def get_extip_and_networks():
'''returns public ip. If no ip of server is public, it returns ip from
`facter`
'''
facter = Puppet().facter()
ext_ip = None
internal_networks = []
for key in facter.keys():
if key.startswith('ipaddress'):
address = IPv4Address(facter[key])
#
# GET PUBLIC IP
# Can't use is_global in 14.04 because of: https://bugs.python.org/issue21386
if not address.is_private:
ext_ip = address
#
# GET PRIVATE IPS
#
elif not any(iface in key for iface in ['lo', 'tun']):
netmask = facter["netmask_{}".format(key[5:])]
internal_networks.append("{} {}".format(address, netmask))
if not ext_ip:
ext_ip = facter['ipaddress']
return {
"external-ip": ext_ip,
"internal-networks": internal_networks,
}
def install_openvpn_xenial():
puppet = Puppet()
try:
os.makedirs('/opt/openvpn-puppet')
except OSError as exception:
if exception.errno != errno.EEXIST:
raise
conf = config()
dns_info = get_dns_info()
clients = conf['clients'].split()
context = {
'servername': SERVERNAME,
'country': conf['key-country'],
'province': conf['key-province'],
'city': conf['key-city'],
'organization': conf['key-org'],
'email': conf['key-email'],
'protocol': conf['protocol'],
'port': conf['port'],
'duplicate_cn': conf['duplicate-cn'],
'push_dns': conf['push-dns'],
'dns_server': dns_info.get('nameserver', "8.8.8.8"),
'dns_search_domain': dns_info.get('search', "local"),
'clients': clients,
'ext_ip': get_extip_and_networks()['external-ip'],
'internal_networks': get_extip_and_networks()['internal-networks'],
}
templating.render(source='init.pp',
target='/opt/openvpn-puppet/init.pp',
context=context)
puppet.apply('/opt/openvpn-puppet/init.pp')
copy_client_configs_to_home(clients)
status_set('active', 'Ready')
def install_openvpn_xenial():
puppet = Puppet()
try:
os.makedirs('/opt/openvpn-puppet')
except OSError as exception:
if exception.errno != errno.EEXIST:
raise
conf = config()
dns_info = get_dns_info()
clients = conf['clients'].split()
eipndict = get_extip_and_networks()
ext_ip = eipndict['external-ip']
pub_ip = eipndict['external-ip']
# If public-address is different from private-address, we're probably in a
# juju-supported cloud that we can trust to give us the right address that
# clients need to use to connect to us.
if unit_get('private-address') != unit_get('public-address'):
pub_ip = unit_get('public-address')
internal_networks = eipndict['internal-networks']
context = {
'servername': SERVERNAME,
'country': conf['key-country'],
'province': conf['key-province'],
'city': conf['key-city'],
'organization': conf['key-org'],
'email': conf['key-email'],
'protocol': conf['protocol'],
'port': conf['port'],
'duplicate_cn': conf['duplicate-cn'],
'push_dns': conf['push-dns'],
'push_default_gateway': conf['push-default-gateway'],
'dns_server': dns_info.get('nameserver', "8.8.8.8"),
'dns_search_domains': dns_info.get('search', []),
'clients': clients,
'ext_ip': ext_ip,
'pub_ip': pub_ip,
'internal_networks': internal_networks,
}
templating.render(
source='init.pp',
target='/opt/openvpn-puppet/init.pp',
context=context
)
kv_store = unitdata.kv()
if kv_store.get('previous-port') and kv_store.get('previous-protocol'):
close_port(kv_store.get('previous-port'),
protocol=kv_store.get('previous-protocol'))
puppet.apply('/opt/openvpn-puppet/init.pp')
copy_client_configs_to_home(clients)
status_set('active', 'Ready')
open_port(conf['port'], protocol=conf['protocol'].upper())
kv_store.set('previous-port', conf['port'])
kv_store.set('previous-protocol', conf['protocol'].upper())
def install_puppet_agent():
'''Install puppet pkg
'''
hookenv.status_set('maintenance',
'Installing puppet %s' % puppet_service)
try:
p = Puppet()
except PuppetException as ex:
print(ex.message)
exit(1)
p.install_puppet_apt_pkg()
p.install_puppet_deps()
set_state(PUPPET_SERVICE_INSTALLED)
def install_openvpn_xenial():
puppet = Puppet()
try:
os.makedirs('/opt/openvpn-puppet')
except OSError as exception:
if exception.errno != errno.EEXIST:
raise
conf = config()
dns_info = get_dns_info()
clients = conf['clients'].split()
eipndict = get_extip_and_networks()
ext_ip = eipndict['external-ip']
pub_ip = eipndict['public-ip']
internal_networks = eipndict['internal-networks']
context = {
'servername': SERVERNAME,
'country': conf['key-country'],
'province': conf['key-province'],
'city': conf['key-city'],
'organization': conf['key-org'],
'email': conf['key-email'],
'protocol': conf['protocol'],
'port': conf['port'],
'duplicate_cn': conf['duplicate-cn'],
'push_dns': conf['push-dns'],
'push_default_gateway': conf['push-default-gateway'],
'dns_server': dns_info.get('nameserver', "8.8.8.8"),
'dns_search_domains': dns_info.get('search', []),
'clients': clients,
'ext_ip': ext_ip,
'pub_ip': pub_ip,
'internal_networks': internal_networks,
'serverip': get_tun_network(),
'servernetmask': '255.255.255.0',
'serverslashmask': '24',
}
templating.render(source='init.pp',
target='/opt/openvpn-puppet/init.pp',
context=context)
kv_store = unitdata.kv()
if kv_store.get('previous-port') and kv_store.get('previous-protocol'):
close_port(kv_store.get('previous-port'),
protocol=kv_store.get('previous-protocol'))
puppet.apply('/opt/openvpn-puppet/init.pp')
copy_client_configs_to_home(clients)
status_set('active', 'Ready')
open_port(conf['port'], protocol=conf['protocol'].upper())
kv_store.set('previous-port', conf['port'])
kv_store.set('previous-protocol', conf['protocol'].upper())
def get_extip_and_networks():
'''returns public ip. If no ip of server is public, it returns ip from
`facter`
'''
facter = Puppet().facter('networking')
ext_ip = None
internal_networks = []
for iface, content in facter['networking']['interfaces'].items():
if not any(bl_iface in iface for bl_iface in ['lo', 'tun']):
for binding in content.get('bindings', []):
address = IPv4Address(binding['address'])
#
# GET PUBLIC IP
# Can't use is_global in 14.04 because of following bug:
# https://bugs.python.org/issue21386
if not address.is_private:
ext_ip = address
#
# GET PRIVATE IPS
#
else:
internal_networks.append(
"{} {}".format(binding['network'], binding['netmask']))
if not ext_ip:
ext_ip = facter['networking']['ip']
return {
"external-ip": ext_ip,
"internal-networks": internal_networks,
}
def get_most_public_ip():
'''returns public ip. If no ip of server is public, it returns ip from
`facter`
'''
facter = Puppet().facter()
ext_ip = None
for key in facter.keys():
if key.startswith('ipaddress'):
address = IPv4Address(facter[key])
# Can't use is_global in 14.04 because of: https://bugs.python.org/issue21386
if not address.is_private:
ext_ip = address
break
if not ext_ip:
ext_ip = facter['ipaddress']
return ext_ip
def get_extip_and_networks():
'''returns public ip. If no ip of server is public, it returns ip from
`facter`
'''
facter = Puppet().facter('networking')
ext_ip = None
internal_networks = []
for iface, content in facter['networking']['interfaces'].items():
if not any(bl_iface in iface for bl_iface in ['lo', 'tun']):
for binding in content.get('bindings', []):
address = IPv4Address(binding['address'])
#
# GET PUBLIC IP
# Can't use is_global in 14.04 because of following bug:
# https://bugs.python.org/issue21386
if not address.is_private:
ext_ip = address
if not ext_ip:
ext_ip = facter['networking']['ip']
# If public-address is different from private-address, we're probably in a
# juju-supported cloud that we can trust to give us the right address that
# clients need to use to connect to us. If not, just use ext_ip.
if unit_get('private-address') != unit_get('public-address'):
pub_ip = unit_get('public-address')
else:
pub_ip = ext_ip
print("External IP according to get_extip logic: {}".format(ext_ip))
print("Public IP according to get_extip logic: {}".format(pub_ip))
internal_networks = []
pub_ip_obj = IPv4Address(pub_ip)
ext_ip_obj = IPv4Address(ext_ip)
for network in get_networks(remove_tunnels=True):
if pub_ip_obj in network or ext_ip_obj in network:
continue
internal_networks.append("{} {}".format(network.network_address,
network.netmask))
print("Routes to push according to logic: {}".format(internal_networks))
return {
# IP of local interface that clients connect to.
"external-ip": ext_ip,
# IP that remote clients will use to connect to. This is identical to
# external-ip except when Juju provides us with
"public-ip": pub_ip,
"internal-networks": internal_networks,
}
def install_puppet_agent():
'''Install puppet pkg
'''
hookenv.status_set('maintenance',
'Installing puppet %s' % puppet_service)
try:
p = Puppet()
except PuppetException as ex:
print(ex.message)
exit(1)
p.install_puppet_apt_pkg()
p.install_puppet_deps()
set_state(PUPPET_SERVICE_INSTALLED)