symkat/MeshMage
1
1
Fork 0
mirror of https://github.com/symkat/MeshMage.git synced 2024-09-20 14:56:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

Use a single data directory.

Browse source
This commit is contained in:
Kaitlyn Parkhurst 2021-06-14 19:20:18 -07:00
parent 933c2ef9a4
commit 9f788fac9c
6 changed files with 52 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored
View file

@ -1,5 +1,3 @@
certs/
keys/
Web/meshmage.yml
Web/.plx
Web/local
@ -7,3 +5,4 @@ Web/devel
Web/tmp
Web/pans
Ansible/playbook*
data/

2
Ansible/roles/meshmage-node/tasks/main.yml
View file

@ -42,7 +42,7 @@
- name: Install Nebula Configuration File
copy:
dest: /etc/nebula/config.yml
src: "{{ role_path }}/files/{{ domain }}.yml"
src: "{{ meshnet_store }}/{{ network_id }}/{{ domain }}.yml"
owner: root
group: root
mode: 0644

1
Web/lib/MeshMage/Web.pm
View file

@ -31,6 +31,7 @@ sub startup ($self) {
$self->plugin( 'Minion::Admin' );
$self->plugin( 'MeshMage::Web::Plugin::MinionTasks' );
$self->plugin( 'MeshMage::Web::Plugin::NebulaConfig' );
$self->plugin( 'MeshMage::Web::Plugin::Helpers' );
# Router
my $r = $self->routes;

10
Web/lib/MeshMage/Web/Controller/Manual.pm
View file

@ -9,12 +9,12 @@ sub index ($c) {
sub deploy ($c) {
my $node = $c->db->resultset('Node')->find( $c->param('node_id') );
my $path = sprintf( "%s/%s", $c->config->{nebula}{store}, $node->network->id );
my $n_id = $node->network->id;
my $host = $node->hostname;
my $ca = Mojo::File->new( "$path/ca.crt" )->slurp;
my $cert = Mojo::File->new( sprintf( "%s/%s.crt", $path, $node->hostname ) )->slurp;
my $key = Mojo::File->new( sprintf( "%s/%s.key", $path, $node->hostname ) )->slurp;
my $ca = Mojo::File->new( $c->filepath_for( nebula => $n_id, 'ca.crt' ) )->slurp;
my $cert = Mojo::File->new( $c->filepath_for( nebula => $n_id, $host . '.crt') )->slurp;
my $key = Mojo::File->new( $c->filepath_for( nebula => $n_id, $host . '.key') )->slurp;
$c->stash(
node => $node,

23
Web/lib/MeshMage/Web/Plugin/Helpers.pm Normal file
View file

@ -0,0 +1,23 @@
package MeshMage::Web::Plugin::Helpers;
use Mojo::Base 'Mojolicious::Plugin', -signatures;
sub register ( $self, $app, $config ) {
$app->helper( filepath_for => sub ( $c, $type, @file_segments ) {
my $file = join( "/", @file_segments );
return sprintf( "%s/%s/%s",
$c->config->{filestore}{prefix},
$c->config->{filestore}{$type},
$file,
) if $file;
return sprintf( "%s/%s",
$c->config->{filestore}{prefix},
$c->config->{filestore}{$type},
);
});
}
1;

47
Web/lib/MeshMage/Web/Plugin/MinionTasks.pm
View file

@ -16,30 +16,30 @@ sub register ( $self, $app, $config ) {
});
# Create the storage location for this network.
make_path( $job->app->config->{nebula}->{store} . "/" . $network->id );
make_path($job->app->filepath_for(nebula => $network->id));
# Create the network cert and signing key.
run3( [ $job->app->config->{nebula}->{nebula_cert}, 'ca',
'-out-crt', sprintf( "%s/%d/ca.crt", $job->app->config->{nebula}->{store}, $network->id ),
'-out-key', sprintf( "%s/%d/ca.key", $job->app->config->{nebula}->{store}, $network->id ),
'-out-crt', $job->app->filepath_for(nebula => $network->id, 'ca.crt'),
'-out-key', $job->app->filepath_for(nebula => $network->id, 'ca.key'),
'-name' , $network_name,
]);
});
$app->minion->add_task( generate_sshkey => sub ( $job, $comment ) {
run3( [ qw( ssh-keygen -t rsa -b 4096 -q -C ), $comment, '-N', '', '-f', $job->app->config->{sshkey}{store} . "/new_key" ] );
my $private_key = Mojo::File->new( $job->app->config->{sshkey}{store} . "/new_key" )->slurp;
my $public_key = Mojo::File->new( $job->app->config->{sshkey}{store} . "/new_key.pub" )->slurp;
unlink $job->app->config->{sshkey}{store} . "/new_key";
unlink $job->app->config->{sshkey}{store} . "/new_key.pub";
run3( [ qw( ssh-keygen -t rsa -b 4096 -q -C ), $comment, '-N', '', '-f', $job->app->filepath_for( sshkey => 'new_key' )]);
my $private_key = Mojo::File->new( $job->app->filepath_for(sshkey => "/new_key" ))->slurp;
my $public_key = Mojo::File->new( $job->app->filepath_for(sshkey => "/new_key.pub"))->slurp;
unlink $job->app->filepath_for( sshkey => "/new_key" );
unlink $job->app->filepath_for( sshkey => "/new_key.pub");
my $key = $job->app->db->resultset('Sshkey')->create({
name => $comment,
public_key => $public_key
});
Mojo::File->new( $job->app->config->{sshkey}{store} . "/" . $key->id )->spurt( $private_key );
Mojo::File->new( $job->app->config->{sshkey}{store} . "/" . $key->id . ".pub" )->spurt( $public_key );
Mojo::File->new( $job->app->filepath_for(sshkey => $key->id ))->spurt($private_key);
Mojo::File->new( $job->app->filepath_for(sshkey => $key->id . '.pub'))->spurt($public_key );
});
$app->minion->add_task( import_sshkey => sub ( $job, $comment, $private_key, $public_key ) {
@ -48,8 +48,8 @@ sub register ( $self, $app, $config ) {
public_key => $public_key,
});
Mojo::File->new( $job->app->config->{sshkey}{store} . "/" . $key->id )->spurt( $private_key );
Mojo::File->new( $job->app->config->{sshkey}{store} . "/" . $key->id . ".pub" )->spurt( $public_key );
Mojo::File->new($job->app->filepath_for(sshkey => $key->id ))->spurt($private_key);
Mojo::File->new($job->app->filepath_for(sshkey => $key->id . '.pub'))->spurt($public_key );
});
@ -64,13 +64,10 @@ sub register ( $self, $app, $config ) {
DIR => $job->app->config->{ansible}{rundir},
);
# Create a nebula confif file for this domain so that Ansible may use
# Create a nebula config file for this domain so that Ansible may use
# the file.
my $nebula_config = $job->app->make_nebula_config( $node );
my $nebula_config_path = sprintf( "%s/roles/meshmage-node/files/%s.yml",
$job->app->config->{ansible}{rundir}, $node->hostname
);
Mojo::File->new( $nebula_config_path )->spurt( $nebula_config );
Mojo::File->new( $job->app->filepath_for( nebula => $node->network->id, $node->hostname . '.yml' ))
->spurt( $job->app->make_nebula_config( $node ));
print $playbook "- name: Configure Nebula Node\n";
@ -78,7 +75,7 @@ sub register ( $self, $app, $config ) {
print $playbook " vars:\n";
print $playbook " ansible_ssh_common_args: -oControlMaster=auto -oControlPersist=60s -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no\n";
print $playbook " domain: " . $node->hostname . "\n";
print $playbook " meshnet_store: " . $job->app->config->{nebula}{store} . "\n";
print $playbook " meshnet_store: " . $job->app->filepath_for( 'nebula' ) . "\n";
print $playbook " network_id: " . $node->network->id . "\n";
print $playbook " node:\n";
print $playbook " is_lighthouse: " . $node->is_lighthouse . "\n";
@ -96,7 +93,7 @@ sub register ( $self, $app, $config ) {
close $playbook;
run3([ 'ansible-playbook', '-i', "$deploy_ip,",
'--key-file', $job->app->config->{sshkey}{store} . "/$key_id",
'--key-file', $job->app->filepath_for( sshkey => $key_id ),
$playbook->filename
]);
});
@ -110,8 +107,6 @@ sub register ( $self, $app, $config ) {
# If is_lighthouse, ensure public IP exists.
my $store_path = $job->app->config->{nebula}->{store} . "/" . $network->id . "/";
my $domain = sprintf( "%s.%s", $hostname, $network->tld );
my $cidr = (split( /\//, $network->address))[1];
@ -124,12 +119,12 @@ sub register ( $self, $app, $config ) {
});
my $command = [ $job->app->config->{nebula}->{nebula_cert}, 'sign',
'-ca-crt', $store_path . "ca.crt",
'-ca-key', $store_path . "ca.key",
'-ca-crt', $job->app->filepath_for( nebula => $network->id, "ca.crt" ),
'-ca-key', $job->app->filepath_for( nebula => $network->id, "ca.key" ),
'-name', $domain,
'-ip', "$address/$cidr",
'-out-crt', $store_path . "$domain.crt",
'-out-key', $store_path . "$domain.key",
'-out-crt', $job->app->filepath_for( nebula => $network->id, "$domain.crt" ),
'-out-key', $job->app->filepath_for( nebula => $network->id, "$domain.key" ),
];
run3( $command );
});