fclairamb · November 14, 2016 17:32
diff --git a/hosts b/hosts
 # sample config file
 [do]
 198.199.74.236 tinc_ip=10.1.1.1 hostname=ca_1_1 tinc_connectto=ca_2_2
 192.34.60.13 tinc_ip=10.1.1.2 hostname=ca_1_2 tinc_connectto=ca_1_1
 198.199.70.163 tinc_ip=10.1.1.3 hostname=ca_1_3 tinc_connectto=ca_1_2
 198.199.71.204 tinc_ip=10.1.2.1 hostname=ca_2_1 tinc_connectto=ca_1_3
 198.199.70.208 tinc_ip=10.1.2.2 hostname=ca_2_2 tinc_connectto=ca_2_1
diff --git a/setup_tinc.py b/setup_tinc.py
 #!/usr/bin/python
 import os
 import argparse
 import sys
 import logging

 # Arguments handling
 # Sample call:
 # sudo rm /etc/tinc/ttt -Rf && sudo python setup_tinc.py -t 10.0.0.1 -n ttt --hostname s1 -p 192.168.1.25 -c s1,s2
 parser = argparse.ArgumentParser()
 parser.add_argument("-n", "--network", help="tinc network name")
 parser.add_argument("-p", "--public-ip", help="Public IP")
 parser.add_argument("-t", "--tinc-ip", help="Tinc IP")
 parser.add_argument("-a", "--hostname", help="Hostname in the tinc network")
 parser.add_argument("-c", "--connect-to", help="Hosts to connect to")
 args = parser.parse_args()

 # Logging
 log = logging.getLogger("default")
 log.setLevel(logging.DEBUG)
 stStdout = logging.StreamHandler()
 stStdout.setFormatter(logging.Formatter("%(asctime)s | %(levelname)8s | %(message)s"))
 log.addHandler(stStdout)

 # Preparing parameters
 hostname= args.hostname

 net = args.network 
 log.debug("net = "+net)
 netdir = "/etc/tinc/"+net
 log.debug("netdir = "+netdir)
 conffile = netdir+"/tinc.conf"
 tincupfile = netdir+"/tinc-up"
 log.debug("conffile = "+conffile)
 pubfile = netdir+"/rsa_key.pub"
 privfile = netdir+"/rsa_key.priv"
 hostsdir = netdir+"/hosts"
 sharedfile = hostsdir + "/"+hostname

 tincip = args.tinc_ip

 pubip = args.public_ip

 connectTo = args.connect_to

 # Let's go
 log.info( "Starting tinc setup" )

 # tinc dir
 if not os.path.exists( netdir ):
 	log.info("Creating dir \""+netdir+"\"");
 	os.mkdir( netdir )
 	with open("/etc/tinc/nets.boot", "a") as f:
 		f.write( net+"\n" )

 # tinc keys
 if not os.path.exists( pubfile ) or not os.path.exists( privfile ):
 	log.info("Creating public (\""+pubfile+"\") and private (\""+privfile+"\") keys")
 	os.system("tincd -K2048 -c "+netdir+" </dev/null 2>/dev/null")

 # tinc conf file
 if not os.path.exists( conffile ):
 	log.info("Creating tinc conf file \""+conffile+"\"")
 	with open( conffile, "w") as f:
 		f.write("Name = "+hostname+"\n")
 		if connectTo:
 			for ct in connectTo.split(','):
 				if hostname != ct:
 					f.write("ConnectTo = "+ct+"\n")
 		f.write("""
 #Interface = tun0
 Device = /dev/net/tun
 AddressFamily = any
 """)

 # tinc-up file
 if not os.path.exists( tincupfile ):
 	log.info("Creating tinc-up file \""+tincupfile+"\"")
 	with open( tincupfile, "w") as f:
 		f.write("""#!/bin/sh
 ifconfig $INTERFACE {tincip} netmask 255.0.0.0
 """.format(tincip=tincip))
 	os.system('chmod a+rx '+tincupfile)

 # tinc hosts dir
 if not os.path.exists( hostsdir ):
 	log.info("Creating hosts dir \""+hostsdir+"\"")
 	os.mkdir( hostsdir )

 # tinc own file
 if not os.path.exists( sharedfile ):
 	log.info("Creating tinc host description file \""+sharedfile+"\"")
 	with open(sharedfile, "w") as f:
 		f.write( "Address = "+pubip+"\n")
 		f.write( "Subnet = "+tincip+"/32\n" )
 		# We copy the content of the public key into the tinc file
 		with open( pubfile ) as p:
 			for l in p.readlines():
 				f.write( l )

diff --git a/setup_tinc.yml b/setup_tinc.yml
 # We must have a local "hosts" dir
 - name: tinc install & setup
  hosts: do
  user: root
  vars:
    tincnet: cloudnet
  tasks:
  - name: Install tinc package
    action: command apt-get install tinc python-argparse -y
  - name: Copy tinc setup script
    action: copy src=setup_tinc.py dest=/tmp/setup_tinc.py mode=755
  - name: Run tinc setup script
    action: command /tmp/setup_tinc.py --public-ip {{ ansible_eth0["ipv4"]["address"] }} --network {{ tincnet }} --tinc-ip {{ tinc_ip }} --hostname {{ hostname }} --connect-to  {{ tinc_connectto }}
  - name: Prepare a local hosts directory
    local_action: shell [ -e hosts ] || mkdir hosts ; rm hosts/* -Rf
  - name: Fetch back the tinc file
    action: fetch src=/etc/tinc/{{ tincnet }}/hosts/{{ hostname }} dest=hosts dest_prefix=simple
  - name: Create an archive with these hosts files
    local_action: shell [ ! -e hosts.tar.gz ] || rm hosts.tar.gz ; tar -zcf hosts.tar.gz hosts
  - name: Copy the hosts dir
    action: copy src=hosts.tar.gz dest=/etc/tinc/{{ tincnet }}/hosts.tar.gz
  - name: Extract the hosts dir
    action: shell cd /etc/tinc/{{ tincnet }} && [ ! -e hosts ] || rm -Rf hosts ; tar -zxvf hosts.tar.gz
  - name: Restart tinc
    action: command /etc/init.d/tinc restart
 #action: service name=tinc state=restarted
  - name: Adding firewall rule
    action: command ufw allow 655
	# sample config file
	[do]
	198.199.74.236 tinc_ip=10.1.1.1 hostname=ca_1_1 tinc_connectto=ca_2_2
	192.34.60.13 tinc_ip=10.1.1.2 hostname=ca_1_2 tinc_connectto=ca_1_1
	198.199.70.163 tinc_ip=10.1.1.3 hostname=ca_1_3 tinc_connectto=ca_1_2
	198.199.71.204 tinc_ip=10.1.2.1 hostname=ca_2_1 tinc_connectto=ca_1_3
	198.199.70.208 tinc_ip=10.1.2.2 hostname=ca_2_2 tinc_connectto=ca_2_1
	#!/usr/bin/python
	import os
	import argparse
	import sys
	import logging

	# Arguments handling
	# Sample call:
	# sudo rm /etc/tinc/ttt -Rf && sudo python setup_tinc.py -t 10.0.0.1 -n ttt --hostname s1 -p 192.168.1.25 -c s1,s2
	parser = argparse.ArgumentParser()
	parser.add_argument("-n", "--network", help="tinc network name")
	parser.add_argument("-p", "--public-ip", help="Public IP")
	parser.add_argument("-t", "--tinc-ip", help="Tinc IP")
	parser.add_argument("-a", "--hostname", help="Hostname in the tinc network")
	parser.add_argument("-c", "--connect-to", help="Hosts to connect to")
	args = parser.parse_args()

	# Logging
	log = logging.getLogger("default")
	log.setLevel(logging.DEBUG)
	stStdout = logging.StreamHandler()
	stStdout.setFormatter(logging.Formatter("%(asctime)s \| %(levelname)8s \| %(message)s"))
	log.addHandler(stStdout)

	# Preparing parameters
	hostname= args.hostname

	net = args.network
	log.debug("net = "+net)
	netdir = "/etc/tinc/"+net
	log.debug("netdir = "+netdir)
	conffile = netdir+"/tinc.conf"
	tincupfile = netdir+"/tinc-up"
	log.debug("conffile = "+conffile)
	pubfile = netdir+"/rsa_key.pub"
	privfile = netdir+"/rsa_key.priv"
	hostsdir = netdir+"/hosts"
	sharedfile = hostsdir + "/"+hostname

	tincip = args.tinc_ip

	pubip = args.public_ip

	connectTo = args.connect_to

	# Let's go
	log.info( "Starting tinc setup" )

	# tinc dir
	if not os.path.exists( netdir ):
	log.info("Creating dir \""+netdir+"\"");
	os.mkdir( netdir )
	with open("/etc/tinc/nets.boot", "a") as f:
	f.write( net+"\n" )

	# tinc keys
	if not os.path.exists( pubfile ) or not os.path.exists( privfile ):
	log.info("Creating public (\""+pubfile+"\") and private (\""+privfile+"\") keys")
	os.system("tincd -K2048 -c "+netdir+" </dev/null 2>/dev/null")

	# tinc conf file
	if not os.path.exists( conffile ):
	log.info("Creating tinc conf file \""+conffile+"\"")
	with open( conffile, "w") as f:
	f.write("Name = "+hostname+"\n")
	if connectTo:
	for ct in connectTo.split(','):
	if hostname != ct:
	f.write("ConnectTo = "+ct+"\n")
	f.write("""
	#Interface = tun0
	Device = /dev/net/tun
	AddressFamily = any
	""")

	# tinc-up file
	if not os.path.exists( tincupfile ):
	log.info("Creating tinc-up file \""+tincupfile+"\"")
	with open( tincupfile, "w") as f:
	f.write("""#!/bin/sh
	ifconfig $INTERFACE {tincip} netmask 255.0.0.0
	""".format(tincip=tincip))
	os.system('chmod a+rx '+tincupfile)

	# tinc hosts dir
	if not os.path.exists( hostsdir ):
	log.info("Creating hosts dir \""+hostsdir+"\"")
	os.mkdir( hostsdir )

	# tinc own file
	if not os.path.exists( sharedfile ):
	log.info("Creating tinc host description file \""+sharedfile+"\"")
	with open(sharedfile, "w") as f:
	f.write( "Address = "+pubip+"\n")
	f.write( "Subnet = "+tincip+"/32\n" )
	# We copy the content of the public key into the tinc file
	with open( pubfile ) as p:
	for l in p.readlines():
	f.write( l )
	# We must have a local "hosts" dir
	- name: tinc install & setup
	hosts: do
	user: root
	vars:
	tincnet: cloudnet
	tasks:
	- name: Install tinc package
	action: command apt-get install tinc python-argparse -y
	- name: Copy tinc setup script
	action: copy src=setup_tinc.py dest=/tmp/setup_tinc.py mode=755
	- name: Run tinc setup script
	action: command /tmp/setup_tinc.py --public-ip {{ ansible_eth0["ipv4"]["address"] }} --network {{ tincnet }} --tinc-ip {{ tinc_ip }} --hostname {{ hostname }} --connect-to {{ tinc_connectto }}
	- name: Prepare a local hosts directory
	local_action: shell [ -e hosts ] \|\| mkdir hosts ; rm hosts/* -Rf
	- name: Fetch back the tinc file
	action: fetch src=/etc/tinc/{{ tincnet }}/hosts/{{ hostname }} dest=hosts dest_prefix=simple
	- name: Create an archive with these hosts files
	local_action: shell [ ! -e hosts.tar.gz ] \|\| rm hosts.tar.gz ; tar -zcf hosts.tar.gz hosts
	- name: Copy the hosts dir
	action: copy src=hosts.tar.gz dest=/etc/tinc/{{ tincnet }}/hosts.tar.gz
	- name: Extract the hosts dir
	action: shell cd /etc/tinc/{{ tincnet }} && [ ! -e hosts ] \|\| rm -Rf hosts ; tar -zxvf hosts.tar.gz
	- name: Restart tinc
	action: command /etc/init.d/tinc restart
	#action: service name=tinc state=restarted
	- name: Adding firewall rule
	action: command ufw allow 655