.pid +CONF=/etc/obfsproxy.conf + +# If the daemon is not there, then exit. +test -x $DAEMON || exit 0 + +if [ -f $CONF ] ; then + . $CONF +else + echo "Obfsproxy configuration file is missing, aborting..." + exit +fi + +DAEMONARGS=" --log-min-severity=$LOG $TRANSPORT $PARAM \ + --dest=$DEST_IP:$DEST_PORT server 0.0.0.0:$PORT" + +start_obfsproxy() { + start-stop-daemon --start --quiet --oknodo -m --pidfile $PIDFILE \ + -b -c $USER --startas $DAEMON --$DAEMONARGS +} + +stop_obfsproxy() { + start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE +} + +status_obfsproxy() { + status_of_proc -p $PIDFILE $DAEMON $NAME && status="0" || status="$?" +} + +case $1 in + start) + if [ -e $PIDFILE ]; then + status_obfsproxy + if [ $status = "0" ]; then + exit + fi + fi + log_begin_msg "Starting $DESC" + start_obfsproxy + log_end_msg $? + ;; + stop) + if [ -e $PIDFILE ]; then + status_obfsproxy + if [ $status = "0" ]; then + log_begin_msg "Stopping $DESC" + stop_obfsproxy + rm -f $PIDFILE + log_end_msg $? + fi + else + log_daemon_msg "$NAME is not running" + log_end_msg $? + fi + ;; + restart) + $0 stop && sleep 2 && $0 start + ;; + status) +# if [ -e $PIDFILE ]; then +# #status_of_proc -p $PIDFILE $DAEMON "$NAME " && exit 0 || exit $? +# status_obfsproxy +# else +# log_daemon_msg "$NAME is not running" +# log_end_msg 0 +# fi + status_obfsproxy + ;; + reload) + if [ -e $PIDFILE ]; then + start-stop-daemon --stop --signal USR1 --quiet --pidfile $PIDFILE --name $NAME + log_success_msg "$DESC reloaded successfully" + else + log_failure_msg "$PIDFILE does not exists" + fi + ;; + *) + echo "Usage: $0 {start|stop|restart|reload|status}" + exit 2 + ;; +esac diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp new file mode 100644 index 00000000..4deebb62 --- /dev/null +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -0,0 +1,64 @@ +class obfsproxy ( + $transport, + $port, + $param, + $dest_ip, + $dest_port +){ + + user { obfsproxy: + ensure => present, + system => true, + gid => obfsproxy, + } + + group { obfsproxy: + ensure => present, + system => true, + } + +# file { '/etc/default/obfsproxy': +# path => '/etc/default/obfsproxy', +# owner => 'root', +# group => 'root', +# mode => '0750', +# content => template('obfsproxy/etc_default_conf.erb'), +# } + + file { '/etc/init.d/obfsproxy': + path => '/etc/init.d/obfsproxy', + ensure => present, + source => 'puppet:///modules/obfsproxy/obfsproxy_daemon', + owner => 'root', + group => 'root', + mode => '0755', + require => File['/etc/obfsproxy.conf'], + subscribe => File['/etc/obfsproxy.conf'], + #content => template('obfsproxy/etc_init_d.erb'), + } + + file { '/etc/obfsproxy.conf': + path => '/etc/obfsproxy.conf', + ensure => present, + owner => 'root', + group => 'root', + mode => '0750', + content => template('obfsproxy/etc_conf.erb'), + } + + package { "obfsproxy": + ensure => present, + } + + service { "obfsproxy": + ensure => running, + status => '/usr/sbin/service obfsproxy status + | grep "is running"', + require => [ + Package["obfsproxy"], + File["/etc/init.d/obfsproxy"] ] + } + + +} + diff --git a/puppet/modules/obfsproxy/templates/etc_conf.erb b/puppet/modules/obfsproxy/templates/etc_conf.erb new file mode 100644 index 00000000..3313b326 --- /dev/null +++ b/puppet/modules/obfsproxy/templates/etc_conf.erb @@ -0,0 +1,11 @@ +TRANSPORT=<%= @transport %> +PORT=<%= @port %> +DEST_IP=<%= @dest_ip %> +DEST_PORT=<%= @dest_port %> +<% if @transport == "scramblesuit" %> +PARAM=--password=<%= @param %> +<% else %> +PARAM=<%= @param %> +<% end %> +LOG=info + -- cgit v1.2.3 From 94e0791cff9a3ce47e66c56a921e41b83b52b3d9 Mon Sep 17 00:00:00 2001 From: irregulator Date: Wed, 21 May 2014 21:52:14 +0300 Subject: Add data directory to save scramblesuit's state. Also clean up a little the obfsproxy puppet class, create appropriate directories, restrict permissions. --- puppet/modules/obfsproxy/files/obfsproxy_daemon | 7 +++--- puppet/modules/obfsproxy/manifests/init.pp | 30 ++++++++++++++++--------- 2 files changed, 24 insertions(+), 13 deletions(-) (limited to 'puppet/modules/obfsproxy') diff --git a/puppet/modules/obfsproxy/files/obfsproxy_daemon b/puppet/modules/obfsproxy/files/obfsproxy_daemon index f5914980..4c9bcedc 100755 --- a/puppet/modules/obfsproxy/files/obfsproxy_daemon +++ b/puppet/modules/obfsproxy/files/obfsproxy_daemon @@ -16,8 +16,9 @@ DAEMON=/usr/bin/obfsproxy NAME=obfsproxy DESC="obfsproxy daemon" USER=obfsproxy +DATDIR=/etc/obfsproxy PIDFILE=/var/run/obfsproxy.pid -CONF=/etc/obfsproxy.conf +CONF=$DATDIR/obfsproxy.conf # If the daemon is not there, then exit. test -x $DAEMON || exit 0 @@ -29,8 +30,8 @@ else exit fi -DAEMONARGS=" --log-min-severity=$LOG $TRANSPORT $PARAM \ - --dest=$DEST_IP:$DEST_PORT server 0.0.0.0:$PORT" +DAEMONARGS=" --log-min-severity=$LOG --data-dir=$DATDIR $TRANSPORT \ + $PARAM --dest=$DEST_IP:$DEST_PORT server 0.0.0.0:$PORT" start_obfsproxy() { start-stop-daemon --start --quiet --oknodo -m --pidfile $PIDFILE \ diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index 4deebb62..c15a0dc8 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -6,13 +6,16 @@ class obfsproxy ( $dest_port ){ - user { obfsproxy: + $user = 'obfsproxy' + $conf = '/etc/obfsproxy/obfsproxy.conf' + + user { $user: ensure => present, system => true, - gid => obfsproxy, + gid => $user, } - group { obfsproxy: + group { $user: ensure => present, system => true, } @@ -31,19 +34,26 @@ class obfsproxy ( source => 'puppet:///modules/obfsproxy/obfsproxy_daemon', owner => 'root', group => 'root', - mode => '0755', - require => File['/etc/obfsproxy.conf'], - subscribe => File['/etc/obfsproxy.conf'], - #content => template('obfsproxy/etc_init_d.erb'), + mode => '0750', + require => File[$conf], + subscribe => File[$conf], } - file { '/etc/obfsproxy.conf': - path => '/etc/obfsproxy.conf', + file { $conf : + path => $conf, ensure => present, owner => 'root', group => 'root', - mode => '0750', + mode => '0600', content => template('obfsproxy/etc_conf.erb'), + require => File['/etc/obfsproxy'], + } + + file { '/etc/obfsproxy': + ensure => directory, + owner => $user, + group => $user, + mode => '0700', } package { "obfsproxy": -- cgit v1.2.3 From 7c9dd9ee9653c854badaf4f1d21d7dd833e3e620 Mon Sep 17 00:00:00 2001 From: irregulator Date: Thu, 22 May 2014 20:44:51 +0300 Subject: Move obfsproxy_daemon to obfsproxy_init --- puppet/modules/obfsproxy/files/obfsproxy_daemon | 100 ------------------------ puppet/modules/obfsproxy/files/obfsproxy_init | 100 ++++++++++++++++++++++++ puppet/modules/obfsproxy/manifests/init.pp | 2 +- 3 files changed, 101 insertions(+), 101 deletions(-) delete mode 100755 puppet/modules/obfsproxy/files/obfsproxy_daemon create mode 100755 puppet/modules/obfsproxy/files/obfsproxy_init (limited to 'puppet/modules/obfsproxy') diff --git a/puppet/modules/obfsproxy/files/obfsproxy_daemon b/puppet/modules/obfsproxy/files/obfsproxy_daemon deleted file mode 100755 index 4c9bcedc..00000000 --- a/puppet/modules/obfsproxy/files/obfsproxy_daemon +++ /dev/null @@ -1,100 +0,0 @@ -#!/bin/sh - -### BEGIN INIT INFO -# Provides: obfsproxy daemon -# Required-Start: $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: obfsproxy daemon -# Description: obfsproxy daemon -### END INIT INFO - -. /lib/lsb/init-functions - -DAEMON=/usr/bin/obfsproxy -NAME=obfsproxy -DESC="obfsproxy daemon" -USER=obfsproxy -DATDIR=/etc/obfsproxy -PIDFILE=/var/run/obfsproxy.pid -CONF=$DATDIR/obfsproxy.conf - -# If the daemon is not there, then exit. -test -x $DAEMON || exit 0 - -if [ -f $CONF ] ; then - . $CONF -else - echo "Obfsproxy configuration file is missing, aborting..." - exit -fi - -DAEMONARGS=" --log-min-severity=$LOG --data-dir=$DATDIR $TRANSPORT \ - $PARAM --dest=$DEST_IP:$DEST_PORT server 0.0.0.0:$PORT" - -start_obfsproxy() { - start-stop-daemon --start --quiet --oknodo -m --pidfile $PIDFILE \ - -b -c $USER --startas $DAEMON --$DAEMONARGS -} - -stop_obfsproxy() { - start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE -} - -status_obfsproxy() { - status_of_proc -p $PIDFILE $DAEMON $NAME && status="0" || status="$?" -} - -case $1 in - start) - if [ -e $PIDFILE ]; then - status_obfsproxy - if [ $status = "0" ]; then - exit - fi - fi - log_begin_msg "Starting $DESC" - start_obfsproxy - log_end_msg $? - ;; - stop) - if [ -e $PIDFILE ]; then - status_obfsproxy - if [ $status = "0" ]; then - log_begin_msg "Stopping $DESC" - stop_obfsproxy - rm -f $PIDFILE - log_end_msg $? - fi - else - log_daemon_msg "$NAME is not running" - log_end_msg $? - fi - ;; - restart) - $0 stop && sleep 2 && $0 start - ;; - status) -# if [ -e $PIDFILE ]; then -# #status_of_proc -p $PIDFILE $DAEMON "$NAME " && exit 0 || exit $? -# status_obfsproxy -# else -# log_daemon_msg "$NAME is not running" -# log_end_msg 0 -# fi - status_obfsproxy - ;; - reload) - if [ -e $PIDFILE ]; then - start-stop-daemon --stop --signal USR1 --quiet --pidfile $PIDFILE --name $NAME - log_success_msg "$DESC reloaded successfully" - else - log_failure_msg "$PIDFILE does not exists" - fi - ;; - *) - echo "Usage: $0 {start|stop|restart|reload|status}" - exit 2 - ;; -esac diff --git a/puppet/modules/obfsproxy/files/obfsproxy_init b/puppet/modules/obfsproxy/files/obfsproxy_init new file mode 100755 index 00000000..4c9bcedc --- /dev/null +++ b/puppet/modules/obfsproxy/files/obfsproxy_init @@ -0,0 +1,100 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: obfsproxy daemon +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: obfsproxy daemon +# Description: obfsproxy daemon +### END INIT INFO + +. /lib/lsb/init-functions + +DAEMON=/usr/bin/obfsproxy +NAME=obfsproxy +DESC="obfsproxy daemon" +USER=obfsproxy +DATDIR=/etc/obfsproxy +PIDFILE=/var/run/obfsproxy.pid +CONF=$DATDIR/obfsproxy.conf + +# If the daemon is not there, then exit. +test -x $DAEMON || exit 0 + +if [ -f $CONF ] ; then + . $CONF +else + echo "Obfsproxy configuration file is missing, aborting..." + exit +fi + +DAEMONARGS=" --log-min-severity=$LOG --data-dir=$DATDIR $TRANSPORT \ + $PARAM --dest=$DEST_IP:$DEST_PORT server 0.0.0.0:$PORT" + +start_obfsproxy() { + start-stop-daemon --start --quiet --oknodo -m --pidfile $PIDFILE \ + -b -c $USER --startas $DAEMON --$DAEMONARGS +} + +stop_obfsproxy() { + start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE +} + +status_obfsproxy() { + status_of_proc -p $PIDFILE $DAEMON $NAME && status="0" || status="$?" +} + +case $1 in + start) + if [ -e $PIDFILE ]; then + status_obfsproxy + if [ $status = "0" ]; then + exit + fi + fi + log_begin_msg "Starting $DESC" + start_obfsproxy + log_end_msg $? + ;; + stop) + if [ -e $PIDFILE ]; then + status_obfsproxy + if [ $status = "0" ]; then + log_begin_msg "Stopping $DESC" + stop_obfsproxy + rm -f $PIDFILE + log_end_msg $? + fi + else + log_daemon_msg "$NAME is not running" + log_end_msg $? + fi + ;; + restart) + $0 stop && sleep 2 && $0 start + ;; + status) +# if [ -e $PIDFILE ]; then +# #status_of_proc -p $PIDFILE $DAEMON "$NAME " && exit 0 || exit $? +# status_obfsproxy +# else +# log_daemon_msg "$NAME is not running" +# log_end_msg 0 +# fi + status_obfsproxy + ;; + reload) + if [ -e $PIDFILE ]; then + start-stop-daemon --stop --signal USR1 --quiet --pidfile $PIDFILE --name $NAME + log_success_msg "$DESC reloaded successfully" + else + log_failure_msg "$PIDFILE does not exists" + fi + ;; + *) + echo "Usage: $0 {start|stop|restart|reload|status}" + exit 2 + ;; +esac diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index c15a0dc8..e62bfcd8 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -31,7 +31,7 @@ class obfsproxy ( file { '/etc/init.d/obfsproxy': path => '/etc/init.d/obfsproxy', ensure => present, - source => 'puppet:///modules/obfsproxy/obfsproxy_daemon', + source => 'puppet:///modules/obfsproxy/obfsproxy_init', owner => 'root', group => 'root', mode => '0750', -- cgit v1.2.3 From f8694b037dfd22382dc2abd8afefd947d3531974 Mon Sep 17 00:00:00 2001 From: irregulator Date: Thu, 22 May 2014 20:46:06 +0300 Subject: Change exit status code if config file is missing --- puppet/modules/obfsproxy/files/obfsproxy_init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/obfsproxy') diff --git a/puppet/modules/obfsproxy/files/obfsproxy_init b/puppet/modules/obfsproxy/files/obfsproxy_init index 4c9bcedc..2496bba7 100755 --- a/puppet/modules/obfsproxy/files/obfsproxy_init +++ b/puppet/modules/obfsproxy/files/obfsproxy_init @@ -27,7 +27,7 @@ if [ -f $CONF ] ; then . $CONF else echo "Obfsproxy configuration file is missing, aborting..." - exit + exit 2 fi DAEMONARGS=" --log-min-severity=$LOG --data-dir=$DATDIR $TRANSPORT \ -- cgit v1.2.3 From f4b56483c6e80774f746cd1fbf7d92573dd0f51d Mon Sep 17 00:00:00 2001 From: irregulator Date: Thu, 22 May 2014 20:47:23 +0300 Subject: Remove commented lines from init script status section --- puppet/modules/obfsproxy/files/obfsproxy_init | 7 ------- 1 file changed, 7 deletions(-) (limited to 'puppet/modules/obfsproxy') diff --git a/puppet/modules/obfsproxy/files/obfsproxy_init b/puppet/modules/obfsproxy/files/obfsproxy_init index 2496bba7..5223ec9d 100755 --- a/puppet/modules/obfsproxy/files/obfsproxy_init +++ b/puppet/modules/obfsproxy/files/obfsproxy_init @@ -76,13 +76,6 @@ case $1 in $0 stop && sleep 2 && $0 start ;; status) -# if [ -e $PIDFILE ]; then -# #status_of_proc -p $PIDFILE $DAEMON "$NAME " && exit 0 || exit $? -# status_obfsproxy -# else -# log_daemon_msg "$NAME is not running" -# log_end_msg 0 -# fi status_obfsproxy ;; reload) -- cgit v1.2.3 From ae75dccbb6a65ee22b6185dcd8c0fedd14e35d0f Mon Sep 17 00:00:00 2001 From: irregulator Date: Thu, 22 May 2014 20:49:12 +0300 Subject: Remove commented lines from obfsproxy puppet module class --- puppet/modules/obfsproxy/manifests/init.pp | 8 -------- 1 file changed, 8 deletions(-) (limited to 'puppet/modules/obfsproxy') diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index e62bfcd8..d0212c64 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -20,14 +20,6 @@ class obfsproxy ( system => true, } -# file { '/etc/default/obfsproxy': -# path => '/etc/default/obfsproxy', -# owner => 'root', -# group => 'root', -# mode => '0750', -# content => template('obfsproxy/etc_default_conf.erb'), -# } - file { '/etc/init.d/obfsproxy': path => '/etc/init.d/obfsproxy', ensure => present, -- cgit v1.2.3 From 1a0161da0ff420d26732b492898ebf0074b2292c Mon Sep 17 00:00:00 2001 From: irregulator Date: Thu, 22 May 2014 20:52:44 +0300 Subject: Line up equal signs, change double to single quotes --- puppet/modules/obfsproxy/manifests/init.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'puppet/modules/obfsproxy') diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index d0212c64..456fe1a7 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -48,17 +48,17 @@ class obfsproxy ( mode => '0700', } - package { "obfsproxy": + package { 'obfsproxy': ensure => present, } - service { "obfsproxy": + service { 'obfsproxy': ensure => running, status => '/usr/sbin/service obfsproxy status | grep "is running"', require => [ - Package["obfsproxy"], - File["/etc/init.d/obfsproxy"] ] + Package['obfsproxy'], + File['/etc/init.d/obfsproxy'] ] } -- cgit v1.2.3 From 7a54923591125894440b9ff7020e4b413a1c6fb5 Mon Sep 17 00:00:00 2001 From: irregulator Date: Fri, 23 May 2014 17:28:32 +0300 Subject: Address logging for obfsproxy daemon Create obfsproxy directory in /var/log, specify log file when obfsproxy is spawned by init script, create a logrotate configuration for obfsproxy's logs. --- puppet/modules/obfsproxy/files/obfsproxy_init | 5 +++-- puppet/modules/obfsproxy/files/obfsproxy_logrotate | 14 ++++++++++++++ puppet/modules/obfsproxy/manifests/init.pp | 16 ++++++++++++++++ 3 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 puppet/modules/obfsproxy/files/obfsproxy_logrotate (limited to 'puppet/modules/obfsproxy') diff --git a/puppet/modules/obfsproxy/files/obfsproxy_init b/puppet/modules/obfsproxy/files/obfsproxy_init index 5223ec9d..7a7e7609 100755 --- a/puppet/modules/obfsproxy/files/obfsproxy_init +++ b/puppet/modules/obfsproxy/files/obfsproxy_init @@ -19,6 +19,7 @@ USER=obfsproxy DATDIR=/etc/obfsproxy PIDFILE=/var/run/obfsproxy.pid CONF=$DATDIR/obfsproxy.conf +LOGFILE=/var/log/obfsproxy/log # If the daemon is not there, then exit. test -x $DAEMON || exit 0 @@ -30,8 +31,8 @@ else exit 2 fi -DAEMONARGS=" --log-min-severity=$LOG --data-dir=$DATDIR $TRANSPORT \ - $PARAM --dest=$DEST_IP:$DEST_PORT server 0.0.0.0:$PORT" +DAEMONARGS=" --log-min-severity=$LOG --log-file=$LOGFILE --data-dir=$DATDIR \ + $TRANSPORT $PARAM --dest=$DEST_IP:$DEST_PORT server 0.0.0.0:$PORT" start_obfsproxy() { start-stop-daemon --start --quiet --oknodo -m --pidfile $PIDFILE \ diff --git a/puppet/modules/obfsproxy/files/obfsproxy_logrotate b/puppet/modules/obfsproxy/files/obfsproxy_logrotate new file mode 100644 index 00000000..623bbab1 --- /dev/null +++ b/puppet/modules/obfsproxy/files/obfsproxy_logrotate @@ -0,0 +1,14 @@ +/var/log/obfsproxy/log { + weekly + missingok + rotate 10 + compress + delaycompress + notifempty + create 600 obfsproxy obfsproxy + postrotate + if [ -f /var/run/obfsproxy.pid ]; then + /etc/init.d/obfsproxy restart > /dev/null + fi + endscript +} diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index 456fe1a7..9ba2d0fd 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -48,6 +48,22 @@ class obfsproxy ( mode => '0700', } + file { '/var/log/obfsproxy': + ensure => directory, + owner => $user, + group => $user, + mode => '0750', + } + + file { '/etc/logrotate.d/obfsproxy': + ensure => present, + source => 'puppet:///modules/obfsproxy/obfsproxy_logrotate', + owner => 'root', + group => 'root', + mode => '0644', + require => File['/var/log/obfsproxy'], + } + package { 'obfsproxy': ensure => present, } -- cgit v1.2.3 From fedbb6dccf7bd78b0b2a507a817dacaef0b67ac3 Mon Sep 17 00:00:00 2001 From: irregulator Date: Fri, 23 May 2014 17:45:13 +0300 Subject: Be able to specify log_level parameter for obfsproxy log_level sets minimum logging severity of obfsproxy daemon, can be error, warning, info, debug. Defaults to info. --- puppet/modules/obfsproxy/manifests/init.pp | 3 ++- puppet/modules/obfsproxy/templates/etc_conf.erb | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'puppet/modules/obfsproxy') diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index 9ba2d0fd..1ee44d6f 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -3,7 +3,8 @@ class obfsproxy ( $port, $param, $dest_ip, - $dest_port + $dest_port, + $log_level = 'info' ){ $user = 'obfsproxy' diff --git a/puppet/modules/obfsproxy/templates/etc_conf.erb b/puppet/modules/obfsproxy/templates/etc_conf.erb index 3313b326..d9938e1a 100644 --- a/puppet/modules/obfsproxy/templates/etc_conf.erb +++ b/puppet/modules/obfsproxy/templates/etc_conf.erb @@ -7,5 +7,5 @@ PARAM=--password=<%= @param %> <% else %> PARAM=<%= @param %> <% end %> -LOG=info +LOG=<%= @log_level %> -- cgit v1.2.3 From 49c4235477ab11118f8fc92a6f554b36121b36b2 Mon Sep 17 00:00:00 2001 From: irregulator Date: Sat, 24 May 2014 16:39:29 +0300 Subject: Change logrotate's frequency and number of log files to keep --- puppet/modules/obfsproxy/files/obfsproxy_logrotate | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/obfsproxy') diff --git a/puppet/modules/obfsproxy/files/obfsproxy_logrotate b/puppet/modules/obfsproxy/files/obfsproxy_logrotate index 623bbab1..e776fcd3 100644 --- a/puppet/modules/obfsproxy/files/obfsproxy_logrotate +++ b/puppet/modules/obfsproxy/files/obfsproxy_logrotate @@ -1,7 +1,7 @@ /var/log/obfsproxy/log { - weekly + daily missingok - rotate 10 + rotate 3 compress delaycompress notifempty -- cgit v1.2.3 From 4ad025d9d7b0c1999bf34e0acd3ca12c88358d05 Mon Sep 17 00:00:00 2001 From: irregulator Date: Sat, 24 May 2014 17:41:46 +0300 Subject: Simplify init script, let puppet service resource use init status --- puppet/modules/obfsproxy/files/obfsproxy_init | 9 ++++----- puppet/modules/obfsproxy/manifests/init.pp | 2 -- 2 files changed, 4 insertions(+), 7 deletions(-) (limited to 'puppet/modules/obfsproxy') diff --git a/puppet/modules/obfsproxy/files/obfsproxy_init b/puppet/modules/obfsproxy/files/obfsproxy_init index 7a7e7609..b1297738 100755 --- a/puppet/modules/obfsproxy/files/obfsproxy_init +++ b/puppet/modules/obfsproxy/files/obfsproxy_init @@ -44,14 +44,14 @@ stop_obfsproxy() { } status_obfsproxy() { - status_of_proc -p $PIDFILE $DAEMON $NAME && status="0" || status="$?" + status_of_proc -p $PIDFILE $DAEMON $NAME } case $1 in start) if [ -e $PIDFILE ]; then status_obfsproxy - if [ $status = "0" ]; then + if [ $? = "0" ]; then exit fi fi @@ -62,15 +62,14 @@ case $1 in stop) if [ -e $PIDFILE ]; then status_obfsproxy - if [ $status = "0" ]; then + if [ $? = "0" ]; then log_begin_msg "Stopping $DESC" stop_obfsproxy rm -f $PIDFILE log_end_msg $? fi else - log_daemon_msg "$NAME is not running" - log_end_msg $? + status_obfsproxy fi ;; restart) diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index 1ee44d6f..b45a60a1 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -71,8 +71,6 @@ class obfsproxy ( service { 'obfsproxy': ensure => running, - status => '/usr/sbin/service obfsproxy status - | grep "is running"', require => [ Package['obfsproxy'], File['/etc/init.d/obfsproxy'] ] -- cgit v1.2.3 From 58347eddee416410e3ad3c8c4edc2b0e40a3d26c Mon Sep 17 00:00:00 2001 From: irregulator Date: Sat, 24 May 2014 18:08:31 +0300 Subject: Subscribe obfsproxy service resource to conf file --- puppet/modules/obfsproxy/manifests/init.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'puppet/modules/obfsproxy') diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index b45a60a1..4a0221af 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -39,7 +39,6 @@ class obfsproxy ( group => 'root', mode => '0600', content => template('obfsproxy/etc_conf.erb'), - require => File['/etc/obfsproxy'], } file { '/etc/obfsproxy': @@ -70,8 +69,9 @@ class obfsproxy ( } service { 'obfsproxy': - ensure => running, - require => [ + ensure => running, + subscribe => File[$conf], + require => [ Package['obfsproxy'], File['/etc/init.d/obfsproxy'] ] } -- cgit v1.2.3 From db9290a2b1b406e8231c0df569ae47c0a74ec12a Mon Sep 17 00:00:00 2001 From: irregulator Date: Sat, 24 May 2014 19:26:05 +0300 Subject: Move log files to var/log instead of var/log/obfsproxy --- puppet/modules/obfsproxy/files/obfsproxy_init | 2 +- puppet/modules/obfsproxy/files/obfsproxy_logrotate | 2 +- puppet/modules/obfsproxy/manifests/init.pp | 12 ++++++------ 3 files changed, 8 insertions(+), 8 deletions(-) (limited to 'puppet/modules/obfsproxy') diff --git a/puppet/modules/obfsproxy/files/obfsproxy_init b/puppet/modules/obfsproxy/files/obfsproxy_init index b1297738..629fea9f 100755 --- a/puppet/modules/obfsproxy/files/obfsproxy_init +++ b/puppet/modules/obfsproxy/files/obfsproxy_init @@ -19,7 +19,7 @@ USER=obfsproxy DATDIR=/etc/obfsproxy PIDFILE=/var/run/obfsproxy.pid CONF=$DATDIR/obfsproxy.conf -LOGFILE=/var/log/obfsproxy/log +LOGFILE=/var/log/obfsproxy.log # If the daemon is not there, then exit. test -x $DAEMON || exit 0 diff --git a/puppet/modules/obfsproxy/files/obfsproxy_logrotate b/puppet/modules/obfsproxy/files/obfsproxy_logrotate index e776fcd3..e5679d0c 100644 --- a/puppet/modules/obfsproxy/files/obfsproxy_logrotate +++ b/puppet/modules/obfsproxy/files/obfsproxy_logrotate @@ -1,4 +1,4 @@ -/var/log/obfsproxy/log { +/var/log/obfsproxy.log { daily missingok rotate 3 diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index 4a0221af..9750932f 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -48,11 +48,11 @@ class obfsproxy ( mode => '0700', } - file { '/var/log/obfsproxy': - ensure => directory, - owner => $user, - group => $user, - mode => '0750', + file { '/var/log/obfsproxy.log': + ensure => present, + owner => $user, + group => $user, + mode => '0640', } file { '/etc/logrotate.d/obfsproxy': @@ -61,7 +61,7 @@ class obfsproxy ( owner => 'root', group => 'root', mode => '0644', - require => File['/var/log/obfsproxy'], + require => File['/var/log/obfsproxy.log'], } package { 'obfsproxy': -- cgit v1.2.3 From 436d98b3781aa66c78b3ec77fa7d47652a92f590 Mon Sep 17 00:00:00 2001 From: irregulator Date: Sat, 24 May 2014 19:33:08 +0300 Subject: Remove initscript subscription to conf file --- puppet/modules/obfsproxy/manifests/init.pp | 1 - 1 file changed, 1 deletion(-) (limited to 'puppet/modules/obfsproxy') diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index 9750932f..ddb198bb 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -29,7 +29,6 @@ class obfsproxy ( group => 'root', mode => '0750', require => File[$conf], - subscribe => File[$conf], } file { $conf : -- cgit v1.2.3 From 791e22b136910ecfa204eb78be747baed2b02590 Mon Sep 17 00:00:00 2001 From: irregulator Date: Wed, 28 May 2014 17:35:12 +0300 Subject: Make obfsproxy daemon bind to specific address rather than 0.0.0.0 If obfsproxy is spawned alongside eip service, make it listen to the gateway_adress IP. If obfsproxy is running standalone listen to ip_address. --- puppet/modules/obfsproxy/files/obfsproxy_init | 2 +- puppet/modules/obfsproxy/manifests/init.pp | 1 + puppet/modules/obfsproxy/templates/etc_conf.erb | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) (limited to 'puppet/modules/obfsproxy') diff --git a/puppet/modules/obfsproxy/files/obfsproxy_init b/puppet/modules/obfsproxy/files/obfsproxy_init index 629fea9f..69dbab41 100755 --- a/puppet/modules/obfsproxy/files/obfsproxy_init +++ b/puppet/modules/obfsproxy/files/obfsproxy_init @@ -32,7 +32,7 @@ else fi DAEMONARGS=" --log-min-severity=$LOG --log-file=$LOGFILE --data-dir=$DATDIR \ - $TRANSPORT $PARAM --dest=$DEST_IP:$DEST_PORT server 0.0.0.0:$PORT" + $TRANSPORT $PARAM --dest=$DEST_IP:$DEST_PORT server $BINDADDR:$PORT" start_obfsproxy() { start-stop-daemon --start --quiet --oknodo -m --pidfile $PIDFILE \ diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index ddb198bb..35d47d13 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -1,5 +1,6 @@ class obfsproxy ( $transport, + $bind_address, $port, $param, $dest_ip, diff --git a/puppet/modules/obfsproxy/templates/etc_conf.erb b/puppet/modules/obfsproxy/templates/etc_conf.erb index d9938e1a..10f6a7f7 100644 --- a/puppet/modules/obfsproxy/templates/etc_conf.erb +++ b/puppet/modules/obfsproxy/templates/etc_conf.erb @@ -8,4 +8,5 @@ PARAM=--password=<%= @param %> PARAM=<%= @param %> <% end %> LOG=<%= @log_level %> +BINDADDR=<%= @bind_address %> -- cgit v1.2.3 From ee8064a8281c3f933aeea219baec822ec8f52b84 Mon Sep 17 00:00:00 2001 From: irregulator Date: Tue, 3 Jun 2014 17:37:52 +0300 Subject: Remove unneeded newlines from obfsproxy.conf --- puppet/modules/obfsproxy/templates/etc_conf.erb | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'puppet/modules/obfsproxy') diff --git a/puppet/modules/obfsproxy/templates/etc_conf.erb b/puppet/modules/obfsproxy/templates/etc_conf.erb index 10f6a7f7..8959ef78 100644 --- a/puppet/modules/obfsproxy/templates/etc_conf.erb +++ b/puppet/modules/obfsproxy/templates/etc_conf.erb @@ -2,11 +2,10 @@ TRANSPORT=<%= @transport %> PORT=<%= @port %> DEST_IP=<%= @dest_ip %> DEST_PORT=<%= @dest_port %> -<% if @transport == "scramblesuit" %> +<% if @transport == "scramblesuit" -%> PARAM=--password=<%= @param %> -<% else %> +<% else -%> PARAM=<%= @param %> -<% end %> +<% end -%> LOG=<%= @log_level %> BINDADDR=<%= @bind_address %> - -- cgit v1.2.3 From aa3e39bc8342b6800129965efad72527b53596df Mon Sep 17 00:00:00 2001 From: irregulator Date: Tue, 3 Jun 2014 17:41:46 +0300 Subject: Add User resource requirement for obfsproxy service, log, etc dir --- puppet/modules/obfsproxy/manifests/init.pp | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'puppet/modules/obfsproxy') diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index 35d47d13..a23cfa58 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -42,10 +42,11 @@ class obfsproxy ( } file { '/etc/obfsproxy': - ensure => directory, - owner => $user, - group => $user, - mode => '0700', + ensure => directory, + owner => $user, + group => $user, + mode => '0700', + require => User[$user], } file { '/var/log/obfsproxy.log': @@ -53,6 +54,7 @@ class obfsproxy ( owner => $user, group => $user, mode => '0640', + require => User[$user], } file { '/etc/logrotate.d/obfsproxy': @@ -73,7 +75,9 @@ class obfsproxy ( subscribe => File[$conf], require => [ Package['obfsproxy'], - File['/etc/init.d/obfsproxy'] ] + File['/etc/init.d/obfsproxy'], + User[$user], + Group[$user]] } -- cgit v1.2.3 From e184143d3066f02968c8bb1035e0e02bae44d587 Mon Sep 17 00:00:00 2001 From: irregulator Date: Tue, 3 Jun 2014 17:47:50 +0300 Subject: Add apt preferences requirement for obfsproxy package resource --- puppet/modules/obfsproxy/manifests/init.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'puppet/modules/obfsproxy') diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index a23cfa58..61714fdf 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -67,7 +67,8 @@ class obfsproxy ( } package { 'obfsproxy': - ensure => present, + ensure => present, + require => Class['site_apt::preferences::obfsproxy'], } service { 'obfsproxy': -- cgit v1.2.3 From 7e278f92f34e3809d380be724f0c306430791b10 Mon Sep 17 00:00:00 2001 From: irregulator Date: Tue, 1 Jul 2014 01:49:56 +0300 Subject: Use new macro pick_node to pick vpn gateway for obfsproxy.json --- puppet/modules/obfsproxy/files/obfsproxy_init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/obfsproxy') diff --git a/puppet/modules/obfsproxy/files/obfsproxy_init b/puppet/modules/obfsproxy/files/obfsproxy_init index 69dbab41..01c8013a 100755 --- a/puppet/modules/obfsproxy/files/obfsproxy_init +++ b/puppet/modules/obfsproxy/files/obfsproxy_init @@ -83,7 +83,7 @@ case $1 in start-stop-daemon --stop --signal USR1 --quiet --pidfile $PIDFILE --name $NAME log_success_msg "$DESC reloaded successfully" else - log_failure_msg "$PIDFILE does not exists" + log_failure_msg "$PIDFILE does not exist" fi ;; *) -- cgit v1.2.3