Merge pull request 'Deploy new Zerotier Controller VMs' (#385) from chore/move_zerotier into master

Reviewed-on: #385
2022-02-10 21:38:47 +00:00 · 2022-02-10 21:38:47 +00:00 · a2f1b7ccc6
parent c337ad9e40 935eff3b84
commit a2f1b7ccc6
6 changed files with 141 additions and 7 deletions
--- a/clients/zerotier-2.json
+++ b/clients/zerotier-2.json
@ -0,0 +1,4 @@
+{
+  "name": "zerotier-2",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsild7NcktO5yVR3Uw0yA\negHFToXHaJMIR1z0WrfHgklHf27lRnWRHOiNjnR6SbsvKIT1MBntg4/mQgotah+n\npo6cKF+0pvUih+hOSBZ6+WwjRf5LxJTaj/R0e2j0Gig6PlDV3yWz8+2AB6gObVcb\nKOQT1w6p+T+S9t6Hv/E0Z8CJW+7ZXDZBvjKTg4kYb47P0J5704wATf38EcVAOuoa\nJsUJoE+dTygx2QUG78eiEYqVDgBak00MA7MpFI/yPrzfn4tjSO1aY2/vy1PyG0Zq\nfgAhuFNZPWQwxMvYsK68gFxfmfwsEn0iJOFh0rPCKYWgOCxzkMLk2z7ppCmNd+H6\nNQIDAQAB\n-----END PUBLIC KEY-----\n"
+}
--- a/clients/zerotier-3.json
+++ b/clients/zerotier-3.json
@ -0,0 +1,4 @@
+{
+  "name": "zerotier-3",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA70y96zXq3XiMlJhLM5Tm\nCzRiZjwqCBN1fKOoihZpsgXHtqDfYd+5BTyafAKTpzVpAZ7HJp+X4da8T/rb+Pym\nu0PrREXJSXGdWjKIgvsTVUtT51ZFYWtqbpu2l43wh57KCt7Q57JRgKTPyNbHJS0Z\ngrB6fifvQMfzFMf+WKK4X7Z6VXFP1r2cwzRvywC4/d3ZSbJ4fP3g+nnl1623Pxfc\n/BkqyaDeRt2dBEa5I8+OvFkKC8muU99fWR/gPZkkWD4pFNwLPLnPfgdk3bUd7tjN\n/0ardVX9lRJog1CjXCHaUG9aq+WFrtr/tfW+kLff/P7k00E5zplqq9Oz6VUvRMmu\nNQIDAQAB\n-----END PUBLIC KEY-----\n"
+}
--- a/nodes/zerotier-2.json
+++ b/nodes/zerotier-2.json
@ -0,0 +1,57 @@
+{
+  "name": "zerotier-2",
+  "normal": {
+    "knife_zero": {
+      "host": "192.168.122.214"
+    }
+  },
+  "automatic": {
+    "fqdn": "zerotier-2",
+    "os": "linux",
+    "os_version": "5.4.0-1026-kvm",
+    "hostname": "zerotier-2",
+    "ipaddress": "192.168.122.214",
+    "roles": [
+      "zerotier_controller"
+    ],
+    "recipes": [
+      "kosmos-base",
+      "kosmos-base::default",
+      "kosmos_zerotier::controller",
+      "kosmos_zerotier::firewall",
+      "kosmos_zerotier::zncui",
+      "apt::default",
+      "timezone_iii::default",
+      "timezone_iii::debian",
+      "ntp::default",
+      "ntp::apparmor",
+      "kosmos-base::systemd_emails",
+      "apt::unattended-upgrades",
+      "kosmos-base::firewall",
+      "kosmos-postfix::default",
+      "postfix::default",
+      "postfix::_common",
+      "postfix::_attributes",
+      "postfix::sasl_auth",
+      "hostname::default"
+    ],
+    "platform": "ubuntu",
+    "platform_version": "20.04",
+    "cloud": null,
+    "chef_packages": {
+      "chef": {
+        "version": "17.9.46",
+        "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.46/lib",
+        "chef_effortless": null
+      },
+      "ohai": {
+        "version": "17.9.0",
+        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai"
+      }
+    }
+  },
+  "run_list": [
+    "recipe[kosmos-base]",
+    "role[zerotier_controller]"
+  ]
+}
--- a/nodes/zerotier-3.json
+++ b/nodes/zerotier-3.json
@ -0,0 +1,67 @@
+{
+  "name": "zerotier-3",
+  "normal": {
+    "knife_zero": {
+      "host": "165.232.88.175"
+    }
+  },
+  "automatic": {
+    "fqdn": "zerotier-3",
+    "os": "linux",
+    "os_version": "5.4.0-99-generic",
+    "hostname": "zerotier-3",
+    "ipaddress": "165.232.88.175",
+    "roles": [
+      "zerotier_controller"
+    ],
+    "recipes": [
+      "kosmos_zerotier::controller",
+      "kosmos_zerotier::firewall",
+      "kosmos_zerotier::zncui",
+      "kosmos-base",
+      "kosmos-base::default",
+      "kosmos-base::firewall",
+      "apt::default",
+      "timezone_iii::default",
+      "timezone_iii::debian",
+      "ntp::default",
+      "ntp::apparmor",
+      "kosmos-base::systemd_emails",
+      "apt::unattended-upgrades",
+      "kosmos-postfix::default",
+      "postfix::default",
+      "postfix::_common",
+      "postfix::_attributes",
+      "postfix::sasl_auth",
+      "hostname::default"
+    ],
+    "platform": "ubuntu",
+    "platform_version": "20.04",
+    "cloud": {
+      "public_ipv4_addrs": [
+        "165.232.88.175"
+      ],
+      "local_ipv4_addrs": [
+        "10.133.0.2"
+      ],
+      "provider": "digital_ocean",
+      "public_ipv4": "165.232.88.175",
+      "local_ipv4": "10.133.0.2"
+    },
+    "chef_packages": {
+      "chef": {
+        "version": "17.9.46",
+        "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.46/lib",
+        "chef_effortless": null
+      },
+      "ohai": {
+        "version": "17.9.0",
+        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai"
+      }
+    }
+  },
+  "run_list": [
+    "role[zerotier_controller]",
+    "recipe[kosmos-base]"
+  ]
+}
--- a/site-cookbooks/kosmos_zerotier/attributes/default.rb
+++ b/site-cookbooks/kosmos_zerotier/attributes/default.rb
@ -3,4 +3,4 @@ node.default['kosmos_zerotier']['server_port'] = 9993
 node.default['ztncui']['version'] = '0.6.6'
 node.default['ztncui']['checksum'] = 'fa83679266a571c10e13b11293ebfb9d1c3515019f2af1e7dd066b5a37411018'
 node.default['ztncui']['http_all_interfaces'] = true
-node.default['ztncui']['http_allow_access_from'] = '10.1.1.0/24'
+node.default['ztncui']['http_allow_access_from'] = ['10.1.1.0/24','10.2.2.0/24']
--- a/site-cookbooks/kosmos_zerotier/recipes/zncui.rb
+++ b/site-cookbooks/kosmos_zerotier/recipes/zncui.rb
@ -28,11 +28,13 @@ end

 include_recipe 'kosmos-base::firewall'

-if node['ztncui']['http_allow_access_from']
-  firewall_rule 'zncui_http' do
-    port     3000
-    protocol :tcp
-    command  :allow
-    source   node['ztncui']['http_allow_access_from']
+if ip_addresses = node['ztncui']['http_allow_access_from']
+  ip_addresses.each_with_index do |ip_address, i|
+    firewall_rule "zncui_http_#{i}" do
+      port     3000
+      protocol :tcp
+      command  :allow
+      source   ip_address
+    end
  end
 end