mirror of
https://github.com/balena-os/balena-supervisor.git
synced 2024-12-24 07:46:41 +00:00
Remove VPN from the supervisor
This commit is contained in:
parent
c667b55025
commit
3f94b353f5
@ -1,7 +1,7 @@
|
||||
FROM resin/i386-ubuntu:14.04
|
||||
|
||||
# Install.
|
||||
RUN apt-get update && apt-get install -y curl git unzip wget npm nodejs inetutils-ping openvpn libsqlite3-dev socat supervisor
|
||||
RUN apt-get update && apt-get install -y curl git unzip wget npm nodejs inetutils-ping libsqlite3-dev socat supervisor
|
||||
RUN ln -sf /usr/bin/nodejs /usr/bin/node
|
||||
|
||||
ADD . /app
|
||||
|
@ -1,6 +1,6 @@
|
||||
FROM dockerfile/nodejs
|
||||
|
||||
RUN apt-get -q update && apt-get install -qqy openvpn libsqlite3-dev socat supervisor
|
||||
RUN apt-get -q update && apt-get install -qqy libsqlite3-dev socat supervisor
|
||||
|
||||
ADD . /app
|
||||
|
||||
|
2
Makefile
2
Makefile
@ -37,7 +37,7 @@ ifneq ($(SUPERVISOR_BASE_PRESENT) , )
|
||||
else
|
||||
docker pull $(BUILDSTEP_REPO):$(BUILDSTEP_VERSION)
|
||||
-docker rm -f build-supervisor-base 2> /dev/null
|
||||
docker run --name build-supervisor-base $(BUILDSTEP_REPO):$(BUILDSTEP_VERSION) bash -c "apt-get -q update && apt-get install -qqy openvpn libsqlite3-dev socat supervisor && apt-get clean && rm -rf /var/lib/apt/lists/"
|
||||
docker run --name build-supervisor-base $(BUILDSTEP_REPO):$(BUILDSTEP_VERSION) bash -c "apt-get -q update && apt-get install -qqy libsqlite3-dev socat supervisor && apt-get clean && rm -rf /var/lib/apt/lists/"
|
||||
docker commit build-supervisor-base resin/supervisor-base:$(BUILDSTEP_VERSION)
|
||||
-docker rm build-supervisor-base 2> /dev/null
|
||||
endif
|
||||
|
@ -31,10 +31,6 @@ knex.init.then ->
|
||||
|
||||
api = require './api'
|
||||
application = require './application'
|
||||
vpn = require './lib/vpn'
|
||||
|
||||
console.log('Starting OpenVPN..')
|
||||
setImmediate(vpn.connect)
|
||||
|
||||
console.log('Starting API server..')
|
||||
api.listen(80)
|
||||
|
@ -6,10 +6,8 @@ utils = require './utils'
|
||||
crypto = require 'crypto'
|
||||
config = require './config'
|
||||
PlatformAPI = require 'pinejs-client-js/request'
|
||||
vpn = require './lib/vpn'
|
||||
|
||||
PLATFORM_ENDPOINT = url.resolve(config.apiEndpoint, '/ewa/')
|
||||
vpnGenerate = _.partial(vpn.generate, config.apiEndpoint)
|
||||
resinAPI = new PlatformAPI(PLATFORM_ENDPOINT)
|
||||
|
||||
registerDevice = (apiKey, userId, applicationId, deviceType, uuid) ->
|
||||
@ -44,7 +42,6 @@ module.exports = ->
|
||||
.then (uuid) ->
|
||||
userConfig.uuid = uuid
|
||||
return userConfig
|
||||
.then(vpnGenerate)
|
||||
.then ->
|
||||
console.log('Finishing bootstrapping')
|
||||
Promise.all([
|
||||
|
@ -1,17 +0,0 @@
|
||||
client
|
||||
remote <%= vpnhost %> <%= vpnport %>
|
||||
resolv-retry infinite
|
||||
|
||||
ca ca.crt
|
||||
cert client.crt
|
||||
key client.key
|
||||
remote-cert-tls server
|
||||
|
||||
comp-lzo
|
||||
dev tun
|
||||
proto tcp
|
||||
nobind
|
||||
|
||||
persist-key
|
||||
persist-tun
|
||||
verb 3
|
@ -1,65 +0,0 @@
|
||||
Promise = require 'bluebird'
|
||||
_ = require 'lodash'
|
||||
csrgen = Promise.promisify require 'csr-gen'
|
||||
fs = Promise.promisifyAll require 'fs'
|
||||
request = Promise.promisifyAll require 'request'
|
||||
url = require 'url'
|
||||
{spawn} = require 'child_process'
|
||||
|
||||
exports.generate = (apiEndpoint, userConfig) ->
|
||||
# Generate SSL certificate
|
||||
keys = csrgen(userConfig.uuid,
|
||||
company: 'Rulemotion Ltd'
|
||||
csrName: 'client.csr'
|
||||
keyName: 'client.key'
|
||||
outputDir: '/data'
|
||||
email: 'vpn@resin.io'
|
||||
read: true
|
||||
country: ''
|
||||
city: ''
|
||||
state: ''
|
||||
division: ''
|
||||
)
|
||||
.then (keys) ->
|
||||
console.log('UUID:', userConfig.uuid)
|
||||
console.log('User ID:', userConfig.userId)
|
||||
console.log('User:', userConfig.username)
|
||||
console.log('API key:', userConfig.apiKey)
|
||||
console.log('Application ID:', userConfig.applicationId)
|
||||
console.log('CSR :', keys.csr)
|
||||
console.log('Posting to the API..')
|
||||
userConfig.csr = keys.csr
|
||||
return request.postAsync(
|
||||
url: url.resolve(apiEndpoint, 'sign_certificate?apikey=' + userConfig.apiKey)
|
||||
gzip: true
|
||||
json: userConfig
|
||||
)
|
||||
.spread (response, body) ->
|
||||
if response.statusCode >= 400
|
||||
throw body
|
||||
|
||||
console.log('Configuring VPN..', JSON.stringify(body))
|
||||
|
||||
for prop in ['ca', 'cert', 'vpnhost', 'vpnport'] when _.isEmpty(body[prop])
|
||||
throw new Error("'#{prop}' is empty, cannot bootstrap")
|
||||
|
||||
vpnConf = fs.readFileAsync(__dirname + '/openvpn.conf.tmpl', 'utf8')
|
||||
.then (tmpl) ->
|
||||
fs.writeFileAsync('/data/client.conf', _.template(tmpl)(body))
|
||||
|
||||
Promise.all([
|
||||
fs.writeFileAsync('/data/ca.crt', body.ca)
|
||||
fs.writeFileAsync('/data/client.crt', body.cert)
|
||||
vpnConf
|
||||
])
|
||||
|
||||
prefixData = (data) ->
|
||||
prefix = 'OPENVPN: '
|
||||
console.log((prefix + data).trim().replace(/\n/gm, "\n#{prefix}"))
|
||||
|
||||
exports.connect = ->
|
||||
openvpn = spawn('openvpn', [ 'client.conf' ], cwd: '/data')
|
||||
|
||||
# Prefix and log all OpenVPN output
|
||||
openvpn.stdout.on('data', prefixData)
|
||||
openvpn.stderr.on('data', prefixData)
|
Loading…
Reference in New Issue
Block a user