From 8128fd27d9d3637654ebf924c860a701a4a08911 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 26 Oct 2012 13:14:37 +0200 Subject: beginning config of main interface --- puppet/modules/site_config/manifests/eip.pp | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index df17771a..0077137b 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -5,9 +5,25 @@ class site_config::eip { #$tor=hiera('tor') #notice("Tor enabled: $tor") - $openvpn_config = hiera('openvpn') - $interface = hiera('interface') - $gateway_address = $openvpn_config['gateway_address'] + $ip_address = hiera('ip_address') + $interface = hiera('interface') + $gateway_address = hiera('gateway_address') + $openvpn_config = hiera('openvpn') + $openvpn_gateway_address = $openvpn_config['gateway_address'] + + include interfaces + interfaces::iface { $interface: + family => 'inet', + method => 'static', + options => [ "address $ip_address", + 'netmask 255.255.255.0', + "gateway $gateway", + "up ip addr add $openvpn_gateway_address/24 dev eth0 label", + "down ip addr del $openvpn_gateway_address/24 dev eth0 label", + ], + auto => 1, + allow_hotplug => 1 } + site_openvpn::server_config { 'tcp_config': port => '1194', -- cgit v1.2.3 From 92368db363406ebf47419814e1ac1bfc9f17c44a Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 26 Oct 2012 15:08:15 +0200 Subject: linted, variable updated --- puppet/modules/site_config/manifests/eip.pp | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 0077137b..57b6d831 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -12,16 +12,16 @@ class site_config::eip { $openvpn_gateway_address = $openvpn_config['gateway_address'] include interfaces - interfaces::iface { $interface: - family => 'inet', - method => 'static', - options => [ "address $ip_address", + interfaces::iface { $interface: + family => 'inet', + method => 'static', + options => [ "address $ip_address", 'netmask 255.255.255.0', - "gateway $gateway", + "gateway $gateway_address", "up ip addr add $openvpn_gateway_address/24 dev eth0 label", "down ip addr del $openvpn_gateway_address/24 dev eth0 label", - ], - auto => 1, + ], + auto => 1, allow_hotplug => 1 } -- cgit v1.2.3 From 8253e3ebeb88ba33131365a1b584878a12bbd225 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 26 Oct 2012 15:14:23 +0200 Subject: removed label for ip addr --- puppet/modules/site_config/manifests/eip.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 57b6d831..1beea9ce 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -18,8 +18,8 @@ class site_config::eip { options => [ "address $ip_address", 'netmask 255.255.255.0', "gateway $gateway_address", - "up ip addr add $openvpn_gateway_address/24 dev eth0 label", - "down ip addr del $openvpn_gateway_address/24 dev eth0 label", + "up ip addr add $openvpn_gateway_address/24 dev eth0", + "down ip addr del $openvpn_gateway_address/24 dev eth0", ], auto => 1, allow_hotplug => 1 } -- cgit v1.2.3 From c40a1bce442aab4ba8baf062ffcb65e006ad13e0 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Oct 2012 14:53:06 +0100 Subject: use script to add second ip --- puppet/modules/site_config/manifests/eip.pp | 47 +++++++++++++++++++---------- 1 file changed, 31 insertions(+), 16 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 1beea9ce..c81ad33a 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -18,29 +18,44 @@ class site_config::eip { options => [ "address $ip_address", 'netmask 255.255.255.0', "gateway $gateway_address", - "up ip addr add $openvpn_gateway_address/24 dev eth0", - "down ip addr del $openvpn_gateway_address/24 dev eth0", + "up ip addr add $openvpn_gateway_address/24 dev $interface", + "down ip addr del $openvpn_gateway_address/24 dev $interface", ], auto => 1, allow_hotplug => 1 } - site_openvpn::server_config { 'tcp_config': - port => '1194', - proto => 'tcp', - local => $gateway_address, - server => '10.1.0.0 255.255.248.0', - push => '"dhcp-option DNS 10.1.0.1"', - management => '127.0.0.1 1000' + #site_openvpn::server_config { 'tcp_config': + # port => '1194', + # proto => 'tcp', + # local => $gateway_address, + # server => '10.1.0.0 255.255.248.0', + # push => '"dhcp-option DNS 10.1.0.1"', + # management => '127.0.0.1 1000' + #} + #site_openvpn::server_config { 'udp_config': + # port => '1194', + # proto => 'udp', + # local => $gateway_address, + # server => '10.2.0.0 255.255.248.0', + # push => '"dhcp-option DNS 10.2.0.1"', + # management => '127.0.0.1 1001' + #} + + file { '/usr/local/bin/leap_add_second_ip.sh': + content => '#!/bin/sh + ip addr show dev eth0 | grep -q "$openvpn_gateway_address/24" || ip addr add "$openvpn_gateway_address/24" dev eth0', + mode => '0755', } - site_openvpn::server_config { 'udp_config': - port => '1194', - proto => 'udp', - local => $gateway_address, - server => '10.2.0.0 255.255.248.0', - push => '"dhcp-option DNS 10.2.0.1"', - management => '127.0.0.1 1001' + + exec { '/usr/local/bin/leap_add_second_ip.sh': + subscribe => File['/usr/local/bin/leap_add_second_ip.sh'], } + #exec { "ip addr add $openvpn_gateway_address/24 dev $interface": + # path => '/usr/bin:/sbin', + # unless => "ip addr show dev $interface | grep -q '$interface/24'" + #} + include site_shorewall::eip } -- cgit v1.2.3 From 189e8957c23fb09ef8c130f64e53f58c9da7d3ec Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Oct 2012 14:58:55 +0100 Subject: pass variable to leap_add_second_ip.sh --- puppet/modules/site_config/manifests/eip.pp | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index c81ad33a..ed1d395b 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -11,19 +11,18 @@ class site_config::eip { $openvpn_config = hiera('openvpn') $openvpn_gateway_address = $openvpn_config['gateway_address'] - include interfaces - interfaces::iface { $interface: - family => 'inet', - method => 'static', - options => [ "address $ip_address", - 'netmask 255.255.255.0', - "gateway $gateway_address", - "up ip addr add $openvpn_gateway_address/24 dev $interface", - "down ip addr del $openvpn_gateway_address/24 dev $interface", - ], - auto => 1, - allow_hotplug => 1 } - + #include interfaces + #interfaces::iface { $interface: + # family => 'inet', + # method => 'static', + # options => [ "address $ip_address", + # 'netmask 255.255.255.0', + # "gateway $gateway_address", + # "up ip addr add $openvpn_gateway_address/24 dev $interface", + # "down ip addr del $openvpn_gateway_address/24 dev $interface", + # ], + # auto => 1, + # allow_hotplug => 1 } #site_openvpn::server_config { 'tcp_config': # port => '1194', @@ -43,8 +42,8 @@ class site_config::eip { #} file { '/usr/local/bin/leap_add_second_ip.sh': - content => '#!/bin/sh - ip addr show dev eth0 | grep -q "$openvpn_gateway_address/24" || ip addr add "$openvpn_gateway_address/24" dev eth0', + content => "#!/bin/sh +ip addr show dev $interface | grep -q "$openvpn_gateway_address/24" || ip addr add "$openvpn_gateway_address/24" dev $interface", mode => '0755', } -- cgit v1.2.3 From 7c7c3f6ff9806febe903a9cfdef97c36e3743587 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Oct 2012 18:34:51 +0100 Subject: double double quoting solved --- puppet/modules/site_config/manifests/eip.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index ed1d395b..59889a92 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -43,7 +43,7 @@ class site_config::eip { file { '/usr/local/bin/leap_add_second_ip.sh': content => "#!/bin/sh -ip addr show dev $interface | grep -q "$openvpn_gateway_address/24" || ip addr add "$openvpn_gateway_address/24" dev $interface", +ip addr show dev $interface | grep -q ${openvpn_gateway_address}/24 || ip addr add ${openvpn_gateway_address}/24 dev $interface", mode => '0755', } -- cgit v1.2.3 From 372797b1f0b2a65698e8f4cd52fdf5d93a274965 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Oct 2012 20:04:23 +0100 Subject: reenabled site_openvpn::server_config, leap_add_second_ip.sh @reboot --- puppet/modules/site_config/manifests/eip.pp | 57 +++++++++++------------------ 1 file changed, 21 insertions(+), 36 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 59889a92..498d7eed 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -2,44 +2,28 @@ class site_config::eip { include site_openvpn include site_openvpn::keys - #$tor=hiera('tor') - #notice("Tor enabled: $tor") - $ip_address = hiera('ip_address') $interface = hiera('interface') $gateway_address = hiera('gateway_address') $openvpn_config = hiera('openvpn') $openvpn_gateway_address = $openvpn_config['gateway_address'] - #include interfaces - #interfaces::iface { $interface: - # family => 'inet', - # method => 'static', - # options => [ "address $ip_address", - # 'netmask 255.255.255.0', - # "gateway $gateway_address", - # "up ip addr add $openvpn_gateway_address/24 dev $interface", - # "down ip addr del $openvpn_gateway_address/24 dev $interface", - # ], - # auto => 1, - # allow_hotplug => 1 } - - #site_openvpn::server_config { 'tcp_config': - # port => '1194', - # proto => 'tcp', - # local => $gateway_address, - # server => '10.1.0.0 255.255.248.0', - # push => '"dhcp-option DNS 10.1.0.1"', - # management => '127.0.0.1 1000' - #} - #site_openvpn::server_config { 'udp_config': - # port => '1194', - # proto => 'udp', - # local => $gateway_address, - # server => '10.2.0.0 255.255.248.0', - # push => '"dhcp-option DNS 10.2.0.1"', - # management => '127.0.0.1 1001' - #} + site_openvpn::server_config { 'tcp_config': + port => '1194', + proto => 'tcp', + local => $openvpn_gateway_address, + server => '10.1.0.0 255.255.248.0', + push => '"dhcp-option DNS 10.1.0.1"', + management => '127.0.0.1 1000' + } + site_openvpn::server_config { 'udp_config': + port => '1194', + proto => 'udp', + local => $openvpn_gateway_address, + server => '10.2.0.0 255.255.248.0', + push => '"dhcp-option DNS 10.2.0.1"', + management => '127.0.0.1 1001' + } file { '/usr/local/bin/leap_add_second_ip.sh': content => "#!/bin/sh @@ -51,10 +35,11 @@ ip addr show dev $interface | grep -q ${openvpn_gateway_address}/24 || ip addr a subscribe => File['/usr/local/bin/leap_add_second_ip.sh'], } - #exec { "ip addr add $openvpn_gateway_address/24 dev $interface": - # path => '/usr/bin:/sbin', - # unless => "ip addr show dev $interface | grep -q '$interface/24'" - #} + cron { 'leap_add_second_ip.sh': + command => "/usr/local/bin/leap_add_second_ip.sh", + user => 'root', + special => 'reboot', + } include site_shorewall::eip } -- cgit v1.2.3 From 7361c79e1e864c16450455a3ae374393a04f9eb7 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Oct 2012 20:27:52 +0100 Subject: no need for gateway_address --- puppet/modules/site_config/manifests/eip.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 498d7eed..15bf8be2 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -4,7 +4,7 @@ class site_config::eip { $ip_address = hiera('ip_address') $interface = hiera('interface') - $gateway_address = hiera('gateway_address') + #$gateway_address = hiera('gateway_address') $openvpn_config = hiera('openvpn') $openvpn_gateway_address = $openvpn_config['gateway_address'] -- cgit v1.2.3 From c26c2c18d0abb7dec76a748bf0c2c2f9000298da Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Oct 2012 22:17:26 +0100 Subject: openvpn_tcp/udp_network_prefix and openvpn_tcp/udp_netmask variables --- puppet/modules/site_config/manifests/eip.pp | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 15bf8be2..ecac446b 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -2,26 +2,30 @@ class site_config::eip { include site_openvpn include site_openvpn::keys - $ip_address = hiera('ip_address') - $interface = hiera('interface') - #$gateway_address = hiera('gateway_address') - $openvpn_config = hiera('openvpn') - $openvpn_gateway_address = $openvpn_config['gateway_address'] + $ip_address = hiera('ip_address') + $interface = hiera('interface') + #$gateway_address = hiera('gateway_address') + $openvpn_config = hiera('openvpn') + $openvpn_gateway_address = $openvpn_config['gateway_address'] + $openvpn_tcp_network_prefix = '10.1.0' + $openvpn_tcp_netmask = '255.255.248.0' + $openvpn_udp_network_prefix = '10.2.0' + $openvpn_udp_netmask = '255.255.248.0' site_openvpn::server_config { 'tcp_config': port => '1194', proto => 'tcp', local => $openvpn_gateway_address, - server => '10.1.0.0 255.255.248.0', - push => '"dhcp-option DNS 10.1.0.1"', + server => "$openvpn_tcp_network_prefix.0 $openvpn_tcp_netmask", + push => "\"dhcp-option DNS $openvpn_tcp_network_prefix.1\"", management => '127.0.0.1 1000' } site_openvpn::server_config { 'udp_config': port => '1194', proto => 'udp', + server => "$openvpn_udp_network_prefix.0 $openvpn_udp_netmask", + push => "\"dhcp-option DNS $openvpn_udp_network_prefix.1\"", local => $openvpn_gateway_address, - server => '10.2.0.0 255.255.248.0', - push => '"dhcp-option DNS 10.2.0.1"', management => '127.0.0.1 1001' } -- cgit v1.2.3 From 1e3e9658a2309569e73d6bef72d441a6851d2653 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Oct 2012 22:22:37 +0100 Subject: also provide openvpn_tcp/udp_cidr variable --- puppet/modules/site_config/manifests/eip.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index ecac446b..d7a59157 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -9,8 +9,10 @@ class site_config::eip { $openvpn_gateway_address = $openvpn_config['gateway_address'] $openvpn_tcp_network_prefix = '10.1.0' $openvpn_tcp_netmask = '255.255.248.0' + $openvpn_tcp_cidr = '21' $openvpn_udp_network_prefix = '10.2.0' $openvpn_udp_netmask = '255.255.248.0' + $openvpn_udp_cidr = '21' site_openvpn::server_config { 'tcp_config': port => '1194', -- cgit v1.2.3 From 2f747b961a1fd5f7197e63dde58b64ab465ac39d Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 30 Oct 2012 12:16:49 +0100 Subject: commenting --- puppet/modules/site_config/manifests/eip.pp | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_config') diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index d7a59157..4280fb67 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -1,7 +1,6 @@ class site_config::eip { - include site_openvpn - include site_openvpn::keys + # parse hiera config $ip_address = hiera('ip_address') $interface = hiera('interface') #$gateway_address = hiera('gateway_address') @@ -14,6 +13,12 @@ class site_config::eip { $openvpn_udp_netmask = '255.255.248.0' $openvpn_udp_cidr = '21' + include site_openvpn + + # deploy ca + server keys + include site_openvpn::keys + + # create 2 openvpn config files, one for tcp, one for udp site_openvpn::server_config { 'tcp_config': port => '1194', proto => 'tcp', @@ -31,6 +36,7 @@ class site_config::eip { management => '127.0.0.1 1001' } + # add second IP on given interface file { '/usr/local/bin/leap_add_second_ip.sh': content => "#!/bin/sh ip addr show dev $interface | grep -q ${openvpn_gateway_address}/24 || ip addr add ${openvpn_gateway_address}/24 dev $interface", -- cgit v1.2.3