summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xGenerate63
-rwxr-xr-xPush15
2 files changed, 40 insertions, 38 deletions
diff --git a/Generate b/Generate
index fefce8e..bcc0af9 100755
--- a/Generate
+++ b/Generate
@@ -166,6 +166,7 @@ echo 0 > /proc/sys/net/ipv4/conf/$TUN_DEV/rp_filter
######################################################################################
$config = YAML::load( File.open( 'Hosts' ) )
+$NAMESPACE=$config['namespace']
def sys(command)
system(command) or throw "Command '#{command}' failed"
@@ -302,52 +303,52 @@ hostlist.each{ |host|
check_keys host
cn = host['name'] +'.'+ $config['cadndomain']
- dir = "noreply2-#{host['name']}"
+ dir = "#{$NAMESPACE}-#{host['name']}"
Dir.mkdir(dir) unless FileTest.directory?(dir)
- sys("rm -f #{dir}/noreply2-#{cn}.p12")
- sys("rm -f #{dir}/noreply2-#{cn}.crt")
- sys("rm -f #{dir}/noreply2-#{cn}.key")
- sys("rm -f #{dir}/noreply2-CA.crt")
+ sys("rm -f #{dir}/#{$NAMESPACE}-#{cn}.p12")
+ sys("rm -f #{dir}/#{$NAMESPACE}-#{cn}.crt")
+ sys("rm -f #{dir}/#{$NAMESPACE}-#{cn}.key")
+ sys("rm -f #{dir}/#{$NAMESPACE}-CA.crt")
if host['pkcs12']
- sys("ln CA/keys/#{cn}.p12 #{dir}/noreply2-#{cn}.p12")
+ sys("ln CA/keys/#{cn}.p12 #{dir}/#{$NAMESPACE}-#{cn}.p12")
else
- sys("ln CA/keys/#{cn}.crt #{dir}/noreply2-#{cn}.crt")
- sys("ln CA/keys/#{cn}.key #{dir}/noreply2-#{cn}.key")
- sys("ln CA/keys/ca.crt #{dir}/noreply2-CA.crt")
+ sys("ln CA/keys/#{cn}.crt #{dir}/#{$NAMESPACE}-#{cn}.crt")
+ sys("ln CA/keys/#{cn}.key #{dir}/#{$NAMESPACE}-#{cn}.key")
+ sys("ln CA/keys/ca.crt #{dir}/#{$NAMESPACE}-CA.crt")
end
- sys("rm -f #{dir}/noreply2.dh2048.pem && ln CA/keys/dh2048.pem #{dir}/noreply2.dh2048.pem")
+ sys("rm -f #{dir}/#{$NAMESPACE}.dh2048.pem && ln CA/keys/dh2048.pem #{dir}/#{$NAMESPACE}.dh2048.pem")
- iptables = File.new("#{dir}/noreply2.iptables.sh", "w")
- ip6tables = File.new("#{dir}/noreply2.ip6tables.sh", "w")
+ iptables = File.new("#{dir}/#{$NAMESPACE}.iptables.sh", "w")
+ ip6tables = File.new("#{dir}/#{$NAMESPACE}.ip6tables.sh", "w")
iptables.puts "# Automatically created on #{THISHOST} at #{RIGHTNOW} by #{THISPROGRAM}."
iptables.puts "PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin"
- iptables.puts "echo 'Doing noreply2 VPN rules.'"
- iptables.puts "iptables --new-chain vpn-noreply2"
- iptables.puts "iptables --flush vpn-noreply2"
+ iptables.puts "echo 'Doing #{$NAMESPACE} VPN rules.'"
+ iptables.puts "iptables --new-chain vpn-#{$NAMESPACE}"
+ iptables.puts "iptables --flush vpn-#{$NAMESPACE}"
ip6tables.puts "# Automatically created on #{THISHOST} at #{RIGHTNOW} by #{THISPROGRAM}."
ip6tables.puts "PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin"
- ip6tables.puts "echo 'Doing noreply2 VPN rules.'"
+ ip6tables.puts "echo 'Doing #{$NAMESPACE} VPN rules.'"
if host['ipv6']
- ip6tables.puts "ip6tables --new-chain vpn-noreply2"
- ip6tables.puts "ip6tables --flush vpn-noreply2"
+ ip6tables.puts "ip6tables --new-chain vpn-#{$NAMESPACE}"
+ ip6tables.puts "ip6tables --flush vpn-#{$NAMESPACE}"
end
- daemonsfilename = "#{dir}/noreply2.quagga.daemons"
+ daemonsfilename = "#{dir}/#{$NAMESPACE}.quagga.daemons"
daemons = File.new(daemonsfilename, "w")
daemons.puts QUAGGA_DAEMONS.gsub('HOSTNAME', host['name'])
daemons.close
- zebrafilename = "#{dir}/noreply2.quagga.zebra"
+ zebrafilename = "#{dir}/#{$NAMESPACE}.quagga.zebra"
zebra = File.new(zebrafilename, "w")
zebra.puts QUAGGA_ZEBRA.gsub('HOSTNAME', host['name'])
zebra.close
File.chmod(0600, zebrafilename) == 1 or throw "Cannot chmod #{zebrafilename}"
# BGP config
- bgpdfilename = "#{dir}/noreply2.quagga.bgpd"
+ bgpdfilename = "#{dir}/#{$NAMESPACE}.quagga.bgpd"
bgpd = File.new(bgpdfilename, "w")
bgpd.puts QUAGGA_BGPD_HEAD.gsub('HOSTNAME', host['name'])
bgpd.puts QUAGGA_BGPD_DEFAULT_PREFIX_LIST_PERMIT.gsub('LISTNAME', 'VPNn2')
@@ -560,10 +561,10 @@ hostlist.each{ |host|
throw "peer is server but doesn't have an address" if !host_is_server and peer['host_address'] == nil
- upscriptnamebase = 'noreply2-%s.up'%[peer['name']]
+ upscriptnamebase = "#{$NAMESPACE}-#{peer['name']}.up"
upscriptname = "#{dir}/"+upscriptnamebase
- conffile = File.new("#{dir}/noreply2-%s.conf"%[peer['name']], "w")
+ conffile = File.new("#{dir}/#{$NAMESPACE}-%s.conf"%[peer['name']], "w")
conffile.puts "dev %s"%[peer['ifacename']]
conffile.puts "tun-ipv6" if host['ipv6'] and peer['ipv6']
#mtu = 1434
@@ -579,17 +580,17 @@ hostlist.each{ |host|
conffile.puts "local %s"%[host['host_address']] if host['host_address']
if host_is_server
conffile.puts "tls-server"
- conffile.puts "dh noreply2.dh2048.pem"
+ conffile.puts "dh #{$NAMESPACE}.dh2048.pem"
else
conffile.puts "tls-client"
end
conffile.puts "tls-remote %s.%s"%[peer['name'], $config['cadndomain']]
if host['pkcs12']
- conffile.puts "pkcs12 noreply2-%s.%s.p12"%[host['name'], $config['cadndomain']]
+ conffile.puts "pkcs12 #{$NAMESPACE}-%s.%s.p12"%[host['name'], $config['cadndomain']]
else
- conffile.puts "ca noreply2-CA.crt"
- conffile.puts "cert noreply2-%s.%s.crt"%[host['name'], $config['cadndomain']]
- conffile.puts "key noreply2-%s.%s.key"%[host['name'], $config['cadndomain']]
+ conffile.puts "ca #{$NAMESPACE}-CA.crt"
+ conffile.puts "cert #{$NAMESPACE}-%s.%s.crt"%[host['name'], $config['cadndomain']]
+ conffile.puts "key #{$NAMESPACE}-%s.%s.key"%[host['name'], $config['cadndomain']]
end
conffile.puts "up /etc/openvpn/#{upscriptnamebase}"
conffile.puts "up-delay"
@@ -613,16 +614,16 @@ hostlist.each{ |host|
File.chmod(0755, upscriptname) == 1 or throw "Cannot chmod #{upscriptname}"
##########
- iptables.puts "iptables --append vpn-noreply2 --source #{ peer['host_address'] || '0.0.0.0/0' } --destination #{ host['host_address'] || '0.0.0.0/0' } \\"
+ iptables.puts "iptables --append vpn-#{$NAMESPACE} --source #{ peer['host_address'] || '0.0.0.0/0' } --destination #{ host['host_address'] || '0.0.0.0/0' } \\"
iptables.puts " --protocol udp --destination-port #{ peer['inet_port'] } \\"
iptables.puts " --jump ACCEPT"
- iptables.puts "iptables --append vpn-noreply2 --source #{ peer['vpn_address'] } --destination #{ host['vpn_address'] } \\"
+ iptables.puts "iptables --append vpn-#{$NAMESPACE} --source #{ peer['vpn_address'] } --destination #{ host['vpn_address'] } \\"
iptables.puts " --protocol tcp --destination-port #{ host['bgp_port'] or 'bgp' } \\"
iptables.puts " --in-interface #{ peer['ifacename'] } \\"
iptables.puts " --jump ACCEPT"
if host['ipv6'] and peer['ipv6']
- ip6tables.puts "ip6tables --append vpn-noreply2 \\"
+ ip6tables.puts "ip6tables --append vpn-#{$NAMESPACE} \\"
ip6tables.puts " --source #{ host['link-local'][ peer['name'] ]['peer'] } \\"
ip6tables.puts " --destination #{ host['link-local'][ peer['name'] ]['me'] } \\"
ip6tables.puts " --protocol tcp --destination-port #{ host['bgp_port'] or 'bgp' } \\"
diff --git a/Push b/Push
index 9b9846f..63a743a 100755
--- a/Push
+++ b/Push
@@ -3,6 +3,7 @@
require 'yaml';
$config = YAML::load( File.open( 'Hosts' ) )
+$NAMESPACE=$config['namespace']
def sys(command)
puts "} #{command}"
@@ -13,17 +14,17 @@ end
def getFilesMD5(host, ssh_hostname)
cmd = ssh_hostname ?
"ssh root@#{ssh_hostname} /bin/ls -1 /etc/openvpn" :
- "ls -1 noreply2-#{host}"
+ "ls -1 #{$NAMESPACE}-#{host}"
puts "| " + cmd
f = IO.popen( cmd, aModeString="r" );
- files = f.readlines.delete_if{|e| not e =~ /^noreply2[.-]/ }.collect{|e| e.chomp}
+ files = f.readlines.delete_if{|e| not e =~ /^#{$NAMESPACE}[.-]/ }.collect{|e| e.chomp}
f.close
md5 = {}
if (files.length > 0)
cmd = ssh_hostname ?
"ssh root@#{ssh_hostname} 'cd /etc/openvpn && md5sum " + files.join(' ') + "'" :
- "cd noreply2-#{host} && md5sum " + files.join(' ')
+ "cd #{$NAMESPACE}-#{host} && md5sum " + files.join(' ')
puts "| " + cmd
f = IO.popen( cmd, aModeString="r" );
f.each_line{ |l|
@@ -99,7 +100,7 @@ hosts.each{ |hostname|
end
}
- dir = "noreply2-#{hostname}/"
+ dir = "#{$NAMESPACE}-#{hostname}/"
sys("scp "+copy.collect{|f| dir+f }.join(' ')+" root@#{ssh_hostname}:/etc/openvpn/") if copy.size > 0
commands = []
commands << "sh ./#{do_iptables} &&\n" if do_iptables
@@ -112,9 +113,9 @@ hosts.each{ |hostname|
command << "echo 'all done'"
sys("ssh root@#{ssh_hostname} '#{command}'") if commands.size > 0
if (do_quagga)
- sys("ssh root@#{ssh_hostname} 'cp -a /etc/openvpn/noreply2.quagga.bgpd /etc/quagga/bgpd.conf &&
- cp -a /etc/openvpn/noreply2.quagga.zebra /etc/quagga/zebra.conf &&
- cp -a /etc/openvpn/noreply2.quagga.daemons /etc/quagga/daemons &&
+ sys("ssh root@#{ssh_hostname} 'cp -a /etc/openvpn/#{$NAMESPACE}.quagga.bgpd /etc/quagga/bgpd.conf &&
+ cp -a /etc/openvpn/#{$NAMESPACE}.quagga.zebra /etc/quagga/zebra.conf &&
+ cp -a /etc/openvpn/#{$NAMESPACE}.quagga.daemons /etc/quagga/daemons &&
chmod 640 /etc/quagga/bgpd.conf /etc/quagga/zebra.conf &&
chgrp quagga /etc/quagga/bgpd.conf /etc/quagga/zebra.conf &&
/etc/init.d/quagga restart'")