From 922067213b59ef05204931c0d3177e452ea6cddf Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 7 Jan 2006 15:22:16 +0000
Subject: Support variable namespace instead of fixed "noreply2"

git-svn-id: svn+ssh://asteria.noreply.org/svn/weaselutils/trunk@44 bc3d92e2-beff-0310-a7cd-cc87d7ac0ede
---
 Generate | 63 ++++++++++++++++++++++++++++++++-------------------------------
 1 file changed, 32 insertions(+), 31 deletions(-)

(limited to 'Generate')

diff --git a/Generate b/Generate
index fefce8e..bcc0af9 100755
--- a/Generate
+++ b/Generate
@@ -166,6 +166,7 @@ echo 0 > /proc/sys/net/ipv4/conf/$TUN_DEV/rp_filter
 ######################################################################################
 
 $config = YAML::load( File.open( 'Hosts' ) )
+$NAMESPACE=$config['namespace']
 
 def sys(command)
 	system(command) or throw "Command '#{command}' failed"
@@ -302,52 +303,52 @@ hostlist.each{ |host|
 
 	check_keys host
 	cn = host['name'] +'.'+ $config['cadndomain']
-	dir = "noreply2-#{host['name']}"
+	dir = "#{$NAMESPACE}-#{host['name']}"
 	Dir.mkdir(dir) unless FileTest.directory?(dir)
 
-	sys("rm -f #{dir}/noreply2-#{cn}.p12")
-	sys("rm -f #{dir}/noreply2-#{cn}.crt")
-	sys("rm -f #{dir}/noreply2-#{cn}.key")
-	sys("rm -f #{dir}/noreply2-CA.crt")
+	sys("rm -f #{dir}/#{$NAMESPACE}-#{cn}.p12")
+	sys("rm -f #{dir}/#{$NAMESPACE}-#{cn}.crt")
+	sys("rm -f #{dir}/#{$NAMESPACE}-#{cn}.key")
+	sys("rm -f #{dir}/#{$NAMESPACE}-CA.crt")
 	if host['pkcs12']
-		sys("ln CA/keys/#{cn}.p12 #{dir}/noreply2-#{cn}.p12")
+		sys("ln CA/keys/#{cn}.p12 #{dir}/#{$NAMESPACE}-#{cn}.p12")
 	else
-		sys("ln CA/keys/#{cn}.crt #{dir}/noreply2-#{cn}.crt")
-		sys("ln CA/keys/#{cn}.key #{dir}/noreply2-#{cn}.key")
-		sys("ln CA/keys/ca.crt #{dir}/noreply2-CA.crt")
+		sys("ln CA/keys/#{cn}.crt #{dir}/#{$NAMESPACE}-#{cn}.crt")
+		sys("ln CA/keys/#{cn}.key #{dir}/#{$NAMESPACE}-#{cn}.key")
+		sys("ln CA/keys/ca.crt #{dir}/#{$NAMESPACE}-CA.crt")
 	end
-	sys("rm -f #{dir}/noreply2.dh2048.pem && ln CA/keys/dh2048.pem #{dir}/noreply2.dh2048.pem")
+	sys("rm -f #{dir}/#{$NAMESPACE}.dh2048.pem && ln CA/keys/dh2048.pem #{dir}/#{$NAMESPACE}.dh2048.pem")
 
 
-	iptables = File.new("#{dir}/noreply2.iptables.sh", "w")
-	ip6tables = File.new("#{dir}/noreply2.ip6tables.sh", "w")
+	iptables = File.new("#{dir}/#{$NAMESPACE}.iptables.sh", "w")
+	ip6tables = File.new("#{dir}/#{$NAMESPACE}.ip6tables.sh", "w")
 	iptables.puts "# Automatically created on #{THISHOST} at #{RIGHTNOW} by #{THISPROGRAM}."
 	iptables.puts "PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin"
-	iptables.puts "echo 'Doing noreply2 VPN rules.'"
-	iptables.puts "iptables --new-chain vpn-noreply2"
-	iptables.puts "iptables --flush vpn-noreply2"
+	iptables.puts "echo 'Doing #{$NAMESPACE} VPN rules.'"
+	iptables.puts "iptables --new-chain vpn-#{$NAMESPACE}"
+	iptables.puts "iptables --flush vpn-#{$NAMESPACE}"
 
 	ip6tables.puts "# Automatically created on #{THISHOST} at #{RIGHTNOW} by #{THISPROGRAM}."
 	ip6tables.puts "PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin"
-	ip6tables.puts "echo 'Doing noreply2 VPN rules.'"
+	ip6tables.puts "echo 'Doing #{$NAMESPACE} VPN rules.'"
 	if host['ipv6']
-		ip6tables.puts "ip6tables --new-chain vpn-noreply2"
-		ip6tables.puts "ip6tables --flush vpn-noreply2"
+		ip6tables.puts "ip6tables --new-chain vpn-#{$NAMESPACE}"
+		ip6tables.puts "ip6tables --flush vpn-#{$NAMESPACE}"
 	end
 
-	daemonsfilename = "#{dir}/noreply2.quagga.daemons"
+	daemonsfilename = "#{dir}/#{$NAMESPACE}.quagga.daemons"
 	daemons = File.new(daemonsfilename, "w")
 	daemons.puts QUAGGA_DAEMONS.gsub('HOSTNAME', host['name'])
 	daemons.close
 
-	zebrafilename = "#{dir}/noreply2.quagga.zebra"
+	zebrafilename = "#{dir}/#{$NAMESPACE}.quagga.zebra"
 	zebra = File.new(zebrafilename, "w")
 	zebra.puts QUAGGA_ZEBRA.gsub('HOSTNAME', host['name'])
 	zebra.close
 	File.chmod(0600, zebrafilename) == 1 or throw "Cannot chmod #{zebrafilename}"
 
 	# BGP config
-	bgpdfilename = "#{dir}/noreply2.quagga.bgpd"
+	bgpdfilename = "#{dir}/#{$NAMESPACE}.quagga.bgpd"
 	bgpd = File.new(bgpdfilename, "w")
 	bgpd.puts QUAGGA_BGPD_HEAD.gsub('HOSTNAME', host['name'])
 	bgpd.puts QUAGGA_BGPD_DEFAULT_PREFIX_LIST_PERMIT.gsub('LISTNAME', 'VPNn2')
@@ -560,10 +561,10 @@ hostlist.each{ |host|
 		throw "peer is server but doesn't have an address" if !host_is_server and peer['host_address'] == nil
 
 
-		upscriptnamebase = 'noreply2-%s.up'%[peer['name']]
+		upscriptnamebase = "#{$NAMESPACE}-#{peer['name']}.up"
 		upscriptname = "#{dir}/"+upscriptnamebase
 
-		conffile = File.new("#{dir}/noreply2-%s.conf"%[peer['name']], "w")
+		conffile = File.new("#{dir}/#{$NAMESPACE}-%s.conf"%[peer['name']], "w")
 		conffile.puts "dev %s"%[peer['ifacename']]
 		conffile.puts "tun-ipv6" if host['ipv6'] and peer['ipv6']
 		#mtu = 1434
@@ -579,17 +580,17 @@ hostlist.each{ |host|
 		conffile.puts "local %s"%[host['host_address']] if host['host_address']
 		if host_is_server
 			conffile.puts "tls-server"
-			conffile.puts "dh noreply2.dh2048.pem"
+			conffile.puts "dh #{$NAMESPACE}.dh2048.pem"
 		else
 			conffile.puts "tls-client"
 		end
 		conffile.puts "tls-remote %s.%s"%[peer['name'], $config['cadndomain']]
 		if host['pkcs12']
-			conffile.puts "pkcs12 noreply2-%s.%s.p12"%[host['name'], $config['cadndomain']]
+			conffile.puts "pkcs12 #{$NAMESPACE}-%s.%s.p12"%[host['name'], $config['cadndomain']]
 		else
-			conffile.puts "ca   noreply2-CA.crt"
-			conffile.puts "cert noreply2-%s.%s.crt"%[host['name'], $config['cadndomain']]
-			conffile.puts "key  noreply2-%s.%s.key"%[host['name'], $config['cadndomain']]
+			conffile.puts "ca   #{$NAMESPACE}-CA.crt"
+			conffile.puts "cert #{$NAMESPACE}-%s.%s.crt"%[host['name'], $config['cadndomain']]
+			conffile.puts "key  #{$NAMESPACE}-%s.%s.key"%[host['name'], $config['cadndomain']]
 		end
 		conffile.puts "up /etc/openvpn/#{upscriptnamebase}"
 		conffile.puts "up-delay"
@@ -613,16 +614,16 @@ hostlist.each{ |host|
 		File.chmod(0755, upscriptname) == 1 or throw "Cannot chmod #{upscriptname}"
 
 		##########
-		iptables.puts "iptables --append vpn-noreply2 --source #{ peer['host_address'] || '0.0.0.0/0' } --destination #{ host['host_address'] || '0.0.0.0/0' } \\"
+		iptables.puts "iptables --append vpn-#{$NAMESPACE} --source #{ peer['host_address'] || '0.0.0.0/0' } --destination #{ host['host_address'] || '0.0.0.0/0' } \\"
 		iptables.puts "         --protocol udp                                      --destination-port #{ peer['inet_port'] } \\"
 		iptables.puts "         --jump ACCEPT"
 		
-		iptables.puts "iptables --append vpn-noreply2 --source #{ peer['vpn_address'] } --destination #{ host['vpn_address'] } \\"
+		iptables.puts "iptables --append vpn-#{$NAMESPACE} --source #{ peer['vpn_address'] } --destination #{ host['vpn_address'] } \\"
 		iptables.puts "         --protocol tcp --destination-port #{ host['bgp_port'] or 'bgp' } \\"
 		iptables.puts "         --in-interface #{ peer['ifacename'] } \\"
 		iptables.puts "         --jump ACCEPT"
 		if host['ipv6'] and peer['ipv6']
-			ip6tables.puts "ip6tables --append vpn-noreply2 \\"
+			ip6tables.puts "ip6tables --append vpn-#{$NAMESPACE} \\"
 			ip6tables.puts "         --source #{ host['link-local'][ peer['name'] ]['peer'] } \\"
 			ip6tables.puts "         --destination #{ host['link-local'][ peer['name'] ]['me'] } \\"
 			ip6tables.puts "         --protocol tcp --destination-port #{ host['bgp_port'] or 'bgp' } \\"
-- 
cgit v1.2.3