From a1f723d52e7e37295c4a578227c4a4e44016ebd2 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 10 Feb 2022 15:34:12 -0600 Subject: [PATCH 1/2] Deploy zerotier-2 VM on fornax --- clients/zerotier-2.json | 4 +++ nodes/zerotier-2.json | 57 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 clients/zerotier-2.json create mode 100644 nodes/zerotier-2.json diff --git a/clients/zerotier-2.json b/clients/zerotier-2.json new file mode 100644 index 0000000..910153a --- /dev/null +++ b/clients/zerotier-2.json @@ -0,0 +1,4 @@ +{ + "name": "zerotier-2", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsild7NcktO5yVR3Uw0yA\negHFToXHaJMIR1z0WrfHgklHf27lRnWRHOiNjnR6SbsvKIT1MBntg4/mQgotah+n\npo6cKF+0pvUih+hOSBZ6+WwjRf5LxJTaj/R0e2j0Gig6PlDV3yWz8+2AB6gObVcb\nKOQT1w6p+T+S9t6Hv/E0Z8CJW+7ZXDZBvjKTg4kYb47P0J5704wATf38EcVAOuoa\nJsUJoE+dTygx2QUG78eiEYqVDgBak00MA7MpFI/yPrzfn4tjSO1aY2/vy1PyG0Zq\nfgAhuFNZPWQwxMvYsK68gFxfmfwsEn0iJOFh0rPCKYWgOCxzkMLk2z7ppCmNd+H6\nNQIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/nodes/zerotier-2.json b/nodes/zerotier-2.json new file mode 100644 index 0000000..c4faee8 --- /dev/null +++ b/nodes/zerotier-2.json @@ -0,0 +1,57 @@ +{ + "name": "zerotier-2", + "normal": { + "knife_zero": { + "host": "192.168.122.214" + } + }, + "automatic": { + "fqdn": "zerotier-2", + "os": "linux", + "os_version": "5.4.0-1026-kvm", + "hostname": "zerotier-2", + "ipaddress": "192.168.122.214", + "roles": [ + "zerotier_controller" + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "kosmos_zerotier::controller", + "kosmos_zerotier::firewall", + "kosmos_zerotier::zncui", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": null, + "chef_packages": { + "chef": { + "version": "17.9.46", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.46/lib", + "chef_effortless": null + }, + "ohai": { + "version": "17.9.0", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai" + } + } + }, + "run_list": [ + "recipe[kosmos-base]", + "role[zerotier_controller]" + ] +} \ No newline at end of file From 935eff3b84b720a53bd87673ac141de1197eef71 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 10 Feb 2022 15:34:28 -0600 Subject: [PATCH 2/2] Deploy zerotier-3 on DO Changes the firewall config to allow the control UI to be reached from all connected networks. --- clients/zerotier-3.json | 4 ++ nodes/zerotier-3.json | 67 +++++++++++++++++++ .../kosmos_zerotier/attributes/default.rb | 2 +- .../kosmos_zerotier/recipes/zncui.rb | 14 ++-- 4 files changed, 80 insertions(+), 7 deletions(-) create mode 100644 clients/zerotier-3.json create mode 100644 nodes/zerotier-3.json diff --git a/clients/zerotier-3.json b/clients/zerotier-3.json new file mode 100644 index 0000000..9371dce --- /dev/null +++ b/clients/zerotier-3.json @@ -0,0 +1,4 @@ +{ + "name": "zerotier-3", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA70y96zXq3XiMlJhLM5Tm\nCzRiZjwqCBN1fKOoihZpsgXHtqDfYd+5BTyafAKTpzVpAZ7HJp+X4da8T/rb+Pym\nu0PrREXJSXGdWjKIgvsTVUtT51ZFYWtqbpu2l43wh57KCt7Q57JRgKTPyNbHJS0Z\ngrB6fifvQMfzFMf+WKK4X7Z6VXFP1r2cwzRvywC4/d3ZSbJ4fP3g+nnl1623Pxfc\n/BkqyaDeRt2dBEa5I8+OvFkKC8muU99fWR/gPZkkWD4pFNwLPLnPfgdk3bUd7tjN\n/0ardVX9lRJog1CjXCHaUG9aq+WFrtr/tfW+kLff/P7k00E5zplqq9Oz6VUvRMmu\nNQIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/nodes/zerotier-3.json b/nodes/zerotier-3.json new file mode 100644 index 0000000..e4421c4 --- /dev/null +++ b/nodes/zerotier-3.json @@ -0,0 +1,67 @@ +{ + "name": "zerotier-3", + "normal": { + "knife_zero": { + "host": "165.232.88.175" + } + }, + "automatic": { + "fqdn": "zerotier-3", + "os": "linux", + "os_version": "5.4.0-99-generic", + "hostname": "zerotier-3", + "ipaddress": "165.232.88.175", + "roles": [ + "zerotier_controller" + ], + "recipes": [ + "kosmos_zerotier::controller", + "kosmos_zerotier::firewall", + "kosmos_zerotier::zncui", + "kosmos-base", + "kosmos-base::default", + "kosmos-base::firewall", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": { + "public_ipv4_addrs": [ + "165.232.88.175" + ], + "local_ipv4_addrs": [ + "10.133.0.2" + ], + "provider": "digital_ocean", + "public_ipv4": "165.232.88.175", + "local_ipv4": "10.133.0.2" + }, + "chef_packages": { + "chef": { + "version": "17.9.46", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.46/lib", + "chef_effortless": null + }, + "ohai": { + "version": "17.9.0", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai" + } + } + }, + "run_list": [ + "role[zerotier_controller]", + "recipe[kosmos-base]" + ] +} \ No newline at end of file diff --git a/site-cookbooks/kosmos_zerotier/attributes/default.rb b/site-cookbooks/kosmos_zerotier/attributes/default.rb index 5031534..2f221f3 100644 --- a/site-cookbooks/kosmos_zerotier/attributes/default.rb +++ b/site-cookbooks/kosmos_zerotier/attributes/default.rb @@ -3,4 +3,4 @@ node.default['kosmos_zerotier']['server_port'] = 9993 node.default['ztncui']['version'] = '0.6.6' node.default['ztncui']['checksum'] = 'fa83679266a571c10e13b11293ebfb9d1c3515019f2af1e7dd066b5a37411018' node.default['ztncui']['http_all_interfaces'] = true -node.default['ztncui']['http_allow_access_from'] = '10.1.1.0/24' +node.default['ztncui']['http_allow_access_from'] = ['10.1.1.0/24','10.2.2.0/24'] diff --git a/site-cookbooks/kosmos_zerotier/recipes/zncui.rb b/site-cookbooks/kosmos_zerotier/recipes/zncui.rb index 06c54ce..080a96e 100644 --- a/site-cookbooks/kosmos_zerotier/recipes/zncui.rb +++ b/site-cookbooks/kosmos_zerotier/recipes/zncui.rb @@ -28,11 +28,13 @@ end include_recipe 'kosmos-base::firewall' -if node['ztncui']['http_allow_access_from'] - firewall_rule 'zncui_http' do - port 3000 - protocol :tcp - command :allow - source node['ztncui']['http_allow_access_from'] +if ip_addresses = node['ztncui']['http_allow_access_from'] + ip_addresses.each_with_index do |ip_address, i| + firewall_rule "zncui_http_#{i}" do + port 3000 + protocol :tcp + command :allow + source ip_address + end end end