moving vpn to direct configuration

2020-12-26 14:42:53 +01:00 · 2020-12-26 14:42:53 +01:00 · 93e5d39c7b
commit 93e5d39c7b
parent 18d4c99571
6 changed files with 64 additions and 7 deletions
--- a/uncloud_net/models.py
+++ b/uncloud_net/models.py
@ -48,6 +48,9 @@ class WireGuardVPNPool(models.Model):

    @property
    def ip_network(self):
+        """
+        Return the IP network based on our address and mask
+        """
        return ipaddress.ip_network(f"{self.network}/{self.network_mask}")

    def __str__(self):
--- a/uncloud_net/services.py
+++ b/uncloud_net/services.py
@ -22,7 +22,6 @@ def create_wireguard_vpn(owner, public_key, network_mask):
        free_lease.delete()

    except WireGuardVPNFreeLeases.DoesNotExist:
-
        # First object
        if count == 0:
            vpn = WireGuardVPN.objects.create(owner=owner,
@ -42,6 +41,11 @@ def create_wireguard_vpn(owner, public_key, network_mask):
                                                   wireguard_public_key=public_key)


+    config = pool.wireguard_config
+    server = pool.vpn_server_hostname
+    wg_name = pool.wg_name
+
+    configure_wireguard_server_on_host.apply_async((wg_name, config),
+                                                   queue=server)

-    configure_wireguard_server(pool)
    return vpn
--- a/uncloud_net/tasks.py
+++ b/uncloud_net/tasks.py
@ -8,6 +8,7 @@ import subprocess
 import logging
 import uuid

+
 log = logging.getLogger(__name__)

@shared_task
@ -15,7 +16,30 @@ def whereami():
    print(os.uname())
    return os.uname()

-def configure_wireguard_server(wireguardvpnpool):
+@shared_task
+def configure_wireguard_server_on_host(wg_name, config):
+    """
+    - Create wireguard config (DB query -> string)
+    - Submit config to cdist worker
+    - Change config locally on worker / commit / shared
+    """
+
+    # Write config
+    fname = f"/etc/wireguard/{{wg_name}}.conf"
+    with open(fname, "w") as fd:
+        fd.write(config)
+
+    # Ensure the device exists
+    subprocess.run(f"ip link show {{wg_name}} || sudo ip link add {{wg_name}} type wireguard",
+                   shell=True, check=True)
+
+    # Ensure the config is correct
+    subprocess.run(f"sudo wg setconf {{wg_name}} {{fname}}",
+                   shell=True, check=True)
+
+
+
+def configure_wireguard_server_via_cdist(wireguardvpnpool):
    """
    - Create wireguard config (DB query -> string)
    - Submit config to cdist worker
@ -37,7 +61,7 @@ def cdist_configure_wireguard_server(config, server):
    """
    Create config and configure server.

-    To be executed on the cdist workers.
+    To be executed on the cdist worker.
    """

    dirname= "/home/app/.cdist/type/__ungleich_wireguard/files/"