updates naming for built in config services, broke out current example script to examples dir, broke out config service manager to separate file

2020-01-17 13:47:55 -08:00 · 2020-01-17 13:47:55 -08:00 · dbc77d81f6
commit dbc77d81f6
parent 433327c0ae
7 changed files with 180 additions and 91 deletions
--- a/daemon/core/configservices/sercurityservices/init.py
+++ b/daemon/core/configservices/sercurityservices/init.py
--- a/daemon/core/configservices/sercurityservices/services.py
+++ b/daemon/core/configservices/sercurityservices/services.py
@ -0,0 +1,19 @@
+from core.configservice.base import ConfigService, ConfigServiceMode
+
+GROUP_NAME = "Security"
+
+
+class VpnClient(ConfigService):
+    name = "VPNClient"
+    group = GROUP_NAME
+    directories = []
+    executables = ["openvpn", "ip", "killall"]
+    dependencies = []
+    startup = ["sh vpnclient.sh"]
+    validate = ["pidof openvpn"]
+    shutdown = ["killall openvpn"]
+    validation_mode = ConfigServiceMode.BLOCKING
+    default_configs = []
+
+    def create_files(self):
+        self.render("vpnclient.sh")
--- a/daemon/core/configservices/sercurityservices/templates/vpnclient.sh
+++ b/daemon/core/configservices/sercurityservices/templates/vpnclient.sh
@ -0,0 +1,61 @@
+# -------- CUSTOMIZATION REQUIRED --------
+#
+# The VPNClient service builds a VPN tunnel to the specified VPN server using
+# OpenVPN software and a virtual TUN/TAP device.
+
+# directory containing the certificate and key described below
+keydir=/etc/core/keys
+
+# the name used for a "$keyname.crt" certificate and "$keyname.key" private key.
+keyname=client1
+
+# the public IP address of the VPN server this client should connect with
+vpnserver="10.0.2.10"
+
+# optional next hop for adding a static route to reach the VPN server
+nexthop="10.0.1.1"
+
+# --------- END CUSTOMIZATION --------
+
+# validate addresses
+if [ "$(dpkg -l | grep " sipcalc ")" = "" ]; then
+    echo "WARNING: ip validation disabled because package sipcalc not installed
+         " > $PWD/vpnclient.log
+else
+    if [ "$(sipcalc "$vpnserver" "$nexthop" | grep ERR)" != "" ]; then
+        echo "ERROR: invalide address $vpnserver or $nexthop " > $PWD/vpnclient.log
+    fi
+fi
+
+# validate key and certification files
+if [ ! -e $keydir\/$keyname.key ] || [ ! -e $keydir\/$keyname.crt ] \
+   || [ ! -e $keydir\/ca.crt ] || [ ! -e $keydir\/dh1024.pem ]; then
+     echo "ERROR: missing certification or key files under $keydir $keyname.key or $keyname.crt or ca.crt or dh1024.pem" >> $PWD/vpnclient.log
+fi
+
+# if necessary, add a static route for reaching the VPN server IP via the IF
+vpnservernet=${vpnserver%.*}.0/24
+if [ "$nexthop" != "" ]; then
+    ip route add $vpnservernet via $nexthop
+fi
+
+# create openvpn client.conf
+(
+cat << EOF
+client
+dev tun
+proto udp
+remote $vpnserver 1194
+nobind
+ca $keydir/ca.crt
+cert $keydir/$keyname.crt
+key $keydir/$keyname.key
+dh $keydir/dh1024.pem
+cipher AES-256-CBC
+log $PWD/openvpn-client.log
+verb 4
+daemon
+EOF
+) > client.conf
+
+openvpn --config client.conf
--- a/daemon/core/configservices/serviceutils/services.py
+++ b/daemon/core/configservices/serviceutils/services.py
@ -1,18 +1,9 @@
-import logging
-import os
-
 import netaddr

 from core import utils
 from core.config import Configuration
-from core.configservice.base import (
-    ConfigService,
-    ConfigServiceManager,
-    ConfigServiceMode,
-)
-from core.emulator.coreemu import CoreEmu
-from core.emulator.emudata import IpPrefixes, NodeOptions
-from core.emulator.enumerations import ConfigDataTypes, EventTypes, NodeTypes
+from core.configservice.base import ConfigService, ConfigServiceMode
+from core.emulator.enumerations import ConfigDataTypes

 GROUP_NAME = "Utility"

@ -21,7 +12,7 @@ class DefaultRoute(ConfigService):
    name = "DefaultRoute"
    group = GROUP_NAME
    directories = []
-    executables = []
+    executables = ["ip"]
    dependencies = []
    startup = ["sh defaultroute.sh"]
    validate = []
@ -65,45 +56,3 @@ class IpForwardService(ConfigService):
            devnames.append(devname)
        data = dict(devnames=devnames)
        self.render("ipforward.sh", data)
-
-
-if __name__ == "__main__":
-    logging.basicConfig(level=logging.INFO)
-
-    # setup basic network
-    prefixes = IpPrefixes(ip4_prefix="10.83.0.0/16")
-    options = NodeOptions(model="nothing")
-    # options.services = []
-    coreemu = CoreEmu()
-    session = coreemu.create_session()
-    session.set_state(EventTypes.CONFIGURATION_STATE)
-    switch = session.add_node(_type=NodeTypes.SWITCH)
-
-    # node one
-    node_one = session.add_node(options=options)
-    interface = prefixes.create_interface(node_one)
-    session.add_link(node_one.id, switch.id, interface_one=interface)
-
-    # node two
-    node_two = session.add_node(options=options)
-    interface = prefixes.create_interface(node_two)
-    session.add_link(node_two.id, switch.id, interface_one=interface)
-
-    session.instantiate()
-
-    # manager load config services
-    manager = ConfigServiceManager()
-    path = os.path.dirname(os.path.abspath(os.path.dirname(__file__)))
-    manager.load(path)
-
-    clazz = manager.services["DefaultRoute"]
-    dr_service = clazz(node_one)
-    dr_service.set_config({"value1": "custom"})
-    dr_service.start()
-
-    clazz = manager.services["IPForward"]
-    dr_service = clazz(node_one)
-    dr_service.start()
-
-    input("press enter to exit")
-    session.shutdown()