require 'json'
require 'builder'
require 'rexml/document'
require 'rexml/xpath'
require 'uuidtools'
require 'ipaddr'
require 'fileutils'
require 'tempfile'
module ChefVPCToolkit
class VpnNetworkManager < VpnConnection
def initialize(group, client = nil)
super(group, client)
end
def connect
create_certs
configure_gconf
puts %x{#{sudo_display} nmcli con up id "VPC Group: #{@group.id}"}
end
def disconnect
puts %x{#{sudo_display} nmcli con down id "VPC Group: #{@group.id}"}
end
def connected?
return system("#{sudo_display} nmcli con status | grep -c 'VPC Group: #{@group.id}' &> /dev/null")
end
def clean
unset_gconf_config
delete_certs
end
def configure_gconf
xml = Builder::XmlMarkup.new
xml.gconfentryfile do |file|
file.entrylist({ "base" => "/system/networking/connections/vpc_#{@group.id}"}) do |entrylist|
entrylist.entry do |entry|
entry.key("connection/autoconnect")
entry.value do |value|
value.bool("false")
end
end
entrylist.entry do |entry|
entry.key("connection/id")
entry.value do |value|
value.string("VPC Group: #{@group.id}")
end
end
entrylist.entry do |entry|
entry.key("connection/name")
entry.value do |value|
value.string("connection")
end
end
entrylist.entry do |entry|
entry.key("connection/timestamp")
entry.value do |value|
value.string(Time.now.to_i.to_s)
end
end
entrylist.entry do |entry|
entry.key("connection/type")
entry.value do |value|
value.string("vpn")
end
end
entrylist.entry do |entry|
entry.key("connection/uuid")
entry.value do |value|
value.string(UUIDTools::UUID.random_create)
end
end
entrylist.entry do |entry|
entry.key("ipv4/addresses")
entry.value do |value|
value.list("type" => "int") do |list|
end
end
end
entrylist.entry do |entry|
entry.key("ipv4/dns")
entry.value do |value|
value.list("type" => "int") do |list|
ip=IPAddr.new(@group.vpn_network.chomp("0")+"1")
list.value do |lv|
lv.int(ip_to_integer(ip.to_s))
end
end
end
end
entrylist.entry do |entry|
entry.key("ipv4/dns-search")
entry.value do |value|
value.list("type" => "string") do |list|
list.value do |lv|
lv.string(@group.domain_name)
end
end
end
end
entrylist.entry do |entry|
entry.key("ipv4/ignore-auto-dns")
entry.value do |value|
value.bool("true")
end
end
entrylist.entry do |entry|
entry.key("ipv4/method")
entry.value do |value|
value.string("auto")
end
end
entrylist.entry do |entry|
entry.key("ipv4/name")
entry.value do |value|
value.string("ipv4")
end
end
entrylist.entry do |entry|
entry.key("ipv4/never-default")
entry.value do |value|
value.bool("true")
end
end
entrylist.entry do |entry|
entry.key("ipv4/routes")
entry.value do |value|
value.list("type" => "int") do |list|
end
end
end
entrylist.entry do |entry|
entry.key("vpn/ca")
entry.value do |value|
value.string(@ca_cert)
end
end
entrylist.entry do |entry|
entry.key("vpn/cert")
entry.value do |value|
value.string(@client_cert)
end
end
entrylist.entry do |entry|
entry.key("vpn/comp-lzo")
entry.value do |value|
value.string("yes")
end
end
entrylist.entry do |entry|
entry.key("vpn/connection-type")
entry.value do |value|
value.string("tls")
end
end
entrylist.entry do |entry|
entry.key("vpn/key")
entry.value do |value|
value.string(@client_key)
end
end
if @group.vpn_proto == "tcp"
entrylist.entry do |entry|
entry.key("vpn/proto-tcp")
entry.value do |value|
value.string("yes")
end
end
else
entrylist.entry do |entry|
entry.key("vpn/proto-udp")
entry.value do |value|
value.string("yes")
end
end
end
if @group.vpn_device == "tap"
entrylist.entry do |entry|
entry.key("vpn/tap-dev")
entry.value do |value|
value.string("yes")
end
end
end
entrylist.entry do |entry|
entry.key("vpn/remote")
entry.value do |value|
value.string(@group.vpn_gateway_ip)
end
end
entrylist.entry do |entry|
entry.key("vpn/service-type")
entry.value do |value|
value.string("org.freedesktop.NetworkManager.openvpn")
end
end
end
end
Tempfile.open('w') do |f|
f.write(xml.target!)
f.flush
puts %x{gconftool-2 --load #{f.path}}
end
return true
end
def unset_gconf_config
puts %x{gconftool-2 --recursive-unset /system/networking/connections/vpc_#{@group.id}}
end
def ip_to_integer(ip_string)
return 0 if ip_string.nil?
ip_arr=ip_string.split(".").collect{ |s| s.to_i }
return ip_arr[0] + ip_arr[1]*2**8 + ip_arr[2]*2**16 + ip_arr[3]*2**24
end
def sudo_display
if ENV['DISPLAY'].nil? or ENV['DISPLAY'] != ":0.0" then
"sudo"
else
""
end
end
end
end