From c910b470e61a35230bc7ddaced13c3d51fac32fd Mon Sep 17 00:00:00 2001 From: andy Date: Thu, 24 Jun 2010 04:11:53 +0100 Subject: re-added cloudpipe Conflicts: bin/nova-manage nova/auth/users.py nova/compute/network.py --- nova/cloudpipe/__init__.py | 26 ++++++++++++ nova/cloudpipe/api.py | 70 +++++++++++++++++++++++++++++++ nova/cloudpipe/bootscript.sh | 58 ++++++++++++++++++++++++++ nova/cloudpipe/client.ovpn.template | 41 ++++++++++++++++++ nova/cloudpipe/pipelib.py | 83 +++++++++++++++++++++++++++++++++++++ 5 files changed, 278 insertions(+) create mode 100644 nova/cloudpipe/__init__.py create mode 100644 nova/cloudpipe/api.py create mode 100755 nova/cloudpipe/bootscript.sh create mode 100644 nova/cloudpipe/client.ovpn.template create mode 100644 nova/cloudpipe/pipelib.py (limited to 'nova/cloudpipe') diff --git a/nova/cloudpipe/__init__.py b/nova/cloudpipe/__init__.py new file mode 100644 index 000000000..e8ac53976 --- /dev/null +++ b/nova/cloudpipe/__init__.py @@ -0,0 +1,26 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 +# Copyright [2010] [Anso Labs, LLC] +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +:mod:`nova.cloudpipe` -- VPN Server Management +===================================================== + +.. automodule:: nova.cloudpipe + :platform: Unix + :synopsis: An OpenVPN server for every nova user. +.. moduleauthor:: Devin Carlen +.. moduleauthor:: Vishvananda Ishaya +.. moduleauthor:: Joshua McKenty +""" diff --git a/nova/cloudpipe/api.py b/nova/cloudpipe/api.py new file mode 100644 index 000000000..5395e9724 --- /dev/null +++ b/nova/cloudpipe/api.py @@ -0,0 +1,70 @@ +#!/usr/bin/python +# vim: tabstop=4 shiftwidth=4 softtabstop=4 +# Copyright [2010] [Anso Labs, LLC] +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +Tornado REST API Request Handlers for CloudPipe +""" + +import logging +import urllib + +from nova import vendor +import tornado.web + +from nova import crypto +from nova.auth import users + +_log = logging.getLogger("api") +_log.setLevel(logging.DEBUG) + + +class CloudPipeRequestHandler(tornado.web.RequestHandler): + def get(self, path): + path = self.request.path + _log.debug( "Cloudpipe path is %s" % path) + self.manager = users.UserManager.instance() + if path.endswith("/getca/"): + self.send_root_ca() + elif path.endswith("/getcert/"): + _log.debug( "Getting zip for %s" % (path[9:])) + try: + self.send_signed_zip(self.path[9:]) + except Exception, err: + _log.debug('ERROR: %s\n' % str(err)) + raise tornado.web.HTTPError(404) + self.finish() + + def get_username_from_ip(self, ip): + cc = self.application.controllers['Cloud'] + instance = cc.get_instance_by_ip(ip) + return instance['owner_id'] + + def send_root_ca(self): + _log.debug( "Getting root ca") + username = self.get_username_from_ip(self.request.remote_ip) + self.set_header("Content-Type", "text/plain") + self.write(crypto.fetch_ca(username)) + + def send_signed_zip(self, username): + self.set_header("Content-Type", "application/zip") + self.write(self.manager.get_signed_zip(username)) + + def post(self, *args, **kwargs): + self.manager = users.UserManager.instance() + username = self.get_username_from_ip(self.request.remote_ip) + cert = self.get_argument('cert', '') + self.write(self.manager.sign_cert(urllib.unquote(cert), username)) + self.finish() diff --git a/nova/cloudpipe/bootscript.sh b/nova/cloudpipe/bootscript.sh new file mode 100755 index 000000000..bb710617e --- /dev/null +++ b/nova/cloudpipe/bootscript.sh @@ -0,0 +1,58 @@ +#!/bin/bash +# Copyright [2010] [Anso Labs, LLC] +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This gets zipped and run on the cloudpipe-managed OpenVPN server + +export SUPERVISOR="http://10.255.255.1:8773/cloudpipe" +export VPN_IP=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{print $1}'` +export BROADCAST=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f3 | awk '{print $1}'` +export DHCP_MASK=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f4 | awk '{print $1}'` +export GATEWAY=`netstat -r | grep default | cut -d' ' -f10` +export SUBJ=/C=US/ST=California/L=Mountain View/O=Anso Labs/OU=Nova Dev/CN=customer-vpn-$VPN_IP + +DHCP_LOWER=`echo $BROADCAST | awk -F. '{print $1"."$2"."$3"." $4 - 10 }'` +DHCP_UPPER=`echo $BROADCAST | awk -F. '{print $1"."$2"."$3"." $4 - 1 }'` + +# generate a server DH +openssl dhparam -out /etc/openvpn/dh1024.pem 1024 + +# generate a server priv key +openssl genrsa -out /etc/openvpn/server.key 2048 + +# generate a server CSR +openssl req -new -key /etc/openvpn/server.key -out /etc/openvpn/server.csr -batch -subj "$SUBJ" + +# URLEncode the CSR +CSRTEXT=`cat /etc/openvpn/server.csr` +CSRTEXT=$(python -c "import urllib; print urllib.quote('''$CSRTEXT''')") + +# SIGN the csr and save as server.crt +# CURL fetch to the supervisor, POSTing the CSR text, saving the result as the CRT file +curl $SUPERVISOR -d "cert=$CSRTEXT" > /etc/openvpn/server.crt +curl $SUPERVISOR/getca/ > /etc/openvpn/ca.crt + +# Customize the server.conf.template +cd /etc/openvpn + +sed -e s/VPN_IP/$VPN_IP/g server.conf.template > server.conf +sed -i -e s/DHCP_SUBNET/$DHCP_MASK/g server.conf +sed -i -e s/DHCP_LOWER/$DHCP_LOWER/g server.conf +sed -i -e s/DHCP_UPPER/$DHCP_UPPER/g server.conf +sed -i -e s/max-clients\ 1/max-clients\ 10/g server.conf + +echo "\npush \"route 10.255.255.1 255.255.255.255 $GATEWAY\"\n" >> server.conf +echo "\npush \"route 10.255.255.253 255.255.255.255 $GATEWAY\"\n" >> server.conf + +/etc/init.d/openvpn start diff --git a/nova/cloudpipe/client.ovpn.template b/nova/cloudpipe/client.ovpn.template new file mode 100644 index 000000000..d6cf8e19c --- /dev/null +++ b/nova/cloudpipe/client.ovpn.template @@ -0,0 +1,41 @@ +# Copyright [2010] [Anso Labs, LLC] +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOVA user connection +# Edit the following lines to point to your cert files: +cert $certfile +key $keyfile + +ca cacert.pem + +client +dev tap +proto udp + +remote $ip $port +resolv-retry infinite +nobind + +# Downgrade privileges after initialization (non-Windows only) +user nobody +group nogroup +comp-lzo + +# Set log file verbosity. +verb 2 + +keepalive 10 120 +ping-timer-rem +persist-tun +persist-key diff --git a/nova/cloudpipe/pipelib.py b/nova/cloudpipe/pipelib.py new file mode 100644 index 000000000..f69486f3e --- /dev/null +++ b/nova/cloudpipe/pipelib.py @@ -0,0 +1,83 @@ +# Copyright [2010] [Anso Labs, LLC] +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +CloudPipe - Build a user-data payload zip file, and launch +an instance with it. + +""" + +import logging +import os +import tempfile +from zipfile import ZipFile, ZIP_DEFLATED + +from nova import flags +from nova.auth import users +from nova import utils +from nova.endpoint import api + +FLAGS = flags.FLAGS + +flags.DEFINE_string('boot_script_template', + utils.abspath('cloudpipe/bootscript.sh'), + 'Template for script to run on cloudpipe instance boot') + +class CloudPipe(object): + def __init__(self, cloud_controller): + self.controller = cloud_controller + self.manager = users.UserManager.instance() + + def launch_vpn_instance(self, username): + logging.debug( "Launching VPN for %s" % (username)) + user = self.manager.get_user(username) + # Make a payload.zip + tmpfolder = tempfile.mkdtemp() + filename = "payload.zip" + zippath = os.path.join(tmpfolder, filename) + z = ZipFile(zippath, "w", ZIP_DEFLATED) + + z.write(FLAGS.boot_script_template,'autorun.sh') + z.close() + + self.setup_keypair(username) + zippy = open(zippath, "r") + context = api.APIRequestContext(handler=None, user=user) + + reservation = self.controller.run_instances(context, + user_data=zippy.read().encode("base64"), + max_count=1, + min_count=1, + image_id=FLAGS.vpn_image_id, + key_name="vpn-key", + security_groups=["vpn-secgroup"]) + zippy.close() + + def setup_keypair(self, username): + try: + private_key, fingerprint = self.manager.generate_key_pair(username, "vpn-key") + os.mkdir("%s/%s" % (FLAGS.keys_path, username)) + private_key.save(os.path.abspath("%s/%s" % (FLAGS.keys_path, username))) + except: + pass + + # def setup_secgroups(self, username): + # conn = self.euca.connection_for(username) + # try: + # secgroup = conn.create_security_group("vpn-secgroup", "vpn-secgroup") + # secgroup.authorize(ip_protocol = "udp", from_port = "1194", to_port = "1194", cidr_ip = "0.0.0.0/0") + # secgroup.authorize(ip_protocol = "tcp", from_port = "80", to_port = "80", cidr_ip = "0.0.0.0/0") + # secgroup.authorize(ip_protocol = "tcp", from_port = "22", to_port = "22", cidr_ip = "0.0.0.0/0") + # except: + # pass -- cgit From c0983f71f25bbe9a3a4d94c5ee79bbbdf8f57884 Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Thu, 24 Jun 2010 04:11:55 +0100 Subject: change pipelib to work with projects --- nova/cloudpipe/api.py | 25 ++++++------------------- nova/cloudpipe/pipelib.py | 34 ++++++++++++++++++++++------------ 2 files changed, 28 insertions(+), 31 deletions(-) (limited to 'nova/cloudpipe') diff --git a/nova/cloudpipe/api.py b/nova/cloudpipe/api.py index 5395e9724..a8ecbd285 100644 --- a/nova/cloudpipe/api.py +++ b/nova/cloudpipe/api.py @@ -35,36 +35,23 @@ class CloudPipeRequestHandler(tornado.web.RequestHandler): def get(self, path): path = self.request.path _log.debug( "Cloudpipe path is %s" % path) - self.manager = users.UserManager.instance() if path.endswith("/getca/"): self.send_root_ca() - elif path.endswith("/getcert/"): - _log.debug( "Getting zip for %s" % (path[9:])) - try: - self.send_signed_zip(self.path[9:]) - except Exception, err: - _log.debug('ERROR: %s\n' % str(err)) - raise tornado.web.HTTPError(404) self.finish() - def get_username_from_ip(self, ip): + def get_project_id_from_ip(self, ip): cc = self.application.controllers['Cloud'] instance = cc.get_instance_by_ip(ip) - return instance['owner_id'] + instance['project_id'] def send_root_ca(self): _log.debug( "Getting root ca") - username = self.get_username_from_ip(self.request.remote_ip) + project_id = self.get_project_id_from_ip(self.request.remote_ip) self.set_header("Content-Type", "text/plain") - self.write(crypto.fetch_ca(username)) - - def send_signed_zip(self, username): - self.set_header("Content-Type", "application/zip") - self.write(self.manager.get_signed_zip(username)) + self.write(crypto.fetch_ca(project_id)) def post(self, *args, **kwargs): - self.manager = users.UserManager.instance() - username = self.get_username_from_ip(self.request.remote_ip) + project_id = self.get_project_id_from_ip(self.request.remote_ip) cert = self.get_argument('cert', '') - self.write(self.manager.sign_cert(urllib.unquote(cert), username)) + self.write(crypto.sign_csr(urllib.unquote(cert), project_id)) self.finish() diff --git a/nova/cloudpipe/pipelib.py b/nova/cloudpipe/pipelib.py index f69486f3e..47a2602a6 100644 --- a/nova/cloudpipe/pipelib.py +++ b/nova/cloudpipe/pipelib.py @@ -21,6 +21,7 @@ an instance with it. import logging import os import tempfile +import base64 from zipfile import ZipFile, ZIP_DEFLATED from nova import flags @@ -39,9 +40,9 @@ class CloudPipe(object): self.controller = cloud_controller self.manager = users.UserManager.instance() - def launch_vpn_instance(self, username): - logging.debug( "Launching VPN for %s" % (username)) - user = self.manager.get_user(username) + def launch_vpn_instance(self, project_id): + logging.debug( "Launching VPN for %s" % (project_id)) + project = self.manager.get_project(project_id) # Make a payload.zip tmpfolder = tempfile.mkdtemp() filename = "payload.zip" @@ -51,26 +52,35 @@ class CloudPipe(object): z.write(FLAGS.boot_script_template,'autorun.sh') z.close() - self.setup_keypair(username) + key_name = self.setup_keypair(project.project_manager_id, project_id) zippy = open(zippath, "r") - context = api.APIRequestContext(handler=None, user=user) + context = api.APIRequestContext(handler=None, user=project.project_manager, project=project) reservation = self.controller.run_instances(context, - user_data=zippy.read().encode("base64"), + # run instances expects encoded userdata, it is decoded in the get_metadata_call + # autorun.sh also decodes the zip file, hence the double encoding + user_data=zippy.read().encode("base64").encode("base64"), max_count=1, min_count=1, image_id=FLAGS.vpn_image_id, - key_name="vpn-key", + key_name=key_name, security_groups=["vpn-secgroup"]) zippy.close() - def setup_keypair(self, username): + def setup_keypair(self, user_id, project_id): + key_name = '%s-key' % project_id try: - private_key, fingerprint = self.manager.generate_key_pair(username, "vpn-key") - os.mkdir("%s/%s" % (FLAGS.keys_path, username)) - private_key.save(os.path.abspath("%s/%s" % (FLAGS.keys_path, username))) - except: + private_key, fingerprint = self.manager.generate_key_pair(user_id, key_name) + try: + key_dir = os.path.join(FLAGS.keys_path, user_id) + os.makedirs(key_dir) + with open(os.path.join(key_dir, '%s.pem' % key_name),'w') as f: + f.write(private_key) + except: + pass + except exception.Duplicate: pass + return key_name # def setup_secgroups(self, username): # conn = self.euca.connection_for(username) -- cgit From fb36a6ffa6d9835ca5c85c46d7729c755d1627e8 Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Thu, 24 Jun 2010 04:11:58 +0100 Subject: add missing import to pipelib --- nova/cloudpipe/pipelib.py | 1 + 1 file changed, 1 insertion(+) (limited to 'nova/cloudpipe') diff --git a/nova/cloudpipe/pipelib.py b/nova/cloudpipe/pipelib.py index 47a2602a6..df7af7e15 100644 --- a/nova/cloudpipe/pipelib.py +++ b/nova/cloudpipe/pipelib.py @@ -24,6 +24,7 @@ import tempfile import base64 from zipfile import ZipFile, ZIP_DEFLATED +from nova import exception from nova import flags from nova.auth import users from nova import utils -- cgit From 3eaab92123f4da98c3b0330653c190604281bc68 Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Thu, 24 Jun 2010 04:11:58 +0100 Subject: sensible defaults for instance types --- nova/cloudpipe/pipelib.py | 1 + 1 file changed, 1 insertion(+) (limited to 'nova/cloudpipe') diff --git a/nova/cloudpipe/pipelib.py b/nova/cloudpipe/pipelib.py index df7af7e15..adbea6878 100644 --- a/nova/cloudpipe/pipelib.py +++ b/nova/cloudpipe/pipelib.py @@ -63,6 +63,7 @@ class CloudPipe(object): user_data=zippy.read().encode("base64").encode("base64"), max_count=1, min_count=1, + instance_type='m1.tiny', image_id=FLAGS.vpn_image_id, key_name=key_name, security_groups=["vpn-secgroup"]) -- cgit From fe4f0d3ffd0ba1730598cb4b592e2c6a07719ef3 Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Thu, 24 Jun 2010 04:11:58 +0100 Subject: allow multiple vpn connections with the same credentials --- nova/cloudpipe/bootscript.sh | 1 + 1 file changed, 1 insertion(+) (limited to 'nova/cloudpipe') diff --git a/nova/cloudpipe/bootscript.sh b/nova/cloudpipe/bootscript.sh index bb710617e..7adacc067 100755 --- a/nova/cloudpipe/bootscript.sh +++ b/nova/cloudpipe/bootscript.sh @@ -54,5 +54,6 @@ sed -i -e s/max-clients\ 1/max-clients\ 10/g server.conf echo "\npush \"route 10.255.255.1 255.255.255.255 $GATEWAY\"\n" >> server.conf echo "\npush \"route 10.255.255.253 255.255.255.255 $GATEWAY\"\n" >> server.conf +echo "\nduplicate-cn\n" >> server.conf /etc/init.d/openvpn start -- cgit From caeece6e3783692dd6af6e3bec092eddb2b3e2fc Mon Sep 17 00:00:00 2001 From: Devin Carlen Date: Wed, 23 Jun 2010 22:04:16 -0700 Subject: Updated licenses --- nova/cloudpipe/__init__.py | 23 ++++++++++++++--------- nova/cloudpipe/api.py | 24 ++++++++++++++---------- nova/cloudpipe/bootscript.sh | 24 +++++++++++++++--------- nova/cloudpipe/client.ovpn.template | 24 +++++++++++++++--------- nova/cloudpipe/pipelib.py | 24 +++++++++++++++--------- 5 files changed, 73 insertions(+), 46 deletions(-) (limited to 'nova/cloudpipe') diff --git a/nova/cloudpipe/__init__.py b/nova/cloudpipe/__init__.py index e8ac53976..5c35d696c 100644 --- a/nova/cloudpipe/__init__.py +++ b/nova/cloudpipe/__init__.py @@ -1,17 +1,22 @@ # vim: tabstop=4 shiftwidth=4 softtabstop=4 -# Copyright [2010] [Anso Labs, LLC] + +# Copyright 2010 United States Government as represented by the +# Administrator of the National Aeronautics and Space Administration. +# All Rights Reserved. +# +# Copyright 2010 Anso Labs, LLC # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. """ :mod:`nova.cloudpipe` -- VPN Server Management diff --git a/nova/cloudpipe/api.py b/nova/cloudpipe/api.py index a8ecbd285..87283ef07 100644 --- a/nova/cloudpipe/api.py +++ b/nova/cloudpipe/api.py @@ -1,18 +1,22 @@ -#!/usr/bin/python # vim: tabstop=4 shiftwidth=4 softtabstop=4 -# Copyright [2010] [Anso Labs, LLC] + +# Copyright 2010 United States Government as represented by the +# Administrator of the National Aeronautics and Space Administration. +# All Rights Reserved. +# +# Copyright 2010 Anso Labs, LLC # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. """ Tornado REST API Request Handlers for CloudPipe diff --git a/nova/cloudpipe/bootscript.sh b/nova/cloudpipe/bootscript.sh index 7adacc067..312258c22 100755 --- a/nova/cloudpipe/bootscript.sh +++ b/nova/cloudpipe/bootscript.sh @@ -1,17 +1,23 @@ #!/bin/bash -# Copyright [2010] [Anso Labs, LLC] +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010 United States Government as represented by the +# Administrator of the National Aeronautics and Space Administration. +# All Rights Reserved. +# +# Copyright 2010 Anso Labs, LLC # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. # This gets zipped and run on the cloudpipe-managed OpenVPN server diff --git a/nova/cloudpipe/client.ovpn.template b/nova/cloudpipe/client.ovpn.template index d6cf8e19c..80b5dab26 100644 --- a/nova/cloudpipe/client.ovpn.template +++ b/nova/cloudpipe/client.ovpn.template @@ -1,16 +1,22 @@ -# Copyright [2010] [Anso Labs, LLC] +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010 United States Government as represented by the +# Administrator of the National Aeronautics and Space Administration. +# All Rights Reserved. +# +# Copyright 2010 Anso Labs, LLC # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. # NOVA user connection # Edit the following lines to point to your cert files: diff --git a/nova/cloudpipe/pipelib.py b/nova/cloudpipe/pipelib.py index adbea6878..106a31368 100644 --- a/nova/cloudpipe/pipelib.py +++ b/nova/cloudpipe/pipelib.py @@ -1,16 +1,22 @@ -# Copyright [2010] [Anso Labs, LLC] +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010 United States Government as represented by the +# Administrator of the National Aeronautics and Space Administration. +# All Rights Reserved. +# +# Copyright 2010 Anso Labs, LLC # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. """ CloudPipe - Build a user-data payload zip file, and launch -- cgit From 4ba6802ae5d6fb4e0d8ed7bbbaf2cca94a6d1118 Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Wed, 23 Jun 2010 23:15:06 -0700 Subject: Removed trailing whitespace from header --- nova/cloudpipe/__init__.py | 2 +- nova/cloudpipe/api.py | 2 +- nova/cloudpipe/bootscript.sh | 2 +- nova/cloudpipe/client.ovpn.template | 2 +- nova/cloudpipe/pipelib.py | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) (limited to 'nova/cloudpipe') diff --git a/nova/cloudpipe/__init__.py b/nova/cloudpipe/__init__.py index 5c35d696c..57ef14651 100644 --- a/nova/cloudpipe/__init__.py +++ b/nova/cloudpipe/__init__.py @@ -1,7 +1,7 @@ # vim: tabstop=4 shiftwidth=4 softtabstop=4 # Copyright 2010 United States Government as represented by the -# Administrator of the National Aeronautics and Space Administration. +# Administrator of the National Aeronautics and Space Administration. # All Rights Reserved. # # Copyright 2010 Anso Labs, LLC diff --git a/nova/cloudpipe/api.py b/nova/cloudpipe/api.py index 87283ef07..610239c2e 100644 --- a/nova/cloudpipe/api.py +++ b/nova/cloudpipe/api.py @@ -1,7 +1,7 @@ # vim: tabstop=4 shiftwidth=4 softtabstop=4 # Copyright 2010 United States Government as represented by the -# Administrator of the National Aeronautics and Space Administration. +# Administrator of the National Aeronautics and Space Administration. # All Rights Reserved. # # Copyright 2010 Anso Labs, LLC diff --git a/nova/cloudpipe/bootscript.sh b/nova/cloudpipe/bootscript.sh index 312258c22..639aad66f 100755 --- a/nova/cloudpipe/bootscript.sh +++ b/nova/cloudpipe/bootscript.sh @@ -2,7 +2,7 @@ # vim: tabstop=4 shiftwidth=4 softtabstop=4 # Copyright 2010 United States Government as represented by the -# Administrator of the National Aeronautics and Space Administration. +# Administrator of the National Aeronautics and Space Administration. # All Rights Reserved. # # Copyright 2010 Anso Labs, LLC diff --git a/nova/cloudpipe/client.ovpn.template b/nova/cloudpipe/client.ovpn.template index 80b5dab26..a8ec5dc6e 100644 --- a/nova/cloudpipe/client.ovpn.template +++ b/nova/cloudpipe/client.ovpn.template @@ -1,7 +1,7 @@ # vim: tabstop=4 shiftwidth=4 softtabstop=4 # Copyright 2010 United States Government as represented by the -# Administrator of the National Aeronautics and Space Administration. +# Administrator of the National Aeronautics and Space Administration. # All Rights Reserved. # # Copyright 2010 Anso Labs, LLC diff --git a/nova/cloudpipe/pipelib.py b/nova/cloudpipe/pipelib.py index 106a31368..09da71c64 100644 --- a/nova/cloudpipe/pipelib.py +++ b/nova/cloudpipe/pipelib.py @@ -1,7 +1,7 @@ # vim: tabstop=4 shiftwidth=4 softtabstop=4 # Copyright 2010 United States Government as represented by the -# Administrator of the National Aeronautics and Space Administration. +# Administrator of the National Aeronautics and Space Administration. # All Rights Reserved. # # Copyright 2010 Anso Labs, LLC -- cgit From 6d8d59180088ec8855e088a217b58b741f34aac4 Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Thu, 24 Jun 2010 20:59:16 -0700 Subject: don't fail to create vpn key if dir exists --- nova/cloudpipe/pipelib.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'nova/cloudpipe') diff --git a/nova/cloudpipe/pipelib.py b/nova/cloudpipe/pipelib.py index 09da71c64..cec3e5dca 100644 --- a/nova/cloudpipe/pipelib.py +++ b/nova/cloudpipe/pipelib.py @@ -81,7 +81,8 @@ class CloudPipe(object): private_key, fingerprint = self.manager.generate_key_pair(user_id, key_name) try: key_dir = os.path.join(FLAGS.keys_path, user_id) - os.makedirs(key_dir) + if not os.path.exists(key_dir): + os.makedirs(key_dir) with open(os.path.join(key_dir, '%s.pem' % key_name),'w') as f: f.write(private_key) except: -- cgit From 70099adaab238d34c68947e00350df84e83d2270 Mon Sep 17 00:00:00 2001 From: Vishvananda Ishaya Date: Thu, 24 Jun 2010 21:04:55 -0700 Subject: Use flag for vpn key suffix instead of hardcoded string --- nova/cloudpipe/pipelib.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nova/cloudpipe') diff --git a/nova/cloudpipe/pipelib.py b/nova/cloudpipe/pipelib.py index cec3e5dca..5f6ccf82e 100644 --- a/nova/cloudpipe/pipelib.py +++ b/nova/cloudpipe/pipelib.py @@ -76,7 +76,7 @@ class CloudPipe(object): zippy.close() def setup_keypair(self, user_id, project_id): - key_name = '%s-key' % project_id + key_name = '%s%s' % (project_id, FLAGS.vpn_key_suffix) try: private_key, fingerprint = self.manager.generate_key_pair(user_id, key_name) try: -- cgit