Merge branch 'master' of github.com:jermowery/xos into AddVPNService
diff --git a/containers/xos/Dockerfile.devel b/containers/xos/Dockerfile.devel
index a8a9710..f21a694 100644
--- a/containers/xos/Dockerfile.devel
+++ b/containers/xos/Dockerfile.devel
@@ -34,7 +34,8 @@
python-novaclient \
python-neutronclient \
python-glanceclient \
- python-ceilometerclient
+ python-ceilometerclient \
+ openvpn
RUN pip install \
django==1.7 \
@@ -91,3 +92,14 @@
# Define default command.
CMD update-ca-certificates && python /opt/xos/manage.py runserver 0.0.0.0:8000 --insecure --makemigrations
+
+# for OpenVPN
+RUN mkdir -p /opt/openvpn
+RUN chmod 777 /opt/openvpn
+RUN git clone https://github.com/OpenVPN/easy-rsa.git /opt/openvpn
+RUN git -C /opt/openvpn pull origin master
+RUN echo "set_var EASYRSA /opt/openvpn/easyrsa3" | tee /opt/openvpn/easyrsa3/vars
+RUN /opt/openvpn/easyrsa3/easyrsa --batch init-pki
+RUN /opt/openvpn/easyrsa3/easyrsa --batch --req-cn=XOS build-ca nopass
+RUN /opt/openvpn/easyrsa3/easyrsa --batch gen-dh
+RUN chmod 777 /opt/openvpn/easyrsa3/pki/dh.pem
diff --git a/containers/xos/Makefile b/containers/xos/Makefile
index 0ba043d..d5cc57b 100644
--- a/containers/xos/Makefile
+++ b/containers/xos/Makefile
@@ -3,7 +3,7 @@
TOSCA_CONFIG_PATH:=/opt/xos/configurations/opencloud/opencloud.yaml
XOS_GIT_REPO?=git://github.com/open-cloud/xos.git
XOS_GIT_BRANCH?=master
-NO_DOCKER_CACHE?=false
+NO_DOCKER_CACHE?=true
.PHONY: build
build: ; sudo docker build --no-cache=${NO_DOCKER_CACHE} --rm -t ${IMAGE_NAME} .
diff --git a/views/ngXosViews/vpnDashboard/.bowerrc b/views/ngXosViews/vpnDashboard/.bowerrc
new file mode 100644
index 0000000..e491038
--- /dev/null
+++ b/views/ngXosViews/vpnDashboard/.bowerrc
@@ -0,0 +1,3 @@
+{
+ "directory": "src/vendor/"
+}
\ No newline at end of file
diff --git a/views/ngXosViews/vpnDashboard/.eslintrc b/views/ngXosViews/vpnDashboard/.eslintrc
new file mode 100644
index 0000000..c852748
--- /dev/null
+++ b/views/ngXosViews/vpnDashboard/.eslintrc
@@ -0,0 +1,42 @@
+{
+ "ecmaFeatures": {
+ "blockBindings": true,
+ "forOf": true,
+ "destructuring": true,
+ "arrowFunctions": true,
+ "templateStrings": true
+ },
+ "env": {
+ "browser": true,
+ "node": true,
+ "es6": true
+ },
+ "plugins": [
+ //"angular"
+ ],
+ "rules": {
+ "quotes": [2, "single"],
+ "camelcase": [1, {"properties": "always"}],
+ "no-underscore-dangle": 1,
+ "eqeqeq": [2, "smart"],
+ "no-alert": 1,
+ "key-spacing": [1, { "beforeColon": false, "afterColon": true }],
+ "indent": [2, 2],
+ "no-irregular-whitespace": 1,
+ "eol-last": 0,
+ "max-nested-callbacks": [2, 4],
+ "comma-spacing": [1, {"before": false, "after": true}],
+ "no-trailing-spaces": [1, { skipBlankLines: true }],
+ "no-unused-vars": [1, {"vars": "all", "args": "after-used"}],
+ "new-cap": 0,
+
+ //"angular/ng_module_name": [2, '/^xos\.*[a-z]*$/'],
+ //"angular/ng_controller_name": [2, '/^[a-z].*Ctrl$/'],
+ //"angular/ng_service_name": [2, '/^[A-Z].*Service$/'],
+ //"angular/ng_directive_name": [2, '/^[a-z]+[[A-Z].*]*$/'],
+ //"angular/ng_di": [0, "function or array"]
+ },
+ "globals" :{
+ "angular": true
+ }
+}
\ No newline at end of file
diff --git a/views/ngXosViews/vpnDashboard/.gitignore b/views/ngXosViews/vpnDashboard/.gitignore
new file mode 100644
index 0000000..567aee4
--- /dev/null
+++ b/views/ngXosViews/vpnDashboard/.gitignore
@@ -0,0 +1,6 @@
+dist/
+src/vendor
+.tmp
+node_modules
+npm-debug.log
+dist/
\ No newline at end of file
diff --git a/views/ngXosViews/vpnDashboard/bower.json b/views/ngXosViews/vpnDashboard/bower.json
new file mode 100644
index 0000000..b7c354e
--- /dev/null
+++ b/views/ngXosViews/vpnDashboard/bower.json
@@ -0,0 +1,29 @@
+{
+ "name": "xos-vpnDashboard",
+ "version": "0.0.0",
+ "authors": [
+ "Jeremy Mowery <jermowery@email.arizona.edu>"
+ ],
+ "description": "The vpnDashboard view",
+ "license": "MIT",
+ "ignore": [
+ "**/.*",
+ "node_modules",
+ "bower_components",
+ "static/js/vendor/",
+ "test",
+ "tests"
+ ],
+ "dependencies": {
+ },
+ "devDependencies": {
+ "jquery": "2.1.4",
+ "angular-mocks": "1.4.7",
+ "angular": "1.4.7",
+ "angular-ui-router": "0.2.15",
+ "angular-cookies": "1.4.7",
+ "angular-resource": "1.4.7",
+ "ng-lodash": "0.3.0",
+ "bootstrap-css": "2.3.2"
+ }
+}
diff --git a/views/ngXosViews/vpnDashboard/env/default.js b/views/ngXosViews/vpnDashboard/env/default.js
new file mode 100644
index 0000000..5b198ec
--- /dev/null
+++ b/views/ngXosViews/vpnDashboard/env/default.js
@@ -0,0 +1,13 @@
+// This is a default configuration for your development environment.
+// You can duplicate this configuration for any of your Backend Environments.
+// Different configurations are loaded setting a NODE_ENV variable that contain the config file name.
+// `NODE_ENV=local npm start`
+//
+// If xoscsrftoken or xossessionid are not specified the browser value are used
+// (works only for local environment as both application are served on the same domain)
+
+module.exports = {
+ host: '',
+ xoscsrftoken: '',
+ xossessionid: ''
+};
diff --git a/views/ngXosViews/vpnDashboard/gulp/build.js b/views/ngXosViews/vpnDashboard/gulp/build.js
new file mode 100644
index 0000000..1ecffbd
--- /dev/null
+++ b/views/ngXosViews/vpnDashboard/gulp/build.js
@@ -0,0 +1,119 @@
+'use strict';
+
+// BUILD
+//
+// The only purpose of this gulpfile is to build a XOS view and copy the correct files into
+// .html => dashboards
+// .js (minified and concat) => static/js
+//
+// The template are parsed and added to js with angular $templateCache
+
+var gulp = require('gulp');
+var ngAnnotate = require('gulp-ng-annotate');
+var uglify = require('gulp-uglify');
+var templateCache = require('gulp-angular-templatecache');
+var runSequence = require('run-sequence');
+var concat = require('gulp-concat');
+var del = require('del');
+var wiredep = require('wiredep');
+var angularFilesort = require('gulp-angular-filesort');
+var _ = require('lodash');
+var eslint = require('gulp-eslint');
+var inject = require('gulp-inject');
+var rename = require('gulp-rename');
+var replace = require('gulp-replace');
+
+var TEMPLATE_FOOTER = `}]);
+angular.module('xos.vpnDashboard').run(function($location){$location.path('/')});
+angular.bootstrap(angular.element('#xosVpnDashboard'), ['xos.vpnDashboard']);`;
+
+module.exports = function(options){
+
+ // delete previous builded file
+ gulp.task('clean', function(){
+ return del(
+ [options.dashboards + 'xosVpnDashboard.html'],
+ {force: true}
+ );
+ });
+
+ // compile and minify scripts
+ gulp.task('scripts', function() {
+ return gulp.src([
+ options.tmp + '**/*.js'
+ ])
+ .pipe(ngAnnotate())
+ .pipe(angularFilesort())
+ .pipe(concat('xosVpnDashboard.js'))
+ .pipe(uglify())
+ .pipe(gulp.dest(options.static + 'js/'));
+ });
+
+ // set templates in cache
+ gulp.task('templates', function(){
+ return gulp.src('./src/templates/*.html')
+ .pipe(templateCache({
+ module: 'xos.vpnDashboard',
+ root: 'templates/',
+ templateFooter: TEMPLATE_FOOTER
+ }))
+ .pipe(gulp.dest(options.tmp));
+ });
+
+ // copy html index to Django Folder
+ gulp.task('copyHtml', ['clean'], function(){
+ return gulp.src(options.src + 'index.html')
+ // remove dev dependencies from html
+ .pipe(replace(/<!-- bower:css -->(\n.*)*\n<!-- endbower --><!-- endcss -->/, ''))
+ .pipe(replace(/<!-- bower:js -->(\n.*)*\n<!-- endbower --><!-- endjs -->/, ''))
+ .pipe(replace(/ng-app=".*"\s/, ''))
+ // injecting minified files
+ .pipe(
+ inject(
+ gulp.src([
+ options.static + 'js/vendor/xosVpnDashboardVendor.js',
+ options.static + 'js/xosVpnDashboard.js'
+ ]),
+ {ignorePath: '/../../../xos/core/xoslib'}
+ )
+ )
+ .pipe(rename('xosVpnDashboard.html'))
+ .pipe(gulp.dest(options.dashboards));
+ });
+
+ // minify vendor js files
+ gulp.task('wiredep', function(){
+ var bowerDeps = wiredep().js;
+ if(!bowerDeps){
+ return;
+ }
+
+ // remove angular (it's already loaded)
+ _.remove(bowerDeps, function(dep){
+ return dep.indexOf('angular/angular.js') !== -1;
+ });
+
+ return gulp.src(bowerDeps)
+ .pipe(concat('xosVpnDashboardVendor.js'))
+ .pipe(uglify())
+ .pipe(gulp.dest(options.static + 'js/vendor/'));
+ });
+
+ gulp.task('lint', function () {
+ return gulp.src(['src/js/**/*.js'])
+ .pipe(eslint())
+ .pipe(eslint.format())
+ .pipe(eslint.failAfterError());
+ });
+
+ gulp.task('build', function() {
+ runSequence(
+ 'templates',
+ 'babel',
+ 'scripts',
+ 'wiredep',
+ 'copyHtml',
+ 'cleanTmp'
+ );
+ });
+};
\ No newline at end of file
diff --git a/views/ngXosViews/vpnDashboard/gulp/server.js b/views/ngXosViews/vpnDashboard/gulp/server.js
new file mode 100644
index 0000000..7605294
--- /dev/null
+++ b/views/ngXosViews/vpnDashboard/gulp/server.js
@@ -0,0 +1,146 @@
+'use strict';
+
+var gulp = require('gulp');
+var browserSync = require('browser-sync').create();
+var inject = require('gulp-inject');
+var runSequence = require('run-sequence');
+var angularFilesort = require('gulp-angular-filesort');
+var babel = require('gulp-babel');
+var wiredep = require('wiredep').stream;
+var httpProxy = require('http-proxy');
+var del = require('del');
+
+const environment = process.env.NODE_ENV;
+
+if (environment){
+ var conf = require(`../env/${environment}.js`);
+}
+else{
+ var conf = require('../env/default.js')
+}
+
+var proxy = httpProxy.createProxyServer({
+ target: conf.host || 'http://0.0.0.0:9999'
+});
+
+
+proxy.on('error', function(error, req, res) {
+ res.writeHead(500, {
+ 'Content-Type': 'text/plain'
+ });
+
+ console.error('[Proxy]', error);
+});
+
+module.exports = function(options){
+
+ // open in browser with sync and proxy to 0.0.0.0
+ gulp.task('browser', function() {
+ browserSync.init({
+ // reloadDelay: 500,
+ // logLevel: 'debug',
+ // logConnections: true,
+ startPath: '#/',
+ snippetOptions: {
+ rule: {
+ match: /<!-- browserSync -->/i
+ }
+ },
+ server: {
+ baseDir: options.src,
+ routes: {
+ '/api': options.api,
+ '/xosHelpers/src': options.helpers
+ },
+ middleware: function(req, res, next){
+ if(
+ req.url.indexOf('/xos/') !== -1 ||
+ req.url.indexOf('/xoslib/') !== -1 ||
+ req.url.indexOf('/hpcapi/') !== -1
+ ){
+ if(conf.xoscsrftoken && conf.xossessionid){
+ req.headers.cookie = `xoscsrftoken=${conf.xoscsrftoken}; xossessionid=${conf.xossessionid}`;
+ req.headers['x-csrftoken'] = conf.xoscsrftoken;
+ }
+ proxy.web(req, res);
+ }
+ else{
+ next();
+ }
+ }
+ }
+ });
+
+ gulp.watch(options.src + 'js/**/*.js', ['js-watch']);
+ gulp.watch(options.src + 'vendor/**/*.js', ['bower'], function(){
+ browserSync.reload();
+ });
+ gulp.watch(options.src + '**/*.html', function(){
+ browserSync.reload();
+ });
+ });
+
+ // transpile js with sourceMaps
+ gulp.task('babel', function(){
+ return gulp.src(options.scripts + '**/*.js')
+ .pipe(babel({sourceMaps: true}))
+ .pipe(gulp.dest(options.tmp));
+ });
+
+ // inject scripts
+ gulp.task('injectScript', ['cleanTmp', 'babel'], function(){
+ return gulp.src(options.src + 'index.html')
+ .pipe(
+ inject(
+ gulp.src([
+ options.tmp + '**/*.js',
+ options.api + '*.js',
+ options.helpers + '**/*.js'
+ ])
+ .pipe(angularFilesort()),
+ {
+ ignorePath: [options.src, '/../../ngXosLib']
+ }
+ )
+ )
+ .pipe(gulp.dest(options.src));
+ });
+
+ // inject CSS
+ gulp.task('injectCss', function(){
+ return gulp.src(options.src + 'index.html')
+ .pipe(
+ inject(
+ gulp.src(options.src + 'css/*.css'),
+ {
+ ignorePath: [options.src]
+ }
+ )
+ )
+ .pipe(gulp.dest(options.src));
+ });
+
+ // inject bower dependencies with wiredep
+ gulp.task('bower', function () {
+ return gulp.src(options.src + 'index.html')
+ .pipe(wiredep({devDependencies: true}))
+ .pipe(gulp.dest(options.src));
+ });
+
+ gulp.task('js-watch', ['injectScript'], function(){
+ browserSync.reload();
+ });
+
+ gulp.task('cleanTmp', function(){
+ return del([options.tmp + '**/*']);
+ });
+
+ gulp.task('serve', function() {
+ runSequence(
+ 'bower',
+ 'injectScript',
+ 'injectCss',
+ ['browser']
+ );
+ });
+};
diff --git a/views/ngXosViews/vpnDashboard/gulpfile.js b/views/ngXosViews/vpnDashboard/gulpfile.js
new file mode 100644
index 0000000..b2cdab8
--- /dev/null
+++ b/views/ngXosViews/vpnDashboard/gulpfile.js
@@ -0,0 +1,24 @@
+'use strict';
+
+var gulp = require('gulp');
+var wrench = require('wrench');
+
+var options = {
+ src: 'src/',
+ scripts: 'src/js/',
+ tmp: 'src/.tmp',
+ dist: 'dist/',
+ api: '../../ngXosLib/api/',
+ helpers: '../../ngXosLib/xosHelpers/src/',
+ static: '../../../xos/core/xoslib/static/', // this is the django static folder
+ dashboards: '../../../xos/core/xoslib/dashboards/' // this is the django html folder
+};
+
+wrench.readdirSyncRecursive('./gulp')
+.map(function(file) {
+ require('./gulp/' + file)(options);
+});
+
+gulp.task('default', function () {
+ gulp.start('build');
+});
diff --git a/views/ngXosViews/vpnDashboard/karma.conf.js b/views/ngXosViews/vpnDashboard/karma.conf.js
new file mode 100644
index 0000000..83d3f63
--- /dev/null
+++ b/views/ngXosViews/vpnDashboard/karma.conf.js
@@ -0,0 +1,88 @@
+// Karma configuration
+// Generated on Tue Oct 06 2015 09:27:10 GMT+0000 (UTC)
+
+/* eslint indent: [2,2], quotes: [2, "single"]*/
+
+/*eslint-disable*/
+var wiredep = require('wiredep');
+var path = require('path');
+
+var bowerComponents = wiredep( {devDependencies: true} )[ 'js' ].map(function( file ){
+ return path.relative(process.cwd(), file);
+});
+
+module.exports = function(config) {
+/*eslint-enable*/
+ config.set({
+
+ // base path that will be used to resolve all patterns (eg. files, exclude)
+ basePath: '',
+
+
+ // frameworks to use
+ // available frameworks: https://npmjs.org/browse/keyword/karma-adapter
+ frameworks: ['jasmine'],
+
+
+ // list of files / patterns to load in the browser
+ files: bowerComponents.concat([
+ '../../static/js/xosApi.js',
+ '../../static/js/vendor/ngXosHelpers.js',
+ 'src/js/**/*.js',
+ 'spec/**/*.mock.js',
+ 'spec/**/*.test.js',
+ 'src/**/*.html'
+ ]),
+
+
+ // list of files to exclude
+ exclude: [
+ ],
+
+
+ // preprocess matching files before serving them to the browser
+ // available preprocessors: https://npmjs.org/browse/keyword/karma-preprocessor
+ preprocessors: {
+ 'src/js/**/*.js': ['babel'],
+ 'spec/**/*.test.js': ['babel'],
+ 'src/**/*.html': ['ng-html2js']
+ },
+
+ ngHtml2JsPreprocessor: {
+ stripPrefix: 'src/', //strip the src path from template url (http://stackoverflow.com/questions/22869668/karma-unexpected-request-when-testing-angular-directive-even-with-ng-html2js)
+ moduleName: 'templates' // define the template module name
+ },
+
+ // test results reporter to use
+ // possible values: 'dots', 'progress'
+ // available reporters: https://npmjs.org/browse/keyword/karma-reporter
+ reporters: ['mocha'],
+
+
+ // web server port
+ port: 9876,
+
+
+ // enable / disable colors in the output (reporters and logs)
+ colors: true,
+
+
+ // level of logging
+ // possible values: config.LOG_DISABLE || config.LOG_ERROR || config.LOG_WARN || config.LOG_INFO || config.LOG_DEBUG
+ logLevel: config.LOG_INFO,
+
+
+ // enable / disable watching file and executing tests whenever any file changes
+ autoWatch: true,
+
+
+ // start these browsers
+ // available browser launchers: https://npmjs.org/browse/keyword/karma-launcher
+ browsers: ['PhantomJS'],
+
+
+ // Continuous Integration mode
+ // if true, Karma captures browsers, runs the tests and exits
+ singleRun: false
+ });
+};
diff --git a/views/ngXosViews/vpnDashboard/package.json b/views/ngXosViews/vpnDashboard/package.json
new file mode 100644
index 0000000..a4d9e6f
--- /dev/null
+++ b/views/ngXosViews/vpnDashboard/package.json
@@ -0,0 +1,45 @@
+{
+ "name": "xos-vpnDashboard",
+ "version": "1.0.0",
+ "description": "Angular Application for XOS, created with generator-xos",
+ "scripts": {
+ "prestart": "npm install && bower install",
+ "start": "gulp serve",
+ "prebuild": "npm install && bower install",
+ "build": "gulp",
+ "test": "karma start",
+ "lint": "eslint src/js/"
+ },
+ "keywords": [
+ "XOS",
+ "Angular",
+ "XOSlib"
+ ],
+ "author": "Jeremy Mowery",
+ "license": "MIT",
+ "dependencies": {},
+ "devDependencies": {
+ "browser-sync": "^2.9.11",
+ "del": "^2.0.2",
+ "gulp": "^3.9.0",
+ "gulp-angular-filesort": "^1.1.1",
+ "gulp-angular-templatecache": "^1.8.0",
+ "gulp-babel": "^5.3.0",
+ "gulp-concat": "^2.6.0",
+ "gulp-inject": "^3.0.0",
+ "gulp-minify-html": "^1.0.4",
+ "gulp-rename": "^1.2.2",
+ "gulp-replace": "^0.5.4",
+ "gulp-uglify": "^1.4.2",
+ "http-proxy": "^1.12.0",
+ "proxy-middleware": "^0.15.0",
+ "run-sequence": "^1.1.4",
+ "wiredep": "^3.0.0-beta",
+ "wrench": "^1.5.8",
+ "gulp-ng-annotate": "^1.1.0",
+ "lodash": "^3.10.1",
+ "eslint": "^1.8.0",
+ "eslint-plugin-angular": "linkmesrl/eslint-plugin-angular",
+ "gulp-eslint": "^1.0.0"
+ }
+}
diff --git a/views/ngXosViews/vpnDashboard/spec/sample.test.js b/views/ngXosViews/vpnDashboard/spec/sample.test.js
new file mode 100644
index 0000000..ad20c13
--- /dev/null
+++ b/views/ngXosViews/vpnDashboard/spec/sample.test.js
@@ -0,0 +1,37 @@
+'use strict';
+
+describe('The User List', () => {
+
+ var scope, element, isolatedScope, httpBackend;
+
+ beforeEach(module('xos.vpnDashboard'));
+ beforeEach(module('templates'));
+
+ beforeEach(inject(function($httpBackend, $compile, $rootScope){
+
+ httpBackend = $httpBackend;
+ // Setting up mock request
+ $httpBackend.expectGET('/xos/users/?no_hyperlinks=1').respond([
+ {
+ email: 'jermowery@email.arizona.edu',
+ firstname: 'Jeremy',
+ lastname: 'Mowery'
+ }
+ ]);
+
+ scope = $rootScope.$new();
+ element = angular.element('<users-list></users-list>');
+ $compile(element)(scope);
+ scope.$digest();
+ isolatedScope = element.isolateScope().vm;
+ }));
+
+ it('should load 1 users', () => {
+ httpBackend.flush();
+ expect(isolatedScope.users.length).toBe(1);
+ expect(isolatedScope.users[0].email).toEqual('jermowery@email.arizona.edu');
+ expect(isolatedScope.users[0].firstname).toEqual('Jeremy');
+ expect(isolatedScope.users[0].lastname).toEqual('Mowery');
+ });
+
+});
\ No newline at end of file
diff --git a/views/ngXosViews/vpnDashboard/src/css/dev.css b/views/ngXosViews/vpnDashboard/src/css/dev.css
new file mode 100644
index 0000000..4c504c9
--- /dev/null
+++ b/views/ngXosViews/vpnDashboard/src/css/dev.css
@@ -0,0 +1,14 @@
+#xosVpnDashboard{
+ width: 70%;
+ margin: auto;
+}
+.row {
+ display: table-row;
+}
+.cell {
+ display: table-cell;
+ padding: 5px;
+}
+.header {
+ font-weight: bold;
+}
diff --git a/views/ngXosViews/vpnDashboard/src/index.html b/views/ngXosViews/vpnDashboard/src/index.html
new file mode 100644
index 0000000..1842119
--- /dev/null
+++ b/views/ngXosViews/vpnDashboard/src/index.html
@@ -0,0 +1,32 @@
+<!-- browserSync -->
+<!-- bower:css -->
+<link rel="stylesheet" href="vendor/bootstrap-css/css/bootstrap.css" />
+<!-- endbower --><!-- endcss -->
+<!-- inject:css -->
+<link rel="stylesheet" href="/css/dev.css">
+<!-- endinject -->
+
+<div ng-app="xos.vpnDashboard" id="xosVpnDashboard">
+ <div ui-view></div>
+</div>
+
+<!-- bower:js -->
+<script src="vendor/jquery/dist/jquery.js"></script>
+<script src="vendor/angular/angular.js"></script>
+<script src="vendor/angular-mocks/angular-mocks.js"></script>
+<script src="vendor/angular-ui-router/release/angular-ui-router.js"></script>
+<script src="vendor/angular-cookies/angular-cookies.js"></script>
+<script src="vendor/angular-resource/angular-resource.js"></script>
+<script src="vendor/ng-lodash/build/ng-lodash.js"></script>
+<script src="vendor/bootstrap-css/js/bootstrap.js"></script>
+<!-- endbower --><!-- endjs -->
+<!-- inject:js -->
+<script src="/xosHelpers/src/xosHelpers.module.js"></script>
+<script src="/xosHelpers/src/services/noHyperlinks.interceptor.js"></script>
+<script src="/xosHelpers/src/services/csrfToken.interceptor.js"></script>
+<script src="/xosHelpers/src/services/api.services.js"></script>
+<script src="/api/ng-xoslib.js"></script>
+<script src="/api/ng-xos.js"></script>
+<script src="/api/ng-hpcapi.js"></script>
+<script src="/.tmp/main.js"></script>
+<!-- endinject -->
diff --git a/views/ngXosViews/vpnDashboard/src/js/main.js b/views/ngXosViews/vpnDashboard/src/js/main.js
new file mode 100644
index 0000000..a93f720
--- /dev/null
+++ b/views/ngXosViews/vpnDashboard/src/js/main.js
@@ -0,0 +1,61 @@
+'use strict';
+
+angular.module('xos.vpnDashboard', [
+ 'ngResource',
+ 'ngCookies',
+ 'ngLodash',
+ 'ui.router',
+ 'xos.helpers'
+])
+.config(($stateProvider) => {
+ $stateProvider
+ .state('vpnList', {
+ url: '/',
+ template: '<vpn-list></vpn-list>'
+ });
+})
+.config(($compileProvider) => {
+ $compileProvider.aHrefSanitizationWhitelist(
+ /^\s*(https?|ftp|mailto|tel|file|blob):/);
+})
+.service('Vpn', function($http, $q){
+
+ this.getVpnTenants = () => {
+ let deferred = $q.defer();
+
+ $http.get('/xoslib/vpntenant/')
+ .then((res) => {
+ deferred.resolve(res.data)
+ })
+ .catch((e) => {
+ deferred.reject(e);
+ });
+
+ return deferred.promise;
+ }
+})
+.config(function($httpProvider){
+ $httpProvider.interceptors.push('NoHyperlinks');
+})
+.directive('vpnList', function(){
+ return {
+ restrict: 'E',
+ scope: {},
+ bindToController: true,
+ controllerAs: 'vm',
+ templateUrl: 'templates/vpn-list.tpl.html',
+ controller: function(Vpn){
+ Vpn.getVpnTenants()
+ .then((vpns) => {
+ this.vpns = vpns;
+ for (var i = 0; i < this.vpns.length; i++) {
+ var blob = new Blob([ this.vpns[i].script_text ], { type : 'text/plain' });
+ this.vpns[i].script_text = (window.URL || window.webkitURL).createObjectURL( blob );
+ }
+ })
+ .catch((e) => {
+ throw new Error(e);
+ });
+ }
+ };
+});
diff --git a/views/ngXosViews/vpnDashboard/src/templates/vpn-list.tpl.html b/views/ngXosViews/vpnDashboard/src/templates/vpn-list.tpl.html
new file mode 100644
index 0000000..a8fa8f3
--- /dev/null
+++ b/views/ngXosViews/vpnDashboard/src/templates/vpn-list.tpl.html
@@ -0,0 +1,19 @@
+<div style="display: table;">
+ <div class="row">
+ <h1 class="cell">VPN List</h1>
+ </div>
+ <div class="row">
+ <div class="cell header">ID</div>
+ <div class="cell header">VPN Network</div>
+ <div class="cell header">VPN Subnet</div>
+ <div class="cell header">Script Link</div>
+ </div>
+ <div class="row" ng-repeat="vpn in vm.vpns">
+ <div class="cell">{{ vpn.id }}</div>
+ <div class="cell">{{ vpn.server_network }}</div>
+ <div class="cell">{{ vpn.vpn_subnet }}</div>
+ <div class="cell">
+ <a download="connect-{{ vpn.id }}.vpn" ng-href="{{ vpn.script_text }}">Script</a>
+ </div>
+ </div>
+</div>
diff --git a/views/npm-debug.log b/views/npm-debug.log
new file mode 100644
index 0000000..38c9da9
--- /dev/null
+++ b/views/npm-debug.log
@@ -0,0 +1,20 @@
+0 info it worked if it ends with ok
+1 verbose cli [ '/usr/bin/nodejs', '/usr/bin/npm', 'start' ]
+2 info using npm@3.6.0
+3 info using node@v5.7.0
+4 verbose stack Error: ENOENT: no such file or directory, open '/home/jeremy/xos/views/package.json'
+4 verbose stack at Error (native)
+5 verbose cwd /home/jeremy/xos/views
+6 error Linux 4.2.0-19-generic
+7 error argv "/usr/bin/nodejs" "/usr/bin/npm" "start"
+8 error node v5.7.0
+9 error npm v3.6.0
+10 error path /home/jeremy/xos/views/package.json
+11 error code ENOENT
+12 error errno -2
+13 error syscall open
+14 error enoent ENOENT: no such file or directory, open '/home/jeremy/xos/views/package.json'
+15 error enoent ENOENT: no such file or directory, open '/home/jeremy/xos/views/package.json'
+15 error enoent This is most likely not a problem with npm itself
+15 error enoent and is related to npm not being able to find a file.
+16 verbose exit [ -2, true ]
diff --git a/xos/configurations/common/Dockerfile.common b/xos/configurations/common/Dockerfile.common
index fd27593..a6a72c5 100644
--- a/xos/configurations/common/Dockerfile.common
+++ b/xos/configurations/common/Dockerfile.common
@@ -28,7 +28,8 @@
python-dev \
libyaml-dev \
pkg-config \
- python-pycurl
+ python-pycurl \
+ openvpn
RUN pip install django==1.7
RUN pip install djangorestframework==2.4.4
@@ -130,6 +131,19 @@
RUN pip install python-dateutil
RUN bash /opt/xos/tosca/install_tosca.sh
+# for OpenVPN
+RUN mkdir -p /opt/openvpn
+RUN git clone https://github.com/OpenVPN/easy-rsa.git /opt/openvpn
+RUN git -C /opt/openvpn pull origin master
+RUN cp /opt/xos/services/vpn/vars /opt/openvpn/vars
+RUN source /opt/openvpn/vars
+RUN /opt/openvpn/clean-all
+RUN /opt/openvpn/build-ca --batch
+RUN /opt/openvpn/build-key-server --batch server
+RUN /opt/openvpn/build-dh
+RUN chmod 777 /opt/openvpn/keys/server.key
+RUN chmod 777 /opt/openvpn/keys/dh2048.pem
+
EXPOSE 8000
# Set environment variables.
diff --git a/xos/configurations/devel/Makefile b/xos/configurations/devel/Makefile
index 1e650f3..402309b 100644
--- a/xos/configurations/devel/Makefile
+++ b/xos/configurations/devel/Makefile
@@ -46,3 +46,8 @@
rebuild_synchronizer:
make -C ../../../containers/synchronizer
+
+cleanup_docker: rm
+ sudo docker rm -v $(docker ps -a -q -f status=exited) || true
+ sudo docker rmi $(docker images -f "dangling=true" -q) || true
+ sudo docker run -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker:/var/lib/docker --rm martin/docker-cleanup-volumes || true
diff --git a/xos/configurations/devel/docker-compose.yml b/xos/configurations/devel/docker-compose.yml
index 9ef6fc7..d8d652f 100644
--- a/xos/configurations/devel/docker-compose.yml
+++ b/xos/configurations/devel/docker-compose.yml
@@ -17,6 +17,19 @@
- ../common/xos_common_config:/opt/xos/xos_configuration/xos_common_config:ro
- ./images:/opt/xos/images:ro
+xos_synchronizer_vpn:
+ image: xosproject/xos-synchronizer-openstack
+ command: bash -c "sleep 120 ; python /opt/xos/synchronizers/vpn/vpn-synchronizer.py -C /opt/xos/synchronizers/vpn/vpn_config"
+ labels:
+ org.xosproject.kind: synchronizer
+ org.xosproject.target: vpn
+ links:
+ - xos_db
+ extra_hosts:
+ - ctl:${MYIP}
+ volumes:
+ - ../setup/id_rsa:/opt/xos/synchronizers/vpn/vpn_private_key:ro # private key
+
# FUTURE
#xos_swarm_synchronizer:
# image: xosproject/xos-swarm-synchronizer
@@ -34,3 +47,4 @@
volumes:
- ../setup:/root/setup:ro
- ../common/xos_common_config:/opt/xos/xos_configuration/xos_common_config:ro
+ - ../../core/static/vpn:/opt/xos/core/static/vpn:rw
diff --git a/xos/configurations/frontend/Makefile b/xos/configurations/frontend/Makefile
index 5c0ce0e..3f1a6ab 100644
--- a/xos/configurations/frontend/Makefile
+++ b/xos/configurations/frontend/Makefile
@@ -29,3 +29,8 @@
sudo docker-compose run xos python /opt/xos/tosca/run.py padmin@vicci.org /opt/xos/configurations/frontend/mocks/cord.yaml
sudo docker exec frontend_xos_1 cp /opt/xos/configurations/cord/xos_cord_config /opt/xos/xos_configuration/
sudo docker exec frontend_xos_1 touch /opt/xos/xos/settings.py
+
+cleanup_docker: rm
+ sudo docker rm -v $(docker ps -a -q -f status=exited) || true
+ sudo docker rmi $(docker images -f "dangling=true" -q) || true
+ sudo docker run -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker:/var/lib/docker --rm martin/docker-cleanup-volumes || true
diff --git a/xos/core/admin.py b/xos/core/admin.py
index 44fa06c..8ca8ff8 100644
--- a/xos/core/admin.py
+++ b/xos/core/admin.py
@@ -488,7 +488,7 @@
class SiteHostsUsersInline(SiteInline):
def queryset(self, request):
- return Site.select_by_user(request.user).filter(hosts_users=True)
+ return Site.select_by_user(request.user).filter(hosts_users=True)
class UserInline(XOSTabularInline):
model = User
@@ -565,7 +565,7 @@
kwargs['queryset'] = Service.select_by_user(request.user)
if db_field.name == 'user':
kwargs['queryset'] = User.select_by_user(request.user)
- return super(ServicePrivilegeInline, self).formfield_for_foreignkey(db_field, request, **kwargs)
+ return super(ServicePrivilegeInline, self).formfield_for_foreignkey(db_field, request, **kwargs)
def queryset(self, request):
return ServicePrivilege.select_by_user(request.user)
@@ -817,12 +817,12 @@
def save_model(self, request, obj, form, change):
# update openstack connection to use this site/tenant
obj.save_by_user(request.user)
-
+
def delete_model(self, request, obj):
obj.delete_by_user(request.user)
def queryset(self, request):
- return Controller.select_by_user(request.user)
+ return Controller.select_by_user(request.user)
@property
def suit_form_tabs(self):
@@ -879,6 +879,16 @@
def queryset(self, request):
return TenantRootPrivilege.select_by_user(request.user)
+class TenantPrivilegeInline(XOSTabularInline):
+ model = TenantPrivilege
+ extra = 0
+ suit_classes = 'suit-tab suit-tab-tenantprivileges'
+ fields = ['backend_status_icon', 'user', 'role', 'tenant']
+ readonly_fields = ('backend_status_icon', )
+
+ def queryset(self, request):
+ return TenantPrivilege.select_by_user(request.user)
+
class TenantRootAdmin(XOSBaseAdmin):
model = TenantRoot
list_display = ('backend_status_icon', 'name', 'kind')
@@ -1015,11 +1025,11 @@
def save_model(self, request, obj, form, change):
# update openstack connection to use this site/tenant
- obj.save_by_user(request.user)
+ obj.save_by_user(request.user)
def delete_model(self, request, obj):
obj.delete_by_user(request.user)
-
+
class SitePrivilegeAdmin(XOSBaseAdmin):
fieldList = ['backend_status_text', 'user', 'site', 'role']
@@ -1117,7 +1127,7 @@
('slicenetworks','Networks'),
('sliceprivileges','Privileges'),
('instances','Instances'),
- #('reservations','Reservations'),
+ #('reservations','Reservations'),
('tags','Tags'),
]
@@ -1126,7 +1136,7 @@
tabs.append( ('admin-only', 'Admin-Only') )
return tabs
-
+
def add_view(self, request, form_url='', extra_context=None):
# Ugly hack for CORD
self.inlines = self.normal_inlines
@@ -1223,7 +1233,7 @@
def formfield_for_foreignkey(self, db_field, request, **kwargs):
if db_field.name == 'slice':
kwargs['queryset'] = Slice.select_by_user(request.user)
-
+
if db_field.name == 'user':
kwargs['queryset'] = User.select_by_user(request.user)
@@ -1636,12 +1646,12 @@
login_details_fields.remove('profile')
#if len(request.user.siteprivileges.filter(role__role = 'pi')) > 0:
# only admins and pis can change a user's site
- # self.readonly_fields = ('backend_status_text', 'site')
+ # self.readonly_fields = ('backend_status_text', 'site')
self.fieldsets = (
('Login Details', {'fields': login_details_fields, 'classes':['suit-tab suit-tab-general']}),
('Contact Information', {'fields': self.fieldListContactInfo, 'classes':['suit-tab suit-tab-contact']}),
)
- return super(UserAdmin, self).get_form(request, obj, **kwargs)
+ return super(UserAdmin, self).get_form(request, obj, **kwargs)
class ControllerDashboardViewInline(XOSTabularInline):
model = ControllerDashboardView
@@ -2114,7 +2124,7 @@
# unregister the Group model from admin.
#admin.site.unregister(Group)
-# When debugging it is often easier to see all the classes, but for regular use
+# When debugging it is often easier to see all the classes, but for regular use
# only the top-levels should be displayed
showAll = False
@@ -2151,4 +2161,3 @@
admin.site.register(TenantRootRole, TenantRootRoleAdmin)
admin.site.register(TenantAttribute, TenantAttributeAdmin)
# admin.site.register(Container, ContainerAdmin)
-
diff --git a/xos/core/models/__init__.py b/xos/core/models/__init__.py
index 2ee6b94..f203ba3 100644
--- a/xos/core/models/__init__.py
+++ b/xos/core/models/__init__.py
@@ -1,7 +1,7 @@
from .plcorebase import PlCoreBase,PlCoreBaseManager,PlCoreBaseDeletionManager,PlModelMixIn
from .project import Project
from .singletonmodel import SingletonModel
-from .service import Service, Tenant, TenantWithContainer, CoarseTenant, ServicePrivilege, TenantRoot, TenantRootPrivilege, TenantRootRole, Subscriber, Provider
+from .service import Service, Tenant, TenantWithContainer, CoarseTenant, ServicePrivilege, TenantRoot, TenantRootPrivilege, TenantRootRole, TenantPrivilege, TenantRole, Subscriber, Provider
from .service import ServiceAttribute, TenantAttribute, ServiceRole
from .tag import Tag
from .role import Role
@@ -29,4 +29,3 @@
from .network import Network, NetworkParameterType, NetworkParameter, Port, NetworkTemplate, Router, NetworkSlice, ControllerNetwork, AddressPool
from .billing import Account, Invoice, Charge, UsableObject, Payment
from .program import Program
-
diff --git a/xos/core/models/service.py b/xos/core/models/service.py
index ee28cf6..97fa890 100644
--- a/xos/core/models/service.py
+++ b/xos/core/models/service.py
@@ -644,14 +644,14 @@
for slice in slices:
if slice.instances.all().count() > 0:
for instance in slice.instances.all():
- #Pick the first instance that has lesser than 5 tenants
+ #Pick the first instance that has lesser than 5 tenants
if self.count_of_tenants_of_an_instance(instance) < 5:
return instance
return None
- #TODO: Ideally the tenant count for an instance should be maintained using a
- #many-to-one relationship attribute, however this model being proxy, it does
- #not permit any new attributes to be defined. Find if any better solutions
+ #TODO: Ideally the tenant count for an instance should be maintained using a
+ #many-to-one relationship attribute, however this model being proxy, it does
+ #not permit any new attributes to be defined. Find if any better solutions
def count_of_tenants_of_an_instance(self, instance):
tenant_count = 0
for tenant in self.get_tenant_objects().all():
@@ -805,4 +805,41 @@
return cls.objects.filter(id__in=trp_ids)
+class TenantRole(PlCoreBase):
+ ROLE_CHOICES = (('admin','Admin'), ('access','Access'))
+ role = StrippedCharField(choices=ROLE_CHOICES, unique=True, max_length=30)
+
+ def __unicode__(self): return u'%s' % (self.role)
+
+class TenantPrivilege(PlCoreBase):
+ user = models.ForeignKey('User', related_name="tenant_privileges")
+ tenant = models.ForeignKey('Tenant', related_name="tenant_privileges")
+ role = models.ForeignKey('TenantRole', related_name="tenant_privileges")
+
+ class Meta:
+ unique_together = ('user', 'tenant', 'role')
+
+ def __unicode__(self): return u'%s %s %s' % (self.tenant, self.user, self.role)
+
+ def save(self, *args, **kwds):
+ if not self.user.is_active:
+ raise PermissionDenied, "Cannot modify role(s) of a disabled user"
+ super(TenantPrivilege, self).save(*args, **kwds)
+
+ def can_update(self, user):
+ return user.can_update_tenant_privilege(self)
+
+ @classmethod
+ def select_by_user(cls, user):
+ if user.is_admin:
+ return cls.objects.all()
+ else:
+ # User can see his own privilege
+ trp_ids = [trp.id for trp in cls.objects.filter(user=user)]
+
+ # A tenant admin can see the TenantPrivileges for their Tenants
+ for priv in cls.objects.filter(user=user, role__role="admin"):
+ trp_ids.extend( [trp.id for trp in cls.objects.filter(tenant=priv.tenant)] )
+
+ return cls.objects.filter(id__in=trp_ids)
diff --git a/xos/core/models/user.py b/xos/core/models/user.py
index 0b8e3af..a8ed571 100644
--- a/xos/core/models/user.py
+++ b/xos/core/models/user.py
@@ -165,7 +165,7 @@
purge = purge or observer_disabled
except NameError:
pass
-
+
if (purge):
super(User, self).delete(*args, **kwds)
else:
@@ -219,7 +219,7 @@
# roles[site_privilege.role.role_type].append(site_privilege.site.login_base)
# for slice_membership in slice_memberships:
# roles[slice_membership.role.role_type].append(slice_membership.slice.name)
-# return roles
+# return roles
def save(self, *args, **kwds):
if not self.id:
@@ -254,7 +254,7 @@
site_privs = SitePrivilege.objects.filter(user=user, site=self.site)
for site_priv in site_privs:
if site_priv.role.role == 'admin':
- return True
+ return True
if site_priv.role.role == 'pi':
for fieldName in self.diff.keys():
if fieldName in self.PI_FORBIDDEN_FIELDS:
@@ -272,26 +272,26 @@
def can_update_root(self):
"""
- Return True if user has root (global) write access.
+ Return True if user has root (global) write access.
"""
if self.is_readonly:
return False
if self.is_admin:
return True
- return False
+ return False
def can_update_deployment(self, deployment):
from core.models.site import DeploymentPrivilege
if self.can_update_root():
- return True
-
+ return True
+
if DeploymentPrivilege.objects.filter(
deployment=deployment,
user=self,
role__role__in=['admin', 'Admin']):
return True
- return False
+ return False
def can_update_site(self, site, allow=[]):
from core.models.site import SitePrivilege
@@ -301,7 +301,7 @@
site=site, user=self, role__role__in=['admin', 'Admin']+allow):
return True
return False
-
+
def can_update_slice(self, slice):
from core.models.slice import SlicePrivilege
if self.can_update_root():
@@ -310,7 +310,7 @@
return True
if self.can_update_site(slice.site, allow=['pi']):
return True
-
+
if SlicePrivilege.objects.filter(
slice=slice, user=self, role__role__in=['admin', 'Admin']):
return True
@@ -334,9 +334,21 @@
return True
return False
+ def can_update_tenant(self, tenant, allow=[]):
+ from core.models.service import Tenant, TenantPrivilege
+ if self.can_update_root():
+ return True
+ if TenantPrivilege.objects.filter(
+ tenant=tenant, user=self, role__role__in=['admin', 'Admin']+allow):
+ return True
+ return False
+
def can_update_tenant_root_privilege(self, tenant_root_privilege, allow=[]):
return self.can_update_tenant_root(tenant_root_privilege.tenant_root, allow)
+ def can_update_tenant_privilege(self, tenant_privilege, allow=[]):
+ return self.can_update_tenant(tenant_privilege.tenant, allow)
+
def get_readable_objects(self, filter_by=None):
""" Returns a list of objects that the user is allowed to read. """
from core.models import Deployment, Flavor, Image, Network, NetworkTemplate, Node, PlModelMixIn, Site, Slice, SliceTag, Instance, Tag, User, DeploymentPrivilege, SitePrivilege, SlicePrivilege
@@ -351,18 +363,18 @@
return readable_objects
def get_permissions(self, filter_by=None):
- """ Return a list of objects for which the user has read or read/write
- access. The object will be an instance of a django model object.
+ """ Return a list of objects for which the user has read or read/write
+ access. The object will be an instance of a django model object.
Permissions will be either 'r' or 'rw'.
-
+
e.g.
[{'object': django_object_instance, 'permissions': 'rw'}, ...]
Returns:
- list of dicts
-
+ list of dicts
+
"""
- from core.models import Deployment, Flavor, Image, Network, NetworkTemplate, Node, PlModelMixIn, Site, Slice, SliceTag, Instance, Tag, User, DeploymentPrivilege, SitePrivilege, SlicePrivilege
+ from core.models import Deployment, Flavor, Image, Network, NetworkTemplate, Node, PlModelMixIn, Site, Slice, SliceTag, Instance, Tag, User, DeploymentPrivilege, SitePrivilege, SlicePrivilege
READ = 'r'
READWRITE = 'rw'
models = []
@@ -371,8 +383,8 @@
deployment_priv_objs = [Image, NetworkTemplate, Flavor]
site_priv_objs = [Node, Slice, User]
- slice_priv_objs = [Instance, Network]
-
+ slice_priv_objs = [Instance, Network]
+
# maps the set of objects a paticular role has write access
write_map = {
DeploymentPrivilege : {
@@ -382,12 +394,12 @@
'admin' : site_priv_objs,
'pi' : [Slice, User],
'tech': [Node],
- },
+ },
SlicePrivilege : {
- 'admin': slice_priv_objs,
- },
+ 'admin': slice_priv_objs,
+ },
}
-
+
privilege_map = {
DeploymentPrivilege : (Deployment, deployment_priv_objs),
SitePrivilege : (Site, site_priv_objs),
@@ -399,7 +411,7 @@
if models and model not in models:
continue
- # get the objects affected by this privilege model
+ # get the objects affected by this privilege model
affected_objects = []
for affected_model in affected_models:
affected_objects.extend(affected_model.select_by_user(self))
@@ -410,7 +422,7 @@
permissions.append(permission_dict(affected_object, READWRITE))
else:
# create a dict of the user's per object privileges
- # ex: {princeton_tmack : ['admin']
+ # ex: {princeton_tmack : ['admin']
privileges = privilege_model.objects.filter(user=self)
for privilege in privileges:
object_roles = defaultdict(list)
@@ -421,7 +433,7 @@
obj = getattr(privilege, field)
if obj:
object_roles[obj].append(privilege.role.role)
-
+
# loop through all objects the user has access to and determine
# if they also have write access
for affected_object in affected_objects:
@@ -438,15 +450,15 @@
permissions.append(permission_dict(affected_object, WRITE))
else:
permissions.append(permission_dict(affected_object, READ))
-
- return permissions
-
+
+ return permissions
+
def get_tenant_permissions(self):
from core.models import Site, Slice
return self.get_object_permissions(filter_by=[Site,Slice])
-
+
@staticmethod
def select_by_user(user):
if user.is_admin:
diff --git a/xos/core/xoslib/methods/vpnview.py b/xos/core/xoslib/methods/vpnview.py
new file mode 100644
index 0000000..ccd2141
--- /dev/null
+++ b/xos/core/xoslib/methods/vpnview.py
@@ -0,0 +1,68 @@
+from plus import PlusSerializerMixin
+from rest_framework import serializers
+from services.vpn.models import VPNService, VPNTenant
+from xos.apibase import XOSListCreateAPIView
+
+if hasattr(serializers, "ReadOnlyField"):
+ # rest_framework 3.x
+ ReadOnlyField = serializers.ReadOnlyField
+else:
+ # rest_framework 2.x
+ ReadOnlyField = serializers.Field
+
+
+def get_default_vpn_service():
+ vpn_services = VPNService.get_service_objects().all()
+ if vpn_services:
+ return vpn_services[0].id
+ return None
+
+
+class VPNTenantSerializer(serializers.ModelSerializer, PlusSerializerMixin):
+ id = ReadOnlyField()
+ service_specific_attribute = ReadOnlyField()
+ server_network = ReadOnlyField()
+ vpn_subnet = ReadOnlyField()
+ is_persistent = ReadOnlyField()
+ clients_can_see_each_other = ReadOnlyField()
+ ca_crt = ReadOnlyField()
+ port_number = ReadOnlyField()
+ failover_servers = ReadOnlyField()
+ creator = ReadOnlyField()
+ instance = ReadOnlyField()
+ script_text = ReadOnlyField()
+ provider_service = serializers.PrimaryKeyRelatedField(queryset=VPNService.get_service_objects().all(), default=get_default_vpn_service)
+
+ humanReadableName = serializers.SerializerMethodField("getHumanReadableName")
+
+ computeNodeName = serializers.SerializerMethodField("getComputeNodeName")
+
+ class Meta:
+ model = VPNTenant
+ fields = ('humanReadableName', 'id', 'provider_service',
+ 'service_specific_attribute', 'vpn_subnet',
+ 'server_network', 'creator', 'instance',
+ 'computeNodeName', 'is_persistent', 'clients_can_see_each_other',
+ 'ca_crt', 'port_number', 'script_text', 'failover_servers')
+
+ def getHumanReadableName(self, obj):
+ return obj.__unicode__()
+
+ def getComputeNodeName(self, obj):
+ instance = obj.instance
+ if not instance:
+ return None
+ return instance.node.name
+
+
+class VPNTenantList(XOSListCreateAPIView):
+ serializer_class = VPNTenantSerializer
+ method_kind = "list"
+ method_name = "vpntenant"
+
+ def get_queryset(self):
+ queryset = VPNTenant.get_tenant_objects().all()
+ queryset = [ tenant for tenant in queryset if self.request.user.can_update_tenant(tenant, ['access', 'Access'])]
+ for tenant in queryset:
+ tenant.script_text = tenant.create_client_script(self.request.user.email + "-" + tenant.id)
+ return queryset
diff --git a/xos/services/vpn/__init__.py b/xos/services/vpn/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/xos/services/vpn/__init__.py
diff --git a/xos/services/vpn/admin.py b/xos/services/vpn/admin.py
new file mode 100644
index 0000000..10a1e9a
--- /dev/null
+++ b/xos/services/vpn/admin.py
@@ -0,0 +1,213 @@
+from core.admin import ReadOnlyAwareAdmin, SliceInline, TenantPrivilegeInline
+from core.middleware import get_request
+from core.models import TenantPrivilege, User
+from django import forms
+from django.contrib import admin
+from django.core import serializers
+from services.vpn.models import VPN_KIND, VPNService, VPNTenant
+from subprocess import Popen, PIPE
+from xos.exceptions import XOSValidationError
+
+
+class VPNServiceForm(forms.ModelForm):
+
+ def save(self, commit=True):
+ if self.instance.slices.all().count() == 0:
+ raise XOSValidationError("Service must have a slice.")
+ if not self.instance.slices.all()[0].exposed_ports:
+ raise XOSValidationError("Slice assoicated with service must have at least one exposed port.")
+ self.instance.exposed_ports = self.parse_ports(self.instance.slices.all()[0].exposed_ports)
+ return super(VPNServiceForm, self).save(commit=commit)
+
+ def parse_ports(self, exposed_ports):
+ port_mapping = {"udp": [], "tcp": []}
+ parts = exposed_ports.split(",")
+ for part in parts:
+ part = part.strip()
+ if "/" in part:
+ (protocol, ports) = part.split("/", 1)
+ elif " " in part:
+ (protocol, ports) = part.split(None, 1)
+ else:
+ raise XOSValidationError('malformed port specifier %s, format example: "tcp 123, tcp 201:206, udp 333"' % part)
+
+ protocol = protocol.strip()
+ ports = ports.strip()
+
+ if not (protocol in ["udp", "tcp"]):
+ raise XOSValidationError('unknown protocol %s' % protocol)
+
+ if "-" in ports:
+ port_mapping[protocol].extend(self.parse_port_range(ports, "-"))
+ elif ":" in ports:
+ port_mapping[protocol].extend(self.parse_port_range(ports, ":"))
+ else:
+ port_mapping[protocol].append(int(ports))
+
+ return port_mapping
+
+ def parse_port_range(self, port_str, split_str):
+ (first, last) = port_str.split(split_str)
+ first = int(first.strip())
+ last = int(last.strip())
+ return list(range(first, last))
+
+ class Meta:
+ model = VPNService
+
+
+class VPNServiceAdmin(ReadOnlyAwareAdmin):
+ """Defines the admin for the VPNService."""
+ model = VPNService
+ form = VPNServiceForm
+ verbose_name = "VPN Service"
+
+ list_display = ("backend_status_icon", "name", "enabled")
+
+ list_display_links = ('backend_status_icon', 'name', )
+
+ fieldsets = [(None, {'fields': ['backend_status_text', 'name', 'enabled',
+ 'versionNumber', 'description', "view_url"],
+ 'classes':['suit-tab suit-tab-general']})]
+
+ readonly_fields = ('backend_status_text', )
+
+ inlines = [SliceInline]
+
+ extracontext_registered_admins = True
+
+ user_readonly_fields = ["name", "enabled", "versionNumber", "description"]
+
+ suit_form_tabs = (('general', 'VPN Service Details'),
+ ('administration', 'Tenants'),
+ ('slices', 'Slices'),)
+
+ suit_form_includes = (('vpnserviceadmin.html',
+ 'top',
+ 'administration'),)
+
+ def queryset(self, request):
+ return VPNService.get_service_objects_by_user(request.user)
+
+
+class VPNTenantForm(forms.ModelForm):
+ """The form used to create and edit a VPNTenant.
+
+ Attributes:
+ creator (forms.ModelChoiceField): The XOS user that created this tenant.
+ client_conf (forms.CharField): The readonly configuration used on the client to connect to this Tenant.
+ server_address (forms.GenericIPAddressField): The ip address on the VPN of this Tenant.
+ client_address (forms.GenericIPAddressField): The ip address on the VPN of the client.
+ is_persistent (forms.BooleanField): Determines if this Tenant keeps this connection alive through failures.
+ """
+ creator = forms.ModelChoiceField(queryset=User.objects.all())
+ server_network = forms.GenericIPAddressField(
+ protocol="IPv4", required=True)
+ vpn_subnet = forms.GenericIPAddressField(protocol="IPv4", required=True)
+ is_persistent = forms.BooleanField(required=False)
+ clients_can_see_each_other = forms.BooleanField(required=False)
+ failover_servers = forms.ModelMultipleChoiceField(queryset=VPNTenant.get_tenant_objects(), required=False)
+ protocol = forms.ChoiceField(required=True, choices=[("udp", "udp"), ("tcp", "tcp")])
+
+ def __init__(self, *args, **kwargs):
+ super(VPNTenantForm, self).__init__(*args, **kwargs)
+ self.fields['kind'].widget.attrs['readonly'] = True
+ # self.fields['script_name'].widget.attrs['readonly'] = True
+ self.fields[
+ 'provider_service'].queryset = VPNService.get_service_objects().all()
+
+ self.fields['kind'].initial = VPN_KIND
+
+ if self.instance:
+ self.fields['creator'].initial = self.instance.creator
+ self.fields['vpn_subnet'].initial = self.instance.vpn_subnet
+ self.fields[
+ 'server_network'].initial = self.instance.server_network
+ self.fields[
+ 'clients_can_see_each_other'].initial = self.instance.clients_can_see_each_other
+ self.fields['is_persistent'].initial = self.instance.is_persistent
+ self.fields['protocol'].initial = self.instance.protocol
+ if (self.instance.failover_servers):
+ self.initial['failover_servers'] = [model.pk for model in list(serializers.deserialize('json', self.instance.failover_servers))]
+
+ if (not self.instance) or (not self.instance.pk):
+ self.fields['creator'].initial = get_request().user
+ self.fields['vpn_subnet'].initial = "255.255.255.0"
+ self.fields['server_network'].initial = "10.66.77.0"
+ self.fields['clients_can_see_each_other'].initial = True
+ self.fields['is_persistent'].initial = True
+ if VPNService.get_service_objects().exists():
+ self.fields["provider_service"].initial = VPNService.get_service_objects().all()[
+ 0]
+
+ def save(self, commit=True):
+ self.instance.creator = self.cleaned_data.get("creator")
+ self.instance.is_persistent = self.cleaned_data.get('is_persistent')
+ self.instance.vpn_subnet = self.cleaned_data.get("vpn_subnet")
+ self.instance.server_network = self.cleaned_data.get('server_network')
+ self.instance.clients_can_see_each_other = self.cleaned_data.get(
+ 'clients_can_see_each_other')
+ self.instance.failover_servers = serializers.serialize("json", self.cleaned_data.get('failover_servers'))
+
+ self.instance.port_number = self.instance.provider_service.get_next_available_port(self.instance.protocol)
+ self.instance.protocol = self.cleaned_data.get("protocol")
+
+ if (not self.instance.ca_crt):
+ self.instance.ca_crt = self.generate_ca_crt()
+
+ return super(VPNTenantForm, self).save(commit=commit)
+
+ def generate_ca_crt(self):
+ """str: Generates the ca cert by reading from the ca file"""
+ with open("/opt/openvpn/easyrsa3/pki/ca.crt") as crt:
+ return crt.readlines()
+
+ class Meta:
+ model = VPNTenant
+
+
+class VPNTenantAdmin(ReadOnlyAwareAdmin):
+ verbose_name = "VPN Tenant Admin"
+ list_display = ('id', 'backend_status_icon', 'instance',
+ 'server_network', 'vpn_subnet')
+ list_display_links = ('id', 'backend_status_icon',
+ 'instance', 'server_network', 'vpn_subnet')
+ fieldsets = [(None, {'fields': ['backend_status_text', 'kind',
+ 'provider_service', 'instance', 'creator',
+ 'server_network', 'vpn_subnet', 'is_persistent',
+ 'clients_can_see_each_other', 'failover_servers', "protocol"],
+ 'classes': ['suit-tab suit-tab-general']})]
+ readonly_fields = ('backend_status_text', 'instance')
+ form = VPNTenantForm
+ inlines = [TenantPrivilegeInline]
+
+ suit_form_tabs = (('general', 'Details'), ('tenantprivileges', 'Privileges'))
+
+ def queryset(self, request):
+ return VPNTenant.get_tenant_objects_by_user(request.user)
+
+ def certificate_name(self, tenant_privilege):
+ return str(tenant_privilege.user.email) + "-" + str(tenant_privilege.tenant.id)
+
+ def save_formset(self, request, form, formset, change):
+ super(VPNTenantAdmin, self).save_formset(request, form, formset, change)
+ for obj in formset.deleted_objects:
+ # If anything deleated was a TenantPrivilege then revoke the certificate
+ if type(obj) is TenantPrivilege:
+ certificate = self.certificate_name(obj)
+ Popen("/opt/openvpn/easyrsa3/easyrsa --batch revoke " + certificate, shell=True, stdout=PIPE).communicate()
+ # TODO(jermowery): determine if this is necessary.
+ # if type(obj) is VPNTenant:
+ # if the tenant was deleted revoke all certs assoicated
+ # pass
+
+ for obj in formset.new_objects:
+ # If there were any new TenantPrivlege objects then create certs
+ if type(obj) is TenantPrivilege:
+ certificate = self.certificate_name(obj)
+ Popen("/opt/openvpn/easyrsa3/easyrsa --batch build-client-full " + certificate + " nopass", shell=True, stdout=PIPE).communicate()
+
+
+# Associate the admin forms with the models.
+admin.site.register(VPNService, VPNServiceAdmin)
+admin.site.register(VPNTenant, VPNTenantAdmin)
diff --git a/xos/services/vpn/models.py b/xos/services/vpn/models.py
new file mode 100644
index 0000000..6b7872c
--- /dev/null
+++ b/xos/services/vpn/models.py
@@ -0,0 +1,252 @@
+from core.models import Service, TenantWithContainer
+from django.db import transaction
+from xos.exceptions import XOSConfigurationError, XOSValidationError
+
+VPN_KIND = "vpn"
+
+
+class VPNService(Service):
+ """Defines the Service for creating VPN servers."""
+ KIND = VPN_KIND
+
+ class Meta:
+ proxy = True
+ # The name used to find this service, all directories are named this
+ app_label = "vpn"
+ verbose_name = "VPN Service"
+
+ default_attributes = {'exposed_ports': None}
+
+ @property
+ def exposed_ports(self):
+ return self.get_attribute("exposed_ports",
+ self.default_attributes["exposed_ports"])
+
+ @exposed_ports.setter
+ def exposed_ports(self, value):
+ self.set_attribute("exposed_ports", value)
+
+ def get_next_available_port(self, protocol):
+ if protocol != "udp" and protocol != "tcp":
+ raise XOSConfigurationError("Port protocol must be udp or tcp")
+ if not self.ports[protocol]:
+ raise XOSValidationError("No availble ports for protocol: " + protocol)
+ tenants = [tenant for tenant in VPNTenant.get_tenant_objects.all() if tenant.protocol == protocol]
+ port_numbers = self.exposed_ports[protocol]
+ for port_number in port_numbers:
+ if [tenant for tenant in tenants if tenant.port_number == port_number].count() == 0:
+ return port_number
+
+
+class VPNTenant(TenantWithContainer):
+ """Defines the Tenant for creating VPN servers."""
+
+ class Meta:
+ proxy = True
+ verbose_name = "VPN Tenant"
+
+ KIND = VPN_KIND
+
+ sync_attributes = ("nat_ip", "nat_mac",)
+
+ default_attributes = {'vpn_subnet': None,
+ 'server_network': None,
+ 'clients_can_see_each_other': True,
+ 'is_persistent': True,
+ 'ca_crt': None,
+ 'port': None,
+ 'script_text': None,
+ 'failover_servers': [],
+ 'protocol': None}
+
+ def __init__(self, *args, **kwargs):
+ vpn_services = VPNService.get_service_objects().all()
+ if vpn_services:
+ self._meta.get_field(
+ "provider_service").default = vpn_services[0].id
+ super(VPNTenant, self).__init__(*args, **kwargs)
+
+ def save(self, *args, **kwargs):
+ super(VPNTenant, self).save(*args, **kwargs)
+ model_policy_vpn_tenant(self.pk)
+
+ def delete(self, *args, **kwargs):
+ self.cleanup_container()
+ super(VPNTenant, self).delete(*args, **kwargs)
+
+ @property
+ def protocol(self):
+ return self.get_attribute("protocol", self.default_attributes["protocol"])
+
+ @protocol.setter
+ def protocol(self, value):
+ self.set_attribute("protocol", value)
+
+ @property
+ def addresses(self):
+ """Mapping[str, str]: The ip, mac address, and subnet of the NAT network of this Tenant."""
+ if (not self.id) or (not self.instance):
+ return {}
+
+ addresses = {}
+ for ns in self.instance.ports.all():
+ if "nat" in ns.network.name.lower():
+ addresses["ip"] = ns.ip
+ addresses["mac"] = ns.mac
+ break
+
+ return addresses
+
+ # This getter is necessary because nat_ip is a sync_attribute
+ @property
+ def nat_ip(self):
+ """str: The IP of this Tenant on the NAT network."""
+ return self.addresses.get("ip", None)
+
+ # This getter is necessary because nat_mac is a sync_attribute
+ @property
+ def nat_mac(self):
+ """str: The MAC address of this Tenant on the NAT network."""
+ return self.addresses.get("mac", None)
+
+ @property
+ def server_network(self):
+ """str: The IP address of the server on the VPN."""
+ return self.get_attribute(
+ 'server_network',
+ self.default_attributes['server_network'])
+
+ @server_network.setter
+ def server_network(self, value):
+ self.set_attribute("server_network", value)
+
+ @property
+ def vpn_subnet(self):
+ """str: The IP address of the client on the VPN."""
+ return self.get_attribute(
+ 'vpn_subnet',
+ self.default_attributes['vpn_subnet'])
+
+ @vpn_subnet.setter
+ def vpn_subnet(self, value):
+ self.set_attribute("vpn_subnet", value)
+
+ @property
+ def is_persistent(self):
+ """bool: True if the VPN connection is persistence, false otherwise."""
+ return self.get_attribute(
+ "is_persistent",
+ self.default_attributes['is_persistent'])
+
+ @is_persistent.setter
+ def is_persistent(self, value):
+ self.set_attribute("is_persistent", value)
+
+ @property
+ def failover_servers(self):
+ self.get_attribute("failover_servers", self.default_attributes["failover_servers"])
+
+ @failover_servers.setter
+ def failover_servers(self, value):
+ self.set_attribute("failover_servers", value)
+
+ @property
+ def clients_can_see_each_other(self):
+ """bool: True if the client can see the subnet of the server, false otherwise."""
+ return self.get_attribute(
+ "clients_can_see_each_other",
+ self.default_attributes['clients_can_see_each_other'])
+
+ @clients_can_see_each_other.setter
+ def clients_can_see_each_other(self, value):
+ self.set_attribute("clients_can_see_each_other", value)
+
+ @property
+ def ca_crt(self):
+ """str: the string for the ca certificate"""
+ return self.get_attribute("ca_crt", self.default_attributes['ca_crt'])
+
+ @ca_crt.setter
+ def ca_crt(self, value):
+ self.set_attribute("ca_crt", value)
+
+ @property
+ def port_number(self):
+ """int: the integer representing the port number for this server"""
+ return self.get_attribute("port", self.default_attributes['port'])
+
+ @port_number.setter
+ def port_number(self, value):
+ self.set_attribute("port", value)
+
+ @property
+ def script_text(self):
+ return self.get_attribute("script_text", self.default_attributes['script_text'])
+
+ @script_text.setter
+ def script_text(self, value):
+ self.set_attribute("script_text", value)
+
+ def create_client_script(self, client_name):
+ script = ""
+ # write the configuration portion
+ script += ("printf \"%b\" \"")
+ script += self.generate_client_conf(client_name)
+ script += ("\" > client.conf\n")
+ script += ("printf \"%b\" \"")
+ for line in self.ca_crt:
+ script += (line.rstrip() + r"\n")
+ script += ("\" > ca.crt\n")
+ script += ("printf \"%b\" \"")
+ for line in self.generate_client_cert(client_name):
+ script += (line.rstrip() + r"\n")
+ script += ("\" > " + client_name + ".crt\n")
+ for line in self.generate_client_key(client_name):
+ script += (line.rstrip() + r"\n")
+ script += ("\" > " + client_name + ".key\n")
+ # make sure openvpn is installed
+ script += ("apt-get update\n")
+ script += ("apt-get install openvpn\n")
+ script += ("openvpn client.conf &\n")
+ # close the script
+ return script
+
+ def generate_client_cert(self, client_name):
+ return open("/opt/openvpn/easyrsa3/pki/issued/" + client_name + ".crt").readlines()
+
+ def generate_client_key(self, client_name):
+ return open("/opt/openvpn/easyrsa3/pki/private/" + client_name + ".key").readlines()
+
+ def generate_client_conf(self, client_name):
+ """str: Generates the client configuration to use to connect to this VPN server.
+ """
+ conf = ("client\n" +
+ "dev tun\n" +
+ "proto " + self.protocol + "\n" +
+ "remote " + str(self.nat_ip) + " " + str(self.port_number) + "\n" +
+ "resolv-retry infinite\n" +
+ "nobind\n" +
+ "ca ca.crt\n" +
+ "cert " + client_name + ".crt\n" +
+ "key " + client_name + ".key\n" +
+ "comp-lzo\n" +
+ "verb 3\n")
+
+ if self.is_persistent:
+ conf += "persist-tun\n"
+ conf += "persist-key\n"
+
+ return conf
+
+
+def model_policy_vpn_tenant(pk):
+ """Manages the contain for the VPN Tenant."""
+ # This section of code is atomic to prevent race conditions
+ with transaction.atomic():
+ # We find all of the tenants that are waiting to update
+ tenant = VPNTenant.objects.select_for_update().filter(pk=pk)
+ if not tenant:
+ return
+ # Since this code is atomic it is safe to always use the first tenant
+ tenant = tenant[0]
+ tenant.manage_container()
diff --git a/xos/services/vpn/templates/vpnserviceadmin.html b/xos/services/vpn/templates/vpnserviceadmin.html
new file mode 100644
index 0000000..d983771
--- /dev/null
+++ b/xos/services/vpn/templates/vpnserviceadmin.html
@@ -0,0 +1,10 @@
+<!-- Template used to for the button leading to the HelloWorldTenantComplete form. -->
+<div class = "left-nav">
+ <ul>
+ <li>
+ <a href="/admin/vpn/vpntenant/">
+ VPN Tenants
+ </a>
+ </li>
+ </ul>
+</div>
diff --git a/xos/synchronizers/vpn/__init__.py b/xos/synchronizers/vpn/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/xos/synchronizers/vpn/__init__.py
diff --git a/xos/synchronizers/vpn/model-deps b/xos/synchronizers/vpn/model-deps
new file mode 100644
index 0000000..0967ef4
--- /dev/null
+++ b/xos/synchronizers/vpn/model-deps
@@ -0,0 +1 @@
+{}
diff --git a/xos/synchronizers/vpn/run.sh b/xos/synchronizers/vpn/run.sh
new file mode 100755
index 0000000..9a2e69b
--- /dev/null
+++ b/xos/synchronizers/vpn/run.sh
@@ -0,0 +1,2 @@
+export XOS_DIR=/opt/xos
+python vpn-synchronizer.py -C $XOS_DIR/synchronizers/vpn/vpn_config
diff --git a/xos/synchronizers/vpn/steps/__init__.py b/xos/synchronizers/vpn/steps/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/xos/synchronizers/vpn/steps/__init__.py
diff --git a/xos/synchronizers/vpn/steps/sync_vpntenant.py b/xos/synchronizers/vpn/steps/sync_vpntenant.py
new file mode 100644
index 0000000..d90f40f
--- /dev/null
+++ b/xos/synchronizers/vpn/steps/sync_vpntenant.py
@@ -0,0 +1,49 @@
+import os
+import sys
+
+from django.db.models import F, Q
+from services.vpn.models import VPNTenant
+from subprocess import Popen, PIPE
+from synchronizers.base.SyncInstanceUsingAnsible import \
+ SyncInstanceUsingAnsible
+
+parentdir = os.path.join(os.path.dirname(__file__), "..")
+sys.path.insert(0, parentdir)
+
+
+class SyncVPNTenant(SyncInstanceUsingAnsible):
+ """Class for syncing a VPNTenant using Ansible."""
+ provides = [VPNTenant]
+ observes = VPNTenant
+ requested_interval = 0
+ template_name = "sync_vpntenant.yaml"
+ service_key_name = "/opt/xos/synchronizers/vpn/vpn_private_key"
+
+ def __init__(self, *args, **kwargs):
+ super(SyncVPNTenant, self).__init__(*args, **kwargs)
+
+ def fetch_pending(self, deleted):
+ if (not deleted):
+ objs = VPNTenant.get_tenant_objects().filter(
+ Q(enacted__lt=F('updated')) | Q(enacted=None), Q(lazy_blocked=False))
+ else:
+ objs = VPNTenant.get_deleted_tenant_objects()
+
+ return objs
+
+ def get_extra_attributes(self, tenant):
+ return {"is_persistent": tenant.is_persistent,
+ "vpn_subnet": tenant.vpn_subnet,
+ "server_network": tenant.server_network,
+ "clients_can_see_each_other": tenant.clients_can_see_each_other,
+ "tenant_id": tenant.id,
+ "port_number": tenant.port_number,
+ "protocol": tenant.protocol
+ }
+
+ def run_playbook(self, o, fields):
+ # Generate the server files
+ (stdout, stderr) = Popen("/opt/openvpn/easyrsa3/easyrsa --batch build-server-full server-" + o.id + " nopass", shell=True, stdout=PIPE).communicate()
+ print(str(stdout))
+ print(str(stderr))
+ super(SyncVPNTenant, self).run_playbook(o, fields)
diff --git a/xos/synchronizers/vpn/steps/sync_vpntenant.yaml b/xos/synchronizers/vpn/steps/sync_vpntenant.yaml
new file mode 100644
index 0000000..2ab32c3
--- /dev/null
+++ b/xos/synchronizers/vpn/steps/sync_vpntenant.yaml
@@ -0,0 +1,85 @@
+---
+- hosts: {{ instance_name }}
+ gather_facts: False
+ connection: ssh
+ user: ubuntu
+ sudo: yes
+ vars:
+ server_network: {{ server_network }}
+ is_persistent: {{ is_persistent }}
+ vpn_subnet: {{ vpn_subnet }}
+ clients_can_see_each_other: {{ clients_can_see_each_other }}
+ tenant_id: {{ tenant_id }}
+ port_number: {{ port_number }}
+ protocol: {{ protocol }}
+
+ tasks:
+ - name: install openvpn
+ apt: name=openvpn state=present update_cache=yes
+
+ - name: stop openvpn
+ shell: kill -9 $(cat /opt/openvpn/server-{{ tenant_id }}/pid) || true
+
+ - name: make sure /opt/openvpn exists
+ file: path=/opt/openvpn state=directory
+
+ - name: make sure directory for this server exists
+ file: path=/opt/openvpn/server-{{ tenant_id }} state=directory
+
+ - name: get server key
+ copy: src=/opt/openvpn/easyrsa3/pki/private/server-{{ tenant_id }}.key dest=/opt/openvpn/server-{{ tenant_id }}/server.key
+
+ - name: get server crt
+ copy: src=/opt/openvpn/easyrsa3/pki/issued/server-{{ tenant_id }}.crt dest=/opt/openvpn/server-{{ tenant_id }}/server.crt
+
+ - name: get ca crt
+ copy: src=/opt/openvpn/easyrsa3/pki/ca.crt dest=/opt/openvpn/ca.crt
+
+ - name: get dh
+ copy: src=/opt/openvpn/easyrsa3/pki/dh.pem dest=/opt/openvpn/dh.pem
+
+ - name: erase config
+ shell: rm -f /opt/openvpn/server-{{ tenant_id }}/server.conf
+
+ - name: erase auth script
+ shell: rm -f /opt/openvpn/server-{{ tenant_id }}/auth.sh
+
+ - name: write auth script
+ shell: printf "%b" "#!/bin/bash\nexit 0" > /opt/openvpn/server-{{ tenant_id }}/auth.sh
+
+ - name: make auth script executable
+ shell: chmod 777 /opt/openvpn/server-{{ tenant_id }}/auth.sh
+
+ - name: write base config
+ shell:
+ |
+ printf "script-security 3 system
+ port {{ port_number }}
+ proto {{ protocol }}
+ dev tun
+ ca /opt/openvpn/ca.crt
+ cert /opt/openvpn/server-{{ tenant_id }}/server.crt
+ key /opt/openvpn/server-{{ tenant_id }}/server.key
+ dh /opt/openvpn/dh.pem
+ server {{ server_network }} {{ vpn_subnet }}
+ ifconfig-pool-persist /opt/openvpn/server-{{ tenant_id }}/ipp.txt
+ comp-lzo
+ status /opt/openvpn/server-{{ tenant_id }}/openvpn-status.log
+ verb 3
+ " > /opt/openvpn/server-{{ tenant_id }}/server.conf
+
+ - name: write persistent config
+ shell:
+ |
+ printf "keepalive 10 60
+ persist-tun
+ persist-key
+ " >> /opt/openvpn/server-{{ tenant_id }}/server.conf
+ when: {{ is_persistent }}
+
+ - name: write client-to-client config
+ shell: printf "client-to-client\n" >> /opt/openvpn/server{{ tenant_id }}/server.conf
+ when: {{ clients_can_see_each_other }}
+
+ - name: start openvpn
+ shell: openvpn --writepid /opt/openvpn/server{{ tenant_id }}/pid /opt/openvpn/server{{ tenant_id }}/server.conf &
diff --git a/xos/synchronizers/vpn/stop.sh b/xos/synchronizers/vpn/stop.sh
new file mode 100755
index 0000000..4178688
--- /dev/null
+++ b/xos/synchronizers/vpn/stop.sh
@@ -0,0 +1,2 @@
+# Kill the observer
+pkill -9 -f vpn-synchronizer.py
diff --git a/xos/synchronizers/vpn/vpn-synchronizer.py b/xos/synchronizers/vpn/vpn-synchronizer.py
new file mode 100755
index 0000000..3227ed9
--- /dev/null
+++ b/xos/synchronizers/vpn/vpn-synchronizer.py
@@ -0,0 +1,10 @@
+#!/usr/bin/env python
+
+import importlib
+import os
+import sys
+observer_path = os.path.join(os.path.dirname(
+ os.path.realpath(__file__)), "../../synchronizers/base")
+sys.path.append(observer_path)
+mod = importlib.import_module("xos-synchronizer")
+mod.main()
diff --git a/xos/synchronizers/vpn/vpn_config b/xos/synchronizers/vpn/vpn_config
new file mode 100644
index 0000000..2cdb192
--- /dev/null
+++ b/xos/synchronizers/vpn/vpn_config
@@ -0,0 +1,23 @@
+# Required by XOS
+[db]
+name=xos
+user=postgres
+password=password
+host=localhost
+port=5432
+
+# Required by XOS
+[api]
+nova_enabled=True
+
+# Sets options for the synchronizer
+[observer]
+name=vpn
+dependency_graph=/opt/xos/synchronizers/vpn/model-deps
+steps_dir=/opt/xos/synchronizers/vpn/steps
+sys_dir=/opt/xos/synchronizers/vpn/sys
+logfile=/var/log/xos_backend.log
+pretend=False
+backoff_disabled=True
+save_ansible_output=True
+proxy_ssh=False
diff --git a/xos/tools/xos-manage b/xos/tools/xos-manage
index 5410f37..d07e623 100755
--- a/xos/tools/xos-manage
+++ b/xos/tools/xos-manage
@@ -60,13 +60,13 @@
echo Waiting for postgres to start
sleep 1
sudo -u postgres psql -c '\q'
- done
+ done
}
function db_exists {
- sudo -u postgres psql $DBNAME -c '\q' 2>/dev/null
+ sudo -u postgres psql $DBNAME -c '\q' 2>/dev/null
return $?
-}
+}
function createdb {
wait_postgres
@@ -145,6 +145,7 @@
python ./manage.py makemigrations cord
python ./manage.py makemigrations ceilometer
python ./manage.py makemigrations helloworldservice_complete
+ python ./manage.py makemigrations vpn
python ./manage.py makemigrations onos
python ./manage.py makemigrations vtr
#python ./manage.py makemigrations servcomp
diff --git a/xos/xos/settings.py b/xos/xos/settings.py
index 5c6c0cb..d06d0b2 100644
--- a/xos/xos/settings.py
+++ b/xos/xos/settings.py
@@ -30,7 +30,7 @@
GEOIP_PATH = "/usr/share/GeoIP"
XOS_DIR = "/opt/xos"
-DEBUG = False
+DEBUG = True
TEMPLATE_DEBUG = DEBUG
ADMINS = (
@@ -180,6 +180,7 @@
'services.ceilometer',
'services.requestrouter',
'services.syndicate_storage',
+ 'services.vpn',
'services.vtr',
'geoposition',
'rest_framework_swagger',