Make synchronizer consistent with server cert naming scheme, create ports automatically, add failover servers to UI
diff --git a/xos/services/vpn/admin.py b/xos/services/vpn/admin.py
index 5ca5b69..dd6df0e 100644
--- a/xos/services/vpn/admin.py
+++ b/xos/services/vpn/admin.py
@@ -59,7 +59,7 @@
vpn_subnet = forms.GenericIPAddressField(protocol="IPv4", required=True)
is_persistent = forms.BooleanField(required=False)
clients_can_see_each_other = forms.BooleanField(required=False)
- port_number = forms.IntegerField(required=True)
+ failover_servers = forms.ModelMultipleChoiceField(queryset=VPNTenant.objects.all(), required=False)
def __init__(self, *args, **kwargs):
super(VPNTenantForm, self).__init__(*args, **kwargs)
@@ -78,7 +78,7 @@
self.fields[
'clients_can_see_each_other'].initial = self.instance.clients_can_see_each_other
self.fields['is_persistent'].initial = self.instance.is_persistent
- self.fields['port_number'].initial = self.instance.port_number
+ self.fields['failover_servers'].initial = self.instance.failover_servers
if (not self.instance) or (not self.instance.pk):
self.fields['creator'].initial = get_request().user
@@ -97,7 +97,14 @@
self.instance.server_network = self.cleaned_data.get('server_network')
self.instance.clients_can_see_each_other = self.cleaned_data.get(
'clients_can_see_each_other')
- self.instance.port_number = self.cleaned_data.get('port_number')
+ self.instance.failover_servers = self.cleaned_data.get('failover_servers')
+
+ prev = 1000
+ for (tenant : VPNTenant.objects.order_by('port_number')):
+ if (tenant.port_number != prev):
+ break
+ prev++
+ self.instance.port_number = prev
if (not self.instance.ca_crt):
self.instance.ca_crt = self.generate_ca_crt()
@@ -122,7 +129,7 @@
fieldsets = [(None, {'fields': ['backend_status_text', 'kind',
'provider_service', 'instance', 'creator',
'server_network', 'vpn_subnet', 'is_persistent',
- 'clients_can_see_each_other', 'port_number'],
+ 'clients_can_see_each_other'],
'classes': ['suit-tab suit-tab-general']})]
readonly_fields = ('backend_status_text', 'instance')
form = VPNTenantForm
diff --git a/xos/services/vpn/models.py b/xos/services/vpn/models.py
index ed2b033..3e98047 100644
--- a/xos/services/vpn/models.py
+++ b/xos/services/vpn/models.py
@@ -34,7 +34,8 @@
'is_persistent': True,
'ca_crt': None,
'port': None,
- 'script_text': None}
+ 'script_text': None,
+ 'failover_servers': []}
def __init__(self, *args, **kwargs):
vpn_services = VPNService.get_service_objects().all()
@@ -112,6 +113,14 @@
self.set_attribute("is_persistent", value)
@property
+ def failover_servers(self):
+ self.get_attribute("failover_servers", self.default_attributes["failover_servers"])
+
+ @failover_servers.setter
+ def failover_servers(self, value):
+ self.set_attribute("failover_servers", value)
+
+ @property
def clients_can_see_each_other(self):
"""bool: True if the client can see the subnet of the server, false otherwise."""
return self.get_attribute(
diff --git a/xos/synchronizers/vpn/steps/sync_vpntenant.py b/xos/synchronizers/vpn/steps/sync_vpntenant.py
index 483e1c7..e143b8c 100644
--- a/xos/synchronizers/vpn/steps/sync_vpntenant.py
+++ b/xos/synchronizers/vpn/steps/sync_vpntenant.py
@@ -37,7 +37,7 @@
"vpn_subnet": tenant.vpn_subnet,
"server_network": tenant.server_network,
"clients_can_see_each_other": tenant.clients_can_see_each_other,
- "instnace_id": tenant.instance.instance_id
+ "tenant_id": tenant.id
}
def run_playbook(self, o, fields):
diff --git a/xos/synchronizers/vpn/steps/sync_vpntenant.yaml b/xos/synchronizers/vpn/steps/sync_vpntenant.yaml
index 9a8ac18..a886523 100644
--- a/xos/synchronizers/vpn/steps/sync_vpntenant.yaml
+++ b/xos/synchronizers/vpn/steps/sync_vpntenant.yaml
@@ -9,26 +9,26 @@
is_persistent: {{ is_persistent }}
vpn_subnet: {{ vpn_subnet }}
clients_can_see_each_other: {{ clients_can_see_each_other }}
- instance_id: {{ instance_id }}
+ tenant_id: {{ tenant_id }}
tasks:
- name: install openvpn
apt: name=openvpn state=present update_cache=yes
- name: stop openvpn
- shell: kill -9 $(cat /opt/openvpn/server{{ instance_id }}/pid) || true
+ shell: kill -9 $(cat /opt/openvpn/server-{{ tenant_id }}/pid) || true
- name: make sure /opt/openvpn exists
file: path=/opt/openvpn state=directory
- name: make sure directory for this server exists
- file: path=/opt/openvpn/server{{ instance_id }} state=directory
+ file: path=/opt/openvpn/server-{{ tenant_id }} state=directory
- name: get server key
- copy: src=/opt/openvpn/easyrsa3/pki/private/server{{ instance_id }}.key dest=/opt/openvpn/server{{ instance_id }}/server.key
+ copy: src=/opt/openvpn/easyrsa3/pki/private/server-{{ tenant_id }}.key dest=/opt/openvpn/server-{{ tenant_id }}/server.key
- name: get server crt
- copy: src=/opt/openvpn/easyrsa3/pki/issued/server{{ instance_id }}.crt dest=/opt/openvpn/server{{ instance_id }}/server.crt
+ copy: src=/opt/openvpn/easyrsa3/pki/issued/server-{{ tenant_id }}.crt dest=/opt/openvpn/server-{{ tenant_id }}/server.crt
- name: get ca crt
copy: src=/opt/openvpn/easyrsa3/pki/ca.crt dest=/opt/openvpn/ca.crt
@@ -37,16 +37,16 @@
copy: src=/opt/openvpn/easyrsa3/pki/dh.pem dest=/opt/openvpn/dh.pem
- name: erase config
- shell: rm -f /opt/openvpn/server{{ instance_id }}/server.conf
+ shell: rm -f /opt/openvpn/server-{{ tenant_id }}/server.conf
- name: erase auth script
- shell: rm -f /opt/openvpn/server{{ instance_id }}/auth.sh
+ shell: rm -f /opt/openvpn/server-{{ tenant_id }}/auth.sh
- name: write auth script
- shell: printf "%b" "#!/bin/bash\nexit 0" > /opt/openvpn/server{{ instance_id }}/auth.sh
+ shell: printf "%b" "#!/bin/bash\nexit 0" > /opt/openvpn/server-{{ tenant_id }}/auth.sh
- name: make auth script executable
- shell: chmod 777 /opt/openvpn/server{{ instance_id }}/auth.sh
+ shell: chmod 777 /opt/openvpn/server-{{ tenant_id }}/auth.sh
- name: write base config
shell:
@@ -56,18 +56,18 @@
proto udp
dev tun
ca /opt/openvpn/ca.crt
- cert /opt/openvpn/server{{ instance_id }}/server.crt
- key /opt/openvpn/server{{ instance_id }}/server.key
+ cert /opt/openvpn/server-{{ tenant_id }}/server.crt
+ key /opt/openvpn/server-{{ tenant_id }}/server.key
dh /opt/openvpn/dh.pem
server {{ server_network }} {{ vpn_subnet }}
- ifconfig-pool-persist /opt/openvpn/server{{ instance_id }}/ipp.txt
+ ifconfig-pool-persist /opt/openvpn/server-{{ tenant_id }}/ipp.txt
comp-lzo
- status /opt/openvpn/server{{ instance_id }}/openvpn-status.log
+ status /opt/openvpn/server-{{ tenant_id }}/openvpn-status.log
verb 3
- auth-user-pass-verify /opt/openvpn/server{{ instance_id }}/auth.sh via-file
+ auth-user-pass-verify /opt/openvpn/server-{{ tenant_id }}/auth.sh via-file
client-cert-not-required
username-as-common-name
- " > /opt/openvpn/server{{ instance_id }}/server.conf
+ " > /opt/openvpn/server-{{ tenant_id }}/server.conf
- name: write persistent config
shell:
@@ -75,12 +75,12 @@
printf "keepalive 10 60
persist-tun
persist-key
- " >> /opt/openvpn/server{{ instance_id }}/server.conf
+ " >> /opt/openvpn/server-{{ tenant_id }}/server.conf
when: {{ is_persistent }}
- name: write client-to-client config
- shell: printf "client-to-client\n" >> /opt/openvpn/server{{ instance_id }}/server.conf
+ shell: printf "client-to-client\n" >> /opt/openvpn/server{{ tenant_id }}/server.conf
when: {{ clients_can_see_each_other }}
- name: start openvpn
- shell: openvpn --writepid /opt/openvpn/server{{ instance_id }}/pid /opt/openvpn/server{{ instance_id }}/server.conf &
+ shell: openvpn --writepid /opt/openvpn/server{{ tenant_id }}/pid /opt/openvpn/server{{ tenant_id }}/server.conf &