diff options
Diffstat (limited to 'Generate')
| -rwxr-xr-x | Generate | 63 |
1 files changed, 32 insertions, 31 deletions
@@ -166,6 +166,7 @@ echo 0 > /proc/sys/net/ipv4/conf/$TUN_DEV/rp_filter ###################################################################################### $config = YAML::load( File.open( 'Hosts' ) ) +$NAMESPACE=$config['namespace'] def sys(command) system(command) or throw "Command '#{command}' failed" @@ -302,52 +303,52 @@ hostlist.each{ |host| check_keys host cn = host['name'] +'.'+ $config['cadndomain'] - dir = "noreply2-#{host['name']}" + dir = "#{$NAMESPACE}-#{host['name']}" Dir.mkdir(dir) unless FileTest.directory?(dir) - sys("rm -f #{dir}/noreply2-#{cn}.p12") - sys("rm -f #{dir}/noreply2-#{cn}.crt") - sys("rm -f #{dir}/noreply2-#{cn}.key") - sys("rm -f #{dir}/noreply2-CA.crt") + sys("rm -f #{dir}/#{$NAMESPACE}-#{cn}.p12") + sys("rm -f #{dir}/#{$NAMESPACE}-#{cn}.crt") + sys("rm -f #{dir}/#{$NAMESPACE}-#{cn}.key") + sys("rm -f #{dir}/#{$NAMESPACE}-CA.crt") if host['pkcs12'] - sys("ln CA/keys/#{cn}.p12 #{dir}/noreply2-#{cn}.p12") + sys("ln CA/keys/#{cn}.p12 #{dir}/#{$NAMESPACE}-#{cn}.p12") else - sys("ln CA/keys/#{cn}.crt #{dir}/noreply2-#{cn}.crt") - sys("ln CA/keys/#{cn}.key #{dir}/noreply2-#{cn}.key") - sys("ln CA/keys/ca.crt #{dir}/noreply2-CA.crt") + sys("ln CA/keys/#{cn}.crt #{dir}/#{$NAMESPACE}-#{cn}.crt") + sys("ln CA/keys/#{cn}.key #{dir}/#{$NAMESPACE}-#{cn}.key") + sys("ln CA/keys/ca.crt #{dir}/#{$NAMESPACE}-CA.crt") end - sys("rm -f #{dir}/noreply2.dh2048.pem && ln CA/keys/dh2048.pem #{dir}/noreply2.dh2048.pem") + sys("rm -f #{dir}/#{$NAMESPACE}.dh2048.pem && ln CA/keys/dh2048.pem #{dir}/#{$NAMESPACE}.dh2048.pem") - iptables = File.new("#{dir}/noreply2.iptables.sh", "w") - ip6tables = File.new("#{dir}/noreply2.ip6tables.sh", "w") + iptables = File.new("#{dir}/#{$NAMESPACE}.iptables.sh", "w") + ip6tables = File.new("#{dir}/#{$NAMESPACE}.ip6tables.sh", "w") iptables.puts "# Automatically created on #{THISHOST} at #{RIGHTNOW} by #{THISPROGRAM}." iptables.puts "PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin" - iptables.puts "echo 'Doing noreply2 VPN rules.'" - iptables.puts "iptables --new-chain vpn-noreply2" - iptables.puts "iptables --flush vpn-noreply2" + iptables.puts "echo 'Doing #{$NAMESPACE} VPN rules.'" + iptables.puts "iptables --new-chain vpn-#{$NAMESPACE}" + iptables.puts "iptables --flush vpn-#{$NAMESPACE}" ip6tables.puts "# Automatically created on #{THISHOST} at #{RIGHTNOW} by #{THISPROGRAM}." ip6tables.puts "PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin" - ip6tables.puts "echo 'Doing noreply2 VPN rules.'" + ip6tables.puts "echo 'Doing #{$NAMESPACE} VPN rules.'" if host['ipv6'] - ip6tables.puts "ip6tables --new-chain vpn-noreply2" - ip6tables.puts "ip6tables --flush vpn-noreply2" + ip6tables.puts "ip6tables --new-chain vpn-#{$NAMESPACE}" + ip6tables.puts "ip6tables --flush vpn-#{$NAMESPACE}" end - daemonsfilename = "#{dir}/noreply2.quagga.daemons" + daemonsfilename = "#{dir}/#{$NAMESPACE}.quagga.daemons" daemons = File.new(daemonsfilename, "w") daemons.puts QUAGGA_DAEMONS.gsub('HOSTNAME', host['name']) daemons.close - zebrafilename = "#{dir}/noreply2.quagga.zebra" + zebrafilename = "#{dir}/#{$NAMESPACE}.quagga.zebra" zebra = File.new(zebrafilename, "w") zebra.puts QUAGGA_ZEBRA.gsub('HOSTNAME', host['name']) zebra.close File.chmod(0600, zebrafilename) == 1 or throw "Cannot chmod #{zebrafilename}" # BGP config - bgpdfilename = "#{dir}/noreply2.quagga.bgpd" + bgpdfilename = "#{dir}/#{$NAMESPACE}.quagga.bgpd" bgpd = File.new(bgpdfilename, "w") bgpd.puts QUAGGA_BGPD_HEAD.gsub('HOSTNAME', host['name']) bgpd.puts QUAGGA_BGPD_DEFAULT_PREFIX_LIST_PERMIT.gsub('LISTNAME', 'VPNn2') @@ -560,10 +561,10 @@ hostlist.each{ |host| throw "peer is server but doesn't have an address" if !host_is_server and peer['host_address'] == nil - upscriptnamebase = 'noreply2-%s.up'%[peer['name']] + upscriptnamebase = "#{$NAMESPACE}-#{peer['name']}.up" upscriptname = "#{dir}/"+upscriptnamebase - conffile = File.new("#{dir}/noreply2-%s.conf"%[peer['name']], "w") + conffile = File.new("#{dir}/#{$NAMESPACE}-%s.conf"%[peer['name']], "w") conffile.puts "dev %s"%[peer['ifacename']] conffile.puts "tun-ipv6" if host['ipv6'] and peer['ipv6'] #mtu = 1434 @@ -579,17 +580,17 @@ hostlist.each{ |host| conffile.puts "local %s"%[host['host_address']] if host['host_address'] if host_is_server conffile.puts "tls-server" - conffile.puts "dh noreply2.dh2048.pem" + conffile.puts "dh #{$NAMESPACE}.dh2048.pem" else conffile.puts "tls-client" end conffile.puts "tls-remote %s.%s"%[peer['name'], $config['cadndomain']] if host['pkcs12'] - conffile.puts "pkcs12 noreply2-%s.%s.p12"%[host['name'], $config['cadndomain']] + conffile.puts "pkcs12 #{$NAMESPACE}-%s.%s.p12"%[host['name'], $config['cadndomain']] else - conffile.puts "ca noreply2-CA.crt" - conffile.puts "cert noreply2-%s.%s.crt"%[host['name'], $config['cadndomain']] - conffile.puts "key noreply2-%s.%s.key"%[host['name'], $config['cadndomain']] + conffile.puts "ca #{$NAMESPACE}-CA.crt" + conffile.puts "cert #{$NAMESPACE}-%s.%s.crt"%[host['name'], $config['cadndomain']] + conffile.puts "key #{$NAMESPACE}-%s.%s.key"%[host['name'], $config['cadndomain']] end conffile.puts "up /etc/openvpn/#{upscriptnamebase}" conffile.puts "up-delay" @@ -613,16 +614,16 @@ hostlist.each{ |host| File.chmod(0755, upscriptname) == 1 or throw "Cannot chmod #{upscriptname}" ########## - iptables.puts "iptables --append vpn-noreply2 --source #{ peer['host_address'] || '0.0.0.0/0' } --destination #{ host['host_address'] || '0.0.0.0/0' } \\" + iptables.puts "iptables --append vpn-#{$NAMESPACE} --source #{ peer['host_address'] || '0.0.0.0/0' } --destination #{ host['host_address'] || '0.0.0.0/0' } \\" iptables.puts " --protocol udp --destination-port #{ peer['inet_port'] } \\" iptables.puts " --jump ACCEPT" - iptables.puts "iptables --append vpn-noreply2 --source #{ peer['vpn_address'] } --destination #{ host['vpn_address'] } \\" + iptables.puts "iptables --append vpn-#{$NAMESPACE} --source #{ peer['vpn_address'] } --destination #{ host['vpn_address'] } \\" iptables.puts " --protocol tcp --destination-port #{ host['bgp_port'] or 'bgp' } \\" iptables.puts " --in-interface #{ peer['ifacename'] } \\" iptables.puts " --jump ACCEPT" if host['ipv6'] and peer['ipv6'] - ip6tables.puts "ip6tables --append vpn-noreply2 \\" + ip6tables.puts "ip6tables --append vpn-#{$NAMESPACE} \\" ip6tables.puts " --source #{ host['link-local'][ peer['name'] ]['peer'] } \\" ip6tables.puts " --destination #{ host['link-local'][ peer['name'] ]['me'] } \\" ip6tables.puts " --protocol tcp --destination-port #{ host['bgp_port'] or 'bgp' } \\" |