diff options
| author | mh <mh@immerda.ch> | 2016-11-01 20:26:20 +0100 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2016-11-01 20:26:20 +0100 |
| commit | 720c1670750345e8c361219a58c2722a603e26bb (patch) | |
| tree | 0379a2c21c3c2b7f32d9c8f149040f128efa858b | |
| parent | 4510682dff23142df5de4cfcc988e4319fcb73cd (diff) | |
add support for onionbalance
| -rw-r--r-- | manifests/onionbalance.pp | 81 | ||||
| -rw-r--r-- | manifests/onionbalance/key.pp | 25 | ||||
| -rw-r--r-- | manifests/onionbalance/keys.pp | 11 | ||||
| -rw-r--r-- | spec/classes/onionbalance_spec.rb | 60 | ||||
| -rw-r--r-- | templates/onionbalance/Debian.torrc.erb | 5 | ||||
| -rw-r--r-- | templates/onionbalance/RedHat.torrc.erb | 13 | ||||
| -rw-r--r-- | templates/onionbalance/config.yaml.erb | 10 |
7 files changed, 205 insertions, 0 deletions
diff --git a/manifests/onionbalance.pp b/manifests/onionbalance.pp new file mode 100644 index 0000000..34831d3 --- /dev/null +++ b/manifests/onionbalance.pp @@ -0,0 +1,81 @@ +# manages an onionbalance installation +# +# Parameters: +# +# services: a hash of onionbalance service instances +# services => { +# keyname_of_service1 => { +# name1 => onionservice_addr_3, +# name2 => onionservice_addr_2, +# _key_content => content_of_key_of_onionbalanced_service1, +# }, +# } +# +class tor::onionbalance( + $services, +) { + + include ::tor + + case $osfamily { + 'Debian': { + $pkg_name = 'onionbalance' + $instance_file = '/etc/tor/instances/onionbalance/torrc' + $instance_user = '_tor-onionbalance' + exec{'/usr/sbin/tor-instance-create onionbalance': + creates => '/etc/tor/instances/onionbalance', + require => Package['tor'], + before => File[$instance_file], + } -> augeas{"manage_onionbalance_in_group_${instance_user}": + context => '/files/etc/group', + changes => [ "set ${instance_user}/user[last()+1] onionbalance" ], + onlyif => "match ${instance_user}/*[../user='onionbalance'] size == 0", + require => Package['onionbalance'], + } + } + 'RedHat': { + $instance_file = '/etc/tor/onionbalance.torrc' + $instance_user = 'toranon' + $pkg_name = 'python2-onionbalance' + } + default: { + fail("OSFamily ${osfamily} not (yet) supported for onionbalance") + } + } + + package{$pkg_name: + ensure => 'installed', + tag => 'onionbalance', + } -> file{ + '/etc/onionbalance/config.yaml': + content => template('tor/onionbalance/config.yaml.erb'), + owner => root, + group => $instance_user, + mode => '0640', + notify => Service['onionbalance']; + $instance_file: + content => template("tor/onionbalance/${osfamily}.torrc.erb"), + owner => root, + group => 0, + mode => '0644', + require => Package['tor'], + notify => Service['tor@onionbalance'], + } + + tor::onionbalance::keys{ + keys($services): + values => $services, + group => $instance_user, + } + + service{ + 'tor@onionbalance': + ensure => running, + enable => true; + 'onionbalance': + ensure => running, + enable => true, + subscribe => Service['tor@onionbalance']; + } + +} diff --git a/manifests/onionbalance/key.pp b/manifests/onionbalance/key.pp new file mode 100644 index 0000000..e0016fc --- /dev/null +++ b/manifests/onionbalance/key.pp @@ -0,0 +1,25 @@ +# manage onionbalance keys +# +# key_content will be treated as path +# to a file containing the key content +# if the value starts with a / +# +define tor::onionbalance::key( + $key_content, + $group, +){ + + if $key_content =~ /^\// { + $content = file($key_content) + } else { + $content = $key_content + } + Package<| tag == 'onionbalance' |> -> file{ + "/etc/onionbalance/${name}.key": + content => $content, + owner => root, + group => $group, + mode => '0640', + notify => Service['onionbalance']; + } +} diff --git a/manifests/onionbalance/keys.pp b/manifests/onionbalance/keys.pp new file mode 100644 index 0000000..e3040f5 --- /dev/null +++ b/manifests/onionbalance/keys.pp @@ -0,0 +1,11 @@ +# a wrapper to manage onionbalance keys +define tor::onionbalance::keys( + $values, + $group, +) { + tor::onionbalance::key{ + $name: + key_content => $values[$name]['_key_content'], + group => $group, + } +} diff --git a/spec/classes/onionbalance_spec.rb b/spec/classes/onionbalance_spec.rb new file mode 100644 index 0000000..ff9bb27 --- /dev/null +++ b/spec/classes/onionbalance_spec.rb @@ -0,0 +1,60 @@ +require File.expand_path(File.join(File.dirname(__FILE__),'../spec_helper')) + +describe 'tor::onionbalance', :type => 'class' do + let(:default_facts) { + { + :osfamily => 'RedHat', + :operatingsystem => 'CentOS', + } + } + let(:facts){ default_facts } + let(:pre_condition){'Exec{path => "/bin"}' } + let(:params){ + { + :services => { + 'keyname_of_service1' => { + 'name1' => 'onionservice_addr_3', + 'name2' => 'onionservice_addr_2', + '_key_content' => 'content_of_key_of_onionbalanced_service1', + }, + }, + } + } + describe 'with standard' do + it { is_expected.to compile.with_all_deps } + + it { is_expected.to contain_package('python2-onionbalance').with( + :ensure => 'installed', + ) } + it { is_expected.to contain_service('tor@onionbalance').with( + :ensure => 'running', + :enable => true, + ) } + it { is_expected.to contain_service('onionbalance').with( + :ensure => 'running', + :enable => true, + :subscribe => 'Service[tor@onionbalance]', + ) } + context 'on Debian' do + let(:facts) { + { + :osfamily => 'Debian', + :operatingsystem => 'Debian', + } + } + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_package('onionbalance').with( + :ensure => 'installed', + ) } + it { is_expected.to contain_service('tor@onionbalance').with( + :ensure => 'running', + :enable => true, + ) } + it { is_expected.to contain_service('onionbalance').with( + :ensure => 'running', + :enable => true, + :subscribe => 'Service[tor@onionbalance]', + ) } + end + end +end diff --git a/templates/onionbalance/Debian.torrc.erb b/templates/onionbalance/Debian.torrc.erb new file mode 100644 index 0000000..4b1afc4 --- /dev/null +++ b/templates/onionbalance/Debian.torrc.erb @@ -0,0 +1,5 @@ +# Tor config for the onionbalance management server +# --- +# The onionbalance service must be able to access the Tor control port. +ControlPort 9051 +SocksPort 0 diff --git a/templates/onionbalance/RedHat.torrc.erb b/templates/onionbalance/RedHat.torrc.erb new file mode 100644 index 0000000..023748b --- /dev/null +++ b/templates/onionbalance/RedHat.torrc.erb @@ -0,0 +1,13 @@ +# Tor config for the onionbalance management server +# --- +# The onionbalance service must be able to access the Tor control port. + +DataDirectory /var/lib/tor/onionbalance-data + +ControlPort 9051 +CookieAuthentication 1 +SocksPort 0 + +CookieAuthFileGroupReadable 1 +CookieAuthFile /run/tor/onionbalance.control.authcookie + diff --git a/templates/onionbalance/config.yaml.erb b/templates/onionbalance/config.yaml.erb new file mode 100644 index 0000000..3f45bd1 --- /dev/null +++ b/templates/onionbalance/config.yaml.erb @@ -0,0 +1,10 @@ +# OnionBalance Config File +services: +<% @services.keys.sort.each do |key| -%> +- instances: +<% (@services[key].keys - ['_key_content']).sort.each do |inst| -%> + - address: <%= @services[key][inst] %> + name: <%= inst %> +<% end -%> + key: <%= key %>.key +<% end -%> |